Sanding our assholes with 150 grit.

Windows Vists to *sell* anti-virus

http://www.theregister.co.uk/2006/01/30/vista_security_allchin/


classic.

all we need now is bill to walk around going "hmmm....virus friendly place this, just need one bad connection and the whole OS will be pwned....know what I mean?  friend?"


Of course Windows Vista will be waaay more secure.  promise.  and to prove it we have decided to base an entire business arm on how insecure it will be.
Permalink Send private email FullNameRequired 
January 30th, 2006 4:00pm
You're a slashdot proxy.
Permalink Ted 
January 30th, 2006 4:02pm
heh.  I was going to accuse Notorious of hte same thing the other day.

but this one is *interesting* :)
Permalink Send private email FullNameRequired 
January 30th, 2006 4:05pm
Vista is supposed to be the most secure Windows ever [rolls eyes] If it is then why the need for AV software at all?
Permalink g 
January 30th, 2006 4:07pm
wheres philo when you want to mock him.
Permalink Send private email FullNameRequired 
January 30th, 2006 4:08pm
You're kidding, right?

Do you pay ANY attention to the news?

Let's put it this way - what do *you* think the EU would say about bundling AV with Vista?

Geez, can't win for trying....

Philo
Permalink Send private email Philo 
January 30th, 2006 4:10pm
<g> I watch the news.  the impression Ive had is that Microsoft could give a rats ass about the EUs opinion on anything.

Dont the Europeans already have access to the Microsoft antivirus stuff for windows for free?  has the EU said anything?
Permalink Send private email FullNameRequired 
January 30th, 2006 4:13pm
Microsoft bundling *or* selling anti-virus is a conflict of interest.  Plain and simple.
Permalink Send private email Almost H. Anonymous 
January 30th, 2006 4:14pm
But it isn't much worse than the status quo.
Permalink Rick Tang 
January 30th, 2006 4:17pm
I actually agree that it's a conflict of interest.

However, people have been saying for years that Windows should have AV built-in. If it hadn't been for the EU suit I suspect it would have been. But the EU (a major market) has indicated that they consider it bundling, so what is MSFT supposed to do?

Philo
Permalink Send private email Philo 
January 30th, 2006 4:33pm
philo,

They could try making their system more secure against viruses and worms. AV software is a bandaid on shoddy security.
Permalink g 
January 30th, 2006 4:37pm
http://www.centralcommand.com/
Permalink Send private email Philo 
January 30th, 2006 4:40pm
"I actually agree that it's a conflict of interest."

...and why is it a conflict of interest?
Permalink Send private email Almost H. Anonymous 
January 30th, 2006 4:40pm
philo,

Those *nix AV scanners scan for Windows viruses. We have AV running on our Samba servers, not looking for FreeBSD viruses...
Permalink g 
January 30th, 2006 4:43pm
s'what I get for trying to be cute while working on three other things at the same time.

Philo
Permalink Send private email Philo 
January 30th, 2006 4:45pm
AH sorry, my humour-meter is broken. ;)
Permalink g 
January 30th, 2006 4:46pm
Philo,

"so what is MSFT supposed to do?"

Clearly the answer is nothing.  They should have never tried to enter this particular market -- both for legal and moral reasons.  They have a crossed a line here that they shouldn't.  Microsoft will always face criticism about bugs and patching thems -- but now they'll have a solid financial reason NOT to patch bugs (beyond the actual cost of patching).  I have no doubt that they'll make as good, if not better, anti-virus than the competition but that's not the point.

If you're hearts not in it, Philo, you don't need to defend Microsoft on every issue.  They aren't wrong nearly as much as people around here seem to think but they aren't always right either.  Save yourself for the former.
Permalink Send private email Almost H. Anonymous 
January 30th, 2006 5:01pm
AHA, there has been a near-constant barrage of "MS should bundle AV with Windows" since the first user worm years ago.

I have no idea what the actual progression was, but my suspicion is that we bought Antigen with every intention of bundling it into Vista. Then the EU slapped us with the silly Media Player suit.

Seriously - what would *you* do? What *can* MSFT do? IMHO the only option is to take a deep breath and sell it separately. The money's been spent for the acquisition - nothing for it but to make the best of it.

As for the pressure to not patch Windows - it's BS. I agreed that it is, in theory, a conflict of interest. In actuality I can tell you the commitment to security inside the company is almost rabid. We make mistakes, there are screwups, but it's not "oh, we got caught on a security issue again" - it's "oh shit, we fucked that up"

I cannot imaging the current Windows team saying "hey, if we leave these back doors *here* and *here* we'll sell more AV!"

(BTW, every product group is held accountable for their own P/L - no group would take a hit for another)

Philo
Permalink Send private email Philo 
January 30th, 2006 5:09pm
"As for the pressure to not patch Windows - it's BS."

Agreed.  But it's about perception.  Microsoft could get a lot of bad press from this.

"Seriously - what would *you* do? What *can* MSFT do? IMHO the only option is to take a deep breath and sell it separately."

The whole thing is pretty stupid at this point.  Can Microsoft really do better than Norton?  If not, than why bother selling yet another virus scanning package?  There are even pretty good *free* virus scanning applications available.  If they made a mistake in aquiring a company (because they cannot now bundle) then perhaps they should just accept the loss.

But if that's really not an option then I think they need to get creative.  The line between patching security flaws and scanning/removing viruses is pretty thin.  Make it thinner.  Build a method into the OS to defend against viruses without calling it virus scanning or doing exactly what a normal virus scanner does.  Make it more like immunization (which is what a patch, in a sense, does). 

It would take a little engineering and a lot of marketing.  I suspect as long as Norton can continue to sell "virus scanners" then Microsoft can get away with it.
Permalink Send private email Almost H. Anonymous 
January 30th, 2006 5:24pm
"They could try making their system more secure against viruses and worms."

That's a ridiculous claim. Viruses (old style) infect executables. What are you going to do, not allow executables to be modified as OS level? What will compilers do then?
Permalink Send private email Mr. Powers 
January 30th, 2006 6:33pm
Compilers create new executables, not modify existing ones.
Permalink Send private email Almost H. Anonymous 
January 30th, 2006 6:35pm
23
Permalink Rick Tang 
January 30th, 2006 6:42pm
"Compilers create new executables, not modify existing ones."

What if the executable already exists from a previous compile? :) The compiler deletes it and creates a new one? The virus can do that too.

BTW, I'm curious to see the newly x86 Mac gain market share and watch the flood of viruses and spyware for it...
Permalink Send private email Mr. Powers 
January 30th, 2006 7:09pm
Oh good grief.

I spent years working with VMS systems and Unix systems, always with an authorized login account. And yet, as a creative and motivated human being, I could not have damaged those systems if I tried. Every configuration file and executable belonging to the system was write protected. There was no way that I, nor any virus that I might accidentally invoke, could damage or modify the operating system.

If I ran a compiler it created executables in my own file space that could run with no more authority than I had. Yes, a virus could modify those executables, but all they could ever damage was my own files. To clean the infection I could just delete the files and the virus is wiped out, no resistance possible. Delete my user account and all contamination is gone forever.

This is an area in which Microsoft have dropped a major clanger. Windows should have had proper separation between system and user space from the very beginning, but DOS and then Windows 3.1 and 95 were the viruses that completely undermined that possibility.

The very need for antivirus tools now is a legacy of systematic design failure in the early heritage.
Permalink Send private email Ian Boys 
January 30th, 2006 11:41pm
", but all they could ever damage was my own files."

the problem being that on a pc your own files are the only files that are actually *important*

On mac for instead, thats pretty much true due to its *nix heritage.  but that doesn't really make me any less at threat from virui (the fact there there aren't any virui out there for mac does of course) because the only files on the entire system that I care about are my own files. 
Everything else I can reinstall either from the cd or via download.

The security problem has changed radically since the unix systems were designed, the biggest threat no longer comes *from* a user account *to* the system as a whole....it comes *from* a user account *to* that same user account.

That is a *much* harder problem to solve, especially because these days the user can be assumed to be as thick as the walls on muppets house.
Permalink Send private email FullNameRequired 
January 30th, 2006 11:50pm
Am I misremembering (if that is even a real word)? I thought the EU vs. MS case was, yes, to do with MediaPlayer, but more importantly that it used some parts of the OS only known internally to MS, and that was why it was unfair. Or is that yet another case <g>?
Permalink  
January 31st, 2006 6:27am
Microsoft can't make it's system more resilient to infections because of backwards compatibility. If they lock down the filesystem, and API calls, and whatever else, then a whole truckload of apps will simply fail.

Instead, in Vista, they should jump in and lock the system down, but solve the legacy application issue the way Apple did -- by providing a VM (as well as an alternative: a relatively similar, but not seamless, compatibility API).

Of course, this would be more risky than a bandaid fix, but Microsoft has some amazing programmers, and they should be taking these risks [1].

[1] http://headrush.typepad.com/creating_passionate_users/2006/01/death_by_riskav.html
Permalink Send private email Rhys Keepence 
February 1st, 2006 8:34am

This topic is archived. No further replies will be accepted.

Other topics: January, 2006 Other topics: January, 2006 Recent topics Recent topics