Concerns Over Security Software 116
Arthbunot Bullwinkle writes to mention a BBC article exploring concerns about the future of security software. The piece looks at trends toward 'free' security products, such as ZoneAlarm, and wonders aloud about where those products will find themselves after Windows Vista is released. From the article: "'Now maybe the good ones will actually get rid of that attack but at the same time they may drop maybe 10 or 20 other attacks onto your system.' The bottom line, according to Mr Day, is that when you download free security software you cannot be certain what you get. But completely free security software may be a thing of the past when the new version of Windows hits the shops early next year. "
RIP IPTables (Score:4, Funny)
Re: (Score:1)
Re: (Score:1)
2) It won't kill off iptables
3) I can't believe people still use iptables.
Re: (Score:2)
As opposed to...what? That bloated proprietary junk? I'd MUCH sooner run IPTables on a linux-based firewall than use any of the proprietary consumer stuff I've seen. There's no comparison.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
"Free as in freedom" doesn't mean you mean you can deliever anti-virus updates three times a day without someone like AOL paying the bill for development and distribution.
Paid software safer? (Score:5, Insightful)
Re: (Score:2, Interesting)
Re: (Score:2, Funny)
Re: (Score:2, Interesting)
Managers usually dont like free software out of liability concerns...weird, the obviously never read the EULA!
Re: (Score:3, Interesting)
Or maybe they've noticed that EULAs aren't necessarily worth the paper they're written on. Has any EULA's "no liability" clause actually been tested in court?
I suspect that it would be a lot easier to convince a judge that you're entitled to damages when you paid $2M for software from some vendor than if you had paid nothing.
Of course, this all is assuming that when you said "free software",
Re: (Score:1)
1 if you buy a Redhat box (maybe enterprise desktop whatever) you have a number to call if you buy several pallets of boxes then most likely you have your own personal "ShadowMan" to call.
2 littering for any reason is bad (and damages your Witness) SPAM for any reason is bad even if its the Kosher kind.
Re: (Score:2)
I don't understand; What is your point? Red Hat Linux is mostly, if not entirely, free software.
Yes; That's my point.
Re: (Score:2)
Re:Paid software safer? (Score:5, Insightful)
Man, is that old chestnut still around?
Let me answer the same way I answered my country programme director when he raised the same issue vis à vis commercial support for FOSS. He said to me that 'confidence' was very important, and that some managers just liked to feel that they had some recourse, even if that feeling was effectively fantasy.
I looked at him and said, 'Since when is it our job to indulge people's fantasies? We have a fiduciary duty to our clients to provide them with the truth, and when indulging their misconceptions works against their best interests, we are duty-bound to advise them of the truth.'
So now I'm going to say to you: You can't sue. If you do, you won't win. You gave up your right to sue when you agreed to the license.
Re: (Score:1)
You should note that ALL licenses have to obey the law. Did you notice that all liablity disclaimers end with "... to the extent provided by applicable law" or similar phrases. Maybe applicable law have to be changed (or does already, I don't know really) so if you pay for a license you get some kind of protection for your money.
I just want to point out that this case is not
Proof is in the pudding Re:Paid software safer? (Score:3, Informative)
So, how many people do you know of who have successfully sued Microsoft for selling them broken software?
I've pretty much lost track of the number of people who think that AVG Free is faster and more effective than Norton's. -- and, of course we all know that OpenBSD can't hold a candle to Windows for security holes.
Even if you could successfully sue MS for $selling you broke
Re: (Score:2)
IANAL, but I do lots of contract negotiations on behalf of my company. I do know this: A contract cannot allow the contracting parties to agree to ignore the law. In many jusisdictions, "lemon laws" and consumer-protection laws take precendence over any license agreement (or other contract).
So, for example, the license agreement may say "software sold as-is with no warranty", but in many states require that all goods sold have basic fitness and
Re: (Score:2)
"slowly, one by one, the penguins steal my sanity" - Unknown
Re: (Score:2)
Re: (Score:3, Insightful)
The price does not magically alter the safety, but the infrastructure required to collect and process payments does add some measure to the software's pedigree.
To implicitly trust software that's purchased shrinkwrapped in a Walmart is foolish, but it's certainly far, far, safer than the "Click Here Now!!" spams. It's not the price that conveys trust, but the investment the seller has made into the distribution chain.
Re: (Score:3, Insightful)
Re: (Score:2)
How many free and open source projects are starved for staff and funding? I get security updates from my cable ISP about four times a day.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I almost think our brains are hard-wired to think that we "get what we pay for". Perhaps the roots of this idea is that the vendor/seller, creator, etc. really put a lot into the product, and fair is fair, charge what it is worth.
