Linked by Amjith Ramanujam on Wed 19th Nov 2008 02:13 UTC, submitted by poundsmack
Microsoft To address the growing need for a PC security solution tailored to the demands of emerging markets, smaller PC form factors and rapid increases in the incidence of malware, Microsoft Corp. plans to offer a new consumer security offering focused on core anti-malware protection.
Order by: Score:
Comment by flanque
by flanque on Wed 19th Nov 2008 03:28 UTC
flanque
Member since:
2005-12-15

I for one believe this protection should be cheaper and if Microsoft wants to offer it for free which in turn drives down the prices of competing products then that's great for consumers.

I'd expect all the Microsoft haters out there to cry foul but in the end Microsoft has provided a platform which like it or not has a massive surface area for attack and they should be protecting their customers for free.

Of coarse it'd be better if the problems didn't exist in the first place and I believe they're addressing this even if it is not as fast as we'd prefer, but for the interim a free product from them to help protect us is a great idea.

Thumbs up, Microsoft.

Reply Score: 7

RE: Comment by flanque
by Clinton on Wed 19th Nov 2008 03:38 UTC in reply to "Comment by flanque"
Clinton Member since:
2005-07-05

I'm usually against Microsoft bundling crap with their OS because it is always designed to conquer that particular market; be it browsers, video players, whatever.

In this case, however, I think Microsoft should bundle security software. I think it is immoral to charge the prices they do for their OS and then expect somebody to fork out yet another $40 bucks to protect against security problems.

Unfortunately, I'm sure the companies like Symantec, who have made their fortunes fixing Microsoft's problems, won't be too keen on the idea.

Reply Score: 8

RE[2]: Comment by flanque
by tweakedenigma on Wed 19th Nov 2008 03:42 UTC in reply to "RE: Comment by flanque"
tweakedenigma Member since:
2006-12-27

I gotta agree. I'm not a big Microsoft fan but this is something that should be included with Windows. Although I'm sure the Likes of Symantec and Mcafee will be tossing the word anti-trust around on this.

Reply Score: 4

RE[2]: Comment by flanque
by Ventajou on Wed 19th Nov 2008 20:06 UTC in reply to "RE: Comment by flanque"
Ventajou Member since:
2006-10-31

In the good old dos 6 days, they were giving a free AV with the system. IIRC it was a limited version of norton antivirus. So it wouldn't be the first time they did it.

Reply Score: 2

RE: Comment by flanque
by Liquidator on Wed 19th Nov 2008 07:43 UTC in reply to "Comment by flanque"
Liquidator Member since:
2007-03-04

Yes, it's a good move. Other companies are already offering free AV, so there's no unfair competition here. Those who want a paid AV can disable the native AV and use their own just fine. I hope this new MS AV updates automatically and daily for both legtimate and pirated copies of Windows because otherwise this isn't going to put a dent into botnet's installations. Remember that between 85 and 90% of spam is sent from a network of remotely controlled computers infected by malware around the world. It should take a few more years until everybody uses an updated antivirus.

Reply Score: 4

RE[2]: Comment by flanque
by pepa on Thu 20th Nov 2008 17:05 UTC in reply to "RE: Comment by flanque"
pepa Member since:
2005-07-08

Do you have some pointers about those figures for the origins of spam? I find it strange, because spam still needs to be sent through the SMTP servers of the ISP of an 'owned' computer.

Reply Score: 2

RE[3]: Comment by flanque
by Arawn on Fri 21st Nov 2008 10:04 UTC in reply to "RE[2]: Comment by flanque"
Arawn Member since:
2005-07-13

Sorry to say, but no it doesn't. Those 'owned' computers can have a simple SMTP engine installed, and as long the ISP doesn't block sending to TCP port 25, they send spam directly.

