Microsoft Working With Security Vendors 98
mikesd81 writes "The BBC is reporting on Microsoft's U-Turn. They've now given security vendors some of the information they want to make their products work with Microsoft's new operating system, Vista." From the article: "Earlier this month, security firm McAfee took out a full-page advert in the Financial Times to alert readers to its worries about the way Microsoft was handling the release of its new operating system. 'Microsoft seems to envision a world in which one giant company not only controls the systems that drive most computers around the world but also the security that protects those computers from viruses and other online threats,' the advert said. "
Re: (Score:3, Insightful)
MS is such a juggernaut that it flows around or over obstacles, like an avalanche, tsunami, mud (fud?) slide, etc. If McAfee and company survive, they'll be the exception that makes the rule, imho.
Re: (Score:3, Insightful)
Re: (Score:2)
Sure, but there's a critical difference: very, very few can.
Re: (Score:2)
Re: (Score:2)
"This software is unathenticated, and could be malware.
Would you like to:
Block / Permit once / Report this problem to Microsoft and Continue"
Re:World Domination - the popup (Score:2)
Oh ya! Every time an overlord wants to do something there'll be this popup requesting their admin credentials.
Never Happy (Score:1, Insightful)
I for one am pleased to see MS trying to lock down their systems and these other vendors just need to
Re: (Score:3, Insightful)
The otherside of the arguement is that the proposed Vista lockout would leave M$ as the only suppliers of anti malware (Ok, so Symantic don't seem to agree, but I'm stating McAfee's aguement, not mine) and we are all aware of the dangers of a monoculture, especially one run by Seatle's finest.
What I want, if at all posible, is the choice to run which anti malware systems I choose.
Re: (Score:2)
Re: (Score:1)
in parent post s/Symantec/Sophos/
Re: (Score:2)
Not only to chose which one you want, but it should be easy to install the one you want easily as well.
Why does everyone but McAfee/Symantec manage fine? (Score:2)
What I want, if at all posible, is the choice to run which anti malware systems I choose."
If this is such a huge problem, as Symantec and McAfee suggest, then why do Avast!, eTrust, and TrendMicro, among others, al
Re:Why does everyone but McAfee/Symantec manage fi (Score:1)
Re: (Score:2)
Mods on crack (Score:2)
Re: (Score:2)
People are still essentially setup as pseudo-admins out of the box (i'm sure UAC won't solve the problem) and DEP is disabled on all programs by default (most of the recent critical XP flaws are prevented by DEP being enabled for all programs and services).
I'm glad they have improved useability as a limited user though. Switching to a limited user account, disabling UAC, and enabling DEP will be the first th
Oblig (Score:1)
Re: (Score:1, Offtopic)
Hmmm .... I don't know what Slashdot you've been reading, but on the one I read, the obligatory is more of the form: in Soviet Russia, security firms give information to you.
... not so much. :-P
Biblical quotes
Cheers
Re: (Score:1, Funny)
"And the Lord sayeth unto the followers of Portman,
'Lest ye poureth steaming gryts into thyne trousers,
Ye shall be stripped and turned to stone...'"
Related (Score:2, Offtopic)
My point? None.
Re: (Score:2)
Oh No! (Score:4, Funny)
Re: (Score:2)
There's two sides to this issue. From the security vendor's standpoint, MS is just making it harder for them to work with Vista. While there are locking down the OS somewhat, MS will be releasing competing security products. This has shades of the antitrust behavior which got them into trouble. On the other hand, Trend Micro has been able to work through the changes in Vista.
Re: (Score:2)
There's two sides to this issue. From the security vendor's standpoint, MS is just making it harder for them to work with Vista.
Indeed. Now, instead of just trundling around wantonly in kernel space with their buggy software, they'd have to actually stick to known and documented APIs. The horror !
While there are locking down the OS somewhat, MS will be releasing competing security products.
Which use the same APIs available to _all_ "security software" vendors.
Despite Slashdot folklore, the whole "se
Re: (Score:2)
As a former Windows programmer, I can assure you that there were many undocumented, aka. secret, aka. internal, API calls which provided functionality not available in any of the documented Windows APIs. I'm speaking from a W2K perspective, which I assume also carried forward to XP. This may have changed in Vista, but I'd be very surprised if there were no undocumen
Re: (Score:2)
As a former Windows programmer, I can assure you that there were many undocumented, aka. secret, aka. internal, API calls which provided functionality not available in any of the documented Windows APIs.
I am not disagreeing there are undocumented APIs. All platforms have "undocumented APIs" in one form or another, and always will. I am arguing that they were never used in a "nefarious" fashion by anyone at Microsoft.
Re: (Score:2)
Re: (Score:2)
Maybe they should give Sony a call.
