Microsoft Plans To Sell Anti-Virus Software 830
EvilCowzGoMoo writes "From the makers of our favorite OS comes: Anti-Virus! Yes you heard me right. According to an article on Reuters.com Microsoft is developing its own brand of anti-virus software. Asked if that would hurt sales of competing products, such as Network Associates' McAfee and Symantec's Norton family of products, Nash (chief of Microsoft's security business unit) said that Microsoft said that it would sell its anti-virus program as a separate product from Windows, rather than including it in Windows. My only question is: If they can't seem to patch their OS fast enough, what makes them think they can keep their AV software up to date?"
Perhaps It Belongs in the OS (Score:5, Interesting)
On the other hand, the major effect might just be to introduce a single point of failure/attack. It's certainly possible to argue that the variety of security software in use makes it harder to attack any given system. For evidence, look at the list of processes that the more sophisticated viruses try to stop.
Background: I do not customarily use an on-demand scanner. On occasion, I have loaded up a scanner because of suspicious behavior. My Windows box (patched up to date, firewalled) has had only one virus, a backdoor program that was installed when my daughter clicked a "video clip" that she received in an e-mail, before she understood what a spoofed address was. So I'm not convinced that antivirus software is as necessary as it is built up to be.
Re:Perhaps It Belongs in the OS (Score:5, Insightful)
Re:Perhaps It Belongs in the OS (Score:4, Insightful)
Re:Perhaps It Belongs in the OS (Score:5, Insightful)
Unfortunately there isn't a program to stop the user being stupid.
True enough. But then it is easier to modify applications and their design than it is to modify human beings and their design (well, at least for now...)
Sometimes products are distributed that haven't been thought out well enough to consider the stupid user problem.
In this case, "convenient features" about Outlook running attachments is colliding with user stupidity, gullibility, etc. [It's like stories of "free baseball night" at the ballgame - "fans" started to throw their free gifts onto the field when play got boring. Somebody wasn't thinking far enough ahead.]
While Outlooks ubiquity might exacerbate the problems that Outlook users experience, other mail clients do not seem to have as many problems as Outlook does and certainly not as widespread an impact.
Careful product design can mitigate the unavoidable problems of "stupid users in a cruel world".
Re:Perhaps It Belongs in the OS (Score:5, Funny)
Two Buttons:
Do What I Say
Do What I mean
Sounds simple enough to me
Re:Perhaps It Belongs in the OS (Score:5, Funny)
When they go to open the attachment called "Jennifer XXX cool.jpg.pif", what do you think they actually mean? Show me some porno! What do they get? Viruses.
Are we going to integrate some kind of porn finder into Outlook, just to keep the users safe?
Re:Perhaps It Belongs in the OS (Score:5, Funny)
College students are stupid enough, and when it comes to computers, most people that use them in their workplaces are even stupider. That said, I agree with you completely that the simplest solution would have been to not give us frisbees in the first place.
Re:Perhaps It Belongs in the OS (Score:4, Funny)
Baseball park owner: "Last night's marshmallows and lighters night didn't go so well. we didn't see that coming, really. That's why tonight is socks and oranges night! There's nothing harmful people can do with socks and oranges."
Re:Perhaps It Belongs in the OS (Score:4, Informative)
Re:Perhaps It Belongs in the OS (Score:5, Insightful)
You meant: Outlook XP and Outlook Express XP do not let you open attachments by default.
Unfortunately, it will take several years until those versions become the "most prevalent on the internet" versions. Let's see - 2 years ago means that anyone running Office 2002 or prior is a virus-factory.
Re-post this same message in about 6 years when you can convincingly say that "Outlook" [generically] does NOT let you open attachments by default. I dare surmise that the vast majority of Outlook users are NOT running Outlook XP.
Re:Perhaps It Belongs in the OS (Score:5, Insightful)
The problem with this is that people are too used to clicking yes when asked and will do so here as well.
The only solution is to not allow it at all and to have people take very conscious and specific actuions (which preferably also demand knowing what they are doing before even being possible)
Inserting another click is not a solution. Requiring the user to think does go a long way to solving this.
Thunderbird at least requires you to save it to disk and run it outside thunderbird if it doesn't have a handler defined for a file. It wont allow you to run a random program with the file or run the file itself.
Re:Perhaps It Belongs in the OS (Score:4, Insightful)
Not quite correct. In recent versions of Outlook, executable attachments cannot be opened or saved without messing with the registry. There is nowhere in the configuration interface to alter this behaviour. While I personally find this extremely irritating, I can understand why Microsoft has done it. Much of the bad publicity they get regarding security is caused by users not taking proper measures to protect themselves.
