Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

The Netscaping of Symantec and McAfee 385

Posted by Zonk
from the sounds-painful dept.
rs232 writes to mention a C|Net article about the uncertain future of the popular anti-virus software companies. "I mention Netscape because, if you believe Symantec and McAfee, a similar situation is about to unfold within the security industry. Microsoft, again recognizing late that it had failed to seize upon this thing called security, is now about to bundle its own security solutions within Windows Vista and further enforce new security policies that lock out some third-party security solutions altogether. Vendors Symantec and McAfee have looked into the future and realized that people may one day speak of them in the way that we now speak reverently of the early builds of Netscape."
This discussion has been archived. No new comments can be posted.

The Netscaping of Symantec and McAfee

Comments Filter:
  • by Shados (741919) on Sunday October 22, 2006 @02:10PM (#16538254)
    Netscape had a product, which filled in a need customers had: a web browser.

    Symantect and McCafe are only parasites, leeching from Microsoft's -mistakes-. It was unevitable that Microsoft would one day try to fix those mistakes, and unlike things like Office Suites, it is Microsoft's -responsability- to fix this mistake, and it is a feature that SHOULD be part of an operating system (aka: security, though Microsoft's implementation is debatable).

    Not only that, but McCafe's and Symantec's products are viruses of their own, doing unthinkable things to the operating system and screwing over their users: They are malwares. I, for one, HOPE these 2 companies die soon, or find a new business model.
    • by Anonymous Coward on Sunday October 22, 2006 @02:24PM (#16538378)
      not to mention that signature based antivirus is going to die, and companies who do av/as right (don't let unknown stuff run in the first place, instead of trying to clean up after the fact) are going to eat symantec/mcafee's lunch (bit9, etc.)
      • by SCHecklerX (229973) <thecaptain@captaincodo.net> on Sunday October 22, 2006 @04:37PM (#16539270) Homepage
        Not really. There have always been good offerings, and even best practices, that are not signature based. But the general populace doesn't see the value in them b/c they can't be that great if they never have an update against the 'trick the stupid user' du jour!

        As the head of a security company I used to work for used to say: "People would rather take an aspirin for their headache than avoid what gives them that headache in the first place"
      • Re: (Score:3, Interesting)

        by lgw (121541)
        All the big major AV products moved away from reliance on virus signatures some time ago (though though checking for signatures never hurts). Running suspect code in a virtual sandbox to see whether it will decrypt a hidden payload and launch an attack is the new arms race.
      • Re: (Score:3, Insightful)

        by HiThere (15173) *
        Considering that people use a signature based antivirus in their biological systems...I'd like some evidence that "signature based antivirus is going to die" rather than just an assertion. It seems quite improbable.

        Now if you'd said that signature based antivirus is going to need to change significantly, then I'd be agreeing with you.
    • by Salvance (1014001) on Sunday October 22, 2006 @02:24PM (#16538384) Homepage Journal
      Parasites, yes. But would you rather have them as a parasite or Microsoft to build its own set of Parasitic software. Unfortunately, Microsoft still isn't fixing their O/S to create something as secure as Linux or Mac ... they're just following the same path that McAfee and Symantec have in the past. What's worse is that Microsoft now has an incentive (although an unethical one) to create holes for viruses - they could create insecure code, put the fix in their OneCare product, then exclaim to the world that their virus scanner is the only one that protects against the vulnerability.
      • by Cherita Chen (936355) on Sunday October 22, 2006 @02:54PM (#16538576) Homepage
        What's worse is that Microsoft now has an incentive (although an unethical one) to create holes for viruses - they could create insecure code, put the fix in their OneCare product, then exclaim to the world that their virus scanner is the only one that protects against the vulnerability.

        Ok, everyone... Let's put on our tin-foil hats now. Seriously, that's probably one of the silliest things I've heard (since listening to coast to coast AM w/Art bell).

        Unethical things such as what you are describing are not common business practices, especially when you are talking about a multi-billion dollar software company. Perhaps you small start-up my do some stupid crap like that, but when you are talking about a corporation that employs tens of thousands of employees, it becomes more and more difficult to cover up garbage like you are describing. It would literally be the case of "Killing the goose that lays golden eggs" - for supper.

        • by WhodoVoodoo (319477) on Sunday October 22, 2006 @03:30PM (#16538826)
          No, however it may suddenly be much less of a priority to the QA managers to ensure that releases are secure, because any flaw may then bolster a revenue stream for Microsoft. And anyhow if they don't catch it in time they could just push a stopgap to their own AV suite which everybody has by default based on their intimate, insider knowledge of their own territory.

          My tinfoil hat might be a bit tight, but this does stink a bit. At the very least, what's going on is questionable.
        • Re: (Score:3, Insightful)

          by mabhatter654 (561290)
          Ha, you gotta be kidding, a company really focused on the customer's opinion would not enter a market with such a conflict of interest in the first place. See, MS owning any Antivirus is a conflict of interest with their own partner ISVs as well as that business has a conflict with producing good security from the start.

          It's kind of like an Accounting Auditing firm that also sells consulting services to the same clients to reduce taxes or improve investments... while sending a different team of auditors

      • by ctr2sprt (574731) on Sunday October 22, 2006 @02:59PM (#16538622)
        But would you rather have them as a parasite or Microsoft to build its own set of Parasitic software.

        I don't think it makes business sense for them to use AV as a long-term patch. It takes a lot of time and energy to keep AV signatures up-to-date, which means it costs money. If MS intends to give away or sell below cost its AV software - which it would almost have to do in order to drive McAfee et al. out of business - they could be losing a whole lot of money. And of course, if MS eventually slacks off (as they did with IE) or starts charging big bucks for new signatures, competition will spring back up. Symantec, for example, is a fairly diversified company: I don't see them going broke even if NAV never sells another copy. (They own Veritas now, remember.)

        The best use of AV software for MS is as a short-term patch until they can release a real one. Say a zero-day exploit of Outlook is discovered. A new signature can be rolled out in a few days to their AV client, giving them a little breathing room to develop a patch for Outlook and test it to make sure it doesn't break anything else. This way, MS would only have to target the very latest or most serious malware. I expect that would make maintenance of an AV system much easier and cheaper.

        Of course, it may not happen that way. This is MS we're talking about. They might be doing this just because it offends their sensibilities to see someone else making money.

