Symantec/EU succeed in making Vista insecure

[markwolfe Veteran]

It's funny because many Linux distro come preloaded with much more software AND better security and you don't hear a bip from EU about it....

Ummm... Could it be because in Linux, each and every one of the sub-components are optional? And there are typically multiple alternatives freely available for the user to choose to install (or not install)?

Think about it.

Huh? Unless * is "Open" then I don't even know what you're talking about. And to whoever mentioned Linux (who probably has never run it himself), claiming Windows XP is inherently less secure than Linux is a load of crap - I can't think of any OS that's easier to compromise than Linux. Although if you want to be pedantic it's usually because of the services running on it (Apache, PHP, X). FreeBSD might be on par with XP / Server 2003 - but they're usually pretty behind-the-times feature-wise. OpenBSD is the clear security winner, at least on its default install - but only because it doesn't actually "do" anything useful.

Sure, each of these OSes faces different challenges. For Windows, it's mostly the gullible-user challenge. In fact, Windows faces every challenge any other OS might face and more, because it's used for so many purposes (every kind of server, workstation, , desktop, mobile, etc) and by so many different kinds of users (enthusiasts, professionals, families, newbies, whatever). But in every technical way, I believe Vista is more secure than anything comparable (OS X, desktop Linux, etc).

Oh, and for the record: UAP itself isn't what makes you more secure. UAP makes it bearable to run in a more secure environment, where there were obvious useability gaps if you ran a LUA account in XP. But you always could.

Brandon, I know you work for Microsoft, and they supply your paycheck and all. But you are quite wrong on your points. Until SP2, XP security was a complete joke! All those ports open for automated worms to exploit. The default XP install still leaves the home user running as admin, fer-cryin'-out-loud! Compare Windows XP SP2 to, say, Ubuntu (perhaps the most popular distro, and weighing in at 1-CD, probably most comparable to a typical home user's XP install). Tell me, exactly, how you would compromize this so much easier than Windows?

You can compare default installs, if you like (would be an interesting for people with XP SP0 CDs!), or you can compare 'hardened' versions of each. Either way, you won't find XP coming out on top. At least with Vista, Windows is coming out with a comparable product...

[LTD]

markjensen,

The argument will be that Linux use across the board is only a drop in the bucket compared to Windows use.

More attacks/challanges = more possible exploits. ;)

And, of course, with Microsoft's incredible foresight, I find it hard to believe that Linux and OS X had better safeguards already in place years ago, before 2004.

I mean, if Microsoft couldn't predict how users would connect to the internet in 2001 and how they might place themselves at risk, then surely, these other operating systems' safeguards must have been positively laughable. ;)

[markwolfe Veteran]

markjensen,

The argument will be that Linux use across the board is only a drop in the bucket compared to Windows use.

More attacks/challanges = more possible exploits. ;)

And, of course, with Microsoft's incredible foresight, I find it hard to believe that Linux and OS X had better safeguards already in place years ago, before 2004.

I mean, if Microsoft couldn