Reply Score: 1

RE[4]: Comment by flanque
by pepa on Fri 21st Nov 2008 15:02 UTC in reply to "RE[3]: Comment by flanque"
pepa Member since:
2005-07-08

Yes, but a lot of big ISPs nowadays only allow people to connect to port 25 on their SMTP-servers. (Although even a standard port like 587 is often still allowed..!) I used to use my own SMTP-server myself, but found it troublesome in that a lot of my emails (and this is years ago) would have trouble getting delivered. But yes, it would be trivial and small to have your own SMTP-server on those owned machines. Still would have liked a reference for those numbers...

Reply Score: 2

You dont have to use it
by sagum on Wed 19th Nov 2008 04:11 UTC
sagum
Member since:
2006-01-23

If this new software is as bad as the onecare, then I don't think the likes of norton are going to be too worried. Brand names such as norton are still going to continue, just like they do now. AVG free is a great, just like the new anti-melware program from microsoft, its not bundled with windows and is also free. There isn't any real reason for anyone to accuse Microsoft of bad practice here, they're just doing it free like the rest of the free providers and there will always be users who try it and don't like or or prefer to pay for a product because they get something that's been 'paid and supported'.

Reply Score: 3

RE: You dont have to use it
by Liquidator on Wed 19th Nov 2008 07:36 UTC in reply to "You dont have to use it"
Liquidator Member since:
2007-03-04

That's true. It's incredible to buy a product that is expensive and not ready to use. So far, MS has sold the poison and the antidote.

Reply Score: 4

RE: You dont have to use it
by harcalion on Wed 19th Nov 2008 14:47 UTC in reply to "You dont have to use it"
harcalion Member since:
2005-07-12

Yes, really fresh news... I think Windows Defender has been around for quite a few years. And the Windows Malicious Software Removal Tool is downloaded every month and checks for spyware/trojans. One only has to make sure that the copy of Windows is genuine.

On the other side, true, one also can use AVG and its "format c:" protection schemes, ;) .

Reply Score: 1

No cost anti malware?
by Nelson on Wed 19th Nov 2008 04:18 UTC
Nelson
Member since:
2005-11-29

You mean they're distributing Linux?

I kid, I kid.

Reply Score: 8

RE: No cost anti malware?
by Moredhas on Wed 19th Nov 2008 21:04 UTC in reply to "No cost anti malware?"
Moredhas Member since:
2008-04-10

If everyone started using Linux, think of all the poor companies that would starve. All these companies that make billions on doing what Microsoft should have done in the first place, fix the security flaws in Windows, would go bankrupt because their products are mostly redundant on Linux.

Reply Score: 1

Wait....
by Phloptical on Wed 19th Nov 2008 04:32 UTC
Phloptical
Member since:
2006-10-10

I thought I didn't need an AV suite if I run Vista?! They lied to me!!!

Here's another one...

They better be releasing it for free since no one is buying that "One Care" garbage.

Reply Score: 4

Tomorrow, we shave for free
by roger64 on Wed 19th Nov 2008 05:09 UTC
roger64
Member since:
2006-08-15

Just that, look how good we'll be...

Reply Score: 1

Vista Ultimate
by hraq on Wed 19th Nov 2008 06:07 UTC
hraq
Member since:
2005-07-06

I always said If MS sells Ultimate copy then it should include a free antivirus/antispam/antieverything.

It is ridiculous to call it ultimate while it is a vulnerable OS and the customer should care for it instead of the OS care for you. You are basically a nurse for the OS.

I need the OS company to care about their OS and my applications while I concentrate on my productivity.

I am afraid it will be too late 2009; It's now or never!

Reply Score: 4

How good is it?
by MaxKlokan on Wed 19th Nov 2008 09:33 UTC
MaxKlokan
Member since:
2007-12-04

Does anybody have more info on how well it will perform as compared to other anti-malware solutions?

Reply Score: 1

OK
by Xaero_Vincent on Wed 19th Nov 2008 09:37 UTC
Xaero_Vincent
Member since:
2006-08-18

I suppose this is good news for users but bad news for businesses selling malware removal services and/or products.

Competition is tough and I'm sure Symantec, McAfee, AVG, and Kaspersky will have their tantrum about this one.