        • Re: (Score:3, Insightful)

          by hackerm (148340)
          Isn't the whole point of Microsofts new "security initiative" that things like a zero-day exploit of Outlook wouldn't even be possible? I mean, they're not going to implement the same type of anti-virus softwares/mechanisms that exist today, I would expect them to at least try to attach the problem at its roots so that that kind of software wouldn't be necessary in the first place.
        • by Shadow99_1 (86250) <.moc.liamg. .ta. .99wodahseht.> on Sunday October 22, 2006 @03:59PM (#16539012)
          Actually when you think about it, this is nearly the perfect way for MS to get people to pay monthly for running windows... Oh sure, not everyone will use it, but it's a start for them... That has been a goal of theirs for a very long time now, but they couldn't come up with a good method to do it. This is perfect for them.

          Combine that with patching the OS like you mentioned and it make them look like they are taking security seriously, while recieving yet more cash from customers... It's a great scheme for MS. The elimination (if you actually beleive it will 'eliminate' anyone) of Symantec and McAfee would be a nice side benefit. Of course the reality is neither copy should worry about replacing MS's built-in controls, since it will have next to zero impact... But they know perfectly well they can use this to hurt MS and make them look poor and defenseless compared to the jugernaught MS represents... So they'll wring this oppurtinty for everything it's worth...
        • by Clover_Kicker (20761) <clover_kicker@yahoo.com> on Sunday October 22, 2006 @04:54PM (#16539436)
          If MS intends to give away or sell below cost its AV software - which it would almost have to do in order to drive McAfee et al. out of business - they could be losing a whole lot of money.

          How much have they spent propping up XBOX and MSN?

          Microsoft isn't afraid to burn a few hundred million bucks if they want to keep a player in a given marketplace.
        • by arminw (717974) on Sunday October 22, 2006 @05:36PM (#16539772)
          .....The best use of AV software for MS is as a short-term patch.....

          The best use of an A/V patch would be not to need one in the first place. There is no need for such crap on Mac OSX. How many Mac owners run special anti-virus software? How about Linux users? Why can't MS make their OS at least as secure as OSX? Maybe they don't want to? Security should be built in, not added on by third party software. By reducing the number of services needed by most users and limiting their system access, Apple makes their OSX a much more difficult target in the first place.
        • Re: (Score:3, Interesting)

          by CastrTroy (595695)
          It doesn't make business sense for MS to release buggy software either. It would be a lot easier if they just released software with fewer bugs. People would be happier, and they wouldn't have to spen so much time fixing it. It's always less work to design something right the first time, then to try to fix it later, after it's been released. Just because it seems like it makes better business sense, doesn't mean MS is going to follow that path. I think that MS should do what Apple did, and drop their o
      • by WindBourne (631190) on Sunday October 22, 2006 @04:25PM (#16539184) Journal
        Unfortunately, Microsoft still isn't fixing their O/S to create something as secure as Linux or Mac

        That is actually a good thing. Keep in mind that no general malware author targets anythign BUT windows due to the ease of doing so. If Windows ever becomes more secure than Linux/Mac/*nix/Mainframes/etc., then the malware will target everything BUT windows.

        • Re: (Score:3, Informative)

          by cheater512 (783349)
          But *nix IS more popular - just not in the home.

          If a botnet creator could break in to Linux servers he most certainly would.
          Millions of high powered servers with big fat net connections. The net would tremble in fear.

          Instead they are forced to infect crappy home computers.
          • Re: (Score:3, Insightful)

            by drsmithy (35869)

            If a botnet creator could break in to Linux servers he most certainly would.
            Millions of high powered servers with big fat net connections. The net would tremble in fear.

            Most of which would be detected and repaired in a matter of hours (if not minutes).

            "High powered servers with big fat net connections" are incredibly poor targets for people trying to create botnets, which is why they aren't targeted for them.

      • Re: (Score:3, Interesting)

        by dabraun (626287)
        Microsoft is not following the path that McAfee and Symantec have followed. There is no antivirus software built into windows - the whole discussion that "Microsoft is trying to kill A/V venders" seems completely misguided. Yes, they are trying to make the OS more secure, you might argue that they are trying to kill anti-spyware products (since they *are* including this in the OS) but A/V? I don't get how this is 'the next netscape' when there is no A/V software bundled, or even strongly tied - to Vista.
    • by From A Far Away Land (930780) on Sunday October 22, 2006 @02:31PM (#16538428) Homepage Journal
      There is a big difference between Symantec and Netscape. Netscape was a program that was superior to IE, because you could Compose as well for free. Symantec will never be free, and in fact breaks about as many systems as it protects in my experience. McAfee is about as horrible as Symantec. The world could do with a few less AV vendors.
      • by Tim C (15259) on Sunday October 22, 2006 @03:21PM (#16538764)
        Netscape was a program that was superior to IE, because you could Compose as well for free.

        Disclaimer: Since moving over to a Windows PC, I have only ever used Netscape, then Mozilla, then FF as my main browser. I have never and probably will never use IE.

        That said, Netscape 3 was better than IE 3. Netscape 4 was better than IE 3. Netscape 4 was worse than IE4, and wasn't even in the same league as IE 5. NN4 was slow, bloated, and crashed at the drop of a hat. IE4 was faster and much more stable, and IE 5 was better again. There were browser torture tests released during Mozilla development that IE 5 had no trouble with that utterly choked Netscape. Hell, you couldn't even resize Netscape's window without it having to re-request the page from the server!

        Don't get me wrong, I used NN4 right up until around about the time that Mozilla M8 or M9 was released, but to say that NN was superior to IE because of Composer is one hell of a stretch, given that Navigator was barely usable.
    • by Bemopolis (698691) on Sunday October 22, 2006 @02:36PM (#16538454)
      Agreed. This is like abortion clinics complaining about lost revenue when condom manufacturers reduce their failure rate.

      And no, the fact that in this analogy the end-user is getting screwed either way is not lost on me.

      Bemopolis
    • by backwardMechanic (959818) on Sunday October 22, 2006 @02:36PM (#16538460) Homepage
      Symantec and McAfee are only in business because of Microsofts mistakes, true. I'd love to see them go out of business because MS had finally made a secure product. But that's not what MS are doing. Rather than making Windows secure, MS are making it difficult for the AV companies to operate. Sure, they're plugging Windows, but the wrong bits. It's not security, it's monopoly. We've seen this before.
    • by kripkenstein (913150) on Sunday October 22, 2006 @02:36PM (#16538462) Homepage
      Agreed: not the same thing. But for different reasons.

