June 7, 2006 4:00 AM PDT

Microsoft shakes up security fray

(continued from previous page)

However, the battle for customers won't be fought only at Best Buy, Staples and other retailers, whether online or offline. Increasingly, consumers get their security software delivered on a new PC or from their Internet service provider, sometimes at no cost. AOL and Comcast, for example, offer their subscribers various pieces of McAfee software for free.

The ISP channel is growing fast, accounting for about 14 percent of consumer sales last year, compared with less than 5 percent the year before, according to Gartner figures. McAfee is doing well with the ISPs, and Symantec has shunned the ISP channel so far, the analysts said. It is all fairly new to Microsoft, which on Tuesday announced a deal for Net access provider Qwest Communications to provide OneCare alongside its services.

Videos:
Click here to Play

Microsoft launches Windows Live OneCare
CNET's Robert Vamosi takes a look.


Click here to Play

Security bites: OneCare fails to impress
But McAfee, Symantec and others respond. Also: Vista vs. hackers, and Firefox patches.

Some ISPs are planning to launch their own security tools. These will come either from partnerships with established players or from relabeling no-name security products with their own brand. AOL, for example, has said it will start testing a suite called Total Care in the next few weeks. The software will be sold to anyone who wants to buy it, not just to AOL subscribers.

For now, Symantec and McAfee are allowing Microsoft to put a foot on their turf. But Microsoft's most significant challenge is convincing people that it can be trusted to protect Windows PCs, said Jonathan Singer, a Yankee Group analyst.

"Symantec and McAfee are large, well-established and--most importantly--trusted," he said. "Microsoft's history when it comes to security, on the other hand, is less than complimentary--something Symantec and McAfee will likely be quick to attack them on."

The whole need to secure a PC is annoying to some consumers, including Frank Seichal, of Old Bridge, N.J. "To be honest, I feel victimized," said Seichal, who works in IT at a financial institution. "As a consumer, I have to take the necessary steps to protect my data and reduce threat vulnerability."

An entire industry has been built around PC security. Seichal would rather see Microsoft and others take a proactive approach and eliminate the threat altogether. "It's obvious that there is money to be made if everyone follows the reactive approach--a huge market that Microsoft has created and now is looking to cash in on from their inadequacies," he said.

Previous page
Page 1 | 2

See more CNET content tagged:
Symantec Corp., spam filtering, online backup, Gartner Inc., McAfee Inc.

152 comments

Join the conversation!
Add your comment
WOW!!!
Microsoft is (with vista ultimate) going to sell me a piece of software for LOTS of cash that is full of holes and then charge me to protect those holes from attacks? Sounds no different than a common protection racket that would be locked up for criminal activity.

I guess I will never be as rich or powerful as a company like Microsoft, I simply could never treat customers the way that they do.
Posted by rick7069 (27 comments )
Reply Link Flag
Well if at first you can't succeed ...
PATCH, PATCH again!
Posted by Ted Miller (305 comments )
Link Flag
Umm....
Colonel Sanders, will you baby-sit my chickens?

The manufacturer of flawed software makes a security suite to help protect said software? I have to sit down, my brain is starting to hurt.
Posted by fjellt (18 comments )
Link Flag
WOW!!!
Microsoft is (with vista ultimate) going to sell me a piece of software for LOTS of cash that is full of holes and then charge me to protect those holes from attacks? Sounds no different than a common protection racket that would be locked up for criminal activity.

I guess I will never be as rich or powerful as a company like Microsoft, I simply could never treat customers the way that they do.
Posted by rick7069 (27 comments )
Reply Link Flag
Well if at first you can't succeed ...
PATCH, PATCH again!
Posted by Ted Miller (305 comments )
Link Flag
Umm....
Colonel Sanders, will you baby-sit my chickens?

The manufacturer of flawed software makes a security suite to help protect said software? I have to sit down, my brain is starting to hurt.
Posted by fjellt (18 comments )
Link Flag
Microsoft products cause security problems, not fix them!
I really hope the majority of people "get it" and tell MS where they can out this product, thanking them for the need for it to begin with.