I cannot say much because I use the free ClamAV anti-virus software on Linux. Its far from the best in terms of Windows malware detection (compared to other Windows virus protection products) but is antiquate when you never obtain "Linux" viruses anyway. ;-)

Edited 2008-11-19 09:38 UTC

Reply Score: 2

Nice thought but...
by bolomkxxviii on Wed 19th Nov 2008 11:30 UTC
bolomkxxviii
Member since:
2006-05-19

This will have one problem that Microsoft can't overcome; huge market share. If/when this is being used by almost every windows user the bad guys will turn their attention to it. Any software has holes to exploit and this will be no different. There will be a huge number of people attacking it and nothing can stand up to a concentrated attack. Just look at BluRay.

Reply Score: 2

Common sense
by Janvl on Wed 19th Nov 2008 11:42 UTC
Janvl
Member since:
2007-02-20

Not a bad idea but as said, the bad boys will concentrate on it. So better pick some other free AV programm and learn some common sense about not opening certain attachments.

Security starts with the user, it has been so for the last 20 years.

Reply Score: 2

Included for years
by Bit_Rapist on Wed 19th Nov 2008 15:11 UTC
Bit_Rapist
Member since:
2005-11-13

MS has included an anti-malware tool for years and it has always been free.

Its called FDISK, clears any virus or malware off the system with a 100% removal rate ;)

Reply Score: 4

security starts with the OS design
by TechGeek on Wed 19th Nov 2008 15:21 UTC
TechGeek
Member since:
2006-01-14

Actually, security starts with the OS design. Until Microsoft gets it through their thick skulls to enforce users running as users and not admins then the problem will continue. I also think that user directories should have a no-execute flag on them. Course, that would cause a problem with the thousands of crap apps that people load their systems with. But hey, you gotta break a few eggs to make an omlet.

Reply Score: 2

Soulbender Member since:
2005-08-18

Until Microsoft gets it through their thick skulls to enforce users running as users and not admins then the problem will continue.


Running as admin or not has no relevance for how easy malware can spread. Today's malware isn't interested in borking your system, it is interested in staying in the background, gathering data or being part of botnets. Neither of these requires admin access.

Reply Score: 3

Moredhas Member since:
2008-04-10

I know I'll sound like one of those deranged Linux fanboys when I say this (I'm just a user not a fanboy as evidenced by my total apathy either way over the whole GNU/Linux naming thing), but anyway here goes.

Part of Linux's security is that users always run in an underprivileged user account that cannot alter the system outside of their home folder. As another poster in this thread said, a lot of Windows' malware comes in trojan horse form. For now, there's no risk of that in Linux, and in the future it will be diminished if people just use their distro's repositories since they're a fairly trustworthy source of programs. Spyware and viruses that attack when you visit a web page, however, would be completely useless against Linux if the user isn't running as root. I mean, if the virus were a Linux binary, designed to attack Linux, it would be useless without admin powers (assuming it doesn't use some as-yet-non-existent jailbreak (permissions escalation) exploit).

UAC was a lame hack on a broken system to try and get user permissions working like this in Windows, and it annoyed everyone. If they did it right, which in the case of Windows would probably require a major rewrite and a kick in the ass to every developer, then Windows' security would be improved dramatically

Reply Score: 1

dagw Member since:
2005-07-06

if the virus were a Linux binary, designed to attack Linux, it would be useless without admin power

This simply isn't true. There is a lot you can do with just user level rights. You can add a program to a startup script so it runs every time you log in. You can open a network port to listen for commands from the hacker. And you can send out mail or help DoS an IP address. Basically most things a trojan would ever want to do.