      As far as antivirus software goes, Microsoft are charging for OneCare, just like Symantec and McAfee, whereas in the web browser market, IE and Netscape were given away for free. That is a significant difference. When people pay for something, they need to make a choice; just using the free web browser already installed on their computer isn't a choice, it's a default that people barely notice. Now, when people must make a conscious choice, it is harder to win them over. So, in this respect Symantec and McAfee seem safe. However, they will, at the minimum, need to share the market with Microsoft. And there is always the chance of Office repeating itself - a paying product in which Microsoft won a monopoly. Really, Wordperfect is the example we should have before our eyes, not Netscape, as far as antivirus software goes.

      As for antispyware, Defender is given away for free. This is exactly like Netscape, and I expect the antispyware market to die out, except for antispyware that lives as part of a bundle with an antivirus, which is not free.
      • by a_n_d_e_r_s (136412) on Sunday October 22, 2006 @03:59PM (#16539004) Homepage Journal
        Netscape Navigator wasn't being given away for free - it was sold.

        But Microsoft gave away its browser for free - to steal market share. That stopped that market to developed and Netscape could no longer sell its browser and forced Netscape to give Navigator away for free.

        So yes its basically the same thing with Microsoft killing another market by its dominating force.
        • by Deathlizard (115856) on Sunday October 22, 2006 @05:41PM (#16539824) Homepage Journal
          Netscape was practically Free. it's licencing allowed just about anyone outside of governments free use of the Browser. In fact, The only Netscape browser I can remember that had a Nag screen was 2.01, and Microsoft at one time was selling IE in stores the same way Netscape was.

          Even under this situation, MS didn't start really gaining share until late IE4 Early IE5, and code quality was the reason Netscape started slipping market share. Not Win98 or Free browsers like Netscape would like you to believe. By that logic, Linux with Apache is just as guilty with doing Netscape in as Microsoft with IE, Since most of Netscape's money was made on Netscape's Web server software and not their browsers.

          Navigator was absolute junk by the time Netscape was done with it. They kept claiming that MS was purposely denying access to windows so they couldn't code it better, well then explain why the Sun terminal I used to use at school had the same Netscape "crash after 1 hour use" bug that windows had, In fact, when they created mozilla.org and open sourced the thing, the first thing the Dev's for mozilla.org did was chuck the code and started from scratch.

          Netscape could have saved their product, they could have diversified into other markets, they could have recoded it to work better, they could have did a ton of things, but in the end while Opera with their pay browser was still keeping their business going, Netscape decided that suing MS was the easier of all the other options. pure and simple.

          Simply put, Microsoft did not Kill off Netscape. Netscape killed off Netscape.
    • Re: (Score:3, Insightful)

      by miffo.swe (547642)
      Microsoft bundling their own antivirus/antispyware is not fixing any mistake. The error lies in the security errors made by Microsoft and can only be fixed by eradicating those said errors. Antivirus does not in any way highten security in windows. All it does is mitigate the more commonly used viruses that has already struck enough people. Anybody making a directed attack against someone just flies through any antivirus. As long as the vulnerability used by the virus is still in there the problem exists an
    • Re: (Score:3, Insightful)

      by ClickOnThis (137803)
      Netscape had a product, which filled in a need customers had: a web browser.

      Symantect
      [sic] and McCafe [sic] are only parasites, leeching from Microsoft's -mistakes-.

      No matter what you think of them as companies, Symantec and McAfee were indeed fulfilling a need that Microsoft was ignoring.

      It was unevitable [sic] that Microsoft would one day try to fix those mistakes, and unlike things like Office Suites, it is Microsoft's -responsability- [sic] to fix this mistake, and it is a feature that SHOULD be part o
      • by aiken_d (127097) <brooks@tangentry.DALIcom minus painter> on Sunday October 22, 2006 @03:45PM (#16538916) Homepage
        I can't speak for the guy you're responding to, but my read was that he was saying that MS has no obligation to *produce* office; that it's a new line of business. But fixing the fundamental security problems in Windows is indeed part of MS's responsibility to its customers, and anti-virus companies who complain about it are being disingenuous. If the words I've put in his mouth are accurate, I totally agree with him.

        And you clearly have no experience working with Symantec or McAfee anti-virus products. They *do* unspeakable things to the OS, like hooking all sorts of the OS that they have no business touching (the IP stack, for instance). They also don't uninstall cleanly, so once someone reaslizes how screwed up their computer is after using the crappy products, only a total reinstall can get things back to normal.

        Both Symantec and McAfee seem to engage in the "perception of security by constant annoyance" school of thought (much like TSA). Other anti-virus vendors (Trend Micro, NOD32, etc) manage to work just as well without making the OS unstable and generally annoying to use. The sooner Microsoft fixes the underlying problems and gets those incompetents out of the security space, the better it will be for consumers and product-driven (rather than marketing-driven) security companies.

        -b
        • by walt-sjc (145127) on Sunday October 22, 2006 @04:07PM (#16539054)
          An example of the "unspeakable things" is outbound email scanning, where they add a proxy layer on smtp transactions. Only one big problem: this breaks authenticated SMTP. The only fix is to disable it. Inbound scanning is even more pathetic, only supporting VERY few email clients, such as Outhouse and Outhouse Express due to the implementation.

    • Unless we move to a trusted computing model where MS (or someone else) decides what can and can't run we'll need virus scanners. Why? Because an OS isn't broken when it does what you ask it to. If you are the system administrator and you order your computer to execute something, it can't second guess you. It's job is to run the software. If that software happens to be evil, well then that's your business. I mean I can send you a shell script that does "rm -rf ~" and if you are gullible enough to run it, wel
    • Re: (Score:3, Informative)

      by Instine (963303)
      I think the fact the parent hasn't been marked troll or flamabait, when similar coments about M$ even usually would, says a great deal about these two products (I know each has more than one product... ). They are awful. They alter the way your browser interacts with the web in ways that DO NOT improve security but DO hinder your browseing, AND WITHOUT ASKING YOU!!! Sorry for the caps, but really, they're bad. Yet they make so much cash.
      We're supposed to feel sorry for them? Urm... no. They will not be mi
    • Re: (Score:3, Insightful)

      by malcomvetter (851474)
      I'm convinced that the days are numbered on all of these signature-based anti-virus applications. It's what Marcus Ranum refers to as "Enumerating Badness" [ranum.com]. There is nearly infinitely more malicious code than trustworthy code. Why bother trying to discover them all?

