backtop

Print E-mail del.icio.us 85 comment(s) - last by Helbore.. on Oct 13 at 4:21 PM
Symantec tell Microsoft to level the playing field with Vista security

Symantec is still crying foul over Microsoft’s decision to lock anti-virus vendors out of the Windows Vista kernel. Last week, DailyTech reported that McAfee has gone so far as to take out a place a full-page ad in the Financial Times berating Microsoft for its Kernel PatchGuard protection scheme in Windows Vista. Just a few weeks prior to that pot shot at Microsoft, Symantec had expressed similar displeasure in the security feature.

Now, Symantec is going even further by saying that Microsoft needs to provide a "level playing field" for security vendors and give them equal access to the Vista kernel. "We want the same access to the operating system as their engineers and developers. Let us integrate; we can do a better job of integrating security than Microsoft can," said Jeremy Button of Symantec's security and data management group.

Microsoft has decided to take a new approach to security with its Windows Vista operating and it felt that denying access to the kernel was one of the best things it could do to ensure security. Information Week reports:

Microsoft has built anti-virus and anti-spyware software into Vista, and the company has taken away access to the Windows kernel, which controls the operating system's most basic functions. Security vendors use that access to detect and block certain malware, including worms. Microsoft says that benefit isn't worth the downside, which is that malware writers exploit the same kernel access.

While McAfee and Symantec aren't too happy about the current state of affairs with Windows Vista, Russian-based Kaspersky Labs has rushed to Microsoft's defense. "It would not make any sense for them (Microsoft) to stop working with other computer security companies because it would make their system more vulnerable to attacks," said Kaspersky Lab Chief Executive and co-founder Natalya Kaspersky.

For those that want to take a deeper look at Kernel PatchGuard, you can take a look at this MSDN blog post.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
do I need anti-virus and firewall on vista?
By GNStudios on 10/12/2006 12:23:05 PM , Rating: 1
Do I need a third-party anti-virus/spyware and firewall in Windows Vista or is it secure thanks to the Microsofts own stuff?

Replies are appriciated!




RE: do I need anti-virus and firewall on vista?
By blwest on 10/12/2006 12:34:20 PM , Rating: 2
You'll still need AV software either from 3rd party or Microsoft's own AV through their security center (paid). I forget what it's called. Windows Defender maybe?


RE: do I need anti-virus and firewall on vista?
By GNStudios on 10/12/06, Rating: -1
RE: do I need anti-virus and firewall on vista?
By TomZ on 10/12/2006 2:03:36 PM , Rating: 5
Sorry, but that's really dumb. You are paying Microsoft (or Symantec) to protect you from viruses, not from Microsoft's software. If someone breaks down your front door and steals stuff out of your house, do you blame the thief for that, or the manufacturer of your door?


RE: do I need anti-virus and firewall on vista?
By mindless1 on 10/12/2006 2:14:46 PM , Rating: 2
If it's incredibly easy and there are several different ways to compromise the door even by kiddies, you blame the door manufacturer because they didn't make a reasonable effort to make it secure instead of trying to promote features people don't necessarily want in a (door).


By TomZ on 10/12/2006 4:29:43 PM , Rating: 2
If you assume the door is of reasonable design and free from manufacturing defects, then most of the blame would go to the theives, right?

I would argue that Windows, in the present form of WinXP (and probably eariler releases also), is already at this level. It takes a lot of work right now to find an exploit in the OS that would allow you to develop a virus. It's not a trivial thing to do because the possible exploits are so numerous due to shoddy coding.

So, IMO, we cannot blame Microsoft for all the world's problems.


By Christopher1 on 10/12/2006 4:29:52 PM , Rating: 2
Hey, Microsoft is doing their best this time to secure the OS. But the facts are that in ANY OS there are going to be methods to attack it and compromise it.

With all the people who are going to be looking to cash in on Vista spyware, it will be cracked, but Microsoft is at least TRYING to fix any blatent holes and putting in so many layers of security that it will be hard as heck to compromise the system unless you are VERY skilled or sneaky.


RE: do I need anti-virus and firewall on vista?
By GNStudios on 10/12/06, Rating: 0
By TomZ on 10/12/2006 4:11:57 PM , Rating: 3
You blame both based on my analogy, but in your original post, you only blamed Microsoft. That is why I criticized your post. Sorry, I didn't mean to make it sound like a personal attack - I should have been more diplomatic.


By wrack on 10/12/2006 7:32:11 PM , Rating: 2
Norton is the biggest bunch of poo poo software maker since Norton Internet Security 2004 and above.

I still have a little faith in Norton Internet Security 2003 but I use BitDefender nowadays which is way better.


By bisoy on 10/12/2006 10:35:56 PM , Rating: 2
I had Norton before and it suck bigtime. I bought TrendMicro last week, and my mail server is now virtually spam free.


RE: do I need anti-virus and firewall on vista?
By imaheadcase on 10/12/06, Rating: 0
RE: do I need anti-virus and firewall on vista?
By Korvon on 10/12/2006 1:18:00 PM , Rating: 3
It all depends on how you use your computer. Some people can go months and not have a problem, then I have seen others completely screw their computers in less than 24 hours.

On windows Vista it still says you need a 3rd party AV, however the only one that currently works is Microtrend. I have been running Vista (RC1) with Microtrend for a month now and havent had an issue. Defender kind of pisses me off though, blocks daemon tools on every boot. :P


RE: do I need anti-virus and firewall on vista?
By tuteja1986 on 10/12/2006 2:02:08 PM , Rating: 2
"We want the same access to the operating system as their engineers and developers. Let us integrate; we can do a better job of integrating security than Microsoft can,"

This dude has lost the plot.


