Vista May Put Anti-Spyware Companies Out 392
Ant wrote to mention a C|Net article with an interesting premise: Windows Vista's tough approach to spyware may put anti-spyware companies out of business. From the article: "While this may be good news for buyers of Vista, it is not for anyone who makes a living from selling anti-spyware software. The worldwide market has boomed recently, reaching $97 million in revenue in 2004, up 240.4 percent from a year earlier, according to IDC. However, companies such as Webroot Software and Sunbelt Software are in for tough times, analysts said."
...well... (Score:5, Insightful)
msft giveth, msft taketh away.
Just Fair (Score:5, Insightful)
Sure, viruses won't be able to run... (Score:1, Insightful)
Heck, will anything non-MS-approved be able to?
Analysis (Score:4, Insightful)
They'll find a way. (Score:5, Insightful)
world's tinyiest violin (Score:3, Insightful)
any company based on fixing something that shouldn't of happened in the first place has a fundamentally flawed business plan anyway.
if a company is founded based on the idea of eliminating something, then the business plan needs to take into account the chances of the company achieving its goal... eliminating things... or the need for it to eliminate anything becoming unnecessary.
im sorry, but i really don't care.
They've fixed spam? (Score:2, Insightful)
I don't see SpamAssassin fading away any time soon. So I wouldn't put any bets on on spyware companies (anti- or pro-) dying out.
Nah, don't think so (Score:4, Insightful)
flawed? (Score:4, Insightful)
Re:Still won't use it except for at work... (Score:3, Insightful)
I'll just take my chances with Linux thank you
Re:One missed is still too many! (Score:3, Insightful)
Re:Just Fair (Score:5, Insightful)
There's no "deserve" in doing business and trying to meet a demand in order to make money off of it.
fundamental flaw? (Score:3, Insightful)
As bad as windows has been and may continue to be, unless people can't play their games or surf the web I seriously doubt any problem in Vista will slow it's sales.
Of course it's an ad. (Score:3, Insightful)
Every version of Windows has been "conceived during the toughest times for Microsoft with regards to malicious software".
I still remember booting Win3.1 boxes from a floppy to get rid of the boot sector viruses.
Enderle knows nothing of security. Just because someone wrote some code during a rash of exploits does not mean that their code is any more secure.
Re:Other areas too (Score:2, Insightful)
With the same result. Long after the original problem is solved the organization lives on, never able to just claim victory and disolve. Does anyone thing lowering blood alchol levels yet again will further reduce drunk driving deaths? Nope, but the only things government action could do aren't politically possible and MADD can't just admit that and pick a new cause to crusade for. The NOW gang long ago won everything they can possibly get through the sort of organized action they do, except defending the sacrement of abortion against all reason. [flamebait] Well no, abortion is defensible from a certain p.o.v., more accurately it is Roe v. Wade that flies in the face of reason, but to a NOW gang lesbian the difference has long disappeared.[/flamebait] The NAACP continues decades past when they had a legitimate problem to solve, pushing quota policies that just have to have MLK spinning in his grave. (Unless someone would like to explain how his vision of a colorblind society is consistent with the current practice of making skin color THE most important thing about a person.)
But now back ontopic; Does anyone really believe Vista will actually stop spyware? Just spawn a new generation which the dedicated spyware vendors will have to clean up behind. Nobody to date has ever went broke betting on Microsoft's incompetence.
Re:Analysis (Score:5, Insightful)
In theory, it doesn't have to. (Score:3, Insightful)
But, from TFA:
Emphasis added. It's that line that tells me that they're not going to fix the core problem.
The "silent installs" in IE are a MAJOR source of spyware infections. But that's just because it is sooooooo easy. The "...without first seeking permission." bit tells me that the "silent installs" will be changed to "click here to continue" installs.
The browser should NEVER write anything, by default, to ANY directory other than TEMP and that should be set to non-execute.
But that would break all the ActiveX controls out there (many of which are used to distribute spyware).
They'd have done better just instituting a white list like NoScript does in FireFox.
Re:They'll find a way. (Score:5, Insightful)
They are advanced programmers which reads slashdot, post to usenet etc too.
They are just "evil" or don't have/believe in ethics.