Give this Linux a try if you truly are looking for a more secure system. <a class="jive-link-external" href="http://www.ubuntu.com/" target="_newWindow">http://www.ubuntu.com/</a>
Posted by aabcdefghij987654321 (1721 comments )
Reply Link Flag
Goverment request
Home Land Security demands to look at all thet secure data backed up on Symantec's servers. Ahm you know... just in case there are terriosts there
Posted by Ted Miller (305 comments )
Reply Link Flag
There's One! ...
There's one, there, behind that diod.. Watch it! He's got a byte in his hand, oh if we lose that byte we're all screwed
Posted by jabbotts (492 comments )
Link Flag
Symantec Needs A Good Shaking
Perhaps Symantec will get off of it's rear, and create better products.
Posted by john55440 (1020 comments )
Reply Link Flag
Symantec customer service
... is a joke. They don't just need better products. They need a new attitude towards their non-business customers.
Posted by P. Jackson (17 comments )
Link Flag
Defensive "news"
"The real winners could be consumers, who will likely see
simpler, cheaper and more comprehensive products, analysts
say."

You know, I read this article twice and didn't see any quote that
even resembled this "high impact" summary

I hate to be cynical, but the obvious response from Symantec
and McAfee (and others) will imply that this may be another
anti-trust (bundling) violation. Microsoft's position would be to
argue that entering the market INCREASES competition and
BENEFITS the consumer, and thus this is not an anti-trust issue.

How funny then, Joris, that you would provide Microsoft's
defense in your "summary" -- it's hard to believe you didn't get
some "motivation" from MS to do - especially given your
summary comes out of nowhere considering the very text of
your article.

Hopefully, this isn't the case.
Posted by tobyp--2008 (19 comments )
Reply Link Flag
Build a software market based on a faulty product
Quite a racket. Maybe the gaming industry should pay attention.
Posted by irish_iiii (2 comments )
Reply Link Flag
Build a software market based on a faulty product
Quite a racket. Maybe the gaming industry should pay attention.
Posted by irish_iiii (2 comments )
Reply Link Flag
I wish Microsoft would really shake up the market
I wish Microsoft would shake up the security market by developing
a secure OS. Then we wouldn't have to spend so much time and
money trying to protect our Windows boxes like new born babies.

Imagine a world if Windows was even half as secure as OS X. It
would be Symantec who? McAfee software? Never heard of them.

What's spyware?
Posted by rcrusoe (1305 comments )
Reply Link Flag
Mac is better.. it's just that simple
I used Windows 10 years, bought a 5yr, old G4 Mac from work and
put OS X on it. Less than 1 month later I knew I wasted 10yrs on
the M$ wholywear. Now I'm the proud owner of a "solid and secure"
(Intel) iMac..!!
I'll NEVER go back to Microcrapware..!!!!!!!
Posted by imacpwr (456 comments )
Link Flag
Are you so sure...?
Keep in mind that part of the reason that Macs appear to be so secure is their lack of numbers when it comes to market share. They have finally made a little noise in the market and what was the first thing that happened? Exploits had to be patched in the Safari browser and the OS X operating system itself. Don't get me wrong, I am no microsoft fanboy. I probably won't get OneCare. However, many of the comments here are from Apple fanboys that think that Macs are a cure-all for the ills that befall computers. If the situation were reversed and Apple and held nearly all of the marketshare for this long they would likely be the one criticized for a lack of security because of the greater intensity with which they would have people looking for exploits.
Posted by nesretep (10 comments )
Link Flag
Security by Obscurity
You're calling OS X secure? Ever wonder why your Mac is running OS updates every week?
It's likely that OS X isn't half as secure as you think it is. OS 9 was far more secure- There's no lack of holes to exploit in OS X, but if you're someone looking to steal passwords or infect computers are you going to write an exploit for 90% of the market or less than 10%?

Secure by obscurity isn't really secure. In some cases it's less so because the user's smugness causes temerity. On the other hand Mac doesn't seem to be doing anything in marketshare so maybe your smugness is justified...
Posted by Fireweaver (105 comments )
Link Flag
I wish Microsoft would really shake up the market
I wish Microsoft would shake up the security market by developing
a secure OS. Then we wouldn't have to spend so much time and
money trying to protect our Windows boxes like new born babies.

Imagine a world if Windows was even half as secure as OS X. It
would be Symantec who? McAfee software? Never heard of them.

What's spyware?
Posted by rcrusoe (1305 comments )
Reply Link Flag
Security by Obscurity
You're calling OS X secure? Ever wonder why your Mac is running OS updates every week?
It's likely that OS X isn't half as secure as you think it is. OS 9 was far more secure- There's no lack of holes to exploit in OS X, but if you're someone looking to steal passwords or infect computers are you going to write an exploit for 90% of the market or less than 10%?

