Microsoft shakes up security fray

(continued from previous page)

However, the battle for customers won't be fought only at Best Buy, Staples and other retailers, whether online or offline. Increasingly, consumers get their security software delivered on a new PC or from their Internet service provider, sometimes at no cost. AOL and Comcast, for example, offer their subscribers various pieces of McAfee software for free.

The ISP channel is growing fast, accounting for about 14 percent of consumer sales last year, compared with less than 5 percent the year before, according to Gartner figures. McAfee is doing well with the ISPs, and Symantec has shunned the ISP channel so far, the analysts said. It is all fairly new to Microsoft, which on Tuesday announced a deal for Net access provider Qwest Communications to provide OneCare alongside its services.

Videos:

Microsoft launches Windows Live OneCare
CNET's Robert Vamosi takes a look.

Security bites: OneCare fails to impress
But McAfee, Symantec and others respond. Also: Vista vs. hackers, and Firefox patches.

Some ISPs are planning to launch their own security tools. These will come either from partnerships with established players or from relabeling no-name security products with their own brand. AOL, for example, has said it will start testing a suite called Total Care in the next few weeks. The software will be sold to anyone who wants to buy it, not just to AOL subscribers.

For now, Symantec and McAfee are allowing Microsoft to put a foot on their turf. But Microsoft's most significant challenge is convincing people that it can be trusted to protect Windows PCs, said Jonathan Singer, a Yankee Group analyst.

"Symantec and McAfee are large, well-established and--most importantly--trusted," he said. "Microsoft's history when it comes to security, on the other hand, is less than complimentary--something Symantec and McAfee will likely be quick to attack them on."

The whole need to secure a PC is annoying to some consumers, including Frank Seichal, of Old Bridge, N.J. "To be honest, I feel victimized," said Seichal, who works in IT at a financial institution. "As a consumer, I have to take the necessary steps to protect my data and reduce threat vulnerability."

An entire industry has been built around PC security. Seichal would rather see Microsoft and others take a proactive approach and eliminate the threat altogether. "It's obvious that there is money to be made if everyone follows the reactive approach--a huge market that Microsoft has created and now is looking to cash in on from their inadequacies," he said.

[rick7069]

WOW!!!

Microsoft is (with vista ultimate) going to sell me a piece of software for LOTS of cash that is full of holes and then charge me to protect those holes from attacks? Sounds no different than a common protection racket that would be locked up for criminal activity.

I guess I will never be as rich or powerful as a company like Microsoft, I simply could never treat customers the way that they do.

[Ted Miller]

Well if at first you can't succeed ...

PATCH, PATCH again!

[fjellt]

Umm....

Colonel Sanders, will you baby-sit my chickens?

The manufacturer of flawed software makes a security suite to help protect said software? I have to sit down, my brain is starting to hurt.

[rick7069]

WOW!!!

Microsoft is (with vista ultimate) going to sell me a piece of software for LOTS of cash that is full of holes and then charge me to protect those holes from attacks? Sounds no different than a common protection racket that would be locked up for criminal activity.

I guess I will never be as rich or powerful as a company like Microsoft, I simply could never treat customers the way that they do.

[Ted Miller]

Well if at first you can't succeed ...

PATCH, PATCH again!

[fjellt]

Umm....

Colonel Sanders, will you baby-sit my chickens?

The manufacturer of flawed software makes a security suite to help protect said software? I have to sit down, my brain is starting to hurt.

[aabcdefghij987654321]

Microsoft products cause security problems, not fix them!

I really hope the majority of people "get it" and tell MS where they can out this product, thanking them for the need for it to begin with.

Give this Linux a try if you truly are looking for a more secure system. http://www.ubuntu.com/

[Ted Miller]

Goverment request

Home Land Security demands to look at all thet secure data backed up on Symantec's servers. Ahm you know... just in case there are terriosts there

[jabbotts]

There's One! ...

There's one, there, behind that diod.. Watch it! He's got a byte in his hand, oh if we lose that byte we're all screwed

[john55440]

Symantec Needs A Good Shaking

Perhaps Symantec will get off of it's rear, and create better products.

[P. Jackson]

Symantec customer service

... is a joke. They don't just need better products. They need a new attitude towards their non-business customers.

[tobyp--2008]

Defensive "news"

"The real winners could be consumers, who will likely see
simpler, cheaper and more comprehensive products, analysts
say."