By TomZ on 10/12/2006 2:05:43 PM , Rating: 2
...and when has Microsoft ever publically exposed internal software information to this level of detail? Previous generations of AV software were constructed based on reverse engineering. Does it even occur to them that if Microsoft provides certain information to Symantec, then they would have to provide it also to many others, which would surely fall into the hands of the virus writers?


RE: do I need anti-virus and firewall on vista?
By hondaman on 10/12/2006 2:27:32 PM , Rating: 2
Not running any antivirus is suicidal, or masochistic, depending on who you are. There is free, top of the line AV software one can use, so there isnt a reason in the world for anyone NOT to use it.

In regards to computers and viruses, there are three kinds of people:

1: Those who will be infected.
2: Those who have been infected.
3: Those who use AV and still get infected.

Not using AV increases your chances of getting infected by an unimaginable degree. Its simply foolish, irresponsible computer use.


By DokGonzo on 10/12/2006 3:34:51 PM , Rating: 2
No, running a computer without a firewall is suicidal. Running a computer without AV software is a matter of personal preference because you really don't need it as long as you know why and how infections happen in the first place. I haven't had a virus infection in over 4 years and all I ever used was a properly configured firewall, Mailwasher for pre-checking my e-mails, and a certain degree of common sense. And my computer runs like a dream, it's snappy and isn't being dragged down by bloated AV software...


RE: do I need anti-virus and firewall on vista?
By TomZ on 10/12/2006 4:19:23 PM , Rating: 2
quote:
Not using AV increases your chances of getting infected by an unimaginable degree. Its simply foolish, irresponsible computer use.

I couldn't disagree more. A sophisticated user doesn't need AV tools. I am proof of this, as are several of the folks I work with. Self-protection from viruses is really as simple as:

1. Keeping all your SW - esp. the OS - always patched to the latest level
2. Don't activate executable or other e-mail attachments that can carry active content
3. Don't visit questionable web sites (you know which ones I'm talking about)
4. Don't download and install questionable software off web sites
5. Access the Internet from behind a hardware firewall

That's it - it's pretty simple if you ask me. Like I said in another post, I've done this for at least 10 years on Windows and never had a virus problem.

On the other hand, if you are in a situation with less-than-sophisticated users, have users that don't care if their computers get viruses (e.g., work), or have public PCs (e.g., library), then AV protection is absolutely necessary, and as you say, it would be irresponsible to not use it.


RE: do I need anti-virus and firewall on vista?
By Christopher1 on 10/12/06, Rating: 0
By TomZ on 10/12/2006 4:39:42 PM , Rating: 3
Sorry, that doesn't make sense to me. Why not just avoid the codecs and applications from shady companies in the first place? In other words, what are you watching that can't be decoded by mainstream codecs like WMA, DivX, etc. from reputable vendors?


By ZeeStorm on 10/13/2006 8:54:12 AM , Rating: 1
Having a flashy certificate and training doesn't make you computer "sophisticated". My 10 year old brother could get that certificate if he wanted to -.-


By crazydrummer4562 on 10/12/2006 5:31:40 PM , Rating: 2
I agree, as you learn more and more and are on the internet and are computer savvy it becomes increasingly easier to spot out shady apps and files, I have yet to get infected.


By Vanners on 10/13/2006 1:51:47 AM , Rating: 2
I disagree. AV is the virus you install when you don't want a virus. Time after time I have installed AV from multiple vendors only to get a less stable system that is slower and the only positive is to "know" that (as I suspected) I STILL DON'T HAVE A VIRUS! (er... except now how do I get rid of this AV?). Behaviour is better protection against viruses than an AV.

Follow the logic:
1. I have a clean computer and never turn it on - it remains clean.
2. I have a clean system - it has no contact with any other computer (no network or internet, no external storage medium except DVD drive. I choose to only put "safe" discs in to install legitimate software. The result is my system remains clean indefinitely.
3. I have a clean system - I control everything that comes in and disallow anything that could compromise the system - it remains clean so long as I do my job well.
...
n. I regularly install dodgy crack software from an obviously disreputable site. Sooner or later I get a virus any scanner will miss. My system is in trouble.

It is clear to see that behaviour determines risk - part of that behaviour is firewall policy, part is browsing habits, part is choice of foreign file access and lastly choice of AV.

AV companies should not whine so loudly that their gravy train is drying up. They only exist because of the exploitable nature of OSes and those willing to exploit them. It is the OS provider's responsibility to secure the OS, when it does so don't complain, just accept that AV companies now can't exploit the OS (and it's customers) anymore either.

I'm not saying that the war is won though - I agree that by not opening up the kernal it just means that freelance virus writers could find an exploit before the professional ones. ;)


RE: do I need anti-virus and firewall on vista?
By Hare on 10/12/2006 5:10:33 PM , Rating: 2
Few points.

1. Firewalls don't understand anything about viruses or malware. They just provide a way to control traffic. They can't protect you in any way from viruses.
2. Hardware firewalls have software inside them. Just because the thing has it's own casing doesn't mean it's superior.
3. If the OS in question has no open ports or the apps listening to the ports are safe, the firewall isn't needed. It's just a precaution. With a NAT-router firewalls are not needed (NAT hides the local networks IP's and controls traffic).


RE: do I need anti-virus and firewall on vista?
By TomZ on 10/12/2006 5:23:05 PM , Rating: 3
quote:
Firewalls don't understand anything about viruses or malware. They just provide a way to control traffic. They can't protect you in any way from viruses.

Firewalls have a lot to do with viruses because they prevent exploits via ports that are open on your computer and closed on the firewall. This disables the entire class of viruses that exploit security issues with services that listen on open ports on your computer. Furthermore, firewalls may also help prevent viruses that may be on your computer from communicating with other hosts through non-standard ports that would be closed on the firewall.
quote:
Hardware firewalls have software inside them. Just because the thing has it's own casing doesn't mean it's superior.