So, some of the free products are just as good, because they tell you the creator of the software is on a mission, having been wronged sometime in the foggy, distant past, and is not go
You mean like Symantec... (Score:2)
(open sarcasm)
That Norton Security Suite didn't have any spyware or anything built into it. It didn't basically root kit everyone's machine that installed it.
(end sarcasm)
I'm all in favor of the open source guys. I run ClamWin on several machines. I've found it to be reliable and quite effective. I keep hoping that they'll release an enterprise type console where I can force updates, force scans, and lock users out of their settings.
I
Re: (Score:1)
Plus, I think that paid software actually has the potential to be more dangerous. You could either download an app and find out it's malware...or you could *pay* for an app and find out it's malware! At least the free versions let you see if it'
Re: (Score:2)
Trust them.
And, of course, Microsoft thinks that closing off their OS even more, will make it safer. HAHaHa.
Re: (Score:1)
Errrm (Score:2, Funny)
btw, what about Kate Russell below him, I wonder how she feels about pentration testing...
I sacrifice my karma in the name of cthulu!!
Some key explanations are missing. (Score:3, Funny)
The biggest problem... (Score:5, Insightful)
I've always gained a bit of security by using Mozilla rather than IE... by viewing my e-mail in plain text rather than HTML. By using Zone Alarm rather than a Norton or Microsoft product. When you have everone using one piece of security software, it's less secure because if you can infiltrate one, you can infiltrate all.
"By using ZoneAlarm..." (Score:1, Troll)
Re: (Score:2)
Re: (Score:3, Funny)
Wow, you believe what a random guy wrote on a random website? OK How about I try:
ZoneAlarm is NOT malware.
Haha! You're confused now!
And as for that webpage, if the author simply didn't make their button url have the word "advert" in it it probably wouldn't be blocked by ZoneAlarm, durr. Adblock knows better than to let "advert"s though as well.
Re: (Score:1)
And if you can't? (Score:2)
Certainly, it's better to have alternatives if there's some problem with the existing one. But I think the downside of having one standard setup to rule them all is mostly negated by F/OSS -- rather than all the security work (and all the other work) going into many separate pieces of software, they go into one.
I am not saying there shouldn't be alternatives, but every time I hear the anti-
Re: (Score:2)
Re: (Score:2)
And when there are gaping security holes, they usually affect every distro. You don't usually see "Only affects distro x." It's not just the kernel, either. There's glibc, among other things -- we do try to share libs where it makes sense. This also means, when a fix is issued, it affects everything.
The point is, the kernel gets closer to bug-free every day, and fixing a bug in the kernel fixe
Re: (Score:2)
Very true, a lot of lower level stuff is the same and shares patches. I was more thinking of the GUI applications that a user would be using. Even there, say, a media player, is probably using the same back-end code to play a video or song no matter which media player you are using (if it's a video, probably ffmpeg). (Hey, they could have buffer overflow bugs.)
As I understand it, buffer overflow checking is not done everywhere because it is slow and sometimes the programmer can be sure that there will not
Re: (Score:2)
This is true. It's also not nearly as bad as it could be. I can still download a binary build of Doom 3 or Quake 4 and run its installer script, and have it pretty much just work on any modern distro, x86 or amd64. Gentoo provides an ebuild for convenience, not because it wouldn't ordinarily work.
Maybe, maybe not. Distros tend to be converging on directory structur
Re: (Score:1)
Re: (Score:1)
Not to mention... Why is using Outlook and Internet Explorer... "being part of the 21st century?" Fi
Reason to delay upgrading (Score:4, Informative)
Personally, one of the major reason why I haven't taken RC1 into actual use beyond testing it a bit is lack of compatible 3rd party firewall.
Then again.. situation was pretty similar when Win2K came out - early on nothing was compatible. XP was easier because it is effectively a reskinned Win2K, and 99% of Win2K apps worked out of the box - even security products.
Vista is quite a bit more than a reskinned XP, as lots of stuff under the hood has been reworked, and again it's just like Win2K - nothing works intially, but I'm sure over time the problem is going to be fixed. In fact, it's surprising how good the situation is, considering official launch is still several months away.
Re: (Score:1, Troll)
Re: (Score:2)
Which is pretty much needed in today's "every program wants to call home" world. I want to decide what a (new) program gets to do as far as the network connection goes.
I do have a firewall box between my computers and the world, but it only protects against inbound junk. It's impossible to manage against outbound threats without application-level blocking.
Yes, in theory one could program a box to do stateful packet inspection and block specific ap
a Microsoft 'upgrade'? No, thank you (Score:2)
Re: (Score:2)
And in the future, with DX10 getting no backport, you will either get Vista, or scrap PC as a gaming platform.
I have no hurry to swap to Vista - it's still unfinished and probably will need it's fair
Re: (Score:1)
Nope. It's just a reskinned XP with more DRM thrown in to the mix. Microsoft discovered that all their brilliant plans were not possible without proper programmers, so all the "improvements" were quietly dropped, and the same old crap was moved into the "new" product. It as a few extra "nag" boxes, to give the illusion of "security", but it's got even more significant holes than XP.
