McAfee, Symantec Think Vista Unfair

davidwr writes "Is Microsoft unfairly locking anti-virus companies out of Vista? Symantec and McAfee seem to think so and they aren't being very quiet about it, placing a full-page ad in the Financial Times. If you've found the ad online, please post a link."

Re:why arent they also upset at Mac?

[giminy]

I mean it has a built in firewall that is actually semi decent

OS X's built-in firewall sucks. And I'm a mac user. Through the interface, click all the security options (and go into Advanced and check stealth mode, etc). Type in 'ipfw show' at the command prompt. Wow! Stealth mode blocks ICMP echo requests! The firewall *still* allows all UDP traffic in, so long as the UDP traffic *comes from* a specific port. In short, the firewall assumes nobody is spoofing packets to get through it, which is retarded. A firewall that makes that assumption may as well be turned off.

Wouldnt that mean that OSX has been for a long time shutting out companies like this?

Mac OS doesn't shut people out. It offers a free SDK, and (mostly) follows published standards. Bastille Linux [bastille-linux.org] is a fine example of a hardening system/firewall enhancer for OS X. Check it out.

Re:McAfee, Symantec living on borrowed time

[discord5]

As Michael Crichton implied in Jurassic Park, the more complex a system the more likely it is to break down.

Or as Scotty once said: "The harder they make the plumbing, the easier it is to clog up the drain"

Re:Mcaffe + Norton Licks balls.

[Grand V'izer]

Well Avast! is going to get screwed just like Norton and MacAffee. All those free AV products are going to become a lot less useful when they can't detect unauthorized actions on the kernel.

I think a lot of people are missing the point here. Microsoft hasn't "secured" the kernel from attackers. They've simply removed any way for legitimate non-microsoft software to monitor the kernel. People have already found ways to attack the Vista kernel, and given Microsoft's history with security I don't feel very good about them being my only defense.

Re:No, that's not correct

[dramaley]

My understanding (and please correct me if i am mistaken) is that worms and viruses infect a system through self-replication without the user's consent. While trojan horses require action on the part of the user. You seem to be confusing trojan horses with viruses. Granted, most so-called "anti-virus" software developed in the last few years also attempts to stop trojan horses.

Re:why arent they also upset at Mac?

[supasam]

Just to clarify: Windows was first designed in the early to mid 80's. OSX, built on top of BSD, developed in the 70's from UNIX. ARPANET was designed in the mid 60's to connect the computers of the country (usa) in the event of nuclear war. Thats right, people have been connecting computers into networks for some 40 years. Windows just was not designed to be connected to the internet. OSX was designed to never be without the internet.

No

[Sycraft-fu]

It's because they've shut the fuck up and updated their product while Symantec has been bitching. MS is not locking out 3rd party virus scanners or 3rd party anything. They know that would get them sued in a hurry. They've just changed the way things work, and you need to update your software accordingly. Vista has all kinds of changes like that. For example PDFcreator no longer works. MS lockout? No, security change. Used to be services could directly interact with the desktop. Well I guess that makes you venerable to a certain class of attacks called shatter attacks. I don't know the details of what they are, but at any rate. So Vista changed the model. Now you have to have the service separate and then a program that interacts with the desktop and controls it. An MMC control would work fine, or your own app, whatever. Just a new way (hopefully more secure) of doing things.

This all reminds me of back in the Windows 2000 days with pro audio cards. So Windows 2000 moved to a new driver model for audio called WDM. While it could use NT drivers, you got none of the features, you needed WDM drivers to be fully 2000 compatible. Well the pro audio companies bitched and whined that WDM wasn't suited to pro audio and that nothing would work and so on. Finally they gave in and released WDM drivers and, what do you know, they work great, better than anything before and that's all that's out there now. However they didn't want to change to a new system so they whined.

That's all that's happening here. Companies are being whiny because they don't want to update. I have no sympathy.

Re:McAfee, Symantec living on borrowed time

[Peteee]

Now maybe I'm mistaken in my understanding that the anti-virus software is part of the default installation and if it is, my argument is admittedly all shot to hell and that Symantec and McAfee are big cry-babies. Given Microsoft's history, however, I doubt it.