Hardware firewalls have software, that is correct, but they have the advantage of being simpler and thus less likely to have coding mistakes that would lead them to be exploited. In addition, they help disperse the risk because of the number makes, models, and processors. Compare that to 95% of desktops that run Windows and have basically the same firewall software, TCP/IP stack, same processor (x86).
quote:
If the OS in question has no open ports or the apps listening to the ports are safe, the firewall isn't needed.

Fact of the matter is that on a normal computer, especially in a networked environment, there are lots of ports open with services attached on a typical computer. Each of these increases the attack surface. If these ports are not needed outside your organization, then the hardware firewall is a big help in that way.


By Hare on 10/13/2006 6:16:50 AM , Rating: 2
quote:
Firewalls have a lot to do with viruses because they prevent exploits via ports that are open on your computer and closed on the firewall. This disables the entire class of viruses that exploit security issues with services that listen on open ports on your computer. Furthermore, firewalls may also help prevent viruses that may be on your computer from communicating with other hosts through non-standard ports that would be closed on the firewall.
Viruses are usually embedded in files that you download. Your firewall doesn't know what a file contains. Firewalls protect against worms like Blaster that use open ports and vulnerabilities in the software to spread.
quote:
Hardware firewalls have software, that is correct, but they have the advantage of being simpler and thus less likely to have coding mistakes that would lead them to be exploited. In addition, they help disperse the risk because of the number makes, models, and processors. Compare that to 95% of desktops that run Windows and have basically the same firewall software, TCP/IP stack, same processor (x86).
Firewalls do very little to limit the spreading of viruses. Exactly how many people use firewalls to monitor outgoing traffic... Exactly. With hardware firewalls even fewer since it takes more time to configurate it and hardware firewalls cannot be configured to limit specific applications etc. Most viruses spread via email and files. Again something that a firewall cannot monitor. Software firewalls have advantages, application specific rules (allow only this and that app, block everything else).

quote:
Fact of the matter is that on a normal computer, especially in a networked environment, there are lots of ports open with services attached on a typical computer. Each of these increases the attack surface. If these ports are not needed outside your organization, then the hardware firewall is a big help in that way.
True. It's a very good precaution to use a firewall.

I don't think we really disagree about a single thing. There are just way too many people who say that they have a firewall and have and will never have viruses. That's just wrong. Firewalls don't really protect against viruses (worms maybe) but viruses, no. That was the point I was trying to make with my post. If someone is a heavy p2p user and clicks on every email attachment he/she really should have av-software. AOL active shield is free and it's "Kaspersky Lite". Very effective and costs nothing. Why risk viruses...


RE: do I need anti-virus and firewall on vista?
By hondaman on 10/12/2006 2:15:05 PM , Rating: 2
Who would trust a company who cant code a secure operating system, to code its own secure AV?


RE: do I need anti-virus and firewall on vista?
By FITCamaro on 10/12/2006 2:30:32 PM , Rating: 2
Uh...the point of locking non-MS code out of the kernel is to make it secure. If AV companies can't touch the kernel, virus's can't either. I'm sure someone will figure out how to hack it regardless, its just a fact of life. No matter how much Microsoft tries, they will always get hacked because people such as yourself see them as this devil and feel you can prove something by creating a virus which causes other people a headache, not Microsoft. No software is ever 100% secure. Just you have about 10 million hackers going after Microsoft, and only a few handful going after Linux, Unix, and OS X.

If you want my opinion as to who's more "evil", go after Macintosh. They control their stuff way more than Microsoft does.


RE: do I need anti-virus and firewall on vista?
By hondaman on 10/12/2006 2:48:48 PM , Rating: 4
1: Locking out AV vendors from the kernel wont prevent viruses.

2: Its a sad state of affairs when people such as yourself accept viruses as a "fact of life" as if there isnt anything you can do about it, it just happens.

3: My original point/response is made even more clear, in that since MS locks out other AV companies, people dont have a choice in virus protection. Its MS, which is both incompetent, and slow to react to 0-day exploits, or nothing at all. How can that POSSIBLY be better for the consumer? Competition and choice is _always_ better, as it results in a better product.


RE: do I need anti-virus and firewall on vista?
By akugami on 10/12/2006 3:14:59 PM , Rating: 3
1. True, locking out AV vendors from the kernel won't prevent viruses but it will mean that there is less chance of a serious viral infection.

2. It's sad that we have to accept virii as a "fact of life" when using computers on the net but we didn't create the situation. It's there, we have to accept it since it's impossible to eradicate all security holes. All we can do is to use preventative measures and protect ourselves as best as possible.

3. Just because the Vista kernel is locked down doesn't mean that someone can't write AV software for Vista. They will just have to put more work and make better products. It's a fact that AV software from the big vendors have declined in the last few years.

What it does mean is that everyone except MS has access to the kernel. Meaning that outside of flaws in the Kernel Patch Protection scheme, no one outside of of MS can modify the kernel in any way. AV vendors will have to improve thier products to better detect virii and malware without relying on unsupported and undocumented hacks into the Windows kernel.


By TomZ on 10/12/2006 4:23:55 PM , Rating: 4
Well-stated. And I would add to that, that it is INCORRECT, from a QA and architectural perspective, for other applications to modify the OS anyway. How can Microsoft possibly be expected to supply a secure, stable OS with so many applications "modifying" the OS by applying kernel patches, replacing system DLLs in the Windows folder, etc. There needs to be a very clear separation between OS and other software - other software should NEVER modify the OS. I think Vista is making steps in the right direction from that perspective.


By Helbore on 10/13/2006 12:33:19 PM , Rating: 3
You do realise that the Kernel lock-down is something Microsoft should have done a long time ago. Othere Oses don't have open Kernels like Windows does (did) and Microsoft are making the right move by protecting the guts of the system from changes. There is absolutely no need for anyone to make any changes in the Kernel whatsoever.