Yes, there are security vulnerabilities in Microsoft's products, but there are also many vulnerabilities in various versions of Samba, OpenSSH, Bind, Sendmail, and many other software packages that are installed on Linux systems. Open Source evangelists seem to have no problem spreading their own FUD about Microsoft software when it comes to security. Take the quote from this article as an example:
My only question is: If they can't seem to patch their OS fast enough, what makes them think they can keep their AV software up to date?
Microsoft does patch their OS quickly. The only problem is that many many people don't install the patches they provide. The vulnerability that CodeRed exploited was patched three months before the worm was released. The only reason it caused so many issues was because of incompetent Windows sysadmins.
Linux is no more secure than Windows. I'm sure if you added up all the vulnerabilities in Windows 2000 and compared them to a list of vulnerabilities in all the software on a standard Linux distribution of the same age, Linux would have at least as many as Windows. The only reason Linux doesn't have the same bad reputation as Windows in terms of security is because there are many less Internet-facing Linux machines around, and the owners of the existing Linux machines are, in general, more competent than those of the Windows PCs. As Linux becomes a more accepted desktop OS, there will be worms attacking Linux machines, and its "secure" reputation will dissolve. Make sure you're ready for it, because it's not going to be pretty.
Disclaimer: I use Linux and Windows at home. I like them both, and I feel they both have their own advantages and disadvantages. I've got no problem using Linux, Windows or DOS for a task if it's the best tool for the job.
Re:Perhaps It Belongs in the OS (Score:5, Insightful)
Thats helpfull, tho for what I can see, this only works for new installations. At any rate...
> Microsoft does patch their OS quickly. The only problem is that many many people don't install the patches they provide.
While we can argue about if they do patch fast enough, you are definitely right about users not installing their patches.
When comparing Microsoft today to Microsoft 5 years ago, they have made a giant leap when it comes to security. That said, none of their systems was designed to be used by multiple users simultaneously, and the results of that are still deeply embedded in their designs.
> Linux is no more secure than Windows. I'm sure if you added up all the vulnerabilities in Windows 2000 and compared them to a list of vulnerabilities in all the software on a standard Linux distribution of the same age, Linux would have at least as many as Windows. The only reason Linux doesn't have the same bad reputation as Windows in terms of security is because there are many less Internet-facing Linux machines around,
First of all, I'd like to see some statistics on that because I strongly doubt there are more vulnerabilities.
But regardless, your statement is not true. The first reason for Linux being more secure is a stricter seperation between what is considered kernel and what is not.
This doesn't mean Linux or any Unix variation is flawless, they have their own problems, and one of the big ones is still privilege escalation due to setuid binaries/scripts.
Such bugs being exposed to remote attackers however happens a lot less often.
Because Linux and Windows mostly get used in different ways, its kinda pointless to really compare numbers anyway.
If you'd want to look at a situation where things compare a lot better, I'd look at IIS and Apache. While Apache's marketshare is bigger, IIS does have a substantial market, and in many cases they are in direct competition with eachother.
I'd really suggest looking at actually compromised machines over time for those two.
What I do know is that despite IIS having a smaller marketshare, the majority of exploit probes that I get in the logs of my webserver are IIS related.
> As Linux becomes a more accepted desktop OS, there will be worms attacking Linux machines, and its "secure" reputation will dissolve. Make sure you're ready for it, because it's not going to be pretty.
While often brought up, the marketshare argument doesn't match reality at all.
Besides the Apache/IIS example above, I suggest lookign at for example the Amiga platform.
While it has a fanatical group of followers still, and had a much larger group of followers in the late 80s and early 90s, it has never had a marketshare of any significance outside some niche markets.
Yet, viruses and malware are a substantial problem on this platform, and both had reached a maturity level that the PC equivalents took quite a few years to catch up with.
The Amiga platform also contains a few features and was surrounded by a culture that make it extremely vulnerable for particular kinds of malware, esp. bootsector infecting viruses. Disk images and disks being the primary way of exchanging software being a large factor in that.
At any rate, a platform needs to have enough users to allow any kind of succesfull virus or trojan, but beyond that popularity seems to be a minor factor, and ease of infecion seems to be a much larger factor.