You know, I read this article twice and didn't see any quote that
even resembled this "high impact" summary

I hate to be cynical, but the obvious response from Symantec
and McAfee (and others) will imply that this may be another
anti-trust (bundling) violation. Microsoft's position would be to
argue that entering the market INCREASES competition and
BENEFITS the consumer, and thus this is not an anti-trust issue.

How funny then, Joris, that you would provide Microsoft's
defense in your "summary" -- it's hard to believe you didn't get
some "motivation" from MS to do - especially given your
summary comes out of nowhere considering the very text of
your article.

Hopefully, this isn't the case.

[irish_iiii]

Build a software market based on a faulty product

Quite a racket. Maybe the gaming industry should pay attention.

[irish_iiii]

Build a software market based on a faulty product

Quite a racket. Maybe the gaming industry should pay attention.

[rcrusoe]

I wish Microsoft would really shake up the market

I wish Microsoft would shake up the security market by developing
a secure OS. Then we wouldn't have to spend so much time and
money trying to protect our Windows boxes like new born babies.

Imagine a world if Windows was even half as secure as OS X. It
would be Symantec who? McAfee software? Never heard of them.

What's spyware?

[imacpwr]

Mac is better.. it's just that simple

I used Windows 10 years, bought a 5yr, old G4 Mac from work and
put OS X on it. Less than 1 month later I knew I wasted 10yrs on
the M$ wholywear. Now I'm the proud owner of a "solid and secure"
(Intel) iMac..!!
I'll NEVER go back to Microcrapware..!!!!!!!

[nesretep]

Are you so sure...?

Keep in mind that part of the reason that Macs appear to be so secure is their lack of numbers when it comes to market share. They have finally made a little noise in the market and what was the first thing that happened? Exploits had to be patched in the Safari browser and the OS X operating system itself. Don't get me wrong, I am no microsoft fanboy. I probably won't get OneCare. However, many of the comments here are from Apple fanboys that think that Macs are a cure-all for the ills that befall computers. If the situation were reversed and Apple and held nearly all of the marketshare for this long they would likely be the one criticized for a lack of security because of the greater intensity with which they would have people looking for exploits.

[Fireweaver]

Security by Obscurity

You're calling OS X secure? Ever wonder why your Mac is running OS updates every week?
It's likely that OS X isn't half as secure as you think it is. OS 9 was far more secure- There's no lack of holes to exploit in OS X, but if you're someone looking to steal passwords or infect computers are you going to write an exploit for 90% of the market or less than 10%?

Secure by obscurity isn't really secure. In some cases it's less so because the user's smugness causes temerity. On the other hand Mac doesn't seem to be doing anything in marketshare so maybe your smugness is justified...

[rcrusoe]

I wish Microsoft would really shake up the market

I wish Microsoft would shake up the security market by developing
a secure OS. Then we wouldn't have to spend so much time and
money trying to protect our Windows boxes like new born babies.

Imagine a world if Windows was even half as secure as OS X. It
would be Symantec who? McAfee software? Never heard of them.

What's spyware?

[Fireweaver]

Security by Obscurity

You're calling OS X secure? Ever wonder why your Mac is running OS updates every week?
It's likely that OS X isn't half as secure as you think it is. OS 9 was far more secure- There's no lack of holes to exploit in OS X, but if you're someone looking to steal passwords or infect computers are you going to write an exploit for 90% of the market or less than 10%?

Secure by obscurity isn't really secure. In some cases it's less so because the user's smugness causes temerity. On the other hand Mac doesn't seem to be doing anything in marketshare so maybe your smugness is justified...

[imacpwr]

Mac is better.. it's just that simple

I used Windows 10 years, bought a 5yr, old G4 Mac from work and
put OS X on it. Less than 1 month later I knew I wasted 10yrs on
the M$ wholywear. Now I'm the proud owner of a "solid and secure"
(Intel) iMac..!!
I'll NEVER go back to Microcrapware..!!!!!!!

[nesretep]

Are you so sure...?

Keep in mind that part of the reason that Macs appear to be so secure is their lack of numbers when it comes to market share. They have finally made a little noise in the market and what was the first thing that happened? Exploits had to be patched in the Safari browser and the OS X operating system itself. Don't get me wrong, I am no microsoft fanboy. I probably won't get OneCare. However, many of the comments here are from Apple fanboys that think that Macs are a cure-all for the ills that befall computers. If the situation were reversed and Apple and held nearly all of the marketshare for this long they would likely be the one criticized for a lack of security because of the greater intensity with which they would have people looking for exploits.