Game Over, Microso
Re: (Score:2)
http://en.wikipedia.org/wiki/Features_new_to_Windo ws_Vista [wikipedia.org]
I will repeat myself: Vista is quite a bit more than a reskinned XP.
No, it's not perfect (hey, it's a Microsoft product), and it will most likely have it's fair share of new holes, but MS has definitely done a lot more than when they reskinned 2K as 'Windows XP' (*that* was a reskin job).
Freedom to innovate, ad nauseum (Score:5, Insightful)
Um, I hate to defend Microsot, but unlike Internet Explorer, which had no need to be integrated into the OS as much as Microsoft claimed it was, but basic network security features are exactly the kind of thing that should be built into the OS. I hope that antivirus programs eventually become obsolete (likewise with firewalls *anywhere* except perhaps in extremely sensitive environments, but that's probably a long way off).
Now, I'm not particularly confident that Microsoft will actually manage to render third-party security software obsolete, simply because the company just isn't all that good at software development, but I'm certainly not going to rebuke them for trying.
Re: (Score:2)
Re: (Score:2)
Not really. Hetrogeneity of OS's will do a lot to prevent virus spread, because the same bugs are unlikely to be repeated across OS's.
-b.
Please stop. (Score:2)
Besides, MS already does this. It's called Home edition and Professional edition, and the same malware works across both. Certainly, if they want the software to be compatible across different Microsoft OSes, the malware will be, too.
Re: (Score:1)
Re: (Score:2)
Yes, I do. I don't imagine that you making them wildly different will make it that much harder.
Well, if there ends up being very little difference, then it will probably be much easier than I think. But do you say this from personal experience? If not, can you give me any reason more specific than "it's hard"?
You're full of FUD. (Score:2)
If Microsoft was good at software development, why do so many of their products suck so much? I'm not talking about feature bloat, I'm talking about unneccesary bloat and major security flaws. Why can even the tiniest browser beat Internet Explorer at security?
Small 3rd party products are loved because they get the job done, not because they're only used by people who need them. Or are you implying that we like our third party stuff because w
Re: (Score:2)
Not to mention, you need a Windows box to test on. Unless you're going to make the app cross-platform, you have to test it as a Windows app, which means either Win
Well the other thing is (Score:3, Interesting)
The defragmenter is a great example. Windows 2000 and above have a built in one. It works on NTFS and FAT drives and does an ok job. How then do companies like Executive Software and Raxico survive making replacements for it? Simple: They make more feature rich v
Re: (Score:3, Informative)
Re: (Score:2)
The point still stands: For most tools, MS includes a simple version, good enough to get the job done. This leaves plenty of market for those that want to produce more full featured versions for profit, sometimes including MS themselves (as in the case with Office and Wordpad).
With defragmenters the included one does an ok job, but not a great one. Most people indeed no NOT purch
FUD from McAfee (Score:2)
It's ironic that somone from McAfee would dog free products that compete with them. The only AV products I've found on customer systems that were disabled by an infestation were Norton and McAfee products. People running free AV and firewall products are at least as safe as those running Norton or McAfee.
Re: (Score:2)
Re: (Score:2)
Yep, 95% CPU usage from a Norton process is always a fun sight to behold. McAfee is even worse because certain versions have a bug that causes CPU usage to go through the roof when a certain logfile exceeds a size limit. Solution is to move or delete the old log.
-b.
Re: (Score:3, Insightful)
I'll never trust McAfee after a friend of mine installed the trial version of their AV software.
On day 29 of the 30 day eval, it flagged a virus as being present on his PC. Suspicious, he set the clock back to the day before, and rebooted. No virus found. Restored the clock to the day before the eval ran out, and McAfee AV found the virus again.
Not exactly trustworthy behaviour.
Is it just me? (Score:4)
I wonder how much Symantec paid these guys to write this article.
Re: (Score:1)
No more free security software? (Score:3, Funny)
Is Bill Gates planning an invasion of Canada [openbsd.org]? I know his "Trusted Computing" initiative is designed to eliminate choices [debian.org], but will that junk really work?
Pure FUD (Score:5, Insightful)
Mr Day is Greg Day of McAfee.
His intentions are for spreading FUD. There IS bogus spyware software and virus removal tools out there. Odd thing though is some are free and some you actually have to pay for. Having a cost does not make it legitimate at all and Mr Day is stating a criteria that unless you pay for it, chances are it may be a scam. Of course this also implies if you did pay for it, it is not a scam and that is far from the truth. Instead of breaking the FUD campaign into free and paid for, it should be split into "well known and trusted" and "not well known and trusted". Mr Day does not want it to be decided on well a known and trusted basis because to reach that status takes time and effort by a company, he wants everyone to just assume his companies software is the best solution and of course that HAS to come at a price.