Secure by obscurity isn't really secure. In some cases it's less so because the user's smugness causes temerity. On the other hand Mac doesn't seem to be doing anything in marketshare so maybe your smugness is justified...
Posted by Fireweaver (105 comments )
Link Flag
Mac is better.. it's just that simple
I used Windows 10 years, bought a 5yr, old G4 Mac from work and
put OS X on it. Less than 1 month later I knew I wasted 10yrs on
the M$ wholywear. Now I'm the proud owner of a "solid and secure"
(Intel) iMac..!!
I'll NEVER go back to Microcrapware..!!!!!!!
Posted by imacpwr (456 comments )
Link Flag
Are you so sure...?
Keep in mind that part of the reason that Macs appear to be so secure is their lack of numbers when it comes to market share. They have finally made a little noise in the market and what was the first thing that happened? Exploits had to be patched in the Safari browser and the OS X operating system itself. Don't get me wrong, I am no microsoft fanboy. I probably won't get OneCare. However, many of the comments here are from Apple fanboys that think that Macs are a cure-all for the ills that befall computers. If the situation were reversed and Apple and held nearly all of the marketshare for this long they would likely be the one criticized for a lack of security because of the greater intensity with which they would have people looking for exploits.
Posted by nesretep (10 comments )
Link Flag
This is Good News for Consumers and the Internet
I view Microsoft's entry into the PC security sphere as good news where everyone wins. In addition to the fairly obvious increase in competition and resulting reduction in prices, it will also likely press the existing security makers to improve their products. Additionally, as security products become more affordable and more commonplace, more people are likely to use them and keep them up-to-date, reducing the effectiveness of Internet-based attacks. All of this benefits everyone, regardless of your attitude toward Microsoft and its products.
Posted by Techno Guy (77 comments )
Reply Link Flag
I'm not sure about that...
After all, Microsoft is selling for additional
cost a product that aims to implement stop-gap
measures to reduce the impact of flaws in their
product.

There's an obvious conflict of interest there.
If they are competent enough to implement the
measures in an effective manner, then how come
they have not fixed the inherent flaws in their
OS product? Either they are not competent, in
which case the security product would be
expected to be of lesser quality, OR they are
competent, and are intentionally releasing a
flawed product with the intent of selling you
additional products to avoid those flaws.
Neither bodes well for the market or consumer.

I suppose it need not be pointed out too that MS
has a distinct advantage over their competitors
in that their tools can be granted privileged
access to OS resources and features unavailable
to their competitors. Theire products, by
design, can do things the competitors products
never can.
Posted by Zymurgist (397 comments )
Link Flag
IMHO
i think that microsoft's security suite should come standard, free with every copy of windows. now, maybe without the spam filter or whatever, since that's an email problem not an OS problem, but i don't think microsoft should be allowed to make money off making thier PC's more secure like this. MS recommends everyone connected to the internet have extra security precautions built in, which means that they realize there are extra threats. i should be able to boot my PC up and not be recommended to go buy extra products to do what it was made to do. if MS has created a product that allows people to use thier computers how anyone would expect to in a safer way, it should be included in windows.
Posted by RayGentry (20 comments )
Reply Link Flag
Security as an afterthought.
I think you are right. I would add that this
also bolsters the notion that Microsoft
considers the integrity of their systems as an
afterthought. Rather than focus on making a
stable and secure system, they build a capable
system and sell add-ons that claim to make their
systems secure.

Microsoft's competitors, of course, don't do
that. They perceive security to be part of the
core OS product, not a separate product in its
own right.
Posted by Zymurgist (397 comments )
Link Flag
IMNHO, I disagree
Microsoft offers security suite for free - and gets a rain of anti-trust charges, court injunctions etc etc. In a perfect world, they should. In todays legal system, impossible. Their competitors in the security arena will not stand, arms crossed, and watch their entire industry disappear you know.
Posted by ikenna4u (13 comments )
Link Flag
Ditto
It makes no sense to make software, then have stuff wrong with it, then charge extra to fix it.