[Techno Guy]

This is Good News for Consumers and the Internet

I view Microsoft's entry into the PC security sphere as good news where everyone wins. In addition to the fairly obvious increase in competition and resulting reduction in prices, it will also likely press the existing security makers to improve their products. Additionally, as security products become more affordable and more commonplace, more people are likely to use them and keep them up-to-date, reducing the effectiveness of Internet-based attacks. All of this benefits everyone, regardless of your attitude toward Microsoft and its products.

[Zymurgist]

I'm not sure about that...

After all, Microsoft is selling for additional
cost a product that aims to implement stop-gap
measures to reduce the impact of flaws in their
product.

There's an obvious conflict of interest there.
If they are competent enough to implement the
measures in an effective manner, then how come
they have not fixed the inherent flaws in their
OS product? Either they are not competent, in
which case the security product would be
expected to be of lesser quality, OR they are
competent, and are intentionally releasing a
flawed product with the intent of selling you
additional products to avoid those flaws.
Neither bodes well for the market or consumer.

I suppose it need not be pointed out too that MS
has a distinct advantage over their competitors
in that their tools can be granted privileged
access to OS resources and features unavailable
to their competitors. Theire products, by
design, can do things the competitors products
never can.

[RayGentry]

IMHO

i think that microsoft's security suite should come standard, free with every copy of windows. now, maybe without the spam filter or whatever, since that's an email problem not an OS problem, but i don't think microsoft should be allowed to make money off making thier PC's more secure like this. MS recommends everyone connected to the internet have extra security precautions built in, which means that they realize there are extra threats. i should be able to boot my PC up and not be recommended to go buy extra products to do what it was made to do. if MS has created a product that allows people to use thier computers how anyone would expect to in a safer way, it should be included in windows.

[Zymurgist]

Security as an afterthought.

I think you are right. I would add that this
also bolsters the notion that Microsoft
considers the integrity of their systems as an
afterthought. Rather than focus on making a
stable and secure system, they build a capable
system and sell add-ons that claim to make their
systems secure.

Microsoft's competitors, of course, don't do
that. They perceive security to be part of the
core OS product, not a separate product in its
own right.

[ikenna4u]

IMNHO, I disagree

Microsoft offers security suite for free - and gets a rain of anti-trust charges, court injunctions etc etc. In a perfect world, they should. In todays legal system, impossible. Their competitors in the security arena will not stand, arms crossed, and watch their entire industry disappear you know.

[jerrellt]

Ditto

It makes no sense to make software, then have stuff wrong with it, then charge extra to fix it.

Windows should have as much security as possible straight out the box. But of course, that's in a perfect world.

[RayGentry]

IMHO

i think that microsoft's security suite should come standard, free with every copy of windows. now, maybe without the spam filter or whatever, since that's an email problem not an OS problem, but i don't think microsoft should be allowed to make money off making thier PC's more secure like this. MS recommends everyone connected to the internet have extra security precautions built in, which means that they realize there are extra threats. i should be able to boot my PC up and not be recommended to go buy extra products to do what it was made to do. if MS has created a product that allows people to use thier computers how anyone would expect to in a safer way, it should be included in windows.

[jerrellt]

Ditto

It makes no sense to make software, then have stuff wrong with it, then charge extra to fix it.

Windows should have as much security as possible straight out the box. But of course, that's in a perfect world.

[Zymurgist]

Security as an afterthought.

I think you are right. I would add that this
also bolsters the notion that Microsoft
considers the integrity of their systems as an
afterthought. Rather than focus on making a
stable and secure system, they build a capable
system and sell add-ons that claim to make their
systems secure.

Microsoft's competitors, of course, don't do
that. They perceive security to be part of the
core OS product, not a separate product in its
own right.

[ikenna4u]

IMNHO, I disagree

Microsoft offers security suite for free - and gets a rain of anti-trust charges, court injunctions etc etc. In a perfect world, they should. In todays legal system, impossible. Their competitors in the security arena will not stand, arms crossed, and watch their entire industry disappear you know.

[oldroughneck]

Marketing Spin

Shrewd marketing move on Microsoft's part: sell vunerable products at a high price, then charge for a service to monitor and repair the damage from the exploits of those vunerablities. The vunerablities won't necessarily be patched, just managed. Never ending revenue streams, Balmer's wild wet dream.