And before you attack Microsoft again, it would be worth you reading up on OneCare and Defender and you'll realise that neither of these products require Kernel access in the way that Symantec want. So if MS can write security software that doesn't need access to the Kernel, so can Symantec.

Its only Symantec and McAffee who are bitching about this. All the other players in the inductry are quite happy with the change. Kaspersky has openly stated as such. The reason behind this is simple, Symantec and McAffe have made their ends meat of writing "cheap and easy" software that uses, effectively, bugs in the Kernel to provide their security features. Now, due to this change, they will have to write a totally new suite that does the job properly and that will cut in to their profit-margin (and they might have to hire some decent programmers, too!)

If you want to attack a company for writing poor software and keeping us flooded with new security problems, blame this pathetic excuse for a company (and McAffee, too)

Microsoft have made the best move they could in providing a stable and secure OS by locking down the Kernel. If these companies don't want to develop for the platform, then no-ones forcing them to. But they CAN still develop their software for it, if only they'd do some actual work in designing it.


RE: do I need anti-virus and firewall on vista?
By Runiteshark on 10/12/2006 3:36:01 PM , Rating: 1
quote:
Just you have about 10 million hackers going after Microsoft, and only a few handful going after Linux, Unix, and OS X.


I get so tired of reading this, do you even have a clue? The only reason that Microsoft attacks are so prominent is because of the fact that it is so easy to spread them. Tell me, how many times have you heard of a bot using a remote code exec exploit on *nix 2.4.x and then turning it into a bot?

Oh thats right, you never have.

But what about say, random *nix boxes getting rooted and having all their crap screwed up?

Its simple really, its much easier to make a big botnet out of windows machines with say the lsass, or mytob, or some other random exploit, rather then painstakingly making a bot to "mabie" execute and run on a couple *nix based machines.


Wanna see how it really looks for sec on Nix Windows, BSD and Mac OSX?

www.zone-h.org


By TomZ on 10/12/2006 4:35:45 PM , Rating: 2
quote:
The only reason that Microsoft attacks are so prominent is because of the fact that it is so easy to spread them.

And why do you think that is? It is because most (around 95%) of desktops are running Windows, and thus most "average joe" users, who have the ability to do something to activate a virus, are on Windows.

As a virus writer, having hundreds of millions of available machines on the Internet with human operators running the same OS makes Windows look like a "soft target," completely regardless of the actual level of real code security. When you consider the possible economic gains, it is clear why Windows is the target, as opposed to small marketshare niche OSs like OS X and Linux.


By glennpratt on 10/12/2006 12:00:41 PM , Rating: 3
I've seen more computers screwed up by Symantec network drivers and rendered useless with the Mcaffee crap that AOL bundles then I've seen virus' lately. Mcaffee's full suite can literally make a modern P4 with broadband feel like a 386 with dialup.

I think Symantec's corporate stuff is OK, but Mcaffe can shove it.

They clearly have a conflict of interest, they don't need access to the kernel. Period.




By hubajube on 10/12/2006 12:09:43 PM , Rating: 2
Symantec's corporate stuff is crap too. My co-worker had a virus on his computer for 8 months and so-called antivirus was up to date AND functioning and didn't clean nor quarrantine the virus. It DID make a note of it in its log. POS!


By Kuroyama on 10/12/2006 12:16:30 PM , Rating: 2
I have the corporate McAfee (crap) on my office PC. While it doesn't claim to be an anti-spyware program, the funny thing is that if I run a full PC scan then it won't detect spyware, but if I run say Lavasoft Ad-Aware then as soon as Ad-Aware detects spyware then McAfee pops up and says it found the spyware and shall I delete it? It's almost as if it's trying to take credit for the work someone else's software did.


By JazzMang on 10/12/2006 3:36:14 PM , Rating: 2
This is because people dont RTFM and realize that they may have to boot the computer into safe mode for the A/V to remove a file that was previously in use in the OS.

No A/V product makes up for the lack of intelligence of the end user. None.


By Helbore on 10/13/2006 12:46:05 PM , Rating: 2
Its funny how other AV products can manage to remove these viruses without contant reboots to safemode/downloading of special removal tools/manual deletion by way of registry hacking/etc.

I've used both Symantec and McAffee suites in both commercial and home environments and both are useless compared to even the free AV scanners like AVG, which can actually remove these viruses that the others fail to do.


By elegault on 10/12/2006 12:49:57 PM , Rating: 2
I've seen Trendmicro's HouseCall do a much better job than Symantec Corporate.


Business Model
By blwest on 10/12/2006 12:22:14 PM , Rating: 2
Symantec is just pissed that MS killed their entire business model: Protect against MS Windows Viruses that we created.

IMHO a company is weak if their entire revenue model revolves around one product from one company. They attempted to create AV software for Mac, but it's not universal binary--thus nobody new to the Mac world uses it.

PCanywhere, foiled by remote desktop. They killed ghost by removing the capability to make images of drives. It is no more than an expensive MS backup that comes with Windows.

Honestly I can't think of a Symantec product that doesn't rely on MS Windows.

Anyways, time to sell that symantec stock while it's still worth something.





RE: Business Model
By sdsdv10 on 10/12/2006 12:35:45 PM , Rating: 2
quote:
Symantec is just pissed that MS killed their entire business model: Protect against MS Windows Viruses that we created.


Exactly what I was thinking. MS's original screw up in writing Windows gave Symantec and others an opportunity to start and grow a business. Now that MS is trying to rectify the issue (however feebly their attempt may be), Symantec is crying the blues. Sorry, get over it and find a new business to get into.

Been happening in the auto industry for years. Whenever the aftermarket guys come up with a great little idea, the manufacturers eventually incorporate that item directly into the car design cutting the aftermarket out. They (the aftermarket that is) just have to find a new idea.