Windows should have as much security as possible straight out the box. But of course, that's in a perfect world.
Posted by jerrellt (17 comments )
Link Flag
IMHO
i think that microsoft's security suite should come standard, free with every copy of windows. now, maybe without the spam filter or whatever, since that's an email problem not an OS problem, but i don't think microsoft should be allowed to make money off making thier PC's more secure like this. MS recommends everyone connected to the internet have extra security precautions built in, which means that they realize there are extra threats. i should be able to boot my PC up and not be recommended to go buy extra products to do what it was made to do. if MS has created a product that allows people to use thier computers how anyone would expect to in a safer way, it should be included in windows.
Posted by RayGentry (20 comments )
Reply Link Flag
Ditto
It makes no sense to make software, then have stuff wrong with it, then charge extra to fix it.

Windows should have as much security as possible straight out the box. But of course, that's in a perfect world.
Posted by jerrellt (17 comments )
Link Flag
Security as an afterthought.
I think you are right. I would add that this
also bolsters the notion that Microsoft
considers the integrity of their systems as an
afterthought. Rather than focus on making a
stable and secure system, they build a capable
system and sell add-ons that claim to make their
systems secure.

Microsoft's competitors, of course, don't do
that. They perceive security to be part of the
core OS product, not a separate product in its
own right.
Posted by Zymurgist (397 comments )
Link Flag
IMNHO, I disagree
Microsoft offers security suite for free - and gets a rain of anti-trust charges, court injunctions etc etc. In a perfect world, they should. In todays legal system, impossible. Their competitors in the security arena will not stand, arms crossed, and watch their entire industry disappear you know.
Posted by ikenna4u (13 comments )
Link Flag
Marketing Spin
Shrewd marketing move on Microsoft's part: sell vunerable products at a high price, then charge for a service to monitor and repair the damage from the exploits of those vunerablities. The vunerablities won't necessarily be patched, just managed. Never ending revenue streams, Balmer's wild wet dream.

Operating systems don't "cause" security problems, the "cause" is the crackers who exploit the vunerablities. Anyone who claims that their OS is fundamentally secure doesn't understand the dynamic. It's statitiscally impossible to write error free code once you have a code body larger than a couple hunderd thousand lines. It just takes too long in human terms to prove the code is correct. Doesn't matter who writes the code, it will have errors, period.

Just because *nix and Mac OS don't get hit as often doesn't mean they're less vunerable, it just means the crackers haven't spent nearly as much time knocking them around to find where they break. Imagine the side of a barn with a door and a window. The barn represents all OS's. The big red side it the market space that Win OS occupies, the door is the market space that *nix OS occupies and the window the market space that Mac OS occupies. You start throwing rocks are the barn. Over time, you'll see that you hit more of the red space a lot more than hitting the door or the window. It's as simple as that, security attacks are going to hit the biggest target.

Microsoft isn't a security software company, they're an OS and productivity software company. They have talented people in the security area, no doubts about that, but it's not their strength as a company. Symantec and McAfee have been in this game a lot longer, but both companies have been "resting on their laurel" of late, they haven't been that innovative and they've tended to try to become the kitchen sink for security manangement; they try to everything, doing a fair job of everything but not an outstanding job on any particular aspect.

I don't buy into this "remotely managed security care", at least not yet. This opens a whole other attack vector and no one has of yet really mentioned how much impact this will have on bandwdth consumption or machine resource consumption. Given what I've seen already, it's an interesting idea but won't take the place of a well researched, designed and implemented set of ecurity policies and procedures. The cheap price alone is not enough, and will undoubtedly come around to bite you later.
Posted by oldroughneck (10 comments )
Reply Link Flag
Exploiting their shoddy work
I dunno, but is it just me?...Why are they trying to sell something
that offers protection for a faulty product, that just happens to
be their product. Its like selling a house or a car with no
windows or doors then turning around and trying to sell a
security system instead of trying to put in the windows and the
doors before selling it. Even then ca manufacturers go to the
length to offer security systems free of cost (immobilizers etc)
because they recognize you cant be to sure about things. I think
this is a travesty; they should try to fix the product in the first
place to ensure that little if any security is needed. Instead they
are trying to exploit their shoddy workmanship. Consumers
cannot benefit from this, Microsoft will. They should include this
free, to aid helpless droves of microsoft product users who have
had years of crap and problems. So what is to stop them from
offering a faulty product and provide a certain and definite fix
for a premium? A double whammy if you ask me, so they will be
able to make money two ways...Whats next? They aren't gonna
offer security updates? Just tell you to get their 'one care'
product? Or better yet charge for security updates? This is so
underhand and should not happen.
Posted by kurt mclaren (4 comments )
Reply Link Flag
Consumers are SHORT TERM beneficiaries!
I find the headline "OneCare has kicked off a software race--and consumers are the likely winners." misleading and sympathetic to Microsoft.

