Since its introduction in 2006, Microsoft's Windows Live OneCare has altered the antivirus landscape. With Tuesday's announcement that Microsoft will no longer be selling the product in retail outlets but offering a new free version, code-named Morro, starting in the second half of 2009, it's sure to change the field once again.
Since Microsoft bought Romania-based antivirus firm GeCad five years ago, there has been fear among the commercial antivirus vendors that the software giant would simply bundle its malware protection within the next version of Windows. While that didn't happen--and it's unlikely to happen--Microsoft's addition to the market has forced its competitors to make some changes even though Microsoft hasn't become the huge player once feared.
Even before the first beta in 2005, McAfee and Symantec were talking about plans to go head to head with the software giant. McAfee announced plans around Project Falcon, and Symantec launched Project Genesis.
Microsoft OneCare entered the market in May 2006 as a "desktop IT department" and inspired a new breed of "omni security suites" that went beyond the traditional Internet security suite. I wasn't impressed. Although OneCare offers the revamped GeCad antivirus engine, Microsoft Windows Defender antispyware protection, and the Windows Firewall, along with system diagnostic tools, backup capabilities, and a way to monitor home networking, I think that the interface is clunky and that the tools aren't necessarily top of the line. And, I'm on record as calling OneCare SopranoCare since it seems wrong to me to have to pay the company that broke your operating system to fix it.
But at its introduction, Microsoft did shake up the antivirus landscape. OneCare was priced at an absurdly low $49.95, and it protected up to three PCs. At the time, Symantec's Norton Internet Security and McAfee's Internet Security were both priced at over $100 for their three-user packages. Today, three-user packages well under $100 are common.
Symantec responded in 2007 with its Project Genesis-produced Norton 360, a unified product that took Norton Internet Security and added online backup. But Symantec didn't just add to its existing product, it reinvented the product, producing a new one with a fully integrated interface marketed for the average home user. And at around $70, it could be used on up to three PCs.
McAfee also responded with its Project Falcon-produced McAfee Total Protection, also priced around $70 for up to three PCs. It too offers home network monitoring and premium or enhanced versions of the McAfee Internet Suite.
But McAfee and Symantec both had something Microsoft did not: effectiveness.
Almost two years ago, independent antivirus-testing organizations faulted OneCare for missing known malware. Andreas Clementi of AV-Comparatives.org wrote in his February 2007 report (PDF) that OneCare did not meet the minimum requirements for participation. "Due (to) that, its inclusion in future tests of this year (will) have to be re-evaluated."
Microsoft began hiring longtime antivirus experts from competitors, and it appears to have paid off. A few years ago, Vincent Gullotto came over from McAfee to head Microsoft's Security Research and Response team. Microsoft has since added experts from F-Secure, Sophos, and elsewhere to the team. And it shows. In the latest On Demand scanning test from AV-Comparatives.org, Microsoft OneCare 2.5 scored as well as McAfee VirusScan Plus 2008.
All is not perfect, however. In May, Microsoft mistook Skype for a piece of malware. And the Windows Firewall, while Microsoft insists otherwise, is not a truly two-way firewall; there are a great many outbound exceptions within the Microsoft version. A Microsoft representative said "If we turned on outbound filtering by default for consumers, it forces the user to make a trust decision for every application they run which touches the network." Given that other firewalls have outbound filtering, I still don't see why Microsoft can't.
The free version of Morro won't have all the current bells and whistles of OneCare; Microsoft says the diagnostic tools won't be included. Although the final feature set won't be known for a while, just having a free antivirus/antispyware/personal firewall product from Microsoft is bound to shake things up.
With traditional antivirus protection perhaps becoming obsolete, maybe it's time that Symantec and McAfee start offering free versions of their own antivirus products--something that I've said for years.
On Thursday, security vendor SecureMac reported seeing new variants of AppleScript.THT Trojan horse in the wild affecting users of Mac OS X 10.4 and 10.5.
The new variations exploit a vulnerability within the Apple Remote Desktop Agent, and can avoid detection by opening ports in the firewall and turning off system logging. The new Trojans can log keystrokes, take screen shots, take pictures with the Apple iSight camera, and enable file sharing, according to SecureMac.
The Trojans are using an AppleScript called ASthtv05 and/or may be bundled as an application. You must download and execute the file for your Mac OS X system to become infected.
SecureMac makes the MacScan, antispyware security software for Mac OSX.
StopBadware.org said Tuesday it has labeled two versions of the RealPlayer media player as "badware," or spyware.
RealPlayer 10.5, it claims, "fails to accurately and completely disclose the fact that it installs advertising software on the user's computer." And RealPlayer 11, it claims, "does not disclose the fact that it installs Rhapsody Player Engine software, and fails to remove this software when RealPlayer is uninstalled." Ryan Lukin, PR manager for RealNetworks, disputed some of the claims.
Lukin said the Message Center in 10.5 feeds only news and information, product updates, movies, video clips, and is clearly identified during installation. He said the change was that the check boxes in 10.5 were prefilled (requiring you to opt out), whereas in version 11 they were blank (requiring you to opt in). Lukin disagrees that the content served through the Message Center qualified as advertising.
As for version 11, Lukin said that by virtue of being a full-service media player, RealPlayer needs the Rhapsody ActiveX component because people may want to hear Rhapsody-encoded music clips. He agrees that once RealPlayer is uninstalled, the Rhapsody software should also be uninstalled. Lukin said RealNetworks was looking into making this change in a future release.