      And by definition, signature-based AV requires at least one customer organization getting infected before the signatures can be distributed to customers. How many customers will be dumped on before they wake up and realize that taking an in
  • What? (Score:4, Insightful)

    by Anonymous Coward on Sunday October 22, 2006 @02:11PM (#16538260)
    Who speaks reverently of the early builds of Netscape? 2 and 3 weren't awful, but they weren't great either. And I think we all remember the abortion that was 4.
  • by xs650 (741277) on Sunday October 22, 2006 @02:11PM (#16538262)
    "Vendors Symantec and McAfee have looked into the future and realized that people may one day speak of them in the way that we now speak reverently of the early builds of Netscape."

    Speak reverently of Symantec...... Bwahahahahaha
    • by chill (34294) on Sunday October 22, 2006 @02:16PM (#16538306) Journal
      No kidding.

      Norton, maybe. Norton Commander and Norton Tools were excellent, but once Symantec absorbed Peter Norton & Co., it was a quick downhill ride from there.
    • Early builds of Netscape suck. I'm trying to get 4.08 to run on Windows 3.11 under Virtual PC but it crashes on launch! At least IE doesn't crash until it encounters a font the system doesn't have. Opera on the other hand is <3 and doesn't crash.
      • Re: (Score:3, Informative)

        by VGPowerlord (621254)
        Early builds of Netscape suck. I'm trying to get 4.08...

        By early, I'm assuming they meant before 4.x, where Netscape started sucking horribly.
  • There was Microsoft anti-virus software with early versions of MS Dos, software which got scrapped when Windows 98 et al hit the scene.
  • So what? (Score:5, Insightful)

    by garcia (6573) on Sunday October 22, 2006 @02:12PM (#16538270)
    McAfee and Symantec exist because of problems that exist in the Windows code. They are concerned b/c Microsoft is releasing its own "security" software, which I agree with to a point, but they are also pissed off because MSFT is locking them out of the kernel (as they have been since x64's XP).

    So b/c MSFT is actually doing some stuff to try and protect themselves from outside code (in addition to outside vendors) we're supposed to feel sorry for these people? Either revamp your products and find different stuff to fix or move along.

    That or stop whining about MSFT locking you out of the kernel and concentrate on them selling software that "fixes" problems in their own buggy OS.
    • Re:So what? (Score:4, Insightful)

      by Chabil Ha' (875116) on Sunday October 22, 2006 @03:03PM (#16538648)
      That's what you get for being a one trick pony. Eventually competitors move in to dilute market share or you run into an antiquation problem where your product is obsolete/useless. While some may bitch that this is another way of Microsoft consolidating their monopoly power, this change has been a long time coming. What else does McAffee do? Symantec has many different types of tools like backup software and disk repair utilities, but what else?

      Take a look at Creative. At one point the realized that the Sound Blaster brand was not going to get them very far once generic sound cards found their way into every PC that gets manufactured. What did they do? Well, they gave graphics cards a try. I remember back in the 90s when you could get a Voodoo2 chipset from them. Now? They were one of the first to enter the MP3 player markets and continue to have *some* success despite Apple dominating that arena.

      Get a life McAffee and Symantec, your days of being a market bottom feeder are coming to an end.
  • by smack.addict (116174) on Sunday October 22, 2006 @02:12PM (#16538276)
    The so-called security vendors are best off when there is a proliferation of viruses and people are scared to death of the Internet. Their business model disappears if the Internet actually becomes a secure platform.

    Microsoft wants to see the number of exploits impacting its operating system disappear to zero. Only if they are successful will they kill the security vendors. And if not, the security vendors will prosper.
  • by krell (896769) on Sunday October 22, 2006 @02:13PM (#16538278) Journal
    I stopped using Netscape as their "new and improved" releases became huge, very slow bloated with unneeded features that don't even belong in a browser (email? Use an email client!) and crashed all the time. (It took the Mozilla guys to do for free what Netscape engineers were paid to do and failed to do: make a nice version of that browser). McAfee, etc should not have to worry about this as long as they improve their products instead of turn them into unusable monsters.
    • by C0vardeAn0nim0 (232451) on Sunday October 22, 2006 @02:20PM (#16538348) Journal
      there are many paid engineers working for mozilla foundation, and before that, AOL kept a bunch of people on the payroll working on mozilla/netscape.

      what changed was not the salary status of the developers, but the managment style guiding the devolopment.
    • by AmazingRuss (555076) on Sunday October 22, 2006 @02:25PM (#16538394)
      ...symantec in particular brings a system to its knees. Realtime scanning is a great idea IF it doesn't render your computer unusable. For obvious reasons you are forced to used the latest version, which just gets bigger and bigger and bigger. I've started dumping Symantec in favor of a daily clamwin scan. Not as good...but at least the computer is usable.
      • by krell (896769) on Sunday October 22, 2006 @02:29PM (#16538410) Journal
        "symantec in particular brings a system to its knees"

        But that is security! Studies have shown that a system brought to a complete 100% standstill is impervious to malware and virus infection.
      • Re: (Score:2, Interesting)

        by mongoose(!no) (719125)
        That's why I've stopped using the free version of McAfee that my university provides me with in favor of AVGFree. It used to take my fairly modern system an extra minute between booting and being usable because of McAfee. Security is a great thing as long as it isn't an inconvenience.
      • Re: (Score:3, Insightful)

        by Dr. Spork (142693)
        As I say to everyone who asks me to fix their computer:

        I've never encountered a virus as terrible as Norton Antivirus.

        Sure, Microsoft might kill Symantec with shady monopolism, but I think we should me more angry with the free market, which has kept these leeches alive for this long.

        • ...I spent years getting people to buy antivirus software...and now as you say, the antivirus software has grown into a problem of its own.

          People look at me like I'm crazy when I tell them their paid antivirus software is causing their computer to suck, and I need to replace it with free antivirus software. Their poor little heads just spin as they smile, nod, and slowly back towards the exit.