Has the result of the Browser wars been good for consumers(?!) - the vast majority use IE! And MS has let it languish until it was FORCED, by COMPETITION to update it!!

Wake up!
Posted by technewsjunkie (1265 comments )
Reply Link Flag
In theory, MS would seem to have an inside advantage
Since it's THIER OS! One might think they know where the weak spots are (NOT!). Will MS now be as "forthcoming" in providing Windows code to it's new competitors? Hmmm.

Seems like an unfair advantage to me (except that MS is incompetent in securing it's products)
Posted by technewsjunkie (1265 comments )
Reply Link Flag
In theory, MS would seem to have an inside advantage
Since it's THIER OS! One might think they know where the weak spots are (NOT!). Will MS now be as "forthcoming" in providing Windows code to it's new competitors? Hmmm.

Seems like an unfair advantage to me (except that MS is incompetent in securing it's products)
Posted by technewsjunkie (1265 comments )
Reply Link Flag
Is this enough though?
Here Microsoft has addressed the common issues relating to online security, but what they still haven't focused on is email security. Most viruses that come via browsers have been taken care of through knowledge and antiviruses and most of the time these programs work great in protecting a PC, but the amount of viruses that come via email has readily increased.

There are few programs and opportunities for consumers to protect themselves from email worms, so we need to expand the knowledge and hopefully force hackers to find other ways into our computers.
<a class="jive-link-external" href="http://www.essentialsecurity.com/products.htm" target="_newWindow">http://www.essentialsecurity.com/products.htm</a>


Nkully
Posted by Nkully86 (59 comments )
Reply Link Flag
Is this enough though?
Here Microsoft has addressed the common issues relating to online security, but what they still haven't focused on is email security. Most viruses that come via browsers have been taken care of through knowledge and antiviruses and most of the time these programs work great in protecting a PC, but the amount of viruses that come via email has readily increased.

There are few programs and opportunities for consumers to protect themselves from email worms, so we need to expand the knowledge and hopefully force hackers to find other ways into our computers.
<a class="jive-link-external" href="http://www.essentialsecurity.com/products.htm" target="_newWindow">http://www.essentialsecurity.com/products.htm</a>


Nkully
Posted by Nkully86 (59 comments )
Reply Link Flag
all of them lack outbound email security
And what about the risks of unprotected outbound email? There doesn't seem to be a choice in any of these packages to give a consumer the option to protect their outgong email. Surprising, considering the known issues that come with email snooping and interception, not to mention accidental(?) forwarding of company IP.

<a class="jive-link-external" href="http://www.essentialsecurity.com/" target="_newWindow">http://www.essentialsecurity.com/</a>
<a class="jive-link-external" href="http://www.essentialsecurity.com/Documents/article9.htm" target="_newWindow">http://www.essentialsecurity.com/Documents/article9.htm</a>
Posted by 209979377489953107664053243186 (71 comments )
Reply Link Flag
No outbound security - maybe
If this isn't there then what is my Norton Internet Security program scanning when I send anything from my computer? I launch an e-mail from my mail program and there is a delay from the time the e-mail program says it has sent it and the time it actually gets to the net because my security program icon tells me it is scanning outgoing data.

If it isn't checking what is in the e-mail then what is it doing? By the way, mine is set so any program but my browser tries to open or close a program or window and it alerts me. It also checks any personal data and if it isn't bound for a site it recognizes as approved by me I get an alert and have to OK the data being sent. So, what is doing that? Looks like outbound security to me.
Posted by GEBERWEIN (75 comments )
Link Flag
all of them lack outbound email security
And what about the risks of unprotected outbound email? There doesn't seem to be a choice in any of these packages to give a consumer the option to protect their outgong email. Surprising, considering the known issues that come with email snooping and interception, not to mention accidental(?) forwarding of company IP.