In the meantime, StopBadware recommends that users do not install either versions of RealPlayer, "unless the user is comfortable with the software behaviors we identify or until the application is updated to be consistent with the recommendations in this report."
Full details of the StopBadware.org alert about RealPlayer can be found on the organization's site.
On Thursday, the Anti-Spyware Coalition will meet in Washington. Included will be experts from McAfee, Google, and the Pew Internet & American Life project to discuss the latest in spyware trends. In addition to the well-known damage caused by spyware--hawking advertising, stealing passwords, and slowing down PCs--McAfee is calling attention to a little known aspect of spyware: domestic abuse.
"Using spyware for surveillance in cases of domestic abuse is a serious matter," says Anna Stepanov, who manages the Anti-Spyware program at McAfee Avert Labs. She's written a report titled Spyware: A Morphing Campaign (in PDF), which chronicles recent spyware trends including domestic abuse. "Monitoring a victim's online, cell phone, or general computing activity is of more value than ever in controlling or hurting a victim."
The National Network to End Domestic Violence offers these computer use tips to protect against such abuse.
StopBadware.org said Tuesday it has labeled the Sears and Kmart community software known as My SHC Community as "badware," or spyware.
The nonprofit organization run by Harvard Law School, Oxford University, and Consumer Reports WebWatch said it cited the Sears Holding Corporation community in particular "because of inadequate disclosure of extensive tracking and data collection and because the application does not identify itself while running."
In response to several accusations that it collects personal information without proper disclosure, My SHC Community has dramatically revised its Web site since last week. It has, among other changes, added a prominent link to its privacy policy.
At issue is the installation of tracking software from ComScore, an online data marketing firm. ComScore has maintained over the years that its data collection methods do not qualify as spyware. However, several leading antispyware researchers disagree.
In a statement (PDF), StopBadware.org said: "Sears Holding Corporation (SHC) has informed StopBadware that SHC is significantly improving the My SHC Community application disclosure and privacy policy language and adding a Start menu icon in an effort to comply with our guidelines and address privacy concerns. They expect these changes to be implemented within 48 hours."
However, late Tuesday, StopBadware.org said it has not changed its designation of SHC Community. "We have not evaluated these planned changes at this time. SHC has also informed us that they have suspended invitations to new users to install the application until these changes are implemented."
On Thursday, security vendor Fortinet warned Facebook users that a popular new widget also installed Zango, software that has been labeled by some antivirus vendors as spyware. The Facebook widget, Secret Crush, promises to reveal who has a secret crush on them, and requires the user to add it to their site. Upon doing so, Fortinet says the Zango software also piggybacks in the installation without notification.
Previously, MySpace users were tricked into downloading video from a site called YooTube, which also attempted to install the Zango Cash program.
Zango, also known as 180Solutions and Hotbar, has had a checkered history. In 2006, Zango settled with the Federal Trade Commission, agreeing to pay $3 million dollars for illegally installing its software on user's PCs without proper notification. Recently, Zango lost its lawsuit against antivirus vendor Kaspersky. At issue was Kaspersky's claim that Zango was a threat to users.
Fortinet estimates that about 3 percent of the Facebook sites currently have the Secret Crush widget installed. For its part, Zango told WiredNews it disputes the advisory, citing that it has not detected any noticeable increase in the use of its software in recent weeks.
Online shoppers who signed up for the "Sears Holdings Community" ("My SHC Community" or "SHC") this holiday season got a gift that keeps on giving: spyware.
Sears defends its actions by saying it clearly notified customers before they accepted the software installation. However, several antispyware researchers found the Sears notification process fails to call out that users' online activities (including logging in to bank accounts) will be recorded and that it generally falls below industry standards.
The concern focuses on software installed by ComScore, an online data marketing firm. ComScore states on its Web site that it "maintains massive proprietary databases that provide a continuous, real-time measurement of the myriad ways in which the Internet is used and the wide variety of activities that are occurring online." The company has maintained over the years that its data collection methods do not qualify as spyware. However, several leading antispyware researchers disagree.
The controversy was first reported at the end of December by a senior researcher in the Anti-Spyware unit at Computer Associates, Benjamin Googins. In a blog, Googins related his own experience in joining the Sears Holdings Community, "a place where your voice is heard and your opinion matters." Although an initial sign up e-mail informed Googins of potential tracking opportunities, the online registration site itself does not. Nor does the Sears privacy policy clearly state what is and is not being tracked.
Rob Harles, a senior vice president of SHC, responded in a post to Googins blog . In his post, Harles said, "The vast majority of members of My SHC do not participate in any form of tracking, and those that have explicitly signed up do so after having been presented with simple, easy to understand language to which they have agreed." Googins says that a quick scan of older press releases shows that Harles was formerly a senior vice president at ComScore.
Veteran antispyware researcher Benjamin Edelman agrees with Googins. In a recent blog, Edelman stated "the limited SHC disclosure provided by email lacks the required specificity as to the nature, purpose, and effects of the ComScore software."
Specifically, Edelman cites that "the initial SHC email refers to the ComScore software as 'VoiceFive.' The license agreement refers to the ComScore software as 'our application' and 'this application.' The ActiveX prompt gives no product name, and it reports company name 'TMRG, Inc.' These conflicting names prevent users from figuring out what software they are asked to accept."
- prev
- 1
- next