Re: (Score:3, Insightful)
Personally, I support homogenous networks; so I will see a spike in revenue from any XP->Vista upgrades. In t
Re: (Score:2)
Security is a *problem*, not a feature that's nice to keep around. What you are asking is a bit like "I sure hope they will never cure cancer because today it makes confortable living for a lot of doctor, scientist, psychologist, charity, widow association,
I hope Vista is more secure and that all the money and work that goes into security software goes into something else a bit more productive. By "more productive" I mean something that i
Re: (Score:2)
I imagine for most slashdotters, it's not so much a "lucky for us people who support FLOSS/Windows security and can still make money off of it" as it is a "lucky for us people who believe the security of Microsoft products is flawed by design and them releasing yet another buggy, unsecure OS proves correct what many people have been saying for quite some time: if you want hardened systems, stay away from Microsoft products and go with s
Re: (Score:1)
Re: (Score:1)
Lack of clarity (Score:2)
Is it only the 64 bit version of Vista that was the problem? Further down in the article we have this:
This make
Re: (Score:2)
This makes me wonder what all the complaining is really about.
The complaining is about Symantec and McAfee having to rewrite their software _properly_ and use public APIs rather than just rehashing the same POS every year that hooks into undocumented parts of the Windows kernel at will.
Re:A trickle... (Score:5, Insightful)
Re: (Score:2)
But then again, F-Secure is big on rootkit detection, and you didn't hear any crying out of them ab't the whole Vista thing. *shrug*
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
Finally, they did something right? (Score:2, Interesting)
OTOH, given the closeness of the supposed release date, it tells me that the requisite holes were likely already there to begin with (and that they can likely be exploited, even if MSFT sat tight and never gave the A/V folks the info anyway). That, or they're burning midnight oil to open up said holes (which would mean that oh damn, here it comes...!)
Man - either way, this doe
Re: (Score:2)
It doesn't seem like the sort of software that would break things when taken away, it seems like the sort of software which you could toggle (though that would defeat the object of course).
This is all so dumb (Score:3, Insightful)
For Mcafee to raise the alarm that MS was playing fast and loose with security by freezing out security software is just crap. Its FUD just like the crap MS spouts. Although it seems to have worked in this case.
Re: (Score:1)
Hey, I've got a solution to this: just have the McAfee, etc. client turn off random virus definitions from time to time. Then everyone would have a different "immune system"!
Sheesh.
Financial Times? (Score:1)
Re: (Score:1)
Re: (Score:1)
Why MS never can do it right? (Score:1, Troll)
And the problem with Microsoft Securing (Score:3, Insightful)
From the Original post: 'Microsoft seems to envision
Not to be picky, but on my Solaris boxes, I don't call up McAffee every time a security vulnerability is released, nor do I call them to protect my AIX systems from Crackers either. I expect that Sun and IBM, respectively, will secure their OS, issue patches, and provide the appropriate tools to manage security. We've been letting Microsoft get away with fobbing that duty off on third-parties for far too long. Pity if that impacts Symantec's business model, but Microsoft should have years ago either (a) fixed their OS or (b) taken the tcp/ip stack out and stuck a big, neon-orange, sticker on every box and install disk which reads, "This Products Is Terminally Insecure and If You Let It Connect to a Network, 12-Year Old Script Kiddies Will OWN Your Valuable Corporate DATA! Within 20 Minutes Or Less!"
It's hard in a case like this to know which one of them (Microsoft or Symantec) to have less sympathy for.
Re: (Score:2)
As usual it's that old bugbear antitrust rearing its ugly head again. McAffee et al claim that MS is going to produce its own anti-malware tools and lock them out of the market, kind of like if Sun
Re: (Score:2)
In the ideal world, if Windows were secure, there would be loads of competition for email software on Windows, but anti-virus software would just not exist at all.
Re: (Score:2)
In the ideal world, if Windows were secure, there would be loads of competition for email software on Windows, but anti-virus software would just not exist at all.
Rubbish. AV software and OS security are only vaguely related.
Only the inane ramblings of technically incompetent hacks has caused the clueless to think that "no viruses" and "secure" are synonyms. Anyone remotely knowledgable understands that AV software and OS security are solutions to almost completely different problems that go hand in ha
Antivirus and Security (Score:3, Interesting)
MS's genius PR move. (Score:2)
The real story is that Microsoft claimed to have made their Kernel completely secure... nobody can touch anything inside... so that means anything that goes wrong with it will be totally their fault. After mulling over it for a while, they then realised that they'd have nobody to blame when some malicious code got up in there and did some hefty damage. So in a genius PR move, they decided to expose an API for security vendors to be able to hook into the kernel. Now when
Mark my words... (Score:4, Funny)
this is dumb (Score:1, Funny)
Microsoft can't win for losing.
I look forward to that... (Score:1, Troll)
Re: (Score:3, Informative)
Re: (Score:1)
Good news, but not great news... (Score:2, Funny)
use OneCare or my mother in-law will get upset (Score:2)
They are becoming less relevent but not for the reasons you suggest. With Vista arriving with OneCare already installed they all will go the same way as Netscape and Wordperfect. Some of the new innovative security features in Vista are Patchlock [wikipedia.org] that works by preventing third party software modifying the
Re: (Score:2)
It does come with Windows Defender (anti-spyware)
From what I gather, they wanted to include both, but they could only include anti-spyware because there wasn't an anti-trust problem there.