<a class="jive-link-external" href="http://www.essentialsecurity.com/" target="_newWindow">http://www.essentialsecurity.com/</a>
<a class="jive-link-external" href="http://www.essentialsecurity.com/Documents/article9.htm" target="_newWindow">http://www.essentialsecurity.com/Documents/article9.htm</a>
Posted by 209979377489953107664053243186 (71 comments )
Reply Link Flag
No outbound security - maybe
If this isn't there then what is my Norton Internet Security program scanning when I send anything from my computer? I launch an e-mail from my mail program and there is a delay from the time the e-mail program says it has sent it and the time it actually gets to the net because my security program icon tells me it is scanning outgoing data.

If it isn't checking what is in the e-mail then what is it doing? By the way, mine is set so any program but my browser tries to open or close a program or window and it alerts me. It also checks any personal data and if it isn't bound for a site it recognizes as approved by me I get an alert and have to OK the data being sent. So, what is doing that? Looks like outbound security to me.
Posted by GEBERWEIN (75 comments )
Link Flag
It's not just about MS vulnerabilities -- there's value in this suite
The knee-jerk reaction is to say that MS makes insecure products, then charges more to protect them. From a distance, this may seem true, but there's more to the story. Many components of this suite are designed to protect users from themselves and from constantly evolving threats, not just MS vulnerabilities. Consider some common use-case scenarios:

1) A user (unadvisedly) opens an e-mail from an unknown sender and attempts to execute a malicious attachment. MS can't prevent anyone from crafting malicious executables and scripts and e-mailing them to masses of people with some sort of social engineering trick that induces them to execute the program. If this security suite can sense the malicious nature of the attachment and blocks its execution and/or quarantine it, the suite has added value.

2) Most users never bother backing up their data even though backup tools are built into every major OS. Again, MS can't force people to backup their data and they didn't create this problem (poor or non-existant backups been a problem as long as computers have existed). If this suite nags people to backup their critical data and makes it easy to do so, it has added value.

3) A user is surfing the web and stumbles on a site teeming with spyware and other potentially malicious wares (by misspelling a common URL, for example). Even if their PC is fully patched and has no IE vulnerabilities, that user can *choose* to click, download and install a program that proports to do something fun or useful. If the security suite senses that the software is spyware and blocks its installation, it has added value.

We have to remember that software is not a static product nor are the threats that continue to evolve. Certainly MS' past security issues have induced malicious scumbags to write viruses and malware to take advantage of common flaws. These days, though, if you buy a new PC with XP SP2, make sure the firewall is on and turn on Automatic Updates, you have solved 90% of the potential problem.

This suite addresses the remaining 10%, threats for which MS and its products are not responsible and threats that continue to evolve long after the original OS has been released: e-mail viruses/worms/phishing scams, malicious websites, potential data loss, etc.

All OSes require regular updates, maintenances and a degree of vigilance. For MS to help users simplify these tasks for $50/year for up to 3 computers doesn't smack me as greedy -- it seems like a useful and fairly priced service that helps protect users from a wide variety of computing dangers.

-Mister Winky
Posted by Mister Winky (301 comments )
Reply Link Flag
security solved
"These days, though, if you buy a new PC with XP SP2, make sure
the firewall is on and turn on Automatic Updates, you have solved
90% of the potential problem."
Better yet, do not attach your PC to the internet. That will solve
100% of your problems regarding security. Use a Mac to access the
internet and use your Windows PC as a gaming machine. I have
been doing so for more than 2 decades.
Posted by benjiernmd (123 comments )
Link Flag
Nearly right ....
<i>Most users never bother backing up their data even though backup tools are built into every major OS.</i>

Not quite. There is no backup tool built into MacOSX. You either buy a third party app, or stump up £70 for .Mac to get hold of one.

The third party route is cheaper.
Posted by rickspring66 (5 comments )
Link Flag
Missing something though...
...Protecting users from themselves only works as long as the users continue to pay for the protection. PCs come bundled with all sorts of trial software, including security suites, that the users forget about and never update or continue to subscribe to once the trial period has expired. This subscription model is no different. Users will forget about it or just plain neglect it.
Posted by J_Satch (571 comments )
Link Flag
The readers don't want the truth.
Well done! You describe the purpose of the service perfectly. In truth, you shouldn't have had to spell it out. Look at all the threads talking about this service patching flaws in the OS! It is scary how many brainless readers are attracted to CNet.

It is great to know there are a few more intelligent readers out there!
Posted by just_some_guy (231 comments )
Link Flag
Finally, someone who gets it
This is exactly the case.