      • by Sycraft-fu (314770) on Sunday October 22, 2006 @02:59PM (#16538624)
        IF you can get realtime scanning that doesn't slow you down. Try out AVG sometime. When I first got it, there was so little impact I was sure it wasn't doing anything. So I went and grabbed a virus to test it. Immediately, AVG threw up a red flag.

        The threat to Symantec isn't MS making Windows unvirusable, that's not possible (barring trusted computing), the threat is that there are new AV companies that make good, fast, cheap products that beat the crap out of symantec's offerings. AVG and Kaspersky are two excellent choices. Also I hear lots of good things about Bitdefender though it leads to bluescreens on my (and other's) system.
      • Re: (Score:3, Informative)

        Try a daily BitDefender scan. It works well and the on demand scanner is free:

        http://www.bitdefender.com/site/view/Download-Free -Products.html [bitdefender.com]

        ClamAV is great for scanning email, but when scanning for system viruses it's really not that good. I've seen it miss dozens of viruses that BitDefender, AVG, and F-Prot picked up.
  • by creimer (824291) on Sunday October 22, 2006 @02:13PM (#16538282) Homepage
    Vendors Symantec and McAfee have looked into the future and realized that people may one day speak of them in the way that we now speak reverently of the early builds of Netscape.

    I don't see a problem with that since I don't use either product and wouldn't mind seeing these two outfits go into the software oblivion. Microsoft will get lazy about updating the features on its security software and open source will come to the rescue with something better. It'll be IE vs. Firefox all over again. Ultimately, the consumer will still win out.
  • It will be interesting to see if the EU continues to stand up to Microsoft and enforces competition law. The interesting thing being that EU competition law is based on US competition law...but somehow Microsoft is treated differently in the two jurisdictions.

    In the meantime, and as I have posted before, quis custodiet ipsos custodes? Who is going to verify that Microsoft's security solutions perform as expected? Would you, if you were a CIO, be happy believing that the same company that designed your deskt

    • by Ritz_Just_Ritz (883997) on Sunday October 22, 2006 @02:38PM (#16538472)
      In my opinion, the major "anti-virus" vendors are precisely the type of parasitical hanger-on that you DO NOT want on your computer in the first place. They use an unGodly amount of resources and greatly slow down the machine they're "protecting." They live merely because Microsoft has been unwilling/unable to write secure code. So now Microsoft is trying to fix that (rolling eyes) and these parasites are crying about unfair competition. Do you propose that the EU forces Microsoft to write less secure code in order to allow these companies to maintain their relevance? That seems rather foolish.

      Let's use an analogy. Let's say I build an automobile and it's famous for having fuel injectors that clog up. People begin getting annoyed as the engine runs worse and worse until they get stuck on the side of the road. Along comes WidgetX. They invent a device that attaches to the engine end somehow "prevents" the problem. The downside is that the efficiency of the engine drops and you burn a LOT more gas, but your odds of getting stuck on the side of the road are greatly reduced. The next model year, the car company redesigns the engine so that the injectors no longer get clogged. WidgetX cries foul because now their product has become both unecessary and it has become obvious how wasteful of resources it was. So WidgetX demands the EU authorities to force the car company to go back to selling failure prone injectors instead of coming up with another innovation that actually helps consumers.

      Call me crazy, but I don't see Microsoft as the "bad guy" here at all.....

  • No. No, we won't. (Score:5, Informative)

    by Southpaw018 (793465) * on Sunday October 22, 2006 @02:14PM (#16538288) Journal
    Symantec's and McAffee's respective antivirus products are some of the buggiest software I've ever seen. The latest versions of both are awful memory hogs with questionable reliability and average detection rates. McAffee installs are widely known to 'go bad', resulting in cryptic error messages, failed updates, and vulnerable systems. There are threads upon threads in the Dell forums of users trying to ununstall McAffee off a brand new computer and failing.

    As for Symantec, , I had a computer at work with a copy of Symantec Corporate AV 10.1 (the latest version) still installed after we chose to migrate away from it due to ever rising costs and poor support. I tried to uninstall it. The uninstaller crashed. Then, every time I tried to right click, it tried to reinstall itself. Yes, you read that right - Symantec's antivirus installs a handler that traps every right click within Explorer that runs a check to see if files are missing. After two hours on the phone with a Symantec rep who didn't know what they were talking about, I finally had it cleaned off the system.

    What I'm trying to say, I suppose, is that the original Netscape, while not perfect software, had the right vision behind it. Symantec and McAffee don't. Both companies have gone downhill, and I'm absolutely sure it's for reasons completely unrelated to Vista's new kernel.
  • by mpapet (761907) on Sunday October 22, 2006 @02:16PM (#16538310) Homepage
    As a sysadmin supporting the usual symantec products, reverently is never a term I would use to speak of their products.

    Second, Symantec and others are doomed partially because of their products.

    Finally, they are doomed anyway because it fulfills so many objectives at Microsoft. The potential for revenue is too great to turn away and the only path to desktop revenue growth for the OS is to tighten the DRM noose until it is the equivalent of your cable/satellite set top box. Any other path is too risky/difficult.
    • Re:First of all (Score:4, Insightful)

      by westlake (615356) on Sunday October 22, 2006 @04:51PM (#16539416)
      the only path to desktop revenue growth for the OS is to tighten the DRM noose until it is the equivalent of your cable/satellite set top box. Any other path is too risky/difficult.

      There is no consumer market for an OS distribution that doesn't support DRM'd media play out of the box.

      Apple understands this. Microsoft understands this. Linspire -- which has a modest presence in big box retail -- understands this.

      The only one with his head still stuck in the sand is the Geek.

  • by Chairboy (88841) on Sunday October 22, 2006 @02:17PM (#16538316) Homepage
    It's fashionable to bash Symantec and McAfee and make ridiculous comparisons between them and viruses, but they're just companies meeting a demand for specific software. They are no more leaching off of microsoft than car-washes 'leech' off the auto-industry.

    The OS is changing, and the nature of threats are changing. These companies started by writing software to protect against disk-to-disk threats, then file infectors, then worms, and so on. Each has changed their business model as the needs of the market have changed, and I'd be hesitant to casually write them off just yet.