MS should take security totally in house .. (Score:2)
consequences to productivity (Score:2)
Microsoft's security
Re: (Score:2)
On a clients machine installing AV software slowed the machine down tremendously. I removed it, set up a standard user, set wordviewer as the default. Installed Firefox and OpenOffice. Advised the client that using IExplorer, Outlook and msWord in combination was not a good idea.
It sounds
AV further weakens TCO argument (Score:1)
There seems to be a massive misconception here (Score:3, Insightful)
PatchGuard, quite simply, is "security through obscurity". Basically, while the kernel is running, a hidden background thread continuously hashes the code sections of the kernel and validates that nothing has changed. If something changes, the system bugchecks (blue screens). PatchGuard's security comes from it being obfuscated.
PatchGuard doesn't offer true security. It has nothing to do with escalation of privilege - if you're able to modify the kernel, it's already too late. PatchGuard was intended to stop commercial products from patching the kernel because frequently they do so improperly, and end up causing instability and local privilege elevation exploits. If a company got around PatchGuard, their product would only work until the next second Tuesday. However, rootkit authors may not care about that "time limit".
Certainly PatchGuard helps slightly with DRM. However its more important use is preventing companies from doing improper kernel hacks. With Microsoft bowing to these companies, PatchGuard's only use is now DRM.
By the way, the only reason Microsoft is doing this is because of Europe's antitrust complaints. No full page ad will convince Microsoft of anything.
Melissa
Re: (Score:2)
Re:There seems to be a massive misconception here (Score:4, Interesting)
PatchGuard, quite simply, is "security through obscurity".
No, it's not. Saying PatchGuard is "security through obscurity" is like saying passwords, etc are "security through obscurity".
Basically, while the kernel is running, a hidden background thread continuously hashes the code sections of the kernel and validates that nothing has changed. If something changes, the system bugchecks (blue screens). PatchGuard's security comes from it being obfuscated.
No, PatchGuard's security comes from not allowing unknown code to execute in kernel space. Ie: it stops things like rootkits from functioning by crashing the OS when it detects unauthorised activity.
PatchGuard doesn't offer true security.
No one measure offers "true security". PatchGuard is just another part of a layered security model.
It has nothing to do with escalation of privilege - if you're able to modify the kernel, it's already too late.
No, only if you *actually can* modify the kernel, is it already too late [for the kinds of attacks PatchGuard is protecting against]. Which is why the system crash-dumps - because there's not much else you can do in the face of an attacker who has already reached that level of privilege.
PatchGuard was intended to stop commercial products from patching the kernel because frequently they do so improperly, and end up causing instability and local privilege elevation exploits. If a company got around PatchGuard, their product would only work until the next second Tuesday. However, rootkit authors may not care about that "time limit".
PatchGuard is there to stop malicious and unknown interceptions of low-level system calls. In other words, the kind of stuff rootkits (in addition to badly written, but legitimate applications) do.
Re: (Score:1)
This seems like a great way someone to cause my computer to crash. When will the patch come out for this denial of service attack?
Re: (Score:2)
This seems like a great way someone to cause my computer to crash.
Considering the alternative, it's a reasonable tradeoff.
It's no different than any other OS that crashes instead of letting rogue code go tromping all over the kernel.
When will the patch come out for this denial of service attack?
Probably as soon as someone can come up with a better way of defending against the more important kernel attack.
Re: (Score:2)
What keeps Patchguard running in the presence of intentionally bad code with full run of the system? What stops code that can and does modify the kernel from turning off or NOPing Patchguard?
If the answer is something other than "by obfuscation" it would be educational to hear it.
Re: (Score:2)
What keeps Patchguard running in the presence of intentionally bad code with full run of the system? What stops code that can and does modify the kernel from turning off or NOPing Patchguard?
It halts the entire machine when something tries to modify it, thus stopping them from doing that.
If the answer is something other than "by obfuscation" it would be educational to hear it.
If you have better alternatives, I'm sure Microsoft's software engineers would be interested to hear about them.
Mysterious advert in the FT. (Score:2)
I'm still amazed in some respects that McAfee got away with it. IANAL, but it sounded almost libellous to me.
Re: (Score:2)
Remember The MS MO (Score:2)
They go after the #1 money/volume producer in the category. This is the usual "big fish" strategy. Along the way, a bunch of smaller companies in the same category get eaten alive by the onslaught of lock-in and big-ticket marketing budgets. HP and Apple do the same thing.
Symantec has the most to lose in "security". Just as AdobeMedia has the mos
I'm not sure I understand the commotion here... (Score:2)
If this is so, isn't the principal more or less achievable with Linux by installing a modified kernel under root access?
Either way, I wouldn't want anything tinkering with my kernel operation, so I see these API's as a negative thing - I just hope to God Windows will display some absolutely mammoth dialogue boxes should (heaven forbid) anything try and modify my kernel!
U-Turn? (Score:2)
n/a (Score:1)
Isn't this... (Score:1)
Microsoft has made supplemental software (defrag, disk compression, zips, etc.) obsolete in the past by including it into the system. They will do it again.