Get Smart about Business Spending
- Related Stories
-
Microsoft seeks protection from spyware firms
May 24, 2005 -
Microsoft security guru: Jot down your passwords
May 23, 2005 -
Hardware security sneaks into PCs
March 16, 2005 -
Trojan attacks Microsoft's anti-spyware
February 9, 2005 -
Microsoft launches anti-spyware beta
January 6, 2005
Related story
Microsoft: Jot down
your passwords
Jesper Johansson
says the security
industry has been
giving out bad advice.
Jason Garms, who heads the company's anti-malware product team, said Tuesday that this improvement had been revealed by an internal analysis of SP2's performance.
SP2--a major security update released in August--was designed to turn on auto-update by default and consolidate security controls into a "security center."
"A machine that had Windows XP or XP SP1 was 15 times more likely to have one of the highly prevalent top 20 worms installed than on a machine running XP SP2," said Garms, who spoke at a conference sponsored by Australia's national Computer Emergency Response Team, or AusCERT.
He said that the default turning-on of auto update had made a dramatic difference to users. "Within days of Microsoft releasing a patch," he said, "the vast majority of the Windows ecosystem is up to date."
Garms also revealed that Microsoft is planning to release an enterprise version of its anti-spyware tool, which is currently available in beta form on the company's Web site. However, he would not reveal when the new tool would be available, or whether it would be a free utility or sold as a separate application.
"It is currently in our plans (to have) an enterprise offering that addresses spyware," Garms said. "The product and packaging details are still to be decided."
He added that spyware could be responsible for up to one-third of all Windows crashes, citing data culled by the Windows error reporting tool, which sends data back to Microsoft when an application crashes.
"The primary problem that users have with spyware is that their systems crash or are really slow or don't behave in the way they expect them to," Garms said. "We try to figure out how many of the crashes that are reported to us are actually attributable to spyware, and it turns out that at least one-third of those machines had spyware installed on them, so it is a big problem."
Garms noted that people are more worried about their computer behaving erratically and running slowly than they are about being spied upon by malware.
"Some people will have you believe that the primary impact of spyware is the spying on your systems, but that is the secondary impact of spyware," Garms said. Spyware causing crashes and erratic behavior "are the things that generate user help desk calls."
Munir Kotadia reports for ZDNet Australia.
See more CNET content tagged:
spyware, Service Pack 2, security, Microsoft Corp., malware
NO kidding! Those people that have computers infested with worms and spyware are also the least likely to upgrade to SP2.
XP is more for Microsoft than for the end user. When you use XP, you place yourself on your knees doing exactly what MS wants you to do.
NO kidding! Those people that have computers infested with worms and spyware are also the least likely to upgrade to SP2.
XP is more for Microsoft than for the end user. When you use XP, you place yourself on your knees doing exactly what MS wants you to do.
SP2 does not make XP more secure. Quite a few of XP's problems are not even addressed by SP2.
SP2 was created to give Microsoft a higher degree of access to your computer. It is made to "look" good by doing things like forcing up the crappy XP firewall. You are better protected by using a router and running Zone Alarm than using the XP firewall, with or without SP2.
SP2 does not make XP more secure. Quite a few of XP's problems are not even addressed by SP2.
SP2 was created to give Microsoft a higher degree of access to your computer. It is made to "look" good by doing things like forcing up the crappy XP firewall. You are better protected by using a router and running Zone Alarm than using the XP firewall, with or without SP2.
then 97,000/15=6466 still to worry about. Isn't that great!
Considering Tiger has zero, Windows is still infinitely less secure
since 6466/0=infinite. Now c|net can put out another of the bs
stories that Apple is insecure even though there are still zero
instances other than in the minds of the writers at c|net.
When Tiger has been out for a few years and has 500 million users, then crow about how few viruses it has, *******.
then 97,000/15=6466 still to worry about. Isn't that great!
Considering Tiger has zero, Windows is still infinitely less secure
since 6466/0=infinite. Now c|net can put out another of the bs
stories that Apple is insecure even though there are still zero
instances other than in the minds of the writers at c|net.
When Tiger has been out for a few years and has 500 million users, then crow about how few viruses it has, *******.
that is analogous to putting a 2year roof on a house that has
none. yes, its a roof, but a poor one to start with in the first
place! And I agree, the PCs promoting spyware are owned by
those that shuld not be allowed to own a computer in the first
place!
PC licenses!! Are you qualified? Registry today! :P
that is analogous to putting a 2year roof on a house that has
none. yes, its a roof, but a poor one to start with in the first
place! And I agree, the PCs promoting spyware are owned by
those that shuld not be allowed to own a computer in the first
place!
PC licenses!! Are you qualified? Registry today! :P
In addition, I upgraded all of my servers to 2003 and now my network has never ran smoother. Hopefully, I'm not putting myself out of a job here.
This is completely meaningless. XP with SP2 may be the best of what MS offers, but it is still total garbage. Take their best products and compare them to what is out there.
XP vs OSX or any distribution of linux: XP loses
IE vs Firefox, Opera or Safari: IE loses
Any MS server product vs any major alternative, free or otherwise: Microsoft loses
Office vs OO or any other commerical offerings: Office loses due to massive amounts of bloat
No matter how you dress it up, MS produces the most unsecure, bloated and buggy software.
In addition, I upgraded all of my servers to 2003 and now my network has never ran smoother. Hopefully, I'm not putting myself out of a job here.
This is completely meaningless. XP with SP2 may be the best of what MS offers, but it is still total garbage. Take their best products and compare them to what is out there.