OneCare is not a product that's meant to mitigate existing vulnerabilities in the OS, it's meant to mitigate security concerns that the OS has no control over.

The simple fact of the matter is that at the end of the day, a person is generally the weakest point of security in a system. Programs like AV don't replace creation of secure software, they suppliment it.
Posted by Meh234 (37 comments )
Link Flag
It's not just about MS vulnerabilities -- there's value in this suite
The knee-jerk reaction is to say that MS makes insecure products, then charges more to protect them. From a distance, this may seem true, but there's more to the story. Many components of this suite are designed to protect users from themselves and from constantly evolving threats, not just MS vulnerabilities. Consider some common use-case scenarios:

1) A user (unadvisedly) opens an e-mail from an unknown sender and attempts to execute a malicious attachment. MS can't prevent anyone from crafting malicious executables and scripts and e-mailing them to masses of people with some sort of social engineering trick that induces them to execute the program. If this security suite can sense the malicious nature of the attachment and blocks its execution and/or quarantine it, the suite has added value.

2) Most users never bother backing up their data even though backup tools are built into every major OS. Again, MS can't force people to backup their data and they didn't create this problem (poor or non-existant backups been a problem as long as computers have existed). If this suite nags people to backup their critical data and makes it easy to do so, it has added value.

3) A user is surfing the web and stumbles on a site teeming with spyware and other potentially malicious wares (by misspelling a common URL, for example). Even if their PC is fully patched and has no IE vulnerabilities, that user can *choose* to click, download and install a program that proports to do something fun or useful. If the security suite senses that the software is spyware and blocks its installation, it has added value.

We have to remember that software is not a static product nor are the threats that continue to evolve. Certainly MS' past security issues have induced malicious scumbags to write viruses and malware to take advantage of common flaws. These days, though, if you buy a new PC with XP SP2, make sure the firewall is on and turn on Automatic Updates, you have solved 90% of the potential problem.

This suite addresses the remaining 10%, threats for which MS and its products are not responsible and threats that continue to evolve long after the original OS has been released: e-mail viruses/worms/phishing scams, malicious websites, potential data loss, etc.

All OSes require regular updates, maintenances and a degree of vigilance. For MS to help users simplify these tasks for $50/year for up to 3 computers doesn't smack me as greedy -- it seems like a useful and fairly priced service that helps protect users from a wide variety of computing dangers.

-Mister Winky
Posted by Mister Winky (301 comments )
Reply Link Flag
Finally, someone who gets it
This is exactly the case.

OneCare is not a product that's meant to mitigate existing vulnerabilities in the OS, it's meant to mitigate security concerns that the OS has no control over.

The simple fact of the matter is that at the end of the day, a person is generally the weakest point of security in a system. Programs like AV don't replace creation of secure software, they suppliment it.
Posted by Meh234 (37 comments )
Link Flag
security solved
"These days, though, if you buy a new PC with XP SP2, make sure
the firewall is on and turn on Automatic Updates, you have solved
90% of the potential problem."
Better yet, do not attach your PC to the internet. That will solve
100% of your problems regarding security. Use a Mac to access the
internet and use your Windows PC as a gaming machine. I have
been doing so for more than 2 decades.
Posted by benjiernmd (123 comments )
Link Flag
Nearly right ....
<i>Most users never bother backing up their data even though backup tools are built into every major OS.</i>

Not quite. There is no backup tool built into MacOSX. You either buy a third party app, or stump up £70 for .Mac to get hold of one.

The third party route is cheaper.
Posted by rickspring66 (5 comments )
Link Flag
Missing something though...
...Protecting users from themselves only works as long as the users continue to pay for the protection. PCs come bundled with all sorts of trial software, including security suites, that the users forget about and never update or continue to subscribe to once the trial period has expired. This subscription model is no different. Users will forget about it or just plain neglect it.
Posted by J_Satch (571 comments )
Link Flag
The readers don't want the truth.
Well done! You describe the purpose of the service perfectly. In truth, you shouldn't have had to spell it out. Look at all the threads talking about this service patching flaws in the OS! It is scary how many brainless readers are attracted to CNet.

It is great to know there are a few more intelligent readers out there!
Posted by just_some_guy (231 comments )
Link Flag
Buy a Mac..!!
Microsoft wants to sell you software to protect the "screen door"
operation system they sold you in the first place. Now if you only
had bought a Mac...
Posted by imacpwr (456 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.