Re:...well... (Score:5, Insightful)
Webroot Software and Sunbelt Software... (Score:5, Insightful)
As far as I'm concerned, if M$ are closing holes that shouldn't really be there, that's a Good Thing (tm).
I mean, these same spyware companies don't make a mint off other OSes do they, so why should they piggy-back a specific one? Isn't that essentially making money from a weakness? And if the weakness is removed, well... game over I guess, until M$ falls at the next hurdle and people make cash out of it. I mean, Mr. Norton seems to have had it quite easy for a while now...
Fair?? I don't think so. (Score:1, Insightful)
(1) Microsoft makes junk
(2) Other companies compensate to "un-junk" Microsoft
(3) Microsoft finally gets its act together
(4)
(5) Bankrupt!
Perhaps this is expected, but I'd hardly call it "fair". There have been companies that have based their business model on the above (Quarterdeck is a good example) and while I understand they can't expect to stay in business forever, it isn't "fair" that they should be driven out of business by a recalcitrant monopoly that uses its market position to eclipse their efforts.
What would be "fair" is for Microsoft to be driven out of business for making crap in the first place.
Re:...well... (Score:3, Insightful)
Re:Nah, don't think so (Score:1, Insightful)
Those analogies are flawed because they are for competitors. The difference is anti-spyware relies on Windows. It's more like Netscape and Internet Explorer, if anything, but not even then because Netscape didn't rely on flaws in Windows to sell.
Re:world's tinyiest violin (Score:1, Insightful)
Re:How dare they! (Score:5, Insightful)
doubtful (Score:2, Insightful)
I'd rather MS put the SPYWARE companies out... (Score:2, Insightful)
Heck, I'd love it if they made Norton, McAfee, etc AntiVirus obsolete, too.
But I know it's not going to happen.
Re:...well... (Score:4, Insightful)
There's nothing that Windows (or Linux, or OS X, *BSD, Solaris, etc) can do to prevent me from installing stuff if I have the admin (or root) password. All it can do is try to prevent things from installing without my say so; if I choose to install CometBonziCursorBuddy, it can't stop me.
As long as people write crap, other people will install crap. All we can hope to do is educate people to stop installing crap.
Re:Other areas too (Score:3, Insightful)
Re:How dare they! (Score:3, Insightful)
Almost all malware exploits shortcomings in the user, not the software.
MS is spam pimpin (Score:3, Insightful)
Re:They'll find a way. (Score:3, Insightful)
Re:Q: Why does anti-spyware exist? (Score:2, Insightful)
Well, Q is not here to answer the question, so I'll have to...
Becasue it is profitable. It creates cash flow. It doesn't matter what system you have. If there's money to be made, it will be comprimised.
Re:...well... (Score:3, Insightful)
The bottom line is that there's no technical reason that Spyware is more prevalent on any platform other than Windows. It's just a bigger target. With viruses and so on there's at least a technological reason as well as this, but Spyware/Adware aren't something that can be effectively protect against, because in most cases the user agrees to the software.
It's a New Definition. (Score:3, Insightful)
It looks like most spyware from larger companies is going to be replaced by DRM that you're not allowed to remove (under the EULA).
Re:Just Fair (Score:5, Insightful)
Their rates are regulated by the state, so they basically work out a rate that includes costs + profit.
If demand goes up, so do prices
If demand goes down, guess what happens.
Yep, prices go up. Why? Because they aren't making their agreed upon level of profit. It's a fairly cushy deal.
Be glad MS isn't truly a monopoly, cause if they were, they'd be regulated & their profit margin would be enshrined in law.
Re:...well... (Score:5, Insightful)
No, that's crap. You can never educate enough people to make a difference. OS vendors need to write systems that;
The reason crap happens to Windows is that it is easy to put persistent malware on people's computers. If the OS was designed so users could remove crap themselves, there wouldn't be the same motivation to make malware.
Windows = Secure? (Score:2, Insightful)
Re:...well... (Score:4, Insightful)
Tell that to my Knoppix CD...
I think it IS possible if your OS and hardware are designed properly. You have your core OS on RO media, apps in their own hardware lockable (switch or key) area, strictly compartmentalised human readable config files, and a separate noexe area for data files.