Sorry vendors and computer users but these are not binary decisions and it takes some research either way. Free or not free.
There's still a market - if people realize it... (Score:2, Informative)
Re:There's still a market - if people realize it.. (Score:1)
Shoulda included these since my post isnt a troll
June 13 2006 - http://www.pcmag.com/article2/0,1895,1976149,00.as p [pcmag.com]
There's also the printed mag that came out at the same time with a program by program comparison (which it was #7 of 10, scoring horrendously against many threats that #1-6 crushed it on).
Re:There's still a market - if people realize it.. (Score:1)
From TFA (Score:2)
Let's hope that all they are looking at is *security* related. Blind trust so often being a really Bad Thing®.
Same can be said for retail software (Score:4, Insightful)
Can we not say the same for commercial software? How many people are still buying Norton Anti-virus despite it's somewhat public record because of it's brand name and price tag? What about firewall software? We've all seen plenty of reviews and comparisons showin firewall A to be better than firewall B and vice versa, but some of the best firewalls for Windows _are_ available for free (e.g. Sunbelt Kerio Personal Firewall [free version] or the rapidly developing Comodo Firewall).
Nothing guarantees that because a product has a price tag attached it is better than any other product.
How to find something reliable and trustworthy? The same way people have been doing it for years - identify knowledgable and reputable third-party reviewers, communities, and do a little research.
They are going to thrive! (Score:3, Informative)
Re: (Score:2)
When you learn how to spell "Microsoft" maybe someone off the Slashdot pages will listen.
M$ because BASIC is basic to Microsoft's success (Score:2)
So you criticize use of M$ to represent "Microsoft". The name refers to Microsoft's roots as a developer of implementations of the BASIC programming language. Microsoft's first products were BASIC interpreters for several 8-bit microcomputer platforms, notably including the Altair and Apple II. In fact, BASIC is the product line that Microsoft has continuously produced since the company's inception (Altair BASIC to Applesoft BASIC to GW-BASIC to QuickBASIC to QBasic to Visual Basic to VB.NET). Versions bef
Re: (Score:2)
Free vs. Trial (Score:1)
By the sounds of it, Once vista is released, they will cramming their sw with crap to get people to buy it just like the others will.
Let the feeding frenzy begin!!!!!
Re: (Score:2)
Something like that. [slashdot.org]
he fell for an old psycho-trick (Score:1)
today this thought is exploited by greedy companies that take more money for their products than comparable products cost, so people will think it was better
I read a test once. a cheap noname dish liquid was place 1... I don't know abou
correction (Score:1)
Bad journalism (Score:1, Insightful)
It's either bad journalism or an infomercial.
They can bray like asses for all the good it does (Score:1)
Re:They can bray like asses for all the good it do (Score:2, Informative)
You mean "free" as in speech, right? How much did the P3 box cost, and how much does its electricity cost over its lifetime? Many installations, especially in homes, would do a better job with a firewall/router/NAT appliance with a built-in 100BASE-TX switch and 802.11b/g access point.
hahahah (Score:1)
Protection from who again ? (Score:1)
On a side note I had difficulties installing ZoneAlarm on Windows XP SP2. These was (seems) to be a conflit between the firewall of Zonealarm and the one in WindowsXP.. ( No network connection was possible) Anyway,
It is a GREAT idea to isolate IE from the core of the OS. But I should be able to use the Firewall i want (Either the free or paid one.)
Hargh, it's no use.. Please MS, continue to put barrier and block etc etc
you cannot be certain what you get (Score:2)
Because when he buys that software for a price then he can be certain what he'll get ? I won't even go on with that.
Thing is, whatever good firewall and antivirus and whatever else Vista might contain, I'd rather trust a company with a long record of producing good firewall [etc] software than what MS will include in there. If he so much emphasizes the "trust" part of this whole thing, then the question is [falsely] seemingly simple: whi
Interesting FUD (Score:4, Insightful)
It has happened before ! (Score:2)
Pfft... (Score:1)
Just Get Linux. Or Mac. Or *BSD. Or anything that has less security holes than swiss cheese. Microsoft products boast that they are 'secure' but security cannot be claimed, look at WinXP, they said that was secure, but today we know it has more holes than aluminium pits on a pressed CD.
Microsoft should stop calling their products secure, even the networking stack is screwed. To anyone who upgrades within the first two years, I blissfully stand, point and laugh.
Note, FC5, Ubuntu 6.06, Mac OS X and OpenBSD
Stephen Lamb's Question (Score:1)
Well, when the manufacturer of the kernel has a 20-year history of not being able to protect it even half as well as third-party vendors...
just wondering.. (Score:1)