    The market will decide things in the end. Either the companies change and continue to meet customer demand, or they won't, and they'll fade away. My money is on smart people staying fresh and changing based on their past history.

    The alternative is to essentially say "Netcraft confirms that security software companies are dead!", with just as much legitamacy.
  • by Salvance (1014001) on Sunday October 22, 2006 @02:18PM (#16538336) Homepage Journal
    If Microsoft were to succeed in shutting out security vendors (which I don't think they really want), they'd be digging their own grave. Many of Microsoft's security problems now stem from their dominance in the browser market - had Netscape won the browser wars, Microsoft would likely not be vilified to the extent it is today since security would not be as big of an issue.

    The one thing that has made Microsoft's products at least somewhat secure are the third party security products. If Microsoft shut out these security products, it is unlikely they could provide the same level of security that users expect from their O/S's. Take away McAfee, Norton, and the other security vendors and Microsoft's profit and revenues would be impressive until users became tired of the constant security breaches and holes.

    If Microsoft moves forward with shutting out 3rd party security companies, Linux vendors and Apple will be the big winners, not Microsoft
  • by maynard (3337) <j DOT maynard DO ... AT gmail DOT com> on Sunday October 22, 2006 @02:18PM (#16538338) Journal
    The market for anti-virus software is a response to poor software design. So Microsoft claim they will fix it, and in the process are bundling tools similar to their competitors'. But the ultimate solution will will require not a reactive solution - which is why anti-virus software does - but a proactive solution, similar to just about every other professional OS. That is, pervasive use of filesystem ACLs, low privilege user accounts, etc etc etc. That is, enough security such that if a virus does run - it wouldn't do much damage.

    Wouldn't a Windows system with proper security be just as damaging to these anti-virus makers as Microsoft bundling anti-virus software? And isn't the OS maker the proper responsible party for system security?

    I'd say a comparison with Netscape is a bit off.
  • by bogaboga (793279) on Sunday October 22, 2006 @02:21PM (#16538350)
    These security companies should have seen this. I mean...the writing was on the wall.

    Next victim? Adobe: with its PDF and Flash.

    Open sourcing these products, and creating decent interfaces for their PDF reader are the only feasible things [for Adobe] to do in my opinion. QT would be better than using GTK. You might wonder why: I cannot type or paste a link in the file selector dialogue of Adobe's PDF reader, in this day and age!! Think of it.

    • Re: (Score:3, Insightful)

      by 16K Ram Pack (690082)
      The formats of both are already fully documented.

      I've done document generation for companies. PDF is extremely flexible, gives guaranteed layout and because it's open, you aren't using tools that have reverse engineered the format. You know the files are going to be readable. There are huge numbers of 3rd party tools for generating and processing PDFs.

      The reason they don't want to open source is that Adobe Professional is how they make their money out of the open format. Give the format, encourage peopl

  • Cry more (Score:5, Interesting)

    by daeg (828071) on Sunday October 22, 2006 @02:23PM (#16538374)
    When your company makes a single product, you cannot complain when that product is no longer relevant. They should have diversified when they had the capital to do so.

    Also, Symantec and every other virus scanner makes use of non-approved APIs in win32. They were not documented, and not approved for the use that security companies gave them. Vista is finally removing deprecated APIs and replacing them with documented, hopefully bug-free versions. They have said numerous times in their blogs and elsewhere that they will help existing companies convert existing API calls into standard calls. Symantec et all are complaining because they make such liberal use of these APIs that they are facing a huge challenge to get their product on the market quickly, if at all.

    Note that one-time file scanners will still work, e.g., what your e-mail client does with received messages. That can all run just fine in user space. The pervasiveness of anti virus clients, though, would require complete administrator access, something Microsoft has been trying to get rid of for every day use (as they should!). If you allow Anti virus software to run in administrator mode while in user mode, you also open the door to viruses easily being able to do the same.
    • by Sycraft-fu (314770) on Sunday October 22, 2006 @03:21PM (#16538752)
      Many companies don't seem to be bitching. Sophos announced they'll have a Vista compatible version out a couple weeks before Vista (their current version even works with realtime scanning, it just can't update or interact with the desktop). AVG has apparently been working with Vista since Beta 2 (I haven't tried it) and the 7.5 version is listed as Vista ready. Kaspersky Labs says "From what we have seen of Vista, we cannot tell that Microsoft is blocking access to the core."

      So it seems that whatever the problem that Symantec and Mcafee are having, it's not universal to virus scanners. Seems more like they are lazy and don't want to do any rewriting whereas their competitors are on the stick.
      • by Jarnis (266190) on Sunday October 22, 2006 @03:46PM (#16538924)
        Apples and oranges.

        McAfee and Symantec are whining about 64Bit Vista. Kaspersky & co are talking about the 32bit version, which has no PatchGuard.

        Of course this is all mostly academic. PatchGuard will ensure that 64bit Vista will be marginalized. Numerous apps will fail because of it - you only need a thing like DaemonTools not working, and big portion of MS home target market will drop the 64 bit version like a rotten fruit.

        Control freaks running corporate envinroments will use 64bit, as will users that specifically need more than 4 gigs of ram. Rest won't. Major system builders won't put 64bit Vista as preinstalled, as it would generate a big pile of extra support calls for no tangible benefit.

        Symantec and McAfee are pissed if they have to release their security products with 'wont work on 64bit vista' stickers. Especially if at the same time OneCare will work fine. It will imply inferiority, even if in the real world there is no difference, because home users won't adopt the 64bit version, at least not until major home apps start asking for more than 4 gigs of ram (and we're still at least 4-5 years away from that)
  • Progress!? (Score:5, Interesting)