Reply Score: 2

lemur2 Member since:
2007-02-17

"if the virus were a Linux binary, designed to attack Linux, it would be useless without admin power
This simply isn't true. There is a lot you can do with just user level rights. You can add a program to a startup script so it runs every time you log in. You can open a network port to listen for commands from the hacker. And you can send out mail or help DoS an IP address. Basically most things a trojan would ever want to do. "

If a Linux binary trojan is delivered to a Linux system via an external connection (say via a web browser), then as I understand it the binary file when it arrives on the Linux system will have no local execute permissions at all. A local user will have to manually "chmod" it to give it some permission to execute, and even then it will only gain the same privilege level as the user had.

This won't work for viruses, which try to infect and spread via stealth (hence without local user actions or even knowledge), and not via enticing the local user to actively participate in the propogation.

For trojans this can feasibly work, since the whole concept is to offer the recipient something desirable, that might entice them to go through all of the manual steps required on a Linux system to allow an external file to run.

However, on a Linux system the "paradigm" is to install stuff via the package manager, and hence anything else that comes in unsolicited and accompanied by a request to be "chmodded" in order to execute must surely arouse the suspicion of even the most clueless users.

Edited 2008-11-20 00:08 UTC

Reply Score: 2

google_ninja Member since:
2006-02-05

there are ways around it. archives will preserve +x, and social engineering could wget a binary off of a site, chmod it, and run it without too much difficulty (post "I got world of warcraft to run flawlessly! just copy/paste this command into a terminal: " on to ubuntuforums). You could also add a malicious script into a .deb.

You are right that it is harder on most flavors of unix to get people to run arbitrary code then most other operating systems, but its mostly relative. The most important thing is user education, people who mindlessly do things they don't fully understand on any operating system are easy targets.

Reply Score: 2

lemur2 Member since:
2007-02-17

there are ways around it. archives will preserve +x, and social engineering could wget a binary off of a site, chmod it, and run it without too much difficulty (post "I got world of warcraft to run flawlessly! just copy/paste this command into a terminal: " on to ubuntuforums). You could also add a malicious script into a .deb. You are right that it is harder on most flavors of unix to get people to run arbitrary code then most other operating systems, but its mostly relative. The most important thing is user education, people who mindlessly do things they don't fully understand on any operating system are easy targets.


Social engineering is always a possibility ... but the extent you have to go to to pull off such a trick is considerably greater on Linux, and as a direct consequence the chances of social engineering actually working to any significant extent is far less.

For example ... your example of a post on ubuntuforums ... wouldn't last for more than 5 minutes before being taken down, I'd wager.

This is what "community" is all about.

Reply Score: 2

Moredhas Member since:
2008-04-10

Even if it's still easy to attack Linux users with social engineering, it's still a hell of a lot harder than attacking Windows users. I don't know how many people I pulled out of the fire the first time the "Block Checker" went around on MSN, but by the second time around, I noticed it was all the same people. Sad fact is, the vast majority aren't just under-educated on basic computer security, they're downright stupid.

Reply Score: 1

Soulbender Member since:
2005-08-18

then as I understand it the binary file when it arrives on the Linux system will have no local execute permissions at all.


Correct, it probably does not arrive with the execute bit set. However, it wouldn't be hard to engineer the exploit to also simply set that bit.

However, on a Linux system the "paradigm" is to install stuff via the package manager


Note entirely true. Both Klik and zeroinstall are examples of systems that does not install applications globally using the package manager and that does not need root access to install applications.
There are also many apps that are not distributes using the package manager, such as Skype and Gizmo. It of course also possible to just download a .deb or rpm, double-click on it in the filemanager and have it installed.

Edited 2008-11-20 14:52 UTC

Reply Score: 2

Soulbender Member since:
2005-08-18

and in the future it will be diminished if people just use their distro's repositories since they're a fairly trustworthy source of programs.


If people do this, if people do that. The problem is not what people should do, the problem is what they actually do. If people behaved sensibly the need for AV software in Windows would be less too.

Spyware and viruses that attack when you visit a web page, however, would be completely useless against Linux if the user isn't running as root.