Re:Perhaps It Belongs in the OS (Score:4, Funny)
That's why I use DOS, it's track record is untouchable even by OpenBSD. It's got 0 (count 'em, 0) remote root exploits in over 20 years!
Re:Perhaps It Belongs in the OS (Score:5, Funny)
While Outlooks ubiquity might exacerbate ...
I'm sorry, what???
He said, "While Microsoft's desktop monopoly and inattention to security has screwed its own users . . ." But he was being polite about it. HTH.
Meh (Score:5, Insightful)
I mean, the only OS which viruses are a major threat is windows.. and now they're going to sell AV software? That just takes the piss in my opinion.
"Hey Bill, we can't possibly fight off all these viruses, surely we'll start losing customers at some point", "Hey, I know! lets sell some Antivirus software, that way we make yet more money and we can get away with releasing patches at an even slower rate, and we get away with terrible programming"...
Re:Meh (Score:5, Funny)
Salesperson: Buy our Operating System!
Customer: OK.
Salesperson: Now buy our Antivirus solution! Without it, hackers will steal your identity.
Customer: Egads! Here! Take all my cash!
Re:Meh (Score:4, Insightful)
Re:Perhaps It Belongs in the OS (Score:5, Interesting)
As to this MS virus scanning software, it seems this could easily violate their court issues for anti-competitive behavior(yeah, like enforce that anyway). I guess by selling it completely separately, instead of including it in Windows, they can say that they are competing on an equal footing. It would still seem though, that they have an unfair advantage in knowing how the operating system works more in depth than their competitors. Don't you think there's going to be some information sharing between the Windows dev team and the AV dev team?
User level virus (Score:5, Insightful)
And if they are running a Unix variant that attachment will only run at user level. No low level system modification can be made, so you can then log in as another user (or root) and delete said infected files which should all be in their home dir and not mixed in with 10000 .dll files. They should also have to make a little extra effort to get it to run in the first place, which will discourage some percentage of them too.
Re:User level virus (Score:5, Interesting)
And if they are running a Unix variant that attachment will only run at user level. No low level system modification can be made, so you can then log in as another user (or root) and delete said infected files which should all be in their home dir and not mixed in with 10000 .dll files.
Sigh. How many times do we have to go over this for the slow learners? Two things.
First, all of my important files are in my home directory owned by my user. A virus doesn't need root-level access to destroy everything of importance to me. It's nice that the files in /etc, /usr/bin, etc. are all locked so that my unprivileged user can't destroy them. Who cares? They're safely on a CD here, they're on the Debian site, they're available all over the internet. My own files exist in my directory (and backups). Those are what's important to me.
Second, the modern worm/virus spreads by either remotely exploiting vulnerabilities on other machines or re-emailing itself. Guess what: it doesn't need root privileges for either of those operations. None, nada, zilch.
The only reason a virus would want root privs would be to infect system binaries and spread to other users. This paradigm is mostly dead in the Unix world on 99% or more of the machines in use; everybody has their own machine. Spreading from machine to machine is the game, and that simply doesn't require any privileges.
The bottom line is that if you could trick users into running a Perl script that came through email, which wouldn't be that difficult for a certain percentage of them, you could write a decent worm for Linux. Not a problem now, but when my mother is using Linux, it's a big problem. "But it came from my friend Kate at church and said to save the file and then type this in at the command line..." The extra step will weed out a lot of the real cluebies, to be sure, but with enough of them it'll be a problem.
Re:Perhaps It Belongs in the OS (Score:4, Interesting)
If they are going to keep that horrible UI, then the least they can do is have the subprocess run executables as a nobody-user or otherwise sandbox it where it can't do much harm.
You can write a program that makes it harder to be stupid. Go ahead and write a Linux program that printfs "Ha ha, got you", attach it, and send it to yourself. Now read that email with pine or elm or even Sylpheed. Now look at what all you have to do, to run it. The difference between what you experience in this experiment, vs what an MS Outlook user experiences, shows exactly what Microsoft did wrong.
To fight trojans at the OS level, I would add something like a "potentially hostile" attribute to filesystems; something like "setuid nobody". Internet apps should save things with that bit set, and process loaders and viewer apps should take it into account when loading content, and automatically sandbox themselves. Hostile macro in the word processor document that somebody emailed you? No problem, that process isn't running with all the same capabilities that the user has.
Re:Perhaps It Belongs in the OS (Score:4, Funny)
Clippy tried; alas, Clippy was even more stupid than the damn users.
Re:Perhaps It Belongs in the OS (Score:5, Funny)
Well since you asked. Yes.