    by headkase (533448) on Sunday October 22, 2006 @02:24PM (#16538386)
    Human activity and especially software in particular seem to follow a cycle of exploration and compaction phases. I remember when a disk defragmenter was an extra piece of software you bought (Blitzdisk on the Amiga). As time goes by, what used to be peripheral functions become part of the core operating system. This is a good thing. I expect a web browser, media player, word processors (even Notepad counts), and so on to be available immediately upon a fresh install. Microsoft is legitimately trying to improve their Windows product. They are improving their customer experience by folding new functions into the operating system such as anti-malware (or other nasties), and security (firewalls and such). This represents the compaction phase of the cycle preparing the way for the next exploration phase.
  • by Noonian Soong (1016626) <soong@membMONETer.fsf.org minus painter> on Sunday October 22, 2006 @02:28PM (#16538400)
    I don't think Symantec and McAfee will have a problem in the near future. It think it's the same thing as with personal firewalls. Even though Windows XP has a built-in firewall (which covers only incoming connections, I know), people feel the need for additional security. I won't write about the pros and cons of personal firewalls and the use of Symantec's and McAfee's products, but I believe that the average user will simply keep buying security products. They come in nice boxes and as we all know, Windows isn't safe if you use it as it is.
    I don't think Microsoft's marketing will change this perception in the next few years, so many computer users will still believe what the traditional security software vendors tell them.
  • Symantec and Mcafee are more like Netscape every day. The put out slow, bloated, buggy code.
  • MS Vista (Score:4, Insightful)

    by PCWizardsinc (678228) on Sunday October 22, 2006 @02:35PM (#16538452) Homepage
    You do know that it is Microsoft's VISTA OS right? Can't they build in what they want? No One is FORCING anyone to buy Vista, the can buy MacOS or Download any version of Linux they want, Microsoft wrote the code, its theirs, if they want to lock out vendors, or increase or decrease security on a whim, they can, its theirs... doesn't anyone get this? If you don't like MS, choose some other vendors OS...
  • good (Score:4, Insightful)

    by radarsat1 (786772) on Sunday October 22, 2006 @02:45PM (#16538520) Homepage
    riddance.

    Both of these products, and Norton too, piss me off to no end when trying to debug problems on my friends' computers. I would never install them on my own computer, and haven't needed anything like it in ages on any other operating system. Since I end up having to reinstall Windows ANYWAYS, I always just tell people not to worry so much about viruses. I just tell them, don't click something stupid, don't use IE, you'll be fine. It's just one more "fear factor" that is so abundant in people's lives these days. Viruses are the last thing anyone should be afraid of.

    Anti-virus software is nothing but leeches on CPU time, memory, and network speed.
  • News Flash! (Score:2, Funny)

    by Anonymous Coward
    This Just In: Symantec sues Linux for creating a secure product, denying the company a potential revenue stream.

    I'm no fan of Windows, you'll never see me use an OS that requires fifteen free gigs just to install, but if they're finally getting their security right then I guess the security vendors are S.O.L.
  • Yes, well... (Score:4, Insightful)

    by zecg (521666) on Sunday October 22, 2006 @02:47PM (#16538524)
    ...tough luck. This time it is not a function unrelated to the OS that Microsoft is bullying the competition out of, but security of the OS itself. Security companies were spawned by MS' mistakes and they simply failed to grow healthy diverse business offering value other than compensating for MS' mistakes. Nobody is investing in them, some are histerically dabbling in spyware (or so I seem to remember reading somewhere sometime) and are generally about to crash and burn.
  • by thethibs (882667) on Sunday October 22, 2006 @02:48PM (#16538532) Homepage

    Symantec and McAfee will find new lines of business or fade away because they are selling products that shouldn't exist at all.

    These products are based on identifying any of hundreds of thousands of programs and stopping them from executing—in an environment containing a few dozen programs the user actually wants to run. It's far easier to allow the few dozen and deny access to anything that isn't on this short list than to check everything against a very long and growing longer list of signatures and behaviours.

    In the fullness of time, MS operating systems will fully implement Default Deny security, a path they have already started down; PatchGuard is part of it. When this is done, there will be nothing for anti-virus software to do.

    I run my systems using just this part of F-Secure (Application Control enabled, everything else disabled) and the occasional scan. Same approach to browsers: all is forbidden unless expressly allowed. Scan results are always zero hits.

    I look forward to the day when this is written into the OS code. Vista security is a good start.

  • by Dracos (107777) on Sunday October 22, 2006 @03:07PM (#16538678)

    Virii, worms, and malware all exist because MS makes famously insecure products. Symantec and McAfee exist because virii, worms, and malware exist.

    Symantec and McAfee need to at least acknowledge that their business models are based on design flaws, poor implemetation, and bad coding practices within MS. They should thank Bill and crew for the ability to complain when a fraction of these inadequacies are fixed after many years.

    I'm not defending MS and their monopolistic procatices, but this isn't simply another Netscape crushing. Netscape was a user space product. This is about fundamental flaws at the core of the Windows OS: about as faw away from user space as you can get. That these flaws permeate into the userspace is beside the fact.

    Symantec and McAfee (and many others) have spent the past decade or more cleaning up after MS in terms of security. Now they want to bitch when their lazy benefactor decides to take some responsibility? But, the issue isn't the mere taking of the responsibility, it's more about the monopolizing of that responsibility. No one has any reason to believe that MS' anti-crapware will be more effective than any third party solution. MS allowed security to become a third party market, now they want to be that market.

    MS is wrong for closing out vendors from providing a complete third party security solution. However, MS is more wrong for not writing secure products in the first place, and certainly for not understanding what comprises an operating system.

    • Web Browser: critical OS component.
    • Security: third party solutions are OK until we get around to it.

    Windows security vendors only have something to worry about if MS actually produces a secure operating system. I don't believe they think this is possible, which is why they haven't broadened their product lines. Until hell freezes over, Symantec and McAfee should all but shut up and enjoy what MS has given them.

  • by PixieDust (971386) on Sunday October 22, 2006 @03:48PM (#16538938)
    WHY does the AV program NEED to hook into the OS kernel?

    When you think about it, this ITSELF introduces another vulnerability. Another point of failure. Why bother exploiting the OS, when you can use the nice convenient path provided to you by the AV software? Everyone seems to forget this.

    Microsoft gets bashed for their 'insecurity' and the moment they try and IMPROVE that, they get flamed, and people cry foul and start throwing around such words as 'monopoly', 'abuse', 'lock-out', and the tin-foil hatters come out of the woodwork and start bashing MS security, while somehow totally missing the absurdity in what they're saying!

    Other AV companies have managed to adapt to the kernel lockouts, why can't Symantec and McAfee do the same? Instead, they'd rather keep their grubby paws hooked into the OS as deep as they can be, so that they can effectively hose a user's installation, then charge them $80 for phone support to resolve the issue.