RE: Business Model
By RMSe17 on 10/12/2006 1:04:35 PM , Rating: 2
quote:
They killed ghost by removing the capability to make images of drives. It is no more than an expensive MS backup that comes with Windows.

Don't be silly, ghost was not geared for home use, and in the enterprise world it is very popular.


RE: Business Model
By hondaman on 10/12/2006 2:18:13 PM , Rating: 2
This is news to me. Since when was my ability to bare-metal image a drive taken away from me?


RE: Business Model
By PitViper007 on 10/12/2006 2:35:09 PM , Rating: 2
Just what I was wondering. I use Ghost all the time. Saves me many headaches.

PitViper


RE: Business Model
By blwest on 10/12/2006 4:10:26 PM , Rating: 2
We still use version 8, any of the new distros out there don't allow you to make an image...


maybe what they're really afraid of...
By johnsonx on 10/12/2006 1:29:26 PM , Rating: 3
Maybe what Symantec and McAfee are really afraid of is that Microsoft's security approach genuinely will make Windows far more secure, and that no one will need their products any more.

As it is I haven't bothered with anti-virus or anti-spyware on my own computers for years, and I probably will continue not bothering with Vista. Even my customers, who do have anti-virus and anti-spyware software, either go for years without seeing a single message about a virus or malware (and have no problems), or they frequently get infected anyway (and still get no message from their security software).

In other words, even now I find little benefit to having real-time anti-virus and anti-spyware software on a computer. The only use I find for such software is after-infection cleanup, after doing the initial dis-infection by hand.




RE: maybe what they're really afraid of...
By TomZ on 10/12/2006 1:44:58 PM , Rating: 3
I couldn't agree more. Clearly Symantec and McAfee see the end in sight for their main cash cows, and these announcements are all about trying to gain public support before they get started on lawsuits against Microsoft. I think (or at least hope) that they fail because I think Microsoft can make a strong case for a more secure OS, and I believe that Microsoft's customers will side with Microsoft on that argument.

I also agree that AV software is unnecessary, at least for reasonably cautious users. I've run Windows in its various forms for at least ten years and never had a virus problem. But I'm also not the type to double-click on "Paris Hilton Nude Movie.exe" when it arrives in my e-mail inbox either.


RE: maybe what they're really afraid of...
By Nekrik on 10/13/2006 4:45:12 AM , Rating: 2
I would never click on a "Paris Hilton Nude Movie.exe" either, but then I got this "Kristen_Kreuk.exe" and the entire company's network was down in a matter of moments :) It couldn't be helped, everyone knew it, I kept my job, and everyone else here would have done it too.

Anyone who's had to test/debug compatibility issues with some of the bigger AV apps out there should know they do some pretty nefarious stuff (at the least have very low quality bars), and they're most likely going to have to scrap their current code base in order to work under Vista. In the long run this could be a good thing as they can use the opportunity to re-architect it and remove some of the design flaws that they know exist but have been postponed version after version after version after...


By Helbore on 10/13/2006 3:53:39 PM , Rating: 2
You clicked on an executable that arrived in an email?!?!?!

Well, to be honest, your company's IT department should have blocked all executable's from being delivered via email. Then there would be no risk of that.

Having watched an entire company's network go down because of a virus and being the person in charge of clearing it up, I can say with some experience, that its not a fun thing to try and clean such an event up. Oh, and guess what was the cause of this wonderful infection. We were running Symantec Corporate and they had distributed a new dat, which just so happened to be corrupt, knocking our entire virus protection off-line. One small mistake by one of the juniors and that was it, goodbye network. Thanks Symantec. Thanks a lot!


By improbablyatwork on 10/12/2006 1:53:30 PM , Rating: 1
I've read a lot of you say that Symantec and McAfee have ruined your system, don't remove virus' and overall is a piece of ****... Well it all depends on if you actually know what your doing. Just running the programs themselves aren't the magic cure to spyware and virus'. They only aid in removing them. However like pregnancy the best way to prevent malware is abstence. Stop looking at pr0n. Stop downloading free cursors. And ffs stop using limewire.

I don't think you can argue wether or not this is a good decision by microsoft because only time will tell. What's to say keeping the kernel private will mean less malware. People who write malicious programs intended to cheat the system or attack your computer are always going to find a way around and ultimately write the programs anyways.

This could either be a really good decision, or a really bad decision. If malware is written that isn't detected by microsoft and theres no third party clients to pick up the slack then we are going to be getting critical MS updates every 6 hours. Not my idea of fun.

Just my $0.02




By rultin on 10/12/2006 2:29:11 PM , Rating: 2
Enough about Symantec or McAfee. Who really needs their stuff these days? I run IPCop for my connection, AVG anti-virus on all my PC's and Pest Patrol resident detection. Never have any problems....ever.


By Spinne on 10/12/2006 2:33:59 PM , Rating: 2
I don't think you know what you're talking about. I know enough not to click on parishiltonnude.exe when I see it in my mailbox, but there are literally tons of people out there who don't know better. If I do end up with an undesireable on my PC, I also know enough to wipe it clean by hand, with little to no help from Symantec (I actually haven't used Symantec at home for a year now). However there are tons of people who don't know how to do this. Symantec and McAffee cater to these people and claim that they can make everything better with little or no user intervention. This is what we're saying is bull****. Fact is, Symantec (the Office version) is a real system hog and can't clean the harder to remove stuff by itself. McAffee... well, the less said the better.


By VooDooAddict on 10/12/2006 3:00:38 PM , Rating: 2
I agree that AV tools need to be used properly ... and not thrown out completely. However...

Stop ... looking ... at ... pr0n? (*hears the screams of a 100 million geeks*)

People are going to do these things regardless of your suggestions. So they need some form of protection from them.

The problem is that the protection shouldn't cause more issues then an infection! I'm looking forward to the kernel lock in hopes it will help this.

