How Live OneCare changed the antivirus landscape
Since its introduction in 2006, Microsoft's Windows Live OneCare has altered the antivirus landscape. With Tuesday's announcement that Microsoft will no longer be selling the product in retail outlets but offering a new free version, code-named Morro, starting in the second half of 2009, it's sure to change the field once again.
Since Microsoft bought Romania-based antivirus firm GeCad five years ago, there has been fear among the commercial antivirus vendors that the software giant would simply bundle its malware protection within the next version of Windows. While that didn't happen--and it's unlikely to happen--Microsoft's addition to the market has forced its competitors to make some changes even though Microsoft hasn't become the huge player once feared.
Even before the first beta in 2005, McAfee and Symantec were talking about plans to go head to head with the software giant. McAfee announced plans around Project Falcon, and Symantec launched Project Genesis.
Microsoft OneCare entered the market in May 2006 as a "desktop IT department" and inspired a new breed of "omni security suites" that went beyond the traditional Internet security suite. I wasn't impressed. Although OneCare offers the revamped GeCad antivirus engine, Microsoft Windows Defender antispyware protection, and the Windows Firewall, along with system diagnostic tools, backup capabilities, and a way to monitor home networking, I think that the interface is clunky and that the tools aren't necessarily top of the line. And, I'm on record as calling OneCare SopranoCare since it seems wrong to me to have to pay the company that broke your operating system to fix it.
But at its introduction, Microsoft did shake up the antivirus landscape. OneCare was priced at an absurdly low $49.95, and it protected up to three PCs. At the time, Symantec's Norton Internet Security and McAfee's Internet Security were both priced at over $100 for their three-user packages. Today, three-user packages well under $100 are common.
Symantec responded in 2007 with its Project Genesis-produced Norton 360, a unified product that took Norton Internet Security and added online backup. But Symantec didn't just add to its existing product, it reinvented the product, producing a new one with a fully integrated interface marketed for the average home user. And at around $70, it could be used on up to three PCs.
McAfee also responded with its Project Falcon-produced McAfee Total Protection, also priced around $70 for up to three PCs. It too offers home network monitoring and premium or enhanced versions of the McAfee Internet Suite.
But McAfee and Symantec both had something Microsoft did not: effectiveness.
Almost two years ago, independent antivirus-testing organizations faulted OneCare for missing known malware. Andreas Clementi of AV-Comparatives.org wrote in his February 2007 report (PDF) that OneCare did not meet the minimum requirements for participation. "Due (to) that, its inclusion in future tests of this year (will) have to be re-evaluated."
Microsoft began hiring longtime antivirus experts from competitors, and it appears to have paid off. A few years ago, Vincent Gullotto came over from McAfee to head Microsoft's Security Research and Response team. Microsoft has since added experts from F-Secure, Sophos, and elsewhere to the team. And it shows. In the latest On Demand scanning test from AV-Comparatives.org, Microsoft OneCare 2.5 scored as well as McAfee VirusScan Plus 2008.
All is not perfect, however. In May, Microsoft mistook Skype for a piece of malware. And the Windows Firewall, while Microsoft insists otherwise, is not a truly two-way firewall; there are a great many outbound exceptions within the Microsoft version. A Microsoft representative said "If we turned on outbound filtering by default for consumers, it forces the user to make a trust decision for every application they run which touches the network." Given that other firewalls have outbound filtering, I still don't see why Microsoft can't.
The free version of Morro won't have all the current bells and whistles of OneCare; Microsoft says the diagnostic tools won't be included. Although the final feature set won't be known for a while, just having a free antivirus/antispyware/personal firewall product from Microsoft is bound to shake things up.
With traditional antivirus protection perhaps becoming obsolete, maybe it's time that Symantec and McAfee start offering free versions of their own antivirus products--something that I've said for years.
As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments. 
1) Malware/Virus authors base their attacks on the target systems that will offer them the most bang for their programming buck. Apple market share is miniscule compared to the Windows O/S market share. Consequently there have been FAR fewer attackers actively trying to exploit MAC OS/X. This should be obvious unless of course you are a MAC fanboy.
2) There ARE virii out there for MAC OS X and Adware/Malware.
3) MAC OS X is not more secure than windows. The fact that less malware/spyware/virus writers are targeting it does not make it more secure.
see: http://blogs.zdnet.com/security/?p=758
There are many sites that track vulnerabilities and almost all of them reveal that MAC OS X has an equal if not greater number of flaws and security holes when compared to Windows.
You might want to do some research before you write a comment that contains the same old FUD that all Apple fanboys blindly reiterate time and time again.
To date there is one convoluted trojan "out there" for OSX. It requires you to surf to a pr0n site, download a file, enter your root password to install that file...
...meanwhile, London's hospitals are still without networking due to a common Windows virus: http://www.theregister.co.uk/2008/11/19/hospital_computer_virus_shutdown_update/
Also, vuln counts != virus counts. Please educate yourself (or at least try to) on the differences (esp. since your URL destination make no distinction between local/remote, or between core and ancillary apps...)
@ "I've lost count of the viruses for Mac OS X and software."
...you can't count past 5 variations of one trojan?
Damn...
Although taken off-guard, I'm not terribly surprised by this move to render OneCare freeware. Its anti-malware capabilities are mostly if not entirely signature-based. Signature-based only defenses are increasingly ineffective due to polymorphic malware and malware-makers systematically altering and confirming that their wares elude signature-based defenses. More on this here:
http://www.securitynowblog.com/endpoint_security/secunia_report_signature-based_antivirus_misses_most_unknown_malware
http://www.securitynowblog.com/endpoint_security/signature-based-antivirus-and-hips-technologies-poor-endpoint-protection
There are some promising freeware tools that folk ought to evaluate that block malware attacks without signature defenses. However, in some cases the medicine can be worse than the illness. A promising example to try:
http://www.blueridgenetworks.com/solutions/edgeguardsolo/
This tool is imperfect but surpisingly effective for a beta.
I have Norton 2005. Because product is not good! Lousy! Missing files like malwares, etc. Very annoy pop ups. Worth $59.99 is not important! I sued Norton company because product is not good or enough! Get up and working more powerful than before lousy products! I now stopped buy Anti-virus products at store no more! Shame on whole companies! I not happy anymore! Very Angry!
What research do you base this on? By miniscule, you mean over 7%? I guess 2 million macs a quarter is miniscule. The FACT is there are far fewer SUCCESSFUL exploits. If it were the case that market share determined attack vectors, why is it that the first Mac OS X virus reported used iChat to propagate itself? Now, in terms of market share, iChat is not even the leading chat software for Mac users.
2) There ARE virii out there for MAC OS X and Adware/Malware.
Yes, there ARE, and if you have 10 fingers on your hands, you can use those to count them. However, in the Windows world, you would need to have about 10 hands, just to count the new ones that are found each day.
3) MAC OS X is not more secure than windows. The fact that less malware/spyware/virus writers are targeting it does not make it more secure.
Two counter points. 1) Yes it is more secure. 2) Yes it does.
Let's put it like this. If you live in a high crime area (like Windows) or you live in an exclusive, expensive, neighborhood (like Mac OS X) you will be less likely to encounter crime (viruses/malware). Further along that analogy, Mac OS X is like a gated community, and Windows is like a crack house with a broken lock.
"There are many sites that track vulnerabilities and almost all of them reveal that MAC OS X has an equal if not greater number of flaws and security holes when compared to Windows."
That's nice, but here in the real world, where I practice unsafe browsing every day on my Mac, I have yet to encounter a single virus. I've never run any form of antivirus either.
This is incorrect! Vista has a new firewall!
The new vista firewall has 2 way filtering if you wish ... I explain it all in my blog>>>
http://computerboom.blogspot.com/2008/11/advanced-vista-firewall-settings-2-way.html
If Apple did something as stupid as integrate Safari into the core OS...
I could care less about stats, announcements, patch schedules, etc. I live in the real world, where user experience is what matters.
Why does everyone purport to know the mind and motivations of "virus programmers". Have you ever met one? Have you ever been one?
From experience, I can say that the virus programming world is as diverse as the earth's population itself, and they are not all operating on the same principles or towards the same goals.
"From experience, I can say that the virus programming world is as diverse as the earth's population itself, and they are not all operating on the same principles or towards the same goals."
Uhh why don't you answer your own question first.
"I could care less about stats, announcements, patch schedules, etc. I live in the real world, where user experience is what matters."
Then you can't compare and say Mac OSX is better. User experience is subjective.
Also, about all an outbound firewall is really good for is to stop virus infected machines from spewing spam and malicious code all over the internet .... maybe.
Again ..... it's soooooooo nice not worrying about that with linux.
...but I'm glad you're not "worried" 'cause you have Linux.
Norton - Failed
McAfee - Failed
Live OneCare - Failed
Panda - Failed
AVG - Failed
Nod32 - Failed
Avast - Failed
Kaspersky - Failed
All more are total Failed!
We still recall all lousy anti-viruses products! Not enough. Need merge with Malwarebytes' Anti-Malware and Trojan Remover can knock or kick hidden powerful viruses, worms, etc out! People must be happy.
- by JoeAnne10 July 8, 2009 3:49 PM PDT
- I never used an anti - virus program on my computer because I don`t really trust this kind of protection means. I`d rather not use anything than not to be allowed to use my programs because they are a potential risk. For example I could not access my <a rel="follow" href="http://www.phoenixlandscaping.biz">Phoenix landscaping<a/> program.
- Like this Reply to this comment
-
(21 Comments)