    People can't have it both ways. You have to give credit where credit is due. Windows One Care is not installed by default, it's a FOR PAY product (which totally differentiates it from IE vs All) that you have to buy IN ADDITION to the OS. Windows Defender is free, and protects against spyware, and comes pre-installed. While I don't particularly like that, it doesn't really bother me either. People install Yahoo Messenger, and it wants to install a Toolbar with Yahoo Anti-Spy. The same goes for Google, AIM, MSN(yes I know that's redundant), and a plethora of other IM options, and even just generic toolbars. Most ISPs now days 'give' you AV/AS to use. So Windows Defender doesn't bother me, there's already another 50 billion people trying to give me spyware protection (none of which I use, the standard Windows Firewall is quite sufficient for me thank you), so why not MS too?

    I had the opportunity to participate in the beta for OneCare (wasn't hard, they offered it free, and I liked that idea, since people were inevitably going to ask me about it). I found it to have a rather large footprint, and be fairly slow. Given it's competition in the form of Symantec NIS, and McAfee's Internet Security Suite, and Trend Micro's Internet Security Suite, it's performance was roughly average. It wasn't as fast as TM, but was quicker than NIS and MIS in most cases. What struck me was only TM had a better detection scheme, and even then it was marginal (though I know a single thing getting through can mean the difference between being completely hosed, and being OK, never knowing how close you came to Virtual Armaggedon). MS One Care did a MUCH better job of catching/stopping spyware then all of them (Windows Defender gets lumped into One Care installs generally).

    Think of these things from the USER'S perspective. NOT from YOUR perspective. For people who are WAAAAY non-tech savvy, One Care offers a one-stop-shop for performance tuning (uncomplicated), AV, and AS and Firewall protection. It's easier to use than NIS, WAAAY easier than MIS, and TM rounds out the list of being the least user friendly. Bottom line is this is just one more cool way to bash Microsoft for trying to improve things. Do you think they're using kernel hacks for One Care? Probably not right now, as people would LOVE to find a way to exploit One Care to compromise a machine. Will it remain that way? Probably not, because I see things getting into the kernel eventually, and requiring that the kernel be accessible, at least to be scanned and locked so that it can be replaced. But still, NO AV/AS program should EVER be hacked into the kernel. Period.
    It opens up the doors for too many things. OneCare also doesn't bombard the user with useless popups and notifications like the others often do, which aids in hosing the system as they USER tells it to do something bad.

    One Care is a LEGITIMATE software release by Microsoft, and not at all a surprise. What is surprising to me, is that it took THIS long for it to resurface.

    That is all. Please return to your normal dailty activity.

  • by smchris (464899) on Sunday October 22, 2006 @03:52PM (#16538962)
    people may one day speak of them in the way that we now speak reverently of the early builds of Netscape."

    Probably because I was dual-booting Coherent unix the first half of the 90s, OS/2 the 2nd half of the '90s and linux now, I often feel like I'm the only person left in the world who can still feel a pure warm feeling for the 80s garage software that was the original McAffee.

    Everybody else invariably seems to echo, "Die McAffee, Die! Die! Die!" Which I guess is OK with me since it's just been a corporate brand name for ages anyway.

  • by DonChron (939995) on Sunday October 22, 2006 @03:57PM (#16538994)
    How often have you heard that the new version of Windows is "more secure" than the last version? A quick recap:

    Windows 3.1 - no real security, but it's prettier than DOS!

    Windows for Workgroups 3.1.1 - now with a login screen (but still no real security)!

    Windows NT 3.51 - now with ACL's (and mostly not compatible with Win3.1 apps)!

    Windows 95 - also has a login screen! no real security, but prettier than WfW!

    Windows NT 4.0 - now with shared ACL's (domains) - the most secure Windows ever!

    Windows 98 - Slightly less likely to crash than Win95! No NT security features!

    Windows ME - Now with some system-software protection, but still no ACL's!

    Windows 2000 - An improved interface and kernel! Active Directory 1.0! Now, the most secure Windows ever!

    Windows XP - The successor to the Win2k and Win9x kernel products - super duper secure! Home users still run as the super-user, but it's less likely to crash! ACL's for Professional users and a very limited firewall make this, yes, the most secure Windows ever!

    Windows 2003 (server) - The XP kernel in a server! Hardly anything runs by default! The Most Secure Windows Ever!

    Windows Vista - Still with ACLs! New ways to limit access! Everyone's running as superuser, but with more warnings!

    Windows Longhorn (server) - Not fully designed, but looks a little less secure than Win2003 - possibly *not* the most secure Windows ever!
  • Weird Business Model (Score:3, Interesting)

    by gilgongo (57446) on Sunday October 22, 2006 @04:03PM (#16539044) Homepage Journal
    Anyone who builds a business that is dependent on the failure of a single software vendor to produce secure code is, well, asking for it aren't they?

    The irony here though is that the single software vendor is a monpolist. So, what do we do? Allow Microsoft to continue to produce broken, sloppy-designed software, and thereby prop up an oligopoly of anti-virus vendors, or let them "fix" their software by incorporating anti-virus measure that they should have had in there all along?

    I sure as hell wouln't like to be the judge on this one!

  • by zerofoo (262795) on Sunday October 22, 2006 @07:53PM (#16540928)
    Netscape lost the browser war partially due to Microsoft's tactics, and partially due to the quality (or lack of) in the product.

    Symantec and McAfee have been releasing low-quality products for years. Even Symantec's corporate offerings have been questionable. Release after release gets buggier, slower, and less reliable. If Microsoft's offerings are even a little bit better, Microsoft should have no problem burying these two companies.

    Frankly, Trend, Grisoft, Sophos, and Avast have been doing more damage to Symantec and McAfee than Microsoft has in the last few years.

    -ted
  • by Animats (122034) on Sunday October 22, 2006 @11:14PM (#16542332) Homepage

    Symantec used to sell compilers, developer tools, and even some user applications like ThinkTank, an early outliner. Microsoft pushed them out of the tools field on Windows; Symantec had a more portable alternative to MFC, and Microsoft didn't like that. Outliners disappeared as a standalone product category; Word now does that. All that's left is the anti-virus business. Now that, too, looks like it's toast.

    Actually, the OS vendor should be doing the security system. The primary function of an operating system is security and resource management; everything else could potentially be an application. Only because of Microsoft's appallingly bad security does the anti-virus industry even exist.

"It's what you learn after you know it all that counts." -- John Wooden

Working...