Re:Perhaps It Belongs in the OS (Score:5, Informative)
Nah, it would be all too easy to answer that question.
Re:Perhaps It Belongs in the OS (Score:3, Interesting)
Educating developers would also help, but - even in the present climate - I really don't see much of a push for that.
Re:Perhaps It Belongs in the OS (Score:5, Insightful)
> intercept attempts by something like Outlook to
> execute arbitrary files.
Yes, because that's such a major improvement over just fixing Outlook itself.
The only AV software that Windows needs is Microsoft to stop making so many bloody ways to infect the system.
Re:Perhaps It Belongs in the OS (Score:5, Insightful)
That works until everybody cries "anti-trust!" Damned if they do, damned if they don't. There's a lot of lightening up that needs to happen.
Re:Perhaps It Belongs in the OS (Score:3, Informative)
I agree for the most part. Microsoft bought Central Point Systems in the 1990s to integrate Scandisk and Central Point's antivirus scanner (msav) with DOS, but other file system checkers continued to work well and differentiate themselves. As long as Microsoft doesn't keep Symantec, McAfee, et al., from having access to APIs necessary for them to continue their own
Well, since you asked.... (Score:5, Interesting)
Make it easily and completely removable and publish the API. Again, during the trial, Microsoft claimed that IE could not be removed because removing those
"If they could do that, then they'd have more than 3 apps that held monopoly status. Frontpage? Nope. IIS? Nope. Exchange? Nope. Media Player? Nope. Gee, I guess their monopoly isn't all that strong unless people actually want their stuff?"
So far, they've only been ruled a monopoly in one market. The desktop x86 market (Windows). Like I said, you need to read more.
It was cute how you tried to toss in two server apps (IIS and Exchange). Hee hee.
Oh well, you Microsoft apologists are all the same.
Re:Well, since you asked.... (Score:3, Informative)
IIS that comes with 2k or XP only allows 10 connections. Though a fair shade better than GeoCities, you still can't use it for web serving. At best, it's a 'lite edition'.
Re:Well, since you asked.... (Score:4, Insightful)
No just try not to be sycophant for a corporation. Especially if that corporation doesn't give a shit about you, your life, your family, your freedom, your health or any other aspect of your life.
Why waste your time and energy defending a giant rich corporation from slashdoters? What's in it for you? Why not go to a forum where people discuss washers and defend maytag. Maytag is a corporation too and I bet they need your help just as much as Microsoft does.
Just wait... (Score:5, Insightful)
It's just a little scary that a company that is responsible for almost all viruses and worms is now going to benefit financially from such failure to secure their product. They're marketing their shortcomings to you as a new product! What will they think of next?
Re:Perhaps It Belongs in the OS (Score:5, Insightful)
Plus it seems odd to make somebody pay more money to overcome some limitations in the original product, kind of like saying "here we sold you a crappy OS, pay us money and we'll protect you from our mistakes! errrrmmmm, but no guarantes, if our anti-virus software doesn't work you can't sue us")
Of course, there is only so much any OS can do from protecting users from being stupid, and I guess that is what the anti-virus software does. But if the anti-virus software can protect customers from being stupid, couldn't the OS too? (thus negating the previous argument of "there is only so much any OS can do from protecting the users from being stupid")
I don't know if bundling the Anti-Virus software would be any better, then you get anti-trust concerns. Plus I think it is extremely important to have multiple Anti-Virus software vendors, if there is only one Anti-Software program (which is what would happen if MS bundled the program with the OS), then it would be a lot easier for virus writers to figure out how to bypass the safe-guards.
Well, those are my rambling thoughts. In conclusion, I guess I think MS should stay out of the anti-virus software market. Maybe they should concentrate on putting better hooks into the OS so that other software vendors could to their jobs better; or better yet, just make the damned OS more secure.
Re:Perhaps It Belongs in the OS (Score:5, Interesting)
The fear is that MS will simply not work hard to make their OS secure from viruses, thus generating demand for their associatd virus scanner. In a competitive market, consumers would probably switch OS's, but we have the monopoly and such.
But listen to this analogy. Suppose you sell a software product. You want to make more money. So you simply leave out some functional parts of the product and sell it as an additional product--or service.
Isn't that what some companies are doing? Selling software and making money on the service. One can even sell software as a loss leader and make all the money back on the service (see razors and razor blades by Gilette).
Re:Perhaps It Belongs in the OS (Score:5, Funny)
You mean Microsoft could actually made Windows LESS SECURE? Holy crap!