XP vs OSX or any distribution of linux: XP loses
IE vs Firefox, Opera or Safari: IE loses
Any MS server product vs any major alternative, free or otherwise: Microsoft loses
Office vs OO or any other commerical offerings: Office loses due to massive amounts of bloat
No matter how you dress it up, MS produces the most unsecure, bloated and buggy software.
Seriously though, Windows XP + SP2 + Microsoft AntiSpyware = fairly safe computing environment, provided that users don't do something foolish.
Seriously though, Windows XP + SP2 + Microsoft AntiSpyware = fairly safe computing environment, provided that users don't do something foolish.
secure OS would be a nice start.
I guess there's always Longhorn if you're not in a hurry.
secure OS would be a nice start.
I guess there's always Longhorn if you're not in a hurry.
Despite it's "trustworthy computing initiative" from so many
years gone by, Microsoft never took security seriously, and this
article is yet another reminder that they still haven't grasped the
problem. Microsoft was well aware of the emergence of worms,
trojans. viruses, etc., for years, yet they didn't lift a finger to
seriously address the issue until the recently released SP2. In
those intervening years, MS simply left the barn door of it's OS
wide open and effectively sent the message to the virus/trojan/
worm authors of the world that it's okay; do your best work,
we're not going to stop you. Is it any wonder at all that the
problem proliferated to an exponential level? They ceded control
of Windows to fifteen year-old kids who could write simple
scripts that would wreck havoc on your computer. And the
adults took notice. Trojans that are currently written for
Windows are the work of seriously sophisticated, evolutionary
programming. Microsoft just sat back and watched as it's
neighborhood was overrun by the bad guys. Now it belongs to
the bad guys. It's their neighborhood now. In a kind of perverse
way, Microsoft understands this. Thus the introduction of it's
own branded security software, protecting you from it's OS that
it sold you...
It's not the web thats the problem, folks, any Apple OS X or
Linux user can attest to that. It's MS Windows, and SP2 or not, so
long as your system has activeX and the Windows registry
installed, you are vulnerable. Period.
And when Jason Garms says that "the improvement had been
revealed by an internal analysis of SP2's performance" that
should raise more than a few eyebrows. Internal analysis? Reality
check, Jason. Behavior in the wild is significantly different than
behavior in from within a controlled, company sponsored
"internal analysis."
ASP.NET alone is going through 8,000+ individual security checks before its next ship. Every internal MS product team has to have a security plan and threat model as part of its product spec. Every shipping product is currently undergoing security reviews for the upcoming automated patch service.
How about doing some reading before spewing uneducated and inaccurate bullsh*t?
I used to think the Mac was a toy - but now that I've been an owner for the past 7 months, I now view Windows as built best for playing games on while the Mac is the poweruser's tool - safe, reliable and effecient to the core (pun intended).
Despite it's "trustworthy computing initiative" from so many
years gone by, Microsoft never took security seriously, and this
article is yet another reminder that they still haven't grasped the
problem. Microsoft was well aware of the emergence of worms,
trojans. viruses, etc., for years, yet they didn't lift a finger to
seriously address the issue until the recently released SP2. In
those intervening years, MS simply left the barn door of it's OS
wide open and effectively sent the message to the virus/trojan/
worm authors of the world that it's okay; do your best work,
we're not going to stop you. Is it any wonder at all that the
problem proliferated to an exponential level? They ceded control
of Windows to fifteen year-old kids who could write simple
scripts that would wreck havoc on your computer. And the
adults took notice. Trojans that are currently written for
Windows are the work of seriously sophisticated, evolutionary
programming. Microsoft just sat back and watched as it's
neighborhood was overrun by the bad guys. Now it belongs to
the bad guys. It's their neighborhood now. In a kind of perverse
way, Microsoft understands this. Thus the introduction of it's
own branded security software, protecting you from it's OS that
it sold you...
It's not the web thats the problem, folks, any Apple OS X or
Linux user can attest to that. It's MS Windows, and SP2 or not, so
long as your system has activeX and the Windows registry
installed, you are vulnerable. Period.
And when Jason Garms says that "the improvement had been
revealed by an internal analysis of SP2's performance" that
should raise more than a few eyebrows. Internal analysis? Reality
check, Jason. Behavior in the wild is significantly different than
behavior in from within a controlled, company sponsored
"internal analysis."
ASP.NET alone is going through 8,000+ individual security checks before its next ship. Every internal MS product team has to have a security plan and threat model as part of its product spec. Every shipping product is currently undergoing security reviews for the upcoming automated patch service.
How about doing some reading before spewing uneducated and inaccurate bullsh*t?
I used to think the Mac was a toy - but now that I've been an owner for the past 7 months, I now view Windows as built best for playing games on while the Mac is the poweruser's tool - safe, reliable and effecient to the core (pun intended).
- You must work for MSFT
- by May 24, 2005 4:26 PM PDT
- You clearly have information that most of the public does not. So before insulting others, please note the common public perception is that MSFT does not have a clear handle on security. The company may be trying to change that, but in this case perception is more important than reality, at least in terms of MSFT's future viability.
- Like this Reply to this comment
-
-
- oh....
- by Prndll May 30, 2005 9:43 AM PDT
- MS does have a handle on this situation. They purpously make things the way they are. They know what they are doing. A big part of SP2 is there specificly for Microsoft's own use....to let MS know via the web if your copy of XP is legit.
- Like this
-
(74 Comments)