Operating systems don't "cause" security problems, the "cause" is the crackers who exploit the vunerablities. Anyone who claims that their OS is fundamentally secure doesn't understand the dynamic. It's statitiscally impossible to write error free code once you have a code body larger than a couple hunderd thousand lines. It just takes too long in human terms to prove the code is correct. Doesn't matter who writes the code, it will have errors, period.

Just because *nix and Mac OS don't get hit as often doesn't mean they're less vunerable, it just means the crackers haven't spent nearly as much time knocking them around to find where they break. Imagine the side of a barn with a door and a window. The barn represents all OS's. The big red side it the market space that Win OS occupies, the door is the market space that *nix OS occupies and the window the market space that Mac OS occupies. You start throwing rocks are the barn. Over time, you'll see that you hit more of the red space a lot more than hitting the door or the window. It's as simple as that, security attacks are going to hit the biggest target.

Microsoft isn't a security software company, they're an OS and productivity software company. They have talented people in the security area, no doubts about that, but it's not their strength as a company. Symantec and McAfee have been in this game a lot longer, but both companies have been "resting on their laurel" of late, they haven't been that innovative and they've tended to try to become the kitchen sink for security manangement; they try to everything, doing a fair job of everything but not an outstanding job on any particular aspect.

I don't buy into this "remotely managed security care", at least not yet. This opens a whole other attack vector and no one has of yet really mentioned how much impact this will have on bandwdth consumption or machine resource consumption. Given what I've seen already, it's an interesting idea but won't take the place of a well researched, designed and implemented set of ecurity policies and procedures. The cheap price alone is not enough, and will undoubtedly come around to bite you later.

[kurt mclaren]

Exploiting their shoddy work

I dunno, but is it just me?...Why are they trying to sell something
that offers protection for a faulty product, that just happens to
be their product. Its like selling a house or a car with no
windows or doors then turning around and trying to sell a
security system instead of trying to put in the windows and the
doors before selling it. Even then ca manufacturers go to the
length to offer security systems free of cost (immobilizers etc)
because they recognize you can?t be to sure about things. I think
this is a travesty; they should try to fix the product in the first
place to ensure that little if any security is needed. Instead they
are trying to exploit their shoddy workmanship. Consumers
cannot benefit from this, Microsoft will. They should include this
free, to aid helpless droves of microsoft product users who have
had years of crap and problems. So what is to stop them from
offering a faulty product and provide a certain and definite fix
for a premium? A double whammy if you ask me, so they will be
able to make money two ways...What?s next? They aren't gonna
offer security updates? Just tell you to get their 'one care'
product? Or better yet charge for security updates? This is so
underhand and should not happen.

[technewsjunkie]

Consumers are SHORT TERM beneficiaries!

I find the headline "OneCare has kicked off a software race--and consumers are the likely winners." misleading and sympathetic to Microsoft.

Has the result of the Browser wars been good for consumers(?!) - the vast majority use IE! And MS has let it languish until it was FORCED, by COMPETITION to update it!!

Wake up!

[technewsjunkie]

In theory, MS would seem to have an inside advantage

Since it's THIER OS! One might think they know where the weak spots are (NOT!). Will MS now be as "forthcoming" in providing Windows code to it's new competitors? Hmmm.

Seems like an unfair advantage to me (except that MS is incompetent in securing it's products)

[technewsjunkie]

In theory, MS would seem to have an inside advantage

Since it's THIER OS! One might think they know where the weak spots are (NOT!). Will MS now be as "forthcoming" in providing Windows code to it's new competitors? Hmmm.

Seems like an unfair advantage to me (except that MS is incompetent in securing it's products)

[Nkully86]

Is this enough though?

Here Microsoft has addressed the common issues relating to online security, but what they still haven't focused on is email security. Most viruses that come via browsers have been taken care of through knowledge and antiviruses and most of the time these programs work great in protecting a PC, but the amount of viruses that come via email has readily increased.

There are few programs and opportunities for consumers to protect themselves from email worms, so we need to expand the knowledge and hopefully force hackers to find other ways into our computers.
http://www.essentialsecurity.com/products.htm


Nkully

[Nkully86]

Is this enough though?

Here Microsoft has addressed the common issues relating to online security, but what they still haven't focused on is email security. Most viruses that come via browsers have been taken care of through knowledge and antiviruses and most of the time these programs work great in protecting a PC, but the amount of viruses that come via email has readily increased.

There are few programs and opportunities for consumers to protect themselves from email worms, so we need to expand the knowledge and hopefully force hackers to find other ways into our computers.
http://www.essentialsecurity.com/products.htm


Nkully