People with heavy email clients need email scanning. People need scanning of NEW files after they are downloaded. People need scanning of Java Applets and ActiveX Applets before FIRST execution not during execution of every line of code (then scanned again only after a new virus def update). Full system scans should be done on a regular basis with new def releases.

Active scanning that scans every operation of your computer and every file access by sitting in the kernel should NOT be needed. These cause many more problems then they are worth.

Again, I agree that AV tools need to be used properly to not cause additional problems for users. Most AV tool vendors do NOT setup their tools this way. They just default to the largest umbrella possible.

I'm looking forward to seeing how well kernel lock works in practice.


By Helbore on 10/13/2006 4:02:14 PM , Rating: 2
That would be fair enough if it were true for every virus scanner out there. But its not. Try Kaspersky, Norman, NOD32, AVG, or many others and they not only are capable of automatically cleaning the viruses that Symantec and McAfee can only log, but they detect other viruses that these two miss completely.

I worked at a company that thought their system was dead secure because the were running McAfee Total Protection fot the Enterprise. I had it removed and replaced with Kaspersky Corporate and we found, literally, dozens of infected computers on the network that McAfee had missed.


Oh Really!
By VIAN on 10/12/2006 12:10:25 PM , Rating: 2
Well, I'm still upset about Symantec's approach to security on the windows platform.




RE: Oh Really!
By Jago3d on 10/12/2006 12:59:07 PM , Rating: 3
I agree. Symantec's software has caused me nothing but head aches, and provided no benefit whatsoever.

At point it decided to completely block access to port 80. I had to deactivate the it to get access again.

Utter rubbish.

I'm rather glad MS are making an effort. Windows is not cheap, and I would like to think that it is going to make for a usable computing experience out of the box.


RE: Oh Really!
By RamarC on 10/12/2006 5:05:46 PM , Rating: 2
I have a relative who has Symantec's internet security product on her PC. Her PC got so screwed up that Symantec prevented access to all secure web sites, quarantined almost all of her mail, and she couldn't even uninstall Symantec! I didn't believe her, but sure enough, everything she said was true. Symantec tech support couldn't even 'fix' her. She had to go to the restored CDs and wipe the PC clean!

This was an extreme nightmare, but I've heard of other problems with Symantec hosing up a PC or whacking the file system or rewriting web pages on-the-fly or some other craziness.

I never recommend Symantec products since they think they're smarter than the OS... they can wreak as much havoc as the virus they're trying to prevent.


The Playing Field Is Already Level.
By UserDoesNotExist on 10/12/2006 6:19:14 PM , Rating: 2
From the MSDN blog quote:
"It's important to note that Kernel Patch Protection applies uniformly to Microsoft products as well as third party products. No code is allowed to modify the kernel using unsupported patching techniques. Security products developed by Microsoft only have access to the same supported interfaces that any other vendor would use."

So Symantec and Microsoft have a level playing field already.

Kernel patching should never be allowed. Period. The only reason that the kernel should be patched is when the kernel is being upgraded to a new release version of the OS. The point of the kernel is to have a stable base platform for the rest of the OS to build upon, and patching the kernel only ruins this stability, even if the person patching the kernel knows what he's doing.




RE: The Playing Field Is Already Level.
By Duwelon on 10/12/2006 7:10:52 PM , Rating: 2
The problem I have with Symantec is their programmers so often demonstrate that they don't know what they're doing.

Symantec Internet Security 2003 to 2006 for example. See, the problem is, Symantec thinks too highly of themselves. 1) Their software takes an extremely long time to install compared to other programs. It *seems* to add more registry entries than most other programs i've ever seen. This would be fine but I think it's part of a bigger problem I have with Symantec.

2) I hate Symantec Corporate 10 with a passion. It's centralized control panel is slow as sin and the actual scanner is simply not reliable.

3) Working in IT, Symantec with their POS uninstallers has made me a lot of money. Very simply put, it's literally impossible for the average end user to get a Symantec product from the last five years off their computer if it has a problem and the uninstaller doesn't work. With all the JUNK that symantec products come with, there is a lot that can and does go wrong.

4) Their programmers DON'T know what they're doing. Many time's i've seen an error pop up that prevents the uninstallation or installation process and it gives you some stupid message like "Uninstall Failed, click OK to quit." NOBODY NEEDS TO BE TOLD THAT IT FAILED ONLY, THEY NEED TO KNOW WHY IT FAILED YOU FOOLS. TELL YOUR PROGRAMMERS TO INCLUDE DEBUG INFORMATION. HELLO!

5) In short, Symantec Sucks, while it keeps the IT industry making money, I wouldn't use it if they paid me $50 a year. I'm dead serious.


By Christopher1 on 10/13/2006 9:25:01 AM , Rating: 2
Actually, that isn't true about it being hard to remove a Symantec product if the Uninstaller doesn't work.

I have had that problem, and have gone on their website and they have a very good 'blow away Symantec software' uninstaller on their website.

It's difficult to find, but how many people would need it in the first place?


By retrospooty on 10/12/2006 12:37:46 PM , Rating: 5
Isn't an open kernel one of the major security flaws of previous MS OS's? I am all for locking it down and keep mcafee and symantecs (and other less reputable hackers) hands off of it.

If that makes symantec and MCafee's software obsolte then good... less crap to clog my Windows. They should spend their time inventing CURRENTLY useful software




.
By Zorlac on 10/12/2006 4:15:13 PM , Rating: 3
I have NEVER used AV software and I have NEVER had a virus. You just have to be relatively computer intelligent to be safe.

On the other hand, I know several people that can barely go 24hrs without getting infected.

STOP SURFING TEH PR0N!!1 :D




RE: .
By WxGuy192 on 10/12/2006 4:40:11 PM , Rating: 2
This is more true now than a few years ago... Many people have hardware firewalls in personal/home routers, and most email services scan email for viruses before allowing the user to download the content.