A sandbox (chroot or VM) environment for trying dodgy stuff would be nice too...
Re:...well... (Score:5, Insightful)
You're forgetting something here: there's a great deal of this kind of crap out there that installs itself in Windows without the user's say-so. No download, no click "OK" or anything. You're online and boom, you've got spyware. A router helps, a firewall helps, Peer Guardian and WinPatrol help a lot, but you never know when another thing might come along that can get through them and be on your system before you know it.
It's a common misconception that malware has to be installed on a Windows system with the user's permission - but it doesn't. People keep saying that the users need to be educated enough not to install crap on their systems, but a lot of people obviously need to be educated about the fact that not all spyware is installed with the user's permission. At least half of it is not. It's this kind of "it's all the foolish users installing crap" attitude that helps malware flourish; people think their system is safe if they don't download attachments and install stuff off the net, but they're not. Not at all.
What about StarForce et. al.? (Score:4, Insightful)
Re:...well... (Score:3, Insightful)
How do I update it? Do I have to buy/obtain a new CD/DVD/EEPROM? Do I have to boot off the CD/DVD all the time (*slow*)? If it's on an EEPROM, how do novice users update it? How do I add (or remove) my own features?
apps in their own hardware lockable (switch or key) area
Ok, so to install an app you have to physically flick a switch. How does that prevent me from intentionally installing an app that turns out to be a trojan, and adds my PC to a spam botnet?
a separate noexe area for data files
I'm a programmer, most of my data files either are executable or are compiled into executables. Where do they go? Do I have to install them every time I make a change I want to test (complete with physical switch flipping above)?
Your scheme, while a good idea in theory, fails to account for two things:
1) it seriously inconveniences people who wish to develop software, and those who wish to update their OS
2) it provides nothing more than an extra second or two's thought when installing an app, and does not prevent malicious software from being installed.
Re:...well... (Score:2, Insightful)
Yes, I'm logged in as administrator
Yes, I clicked OK - install when asked
There's *still* no valid reason why the O/s Can't pop up a window and say "Hey! Something's trying to replace my CD-ROM driver! Are you sure you want to do this?"
Which, btw, is also the major flaw in unix type systems - the "I'm root and I can do anything" system of security. But microsoft has a very long way to go before that's their only flaw.
So what (Score:2, Insightful)
Re:How dare they! (Score:3, Insightful)
So how was McDonalds responsible when the woman spilled the hot coffee in her lap, and M got sued for $1.0M. So now McDonalds have to put hot warnings on their coffee. Is is not reasonable to assume that unless someone is really "stupid", they would know that coffee is served hot.
This is OT, however, the reason McDonalds was found liable was because they were a) serving coffee at a far higher temperature than anyone would reasonably call "hot enough" and b) because they had received numerous complaints about the excessively high temperature their coffee was being served at - and other injuries it had caused - and done nothing about it.
The woman who has burned certainly shares some of the blame for clumsily opening the coffee in a rather inadvisable fashion, but what would have been a relatively minor burn and reminder that it was a silly thing to do, instead became a very serious and debilitating injury because the McDonald's coffee in question was so much hotter than expected.
There was clearly a valid case against McDonalds, in that instance. The problem was not that the coffee was hot, the problem that it was *unnecessarily* and *unexpectedly* hot, that McDonalds knew this and that they did nothing the remedy the situation.
Re:...well... (Score:3, Insightful)
1. This strategy puts open-source programmers at a disadvantage, as most authorisation companies would request a fee. After all, they have costs to maintain. Home users would balk at the costs, and think that if they don't "do stupid stuff", they'll be safe.
2. What you are suggesting is also vulnerable through blind trust. If phishers can get a security certificare, it's possible for an adware/spyware maker to get one just long enough to do damage.
No, the solution really is to lock down the way the OS lets programs hook into the OS itself. Programs shouldn't be able to hide from the user, neither in their operation nor in their storage on media. It shouldn't have to be a long and troublesome hunt to clean out every instance of that spyware.
You can't prevent spyware and keyloggers entirely; social engineering is all too pervasive, and the Sony rootkit fiasco shows that even "trusted" companies can cause lasting harm. Instead, it should be easy to recover from the damage done.