An anti virus isn't part of the default installation. It has to be downloaded seperately and costs $50 a year.

McAfee and symantec are big cry babies. Maybe I might agree with them if thier products weren't so bad.

picture of the mcafee ad

[graucho]

http://www.flickr.com/photos/77014820@N00/25883676 2/ [flickr.com]

Re:No, that's not correct

[Anonymous Coward]

Most viruses are just malicious programs that get executed by the user.

That's not a virus. Of course, maybe you actually are talking about a virus, but you instead used incorrect terms in other parts of your post. Who can tell? When you use words you don't understand, communication ceases.

Re:No, that's not correct

[Thaelon]

Most viruses are just malicious programs that get executed by the user. They don't hack in to the system, the are downloaded with another program. They come in the front door not the back one.

These are called trojan horses.

Viruses and worms replicate themselves and redistribute through backdoors. Typically "worm" carries connotations of being particularly aggressive and requiring no faults of the user. But I think, originally virus meant little more than self replication, not even necessarily malicious - just that you could be "infected" (hence the term virus). Virus carries connotations of being prolific (even within one host system).

Ones that depend on tricking the user or stupid users are trojan horses.

At least those were the definitions back in the day. The media has done a lot to muddy the waters.

In short (and IMHO):

• virus - prolific replication
• trojan (horse) - tricks the user
• worm - finds its own way in

The problem is many cases of malware combine some or all of these rather than just one of them, and the media flounders without having a short, easily digestable label to slap on them, so they confuse things with generalizations.

Sophos say they have no problem with this

[EqualSlash]

http://www.betanews.com/article/Sophos_on_Symantec s_Vista_Complaints/1159472882 [betanews.com]

Ron O'Brien, senior security consultant with Sophos, told BetaNews. "But from what we have learned in our dialog with Microsoft, which is ongoing, the objection on the part of some vendors is that PatchGuard will prevent access to the kernel, which is that very basic level of the operating system where people feel that they may need to go, in order to provide a total security solution."

Conceivably, if Sophos wanted to provide a "total security solution," given this new set of circumstances, wouldn't it need to understand some of PatchGuard's secrets? Surprisingly, O'Brien told us no. "At this point in time, Sophos does not see the need to be able to access the kernel within the Microsoft operating system," he said.

"If there is a point in time where the kernel becomes the subject of malware being written specifically to it, then I would expect that we would go back to Microsoft and tell them we need to be able to access the kernel. But at this point, it doesn't appear to be necessary."

Re:No, that's not correct

[Rakishi]

A worm spreads on its own, by say scanning the network or sending emails to everyone in your address book.

A virus infects other files but doesn't actively spread to other systems. They may use exploits to infect the system but they may simply wait for another idiot to click on the exe they infected. So when Bob gets that floppy from you he may get infected.

Trojans do not self-replciate at all and usually are designed to control a computer or steal data.

So neither trojans nor many viruses would be stopped by a secure OS assuming the user ran them as "root" which most users would do. Worms would also not be stopped if they did not use exploits to spread, for example by sending themselves as emails or IMs.

The ad online

[Zamolx3]

You can find the ad on mcafee's homepage. http://www.mcafee.com/us/local_content/misc/vista_ position.pdf [mcafee.com]

Re:McAfee, Symantec living on borrowed time

[Deathlizard]

They *arent* stopping the need for this software, just making it harder for the competition.

Windows OneCare is not built into Windows Vista and must be bought seperatly. You can thank Symantec for that. The only thing that is integrated into Vista is Windows Defender, which the AV companies will probably sue MS over, and I can bet that both OneCare and Defender use the same protocol that MS is telling the AV vendors to use.

As For The Competition that MS is trying to "Screw"...
Trend Micro runs on Vista [trendbeta.com]
Computer Associates runs on Vista [my-etrust.com]
Avast runs on Vista [avast.com]
Sophos Runs on Vista [sophos.com]
AVG Runs on Vista [grisoft.com]
Mcafee runs on vista [mcafee.com]
Symantec runs on vista [symantec.com]