However, just because you haven't ever been infected while not using AV isn't proof that AV is useless! I hear the same argument from 100-year old smokers -- "I've been smoking 2 packs a day for 80 years, and I haven't gotten cancer! Smoking doesn't cause cancer"... You cannot use a single datapoint to represent the whole.


Please don't tell me
By archcommus on 10/12/2006 1:49:25 PM , Rating: 2
Please don't tell me that MS is actually considering changing this security feature because of their pleas? I sure hope not.

So what are we expecting from Symantec for 2008? No AV software for Vista at all? Or just software that they feel is "less effective" since it has no kernel access?




RE: Please don't tell me
By PitViper007 on 10/12/2006 2:45:25 PM , Rating: 2
Probably the latter. Symantec and McAfee won't stop making an AV package just because they can't access the kernel, at least not yet. They'd be cutting off their main cash flow. So for now, they'll just make an AV package that will do what it can, and IF something gets through, they'll blame MS for not allowing them access to the kernel. I'm of the opinion that MS is on the right track here though, security-wise. Keep the kernel private and it will be more secure. But then, I guess only time will really tell, right?

PitViper


Learn to Internet
By Baked on 10/12/2006 3:47:09 PM , Rating: 2
Learn to internet and you wouldn't need anti-spyware, anti-virus, anti-spam. If you can't do that with a PC, then buy an Apple.

/me is spyware/virus/spam free for the past 20 years.




RE: Learn to Internet
By Ecmaster76 on 10/12/2006 4:11:55 PM , Rating: 2
Of course the only way you could know that is if you have anti-virus/spyware software or enjoy leisurely walks through the registry.

A lot of spyware is very discrete about its activities.


In other news
By TejTrescent on 10/12/2006 4:35:32 PM , Rating: 2
Kaspersky Labs: the sensible antivirus company.




RE: In other news
By wrack on 10/12/2006 7:42:53 PM , Rating: 2
One thing I don't get is, a new operating system is not an overnight job where Microsoft just flips a page a wola new OS is there.

The development process involves many companies including the "BELOVED" Norton and Mcffee. The reason they are jumping up and down is they will have to rewrite their softwares to make it work with Vista and that costs money and mind power. Not sure about the money but other antivirus companies seems to have outdone them in mind power.


Back Off, You Third-Party Greedies!
By Schralper on 10/12/2006 6:01:47 PM , Rating: 2
I am deaf, I'd have to use relay service to make phone calls. I'm not comfortable sharing with third-party operators. This is exactly how I feel. What's the point in "open-source" kernels to other companies? Kernels are meant to be within the Core. It is Microsoft's responibilty to keep things secured. If you think they do terrible job, then why are you on Microsoft? Reminds me of "I hate AOL!" and yet they still use it. If that's the case... then knock it off and go for Apple or Linux. Those who most likely will get something is because they use piracy softwares where bad hackers adds little virus within the software. If you truely want virus-free.... then stop downloading free stuff from unknown. If you are on budget, go for Linux... there are several free or cheap applications out there. I wrote virus codes in text format... Microsoft's OneCare actually detected and removed. I was stoked. They finally really tighten up. OneCare is not free-of-charge? Well, who's fault is that? People bought third-parties Anti-Virus softwares, Microsoft sees that as common market..... therefore, it is standard to sell.




By INeedCache on 10/12/2006 10:57:09 PM , Rating: 2
Norton is bloatware and messes up many a machine. I know, I've made a lot of money fixing problems Norton causes. Too bad they are so prevalent in the retail market, and thus the name most people know. I applaud Microsoft's efforts here, as they are trying. To all of you Microsoft naysayers who have once again managed to crawl out from under your rocks, please go back. It cracks me up to read things like "if they would only make Windows secure". It cannot be done. The only secure operating system is the one that is never used. Any code written by a human can be cracked by human. It's just too bad we have way too many useless people out there with talent trying to do so for bad purposes. You people talk as if Microsoft isn't even trying. Why don't you shut up and give it a whirl? Don't like Windows? Don't use it. That simple. What's that you say, you need Windows so you can do some things you like to do that you can't with others? Don't blame Microsoft for that. People complain about Windows security then as soon as they try to do something useful, people complain about MS "locking them out". It's their OS, it's not open source or public domain. I applaud Kaspersky for not being another whiner, and seeing it for what it is. Last, when you're the far and away number one in anything, you'll face the most attacks and have the most people after you. People don't typically target the lesser knowns and lesser used. Thus it is logical that Microsoft faces, by far, the most attacks from hackers, crackers, or whatever you want to call them. Thus, this makes it appear that there are more secure OSs out there than Windows. That may be true. But I, nor can anyone, say for sure. Until such time that Linux, Unix, OSX, etc., gain the market share that MS currently has, and then faces the bulk of attacks, could we know for sure. So if you're tired of hearing this, too bad, get used to it, it's true.


Surprise surprise
By jiggymiggy on 10/12/2006 2:48:28 PM , Rating: 1
This isnt new to me, I read it at arcon5 (http://www.arcon5.com/modules.php?name=News&file=a... but its ridiculous.

Microsoft are to blame once again! Argh




RE: Surprise surprise
By wrack on 10/12/2006 7:39:10 PM , Rating: 2
I don't know why everyone thinks only Microsoft has bugs in their software..! I work as a developer and have worked on some massive applications where development has gone for 7 years. Our testers and clients till find bugs and we fix them as we find it.

If I compare an OS say Windows XP to the application I worked on, XP OS is probably 1000 times large and more complex than our application and there will always be bugs as all the developers are human beings not some super intelligent aliens.

I am not defending Microsoft but I welcome this affort to lock down the kernel which will make many exisiting virus & exploits which rely upon it useless and virus makers will have to find other ways of doing things which means better security and less attacks for the time being.

There :)


By theprodigalrebel on 10/13/2006 5:27:33 AM , Rating: 3
Why did they go public with their idiotic statements? They could have simply released "Norton Anti-Virus Vista-Ready Edition" and sold as many copies of their product as their past editions have - why did they even bring this point (that Vista can render their applications irrelevant) to public attention?

People need to live in Fear, Uncertainty & Doubt to want to buy AV software - McAfee/Symantec are hell bent on convincing people with their actions that Vista is ultra-secure and will negate the need for their products. McAfee is a bigger dumbass for pulling that full-page ad.

Kaspersky is playing its cards right - viruses exist. They are sending the message, "If Vista reduces chances of virus infections by 90%, rest assured, we will cover the other 10%." Those who value that 10% extra security will buy AV software, no doubt.

On a side not, I hate to bring this up but think about it - Steve Jobs is a great businessman who turned his company's fortunes around and is responsible for creating the mother of all household names - the iPod. He is a truly great business mastermind but doesn't seem to get respect - why? Because he likes to sling mud at the competition.

Slinging mud at the competition never gets you respect and can drive the masses to boycott you. Until now, I wouldn't use Norton on my PC. Now, I might feel even more inclined to convince every one I know to also not use Norton. Businesses need to compete on basis of merit & value - not call names and sling abuses at one another. That is childish and the only thing I buy from children is lemonade.




Whats behind the complaining.
By crystal clear on 10/12/2006 4:23:02 PM , Rating: 2
Think Stock exchange,investors,shareholders,profits,revenues,sh are value
etc etc.
Thats what Symantec/Macfee have in mind,but ofcourse dont speak about it.
They have to blame it on somebody at their annual shareholders meeting for the poor results.
So start blaming MS right from now,so then they can say we told so.




how much do they want?
By soydios on 10/12/2006 4:30:25 PM , Rating: 2
Microsoft makes a more secure Operating System, which is good for the consumer, and the security companies complain about it! How much do they want Microsoft to bend over backwards for them? Vista allows far better third-party security software integration than WindowsXP, and this still isn't enough?




bla
By slickr on 10/12/2006 11:48:05 PM , Rating: 2
To sort out this stuff, you need to go back in time and see when and who made viruses!
The first virus was made by russian software developer back in the 90's to brake into USA security files!
from there on anti-virus companies formed and with the lack of threats antivirus companies would create viruses just so they can protect against the same!
So yeah, in this case i'm affraid microsoft ir right as most of the viruses come from antivirus companies themself!

Though antivirus companies would surley find other ways in penetrating windows vista!




By Predatorgsr on 10/13/2006 2:56:36 AM , Rating: 2
quote:
Is this the company and products you wanna bet your life and security on?


Betting your life on an operating system? Wtf are you talking about.

It was stated before in this thread and on multiple other websites that Microsoft antivirus software has the same limitations that it is imposing on 3rd party AV developers. As also stated before, 3rd party applications should never be able to patch the kernal, and they will still be able to run, just a different way.

Plus you spend two paragraphs bitching about how crappy the security is, then when they take a measure like locking the kernal to improve security, which everyone has been saying was a big flaw in XP, you complain about anti trust violations. Make up your mind dude.


By Helbore on 10/13/2006 4:21:46 PM , Rating: 2
No, no and another big NO! Microsoft are NOT locking out competing companies from using their OS. This is NOT violating anti-trust laws. Security comapnies DO NOT need acess to the kernel to get their products to work.NO-ONe needs to ever be able to write to the kernel. If the kernel is secure, then viruses CANNOT attack this part of the OS.

What people fail to understand is what the kernel is. This is the most basic part of the operating system that does all that wonderful, low-level work. The stuff we need the system to do, but never see. It is, effectively, the OS in its entirety. Everything else is just the bits that allow you to install apps and fancy interfaces and all the pretty stuff that lets us use the OS without having a phd in computer sciences. The kernel is something that should never be modified. These security companies want access to make core changes to the operating system. They do not need to do this just so they can check for viruses. It is actually possible that their alterations to the kernel could create additional security flaws in the OS and Microsoft would be totally incapable of patching said falws because someone else has come along and altered their product.

Now let's not get causght up in Symantec's mud-slinging. Its only them and McAfee who are having such a bitch-fest over this. They will get no anti-trust case going on this, simply because Microsoft would only have to call one other vendor as an expert witness to prove that they have AV software that works on Vista and MS can happliy prove that OneCare doesn't need kernel access to work and there goes all credibility for Symantec and McAfee.

One last note; if such a case did manage to go ahead and somehow Microsoft lost, you can kiss goodbye to any chance of EVER having the slightest securuty improvement in Windows. Which would do Symantec and McAfee great. Now htey have guaranteed a business forever, at the consumers expense. Microsoft might not be perfect, but they are certainly not the bad guys in this case.


MS locking out AV vendors from the kernel! yippee
By ttyfscker on 10/12/06, Rating: -1
By TomZ on 10/12/2006 10:26:14 PM , Rating: 3
1. The reason Microsoft has locked the kernel is to make it much harder for viruses to hook in at that level.

2. Kasperzy, another well-known AV vendor, has stated they they see no issues with Microsoft's approach.

Given these two FACTS, I am surprised you could reach the conclusion you did.


By Helbore on 10/13/2006 3:56:06 PM , Rating: 2
Do you even know what the Kernel is, let alone why Microsoft are locking it down? Based on this line...

quote:
When they decide to lock the Vista kernel down, then they are going to have one vulnerable and unpatchable OS


I'm guessing not.


"Nowadays you can buy a CPU cheaper than the CPU fan." -- Unnamed AMD executive

DailyTech Poll
Which web browser do you use on your primary personal machine? 






44 Comments









botimage
Copyright 2009 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki