Comments on: Microsoft shakes up security fray
Debut of company's OneCare product has started a new security software race where consumers are likely to be winners.
Chart: Comparing PC care packages
Most Popular
Latest tech news headlines
- Control4 readies networked home energy system
January 7, 2010 11:03 PM PST
- Sarkozy's 'New Year's wish': Investigate Google
January 7, 2010 10:41 PM PST
- Freeloader solar charger wears many plugs
January 7, 2010 9:41 PM PST
- See all headlines
RSS Feeds
Add headlines from CNET News to your homepage or feedreader.
More feeds available in our RSS feed index.
- Markets
Related quotes
http://www.essentialsecurity.com/
http://www.essentialsecurity.com/Documents/article9.htm
If it isn't checking what is in the e-mail then what is it doing? By the way, mine is set so any program but my browser tries to open or close a program or window and it alerts me. It also checks any personal data and if it isn't bound for a site it recognizes as approved by me I get an alert and have to OK the data being sent. So, what is doing that? Looks like outbound security to me.
http://www.essentialsecurity.com/
http://www.essentialsecurity.com/Documents/article9.htm
If it isn't checking what is in the e-mail then what is it doing? By the way, mine is set so any program but my browser tries to open or close a program or window and it alerts me. It also checks any personal data and if it isn't bound for a site it recognizes as approved by me I get an alert and have to OK the data being sent. So, what is doing that? Looks like outbound security to me.
1) A user (unadvisedly) opens an e-mail from an unknown sender and attempts to execute a malicious attachment. MS can't prevent anyone from crafting malicious executables and scripts and e-mailing them to masses of people with some sort of social engineering trick that induces them to execute the program. If this security suite can sense the malicious nature of the attachment and blocks its execution and/or quarantine it, the suite has added value.
2) Most users never bother backing up their data even though backup tools are built into every major OS. Again, MS can't force people to backup their data and they didn't create this problem (poor or non-existant backups been a problem as long as computers have existed). If this suite nags people to backup their critical data and makes it easy to do so, it has added value.
3) A user is surfing the web and stumbles on a site teeming with spyware and other potentially malicious wares (by misspelling a common URL, for example). Even if their PC is fully patched and has no IE vulnerabilities, that user can *choose* to click, download and install a program that proports to do something fun or useful. If the security suite senses that the software is spyware and blocks its installation, it has added value.
We have to remember that software is not a static product nor are the threats that continue to evolve. Certainly MS' past security issues have induced malicious scumbags to write viruses and malware to take advantage of common flaws. These days, though, if you buy a new PC with XP SP2, make sure the firewall is on and turn on Automatic Updates, you have solved 90% of the potential problem.
This suite addresses the remaining 10%, threats for which MS and its products are not responsible and threats that continue to evolve long after the original OS has been released: e-mail viruses/worms/phishing scams, malicious websites, potential data loss, etc.
All OSes require regular updates, maintenances and a degree of vigilance. For MS to help users simplify these tasks for $50/year for up to 3 computers doesn't smack me as greedy -- it seems like a useful and fairly priced service that helps protect users from a wide variety of computing dangers.
-Mister Winky
the firewall is on and turn on Automatic Updates, you have solved
90% of the potential problem."
Better yet, do not attach your PC to the internet. That will solve
100% of your problems regarding security. Use a Mac to access the
internet and use your Windows PC as a gaming machine. I have
been doing so for more than 2 decades.
Not quite. There is no backup tool built into MacOSX. You either buy a third party app, or stump up £70 for .Mac to get hold of one.
The third party route is cheaper.
It is great to know there are a few more intelligent readers out there!
OneCare is not a product that's meant to mitigate existing vulnerabilities in the OS, it's meant to mitigate security concerns that the OS has no control over.
The simple fact of the matter is that at the end of the day, a person is generally the weakest point of security in a system. Programs like AV don't replace creation of secure software, they suppliment it.
1) A user (unadvisedly) opens an e-mail from an unknown sender and attempts to execute a malicious attachment. MS can't prevent anyone from crafting malicious executables and scripts and e-mailing them to masses of people with some sort of social engineering trick that induces them to execute the program. If this security suite can sense the malicious nature of the attachment and blocks its execution and/or quarantine it, the suite has added value.
2) Most users never bother backing up their data even though backup tools are built into every major OS. Again, MS can't force people to backup their data and they didn't create this problem (poor or non-existant backups been a problem as long as computers have existed). If this suite nags people to backup their critical data and makes it easy to do so, it has added value.
3) A user is surfing the web and stumbles on a site teeming with spyware and other potentially malicious wares (by misspelling a common URL, for example). Even if their PC is fully patched and has no IE vulnerabilities, that user can *choose* to click, download and install a program that proports to do something fun or useful. If the security suite senses that the software is spyware and blocks its installation, it has added value.
We have to remember that software is not a static product nor are the threats that continue to evolve. Certainly MS' past security issues have induced malicious scumbags to write viruses and malware to take advantage of common flaws. These days, though, if you buy a new PC with XP SP2, make sure the firewall is on and turn on Automatic Updates, you have solved 90% of the potential problem.
This suite addresses the remaining 10%, threats for which MS and its products are not responsible and threats that continue to evolve long after the original OS has been released: e-mail viruses/worms/phishing scams, malicious websites, potential data loss, etc.
All OSes require regular updates, maintenances and a degree of vigilance. For MS to help users simplify these tasks for $50/year for up to 3 computers doesn't smack me as greedy -- it seems like a useful and fairly priced service that helps protect users from a wide variety of computing dangers.
-Mister Winky
OneCare is not a product that's meant to mitigate existing vulnerabilities in the OS, it's meant to mitigate security concerns that the OS has no control over.
The simple fact of the matter is that at the end of the day, a person is generally the weakest point of security in a system. Programs like AV don't replace creation of secure software, they suppliment it.
the firewall is on and turn on Automatic Updates, you have solved
90% of the potential problem."
Better yet, do not attach your PC to the internet. That will solve
100% of your problems regarding security. Use a Mac to access the
internet and use your Windows PC as a gaming machine. I have
been doing so for more than 2 decades.
Not quite. There is no backup tool built into MacOSX. You either buy a third party app, or stump up £70 for .Mac to get hold of one.
The third party route is cheaper.
It is great to know there are a few more intelligent readers out there!
operation system they sold you in the first place. Now if you only
had bought a Mac...
operation system they sold you in the first place. Now if you only
had bought a Mac...
viruses_480x376.mov
or because no one really cares about a Mac?
The only thing Macintosh is the pillar of is eye candy. Usability, hardware and application choices go to Windows, while security and performance are best with a Linux distro.
viruses_480x376.mov
or because no one really cares about a Mac?
The only thing Macintosh is the pillar of is eye candy. Usability, hardware and application choices go to Windows, while security and performance are best with a Linux distro.
One user, Kurt Mclaren writes "exploiting their shoddy work", another OldRoughNeck writes "marketing spin, while another irish_iii writes "build a software market based on a faulty product". All of these statements show a complete and total ignorance that is just plain wrong --- and scary. The fact is if these individuals had even the most basic elementary education, they would understand just how ignorant and retarded their comments are. EVERY INDIVIDUAL, and EVERY CORPORATION, has flaws. To hold a company the size of Microsoft to a different standard due to jealousy, feelings of inadequacy or the infamous "I hate Microsoft because they are the biggest" indicates a weak mind incapable of critical thinking.
As if this isn't enough, the articles author, Joris Evers quotes a self-proclaimed "IT" person at a "financial institution" as some sort of expert. The individual, Frank Seichal, is obviously an ignorant fool who responds with his emotions instead of facts. He has the audacity to accuse Microsoft of creating the problems and then "looking to cash in on their inadequacies". My guess is Mr. Seichal probably has more inadequacies than all of Microsoft judging from his foolish statements. I don't know what financial institution he works for but I can assure you that most financial institutions make far more mistakes than does Microsoft.
At the end of the day unless you have been in "IT" for many, many years, and completely and totally understand the dynamics of not only the business, but also the technical side, perhaps you should not spew "matter of fact" statements that simply make you look stupid. For all of the Microsoft basher losers who bash or criticize to boost their own self-esteems, perhaps you should take a look at yourself before trying to be experts at something you obviously do not have a clue about.
Note that I am not defending Microsoft --- they don't need my help. I am simply astounded by the stupidity that comes from those who bash Microsoft, particularly when these people talk as if an operating system is a simple project put together by a few people. Instead of spending all your time complaining about Microsoft, perhaps you should be spending it explaining to me why your "financial institution" just lost my account data, or perhaps you can explain why your "financial institution" corporate management just got paid 100,000,000 while laying off half the staff. Or maybe, Mr. Seichal, you can elaborate for everyone your IT experience (after you finish changing the hard drive in the computer on the 5th floor by the elevator).
Sonny, I've been in this business long enough to know. I worked for them too, so I know more about the inner workings of MS than you. I know first hand the compromises that were/are made and how they're reached. I have real life experience, not just clues.
If you think that MS doesn't "spin" their products and their products shortcomings, then you are living in a fantasy. MS is in business to make money, and make money they will, anyway they can get away with. That's just free enterprise at work. Read about Andrew Carnegie or Joe Kennedy if you need a refresher course.
Microsoft is held to higher standard by people in this industry not only because they're a market leader, but because they often establish defacto standards for the industry. Their products are used in the most sensitive areas of business and government. They have to do better, as the demands by their consumer base rise.
If you had cared enough to read my post IN DETAIL, you'll find that I acknowledge how product flaws are a fact of life, it's statistically unavoidable. The daily build process for Windows is an incredible thing to behold. So much code, so many cross dependancies. The fact that the damn thing works as well as it does is a testament to the skill of not only the development team, but also the diligence and ingenuity of the test team. So many subsystems that have to be interact, so many ways for things so far seperated in the code base to reach clear across the OS and foul each other up.
I'm definitely not ignorant of the inner workings of Windows, nor am I stupid about how an operating system has to be developed, built and made to work.
Shut your mouth and open your mind.
One user, Kurt Mclaren writes "exploiting their shoddy work", another OldRoughNeck writes "marketing spin, while another irish_iii writes "build a software market based on a faulty product". All of these statements show a complete and total ignorance that is just plain wrong --- and scary. The fact is if these individuals had even the most basic elementary education, they would understand just how ignorant and retarded their comments are. EVERY INDIVIDUAL, and EVERY CORPORATION, has flaws. To hold a company the size of Microsoft to a different standard due to jealousy, feelings of inadequacy or the infamous "I hate Microsoft because they are the biggest" indicates a weak mind incapable of critical thinking.
As if this isn't enough, the articles author, Joris Evers quotes a self-proclaimed "IT" person at a "financial institution" as some sort of expert. The individual, Frank Seichal, is obviously an ignorant fool who responds with his emotions instead of facts. He has the audacity to accuse Microsoft of creating the problems and then "looking to cash in on their inadequacies". My guess is Mr. Seichal probably has more inadequacies than all of Microsoft judging from his foolish statements. I don't know what financial institution he works for but I can assure you that most financial institutions make far more mistakes than does Microsoft.
At the end of the day unless you have been in "IT" for many, many years, and completely and totally understand the dynamics of not only the business, but also the technical side, perhaps you should not spew "matter of fact" statements that simply make you look stupid. For all of the Microsoft basher losers who bash or criticize to boost their own self-esteems, perhaps you should take a look at yourself before trying to be experts at something you obviously do not have a clue about.
Note that I am not defending Microsoft --- they don't need my help. I am simply astounded by the stupidity that comes from those who bash Microsoft, particularly when these people talk as if an operating system is a simple project put together by a few people. Instead of spending all your time complaining about Microsoft, perhaps you should be spending it explaining to me why your "financial institution" just lost my account data, or perhaps you can explain why your "financial institution" corporate management just got paid 100,000,000 while laying off half the staff. Or maybe, Mr. Seichal, you can elaborate for everyone your IT experience (after you finish changing the hard drive in the computer on the 5th floor by the elevator).
Sonny, I've been in this business long enough to know. I worked for them too, so I know more about the inner workings of MS than you. I know first hand the compromises that were/are made and how they're reached. I have real life experience, not just clues.
If you think that MS doesn't "spin" their products and their products shortcomings, then you are living in a fantasy. MS is in business to make money, and make money they will, anyway they can get away with. That's just free enterprise at work. Read about Andrew Carnegie or Joe Kennedy if you need a refresher course.
Microsoft is held to higher standard by people in this industry not only because they're a market leader, but because they often establish defacto standards for the industry. Their products are used in the most sensitive areas of business and government. They have to do better, as the demands by their consumer base rise.
If you had cared enough to read my post IN DETAIL, you'll find that I acknowledge how product flaws are a fact of life, it's statistically unavoidable. The daily build process for Windows is an incredible thing to behold. So much code, so many cross dependancies. The fact that the damn thing works as well as it does is a testament to the skill of not only the development team, but also the diligence and ingenuity of the test team. So many subsystems that have to be interact, so many ways for things so far seperated in the code base to reach clear across the OS and foul each other up.
I'm definitely not ignorant of the inner workings of Windows, nor am I stupid about how an operating system has to be developed, built and made to work.
Shut your mouth and open your mind.
--GIF
This service is a good way for Apple and Microsoft to continue their revenue streams after the computer has been purchased (something all software vendors are scrambling to make happen to please Wall St. on a quarterly basis).
It's also good way to improve customer satisfaction by providing a useful service and to reduce support calls by empowering users to do more advanced tasks with an user-friendly interface.
If managed well, there's really no downside.
-Mister Winky
security. Backups are another matter and Microsoft only
includes it as part of their security suite so they can muddy the
waters. "It's not just about security" the PC fanboys say, but
shouldn't a security suite be just about security?
If they wanted to help people backup their systems, they should
include the software with the OS or sell it separately. Similarly, if
they wanted to make Windows more secure, they should include
the software with the system. Selling it separately should be (is?)
a crime. It's a protection racket, pure and simple.
Give this Linux a try if you truly are looking for a more secure system. http://www.ubuntu.com/
simpler, cheaper and more comprehensive products, analysts
say."
You know, I read this article twice and didn't see any quote that
even resembled this "high impact" summary
I hate to be cynical, but the obvious response from Symantec
and McAfee (and others) will imply that this may be another
anti-trust (bundling) violation. Microsoft's position would be to
argue that entering the market INCREASES competition and
BENEFITS the consumer, and thus this is not an anti-trust issue.
How funny then, Joris, that you would provide Microsoft's
defense in your "summary" -- it's hard to believe you didn't get
some "motivation" from MS to do - especially given your
summary comes out of nowhere considering the very text of
your article.
Hopefully, this isn't the case.
cost a product that aims to implement stop-gap
measures to reduce the impact of flaws in their
product.
There's an obvious conflict of interest there.
If they are competent enough to implement the
measures in an effective manner, then how come
they have not fixed the inherent flaws in their
OS product? Either they are not competent, in
which case the security product would be
expected to be of lesser quality, OR they are
competent, and are intentionally releasing a
flawed product with the intent of selling you
additional products to avoid those flaws.
Neither bodes well for the market or consumer.
I suppose it need not be pointed out too that MS
has a distinct advantage over their competitors
in that their tools can be granted privileged
access to OS resources and features unavailable
to their competitors. Theire products, by
design, can do things the competitors products
never can.
Operating systems don't "cause" security problems, the "cause" is the crackers who exploit the vunerablities. Anyone who claims that their OS is fundamentally secure doesn't understand the dynamic. It's statitiscally impossible to write error free code once you have a code body larger than a couple hunderd thousand lines. It just takes too long in human terms to prove the code is correct. Doesn't matter who writes the code, it will have errors, period.
Just because *nix and Mac OS don't get hit as often doesn't mean they're less vunerable, it just means the crackers haven't spent nearly as much time knocking them around to find where they break. Imagine the side of a barn with a door and a window. The barn represents all OS's. The big red side it the market space that Win OS occupies, the door is the market space that *nix OS occupies and the window the market space that Mac OS occupies. You start throwing rocks are the barn. Over time, you'll see that you hit more of the red space a lot more than hitting the door or the window. It's as simple as that, security attacks are going to hit the biggest target.
Microsoft isn't a security software company, they're an OS and productivity software company. They have talented people in the security area, no doubts about that, but it's not their strength as a company. Symantec and McAfee have been in this game a lot longer, but both companies have been "resting on their laurel" of late, they haven't been that innovative and they've tended to try to become the kitchen sink for security manangement; they try to everything, doing a fair job of everything but not an outstanding job on any particular aspect.
I don't buy into this "remotely managed security care", at least not yet. This opens a whole other attack vector and no one has of yet really mentioned how much impact this will have on bandwdth consumption or machine resource consumption. Given what I've seen already, it's an interesting idea but won't take the place of a well researched, designed and implemented set of ecurity policies and procedures. The cheap price alone is not enough, and will undoubtedly come around to bite you later.
- Exploiting their shoddy work
- by kurt mclaren April 24, 2008 6:02 PM PDT
- I dunno, but is it just me?...Why are they trying to sell something
- Like this Reply to this comment
-
Showing 2 of 3 pages (152 Comments)that offers protection for a faulty product, that just happens to
be their product. Its like selling a house or a car with no
windows or doors then turning around and trying to sell a
security system instead of trying to put in the windows and the
doors before selling it. Even then ca manufacturers go to the
length to offer security systems free of cost (immobilizers etc)
because they recognize you can?t be to sure about things. I think
this is a travesty; they should try to fix the product in the first
place to ensure that little if any security is needed. Instead they
are trying to exploit their shoddy workmanship. Consumers
cannot benefit from this, Microsoft will. They should include this
free, to aid helpless droves of microsoft product users who have
had years of crap and problems. So what is to stop them from
offering a faulty product and provide a certain and definite fix
for a premium? A double whammy if you ask me, so they will be
able to make money two ways...What?s next? They aren't gonna
offer security updates? Just tell you to get their 'one care'
product? Or better yet charge for security updates? This is so
underhand and should not happen.