What would it do? Network with your security system, wait until you're gone, unlock the doors to your house and use the outside speaker to blast an invitation for burglars to get free stuff?
Re:Perhaps It Belongs in the OS (Score:3, Funny)
Sure it could be benifitial to have low level hooks in outlook (& -express), but in no way do you need to intergrate anything into the OS to be able to do so!
Simply use/make a registry key pointing to the
The only problem is that MS doesnt want any 3rd party software competing on a level playing field, so they keep intergrating applications into the OS, and keep any
Re:Perhaps It Belongs in the OS (Score:3, Informative)
Bonus karma (Score:4, Funny)
Re:Bonus karma (Score:3, Insightful)
you say this as a joke, but seriously there are going to be some losers out there who will attempt to find, and exploit vulnerabilities in their AV app.
i think MS is making a big mistake and should leave the virus software to 3rd party developers.
Re:Bonus karma (Score:4, Insightful)
Their goal is the same goal as any monopolist: makeing you completely dependent on them so that it's more difficult to switch to a competing product. Once you understand that you can begin to understand the rest of their actions.
Re:Bonus karma (Score:5, Funny)
"Hello? Microsoft? I need to re-activate Windows and my anti-virus software so I can clean out this virus..."
Re:Bonus karma (Score:5, Funny)
MS beat us to it. It's called Outlook [satirewire.com].
Business Lesson 101 (Score:5, Insightful)
It just goes to show you that business isn't about who's right or who's wrong but who can make it sound good.
Re:Business Lesson 101 (Score:4, Interesting)
Now Breaking the Network protcol is something MS can do, but it sucks when security is your priority so your servers are different than the desktops,(meaning a virus can attack one but not the other) Now you can't apply any patches without breaking something useful.
Re:Business Lesson 101 (Score:5, Insightful)
- "Microsoft issued a software patch, MS03-032, on Aug. 20 that was supposed to fix the problem. However, that patch failed to close the hole on Windows machines running Internet Explorer Versions 5.01, 5.5 or 6.0.
On Sept. 8, Microsoft acknowledged problems with the MS03-032 patch and promised to issue a fix as soon as possible. Since that time, no changes have been made to the MS03-032 patch. In the succeeding weeks, hackers moved quickly to take advantage of the company's slow response." ( Computerworld.com [computerworld.com] )
- "Two vulnerabilities have been reported in Internet Explorer, which in combination with other known issues can be exploited by malicious people to compromise a user's system.
1) A variant of the "Location:" local resource access vulnerability can be exploited via a specially crafted URL in the "Location:" HTTP header to open local files.
2) A cross-zone scripting error can be exploited to execute files in the "Local Machine" security zone.
Secunia has confirmed the vulnerabilities in a fully patched system with Internet Explorer 6.0. It has been reported that the preliminary SP2 prevents exploitation by denying access.
Successful exploitation requires that a user can be tricked into following a link or view a malicious HTML document.
NOTE: The vulnerabilities are actively being exploited in the wild to install adware on users' systems." ( Secunia [secunia.com] )
- "The flaw, which is different from RPC DCOM flaw that spawned the Blaster and Nachi worms, makes Windows XP and 2000 servers vulnerable to denial-of-service attacks because of a multi-threaded race condition that exists. A remote attacker could crash the RPC service simply by sending multiple RPC requests. The vulnerability occurs if two threads process the same request, thereby corrupting memory.
Microsoft still has not released a patch for the flaw, leaving nearly every Windows XP and 2000 system exposed to potential exploits. Microsoft may, however, be preparing an all-encompassing RPC patch that would address this issue and previous flaws surrounding the network service, said Gerhard Eschelbeck, chief technology officer with Qualys Inc., at RSA Conference 2004. RPC is a protocol that one program can use to request a service from another program located elsewhere on a network." - ( searchsecurity.com [techtarget.com] )
- "Attackers are taking advantage of a security hole in Internet Explorer not immediately patched by Microsoft
Security experts have warned that a vulnerability that has apparently been left un-patched by Microsoft is being exploited by attackers "in the wild".
The "object type" vulnerability, which was first acknowledged publicly by Microsoft on 20 August this year, allows an attacker to take control of a system by embedding malicious code in a Web-page. If the Web page is viewed by an Internet Explorer browser - even a fully patched browser - the malicious code embedded in the Web-page will execute, experts say. Despite Microsoft acknowledging the patch doesn't work, it evidently has not yet issued a working fix for the vulnerability.