You know, I am perfectly aware of the advantages of the unix security model (having run Unix, Linux and BSD since 1994) but living in denial of the real risks isn't helping anyone.
It's perfectly possible that a vulnerability in, say, Firefox would make it possible for an attacker to place a binary executable (static linking is awesome like that) in a users home directory and have it run every time you log in. This program would then have free access to the users files and can bind to high ports and take part in botnets. The bad guys don't want to screw your box and give themselves away, they want to get at your bank accounts, passwords etc.
NOTHING in the Unix security model prevents this because it was not designed to.

I mean, if the virus were a Linux binary, designed to attack Linux, it would be useless without admin powers


Again, they DO NOT want to attack Linux, they want to attack YOU and for that they don't need admin powers.

Reply Score: 2

lemur2 Member since:
2007-02-17

Today's malware isn't interested in borking your system, it is interested in staying in the background, gathering data or being part of botnets. Neither of these requires admin access.


True.

On a Windows system AFAIK, stuff that arrives on a system from an external source can execute and "stay in the background, gather data and/or be a part of a botnet" without ever necessarily bothering any local user to ask permission to execute.

Windows update is one example.

Putting a certain type of Sony CD in the CD drive is another example.

I'm sure there are myriad other ways for this to happen.

Reply Score: 2

PlatformAgnostic Member since:
2006-01-02

How do you protect users from things they knowingly install themselves without realizing that they are malicious? The majority of Windows Malware falls into this trojan horse category.

Reply Score: 2

google_ninja Member since:
2006-02-05

It's called UAC, and it is the number one thing people hate about vista

Reply Score: 2

10 Years too late
by membrain on Wed 19th Nov 2008 17:24 UTC
membrain
Member since:
2008-06-19

That's all.

Reply Score: 0

Confused
by computrius on Wed 19th Nov 2008 18:34 UTC
computrius
Member since:
2006-03-26

I have to say, im a bit confused. There is this software called windows defender that is already installed with vista. They already give it away for free... This is nothing new.

Edited 2008-11-19 18:34 UTC

Reply Score: 2

RE: Confused
by google_ninja on Wed 19th Nov 2008 19:30 UTC in reply to "Confused"
google_ninja Member since:
2006-02-05

Windows defender is just for spyware, doesn't really handle virii. OneCare is their product for all around protection, but it is a paid subscription product.

Reply Score: 2

No problem for McAfee and Symantec if ...
by JeffS on Wed 19th Nov 2008 21:02 UTC
JeffS
Member since:
2005-07-12

... they make their products not suck ass.

They can go about it by making their products not be such bloated, resource hogging, obtrusive obominations, and then make them add exceptional security above and beyond what the free MS stuff offers.

Symantec and McAfee have made fortunes leeching off Windows' security problems.

That gravy train is ending, thankfully.

Edited 2008-11-19 21:03 UTC

Reply Score: 2

heh
by Mellin on Wed 19th Nov 2008 23:16 UTC
Mellin
Member since:
2005-07-06
Malware is a feature not an option
by centos_user on Thu 20th Nov 2008 03:19 UTC
centos_user
Member since:
2008-11-16

With Windows malware is a feature not an option, it is one of the nice things that go hand and hand with all Windows Operating Systems.

:)

Reply Score: 1

MS Anti Spyware is back ..
by de_wizze on Thu 20th Nov 2008 03:47 UTC
de_wizze
Member since:
2005-10-31

I was always saddened when to started charging for the community service effert that they took away when moving to the OneCare model.

Reply Score: 2

This is appropriate
by CaptainN- on Thu 20th Nov 2008 19:47 UTC
CaptainN-
Member since:
2005-07-07

Microsoft is responsible for the security of it's own products, more so than any other vendor. There are some places where I think MS is wrong for bundling middle-ware with their operating systems, and other products. But when it comes to security, they are really responsible, and requiring users to caught up cash to a third party to keep their own products working - that was the wrong situation. This they are going to (finally) get right.

BTW, you can already get 3 different anti-virus products (off the top of my head) for free, that all perform better than Norton or McAfee - both of which are simply abysmal. So whatever..

Reply Score: 1