US-based information security company iDefense released a statement over the weekend claiming the vulnerability is being actively exploited "in the wild".
"Whether you are patched or not, attackers can execute code on your computer at will when you visit a hostile website when using vulnerable versions of Internet Explorer," the statement read.
The relevant Microsoft bulletin was issued on 20 August and last updated on 8 September." - ( ZDnet [zdnet.co.uk] - but then again, you didn't say "...after
paranoia mode enabled. (Score:5, Interesting)
So? The same thing that happened to WordPerfect is likely going to happen to NAV.
I am more afraid that MSFT will purposefully allow holes to exist in its OS so that more and more people will buy their AV software. Perhaps that's a bit paranoid but I certainly wouldn't put it past them.
Re:paranoia mode enabled. (Score:3, Insightful)
You mean like they don't already purposefully allow holes to exist in the OS?
Re:paranoia mode enabled. (Score:5, Funny)
"There are 10 new holes in Windows XP - but the patches won't be out for weeks, so you'll need to buy the latest AV software from us to protect against it until the latest updates are out."
the illusive second step (Score:4, Funny)
2) sell antivirus software
3) PROFIT!!!
Re:the illusive second step (Score:5, Insightful)
Reminds me of the Dilbert with the bonus for finding bugs and the comment is "I'm gonna write myself a minivan!"
Integrated AV (Score:4, Insightful)
It would make the net a safer place for the rest of us if they did so...
Ummm (Score:4, Funny)
"Dr Kevorkian... Heal thyself"?
Extortion? (Score:4, Insightful)
Sounds like extortion [webster.com] to me.
They make a buggy OS with holes for viruses, and then require consumers to purchase their own AntiVirus to patch them. This removes motivation for producing a secure operating system because the worse their OS software, the more people will buy their AntiVirus product.
It seems like they're trying to figure out a way to charge for bugfixes and incremental updates to their security model, but instead of just selling those fixes like Apple (10.0, 10.1, 10.2--which I understand also have lots of new features), this model actually discourages production of good product in the first place.
Basically, the question must be asked: If they have the capability to provide such a product which tacks onto Windows, why can't they just incorporate it into Windows and make it part of the OS?
Re:Extortion? (Score:3, Insightful)
Are you serious? If MS did that, the anti-virus companies would cry "anti-trust!" You all demand better security from Microsoft, they try to provide it, and the pitchforks come out.
Re:Extortion? (Score:5, Funny)
Why, it sure would, Guido. That's an awfully nice computer. It would be a pity if someone were to, say, surf with IE on it, or open attachments in Outlook, wouldn't it Guido?
Or even Outlook Express, Rocky.
Hey, now -- that's going a little too far. I do got standards, you know? No women, no kids, and no using Outlook Express.
Re:Extortion? (Score:3, Insightful)
With any product, if the original manufacturer knows of a serious design flaw t
They did this already (Score:5, Insightful)
What has changed since then to make them want to get back in the game?
Re:They did this already (Score:3, Interesting)
What has changed since then to make them want to get back in the game?
The bought out an AV company. It was GeCAD, a medium-sized vendor that provided the market's current 'best solution' in terms of price, quality, and reliability for *nix networks. They both acquired AV technology and removed a key market stronghold for the *nix community. Go here [theregister.co.uk] for more info.
Re:They did this already (Score:4, Insightful)
The revenues of the anti-virus companies have grown significantly. Symantec (SYMC) has FY2004 revenue of US$1,870 million. Just 5 years ago they had revenue of US$632.2 million.
A triple in revenue, above the billion dollar mark, is enough to get even Microsoft interested. They are not inclined to leave money on the table. Selling an anti-virus program, particularly with the now-popular subscription model, is an easy way to add revenue.
"Anti-virus program as a separate product from Win (Score:5, Insightful)
Whew.. OK, I got that out. Mark me as flamebait or troll if you want, but this should be integrated with Windows. Of course, not everyone will agree, but hear me out first. First, let's put aside the comments that they should build more secure software and that they should be more focused on security than features. The problem is that it's already created and we have to deal with what we (and the 95% of others using Windows) have and not what should have been. The reason why it should be integrated is because if it's being developed by Microsoft, for their own OS, you would imagine that they might have a small niche into what these viruses are going to do and how they would affect the OS. They created the OS, they know the code behind it, and could possibly help prevent more of the "stupid" users who open the email with the "cute" bears. Let's also assume that the AV software was well built with a few minor security bugs that are easily fixable (I said ASSUME :)).
Since Windows has reached market saturation, we really do have to think about the people outside of /. that are not as informed as us. They don't know about certain viruses or worms unless it's on CNN and they are ones to infrequently update the OS (and AV definition files) because they don't see anything wrong with the way it's running now. Virus protection needs to be something that's seamless to these users because they just don't know any better.
*Awaiting flame responses....*
Re:"Anti-virus program as a separate product from (Score:3, Insightful)
Too easy to say this (Score:5, Insightful)
Will the projected earnings from AV division affect security choices?
IIRC (Score:5, Informative)
Re:IIRC (Score:5, Informative)
Off the top of my head... (Score:3, Insightful)
That's off the top of my head, the best way to post on Slashdot
Other news... (Score:5, Funny)
Re:Other news... (Score:5, Insightful)
Former Oil Company Halliburton executive, now US Vice President lobbies to start a destabilizing war causing oil markets to fluctuate.
Extremely Wealthy President pushes through tax cuts which disproportionately reward the extremely wealthy.
. . . ah, screw it. I could go on all day about these two, but I just don't have the heart anymore.
Seperate, until... (Score:5, Insightful)
They'll keep it seperate alright... until it's been out for a while and they don't gain any market share away from competitors. Then it'll be silently built in. There, but not enabled. Then it will be enabled by default, but with the ability to disable it. Then it will be so "tightly integrated" with the OS that you can't turn it off or your computer "will not operate properly"!
Hey, it could happen... and has with previous products.
That's been the real plan all along.... (Score:3, Funny)
2. Sell anti-virus software that 'somehow' works the best.
3. Take over the world.
About time! (Score:3, Interesting)
Re:About time! (Score:3, Interesting)
Enjoy,
Logical Fallacy... (Score:3, Interesting)
Comment removed (Score:5, Interesting)
Re:Trust issues? (Score:3, Interesting)
Will it consider software in directories that have a GPL license to be a virus?
Will it consider the device driver i wrote for an old graphics card to be a virus?
Will it consider IBM's web based office productivity suite a virus?
in italy we call this mafia (Score:5, Funny)
Holy Shit (Score:4, Funny)
Pressure for updating AV software (Score:3, Insightful)
My only question is: If they can't seem to patch their OS fast enough, what makes them think they can keep their AV software up to date?"
... Because there's a lot more pressure to keep AV software updated as fast as possible. If a user is not happy with the way Norton manages their AV updates, they can switch to McAfee with little inconvenience. But Microsoft is under no direct threat if they wait an extra day, delaying an OS patch, since switching operating systems is a much more serious undertaking.
Microsoft clearly has the resources together to put together a good product- look at Office, for example. They're not idiots, and I'm sure they realize the urgency of issuing timely AV updates. If they made that one of their priorities, they could probably do a very good job at it.
wow. (Score:3, Insightful)
Increasing sales (Score:5, Funny)
Mac version!?!?! (Score:5, Funny)
Fantastic! When can we expect a Mac version?
I feel so DIRTY!!! (Score:5, Funny)
MSAV (Score:3, Insightful)
How ironic (Score:5, Funny)
TCO (Score:3, Insightful)
Microsoft themselves making AV software is tantamount to admitting that it is pretty much a requirement that you have AV software in order to run any Windows machine (I know I, and most other systems administrators wouldn't considering running Windows without it). At current market prices for Norton/McAfee, that adds about $40 for the first year (license plus 1 year virus signature updates) + $20/yr afterwards (for virus signature updates). Due to the mfr dropping support, you have to pay $40 every couple of years for a new version also. Admittedly you can get site licenses and buy licenses in bulk which reduces the cost.
Writings on the wall (Score:3, Interesting)
Let's see...
MS AV is the most effective AV product because they can put in special hooks in Windows/Outlook to allow better AV protection and detection, but only MS AV knows how to use those hooks, or...
MS^H^HSome hacker can "inadvertently" release a virus of their own that only MS AV can stop (for any number of reasons, indeed, who would know better how to write a nasty virus for Windows but MS itself, and of course the best way to drive MS AV sales is for there to be lots of nasty viruses running around), or...
MS AV is quickest to protect against new viruses because Windows can be altered to add in special virus detection and reporting services that report new virus data directly back to MS, or...
MS AV will include and become the only or the most effective way of getting new patches (ostensibly just against new viri, but in actuality, all Windows bugs), ala Windows Update (for a subscription fee, of course). Free Windows Update may remain, but the MS AV will become the enterprise standard for updating and protecting Windows, (again for a fee, just a way of charging for patches), or...
Given better internal virus detection within Windows, it may be possible to construct a Windows "immune system" that learns how to protect itself. Intimate access to Windows internals required.
Then there is always the, "We changed our minds and decided to bundle MS AV in the next release of Windows (since it was hard to find enough other reasons for customers to see that Windows XXXXP is a value-added proposition for $200 a copy)".
The beginning of the end for yet another sector of the 3rd Windows software/utilities market...
Customer demand (Score:3, Insightful)
An ethical dilemma? (Score:4, Interesting)
Microsoft is not making the viruses that affect their operating system. By making a piece of software to protect their customers from these viruses they are providing a service, this service is not illegal or immoral. What would be immoral is Microsoft abruptly ceasing the release of patches to protect end-users from virus exploits. Many viruses exist only because their is an exploit in the operating system for their taking advantage of. If Microsoft no longer patches these exploits in an effort to make an extra few bucks, they would be acting immorally.
I, however see their anti-virus as a seperate outlet. There are users who don't want to patch their operating system. If you can sell these users anti-virus software which automatically updates its definitions, they won't worry about a need to patch their operating system to protect them from viruses. It will be done through the anti-virus software. Hell, the software can automate Windows Update for them, and patch their system automagically. The rest of us who don't but M$-AV will have to patch the operating system ourselves.
The second train of thought is business oriented. Microsoft is a business, and in the words of my friend James, "...businesses aren't in the habit of accepting a decline in profits." By patching their operating system and allowing persons who do not purchase their anti-virus software to be safe from viruses, Microsoft may not make any profit from their anti-virus software. The conspiracy theorist in me brought the light the idea that Microsoft may actually create exploits or viruses in an effort to help their anti-virus software suceed. This thought is ludacrious. Microsoft would be risking jail time if they created viruses. If they created exploits they would be risking horrible publicity.
Viruses can exist without exploits, macro viruses take advantage of something that cannot be patched, automation. Microsoft just sees an open market and wants to take advantage of it. I see no ethical dilemma at all, just capitalism.
Pay yearly to use your own computer!!! (Score:4, Interesting)
Sure, Microsoft's antivirus app will be a separate product. Sure it will not be bundled with Windows. However, I'd bet anything that it WILL be bundled with new computers via special deals to manufacturers.
After a year, those new computer buyers will get messages to pay some money to continue receiving updates.
Once we're used to paying every year (or every month?!) for antivirus updates, Microsoft will start charging us yearly for other updates.
Microsoft will be smart and will start out with a reasonable price. But it won't be too long before we're paying about $80 a year for the right to use our computers.
Re:A part of the OS (Score:3, Funny)
Re:A part of the OS (Score:5, Insightful)
Re:A part of the OS (Score:5, Informative)
It's not that you didn't RTFA... I mean... all you had to do is read another sentence or two:
Asked if that would hurt sales of competing products, such as Network Associates' McAfee and Symantec's Norton family of products, Nash (chief of Microsoft's security business unit) said that Microsoft said that it would sell its anti-virus program as a separate product from Windows, rather than including it in Windows.
Re:A part of the OS (Score:4, Insightful)
There, is that clearer?
Re:A part of the OS (Score:3, Interesting)
Re:A part of the OS (Score:5, Funny)
So, what, it deinstalls Windows for you?
Re:A part of the OS (Score:5, Informative)
You just need the right OS (Score:4, Funny)
Re:They use dto didn't they? (Score:3, Insightful)
Re:This is actually a good thing (Score:3, Insightful)
It won't help much. If you look at the infection pattern of recent viruses and worms, there's an initial growth period, where most of the infections happen, followed by an exponential decay, as antivirus programs are updated and systems are cleaned out.
The initial growth is usually 24 to 72 hours, during which time the virus is too new for antivirus systems to detect. Where including an ant
Re:A new wind? (Score:3, Insightful)
Microsoft has a ridiculously high Price/Earnings ratio. They have to "grow" or their stock price goes down. Anti-Virus software represents one of the very few significant software niches that Microsoft doesn't already dominate.
Microsoft's Anti-Virus moves aren't about security, they are about economics. Microsoft is simply doing what it has always done. Microsoft lets its competitors find out the profitable software niches, and then Microsoft uses its cash hoard to buy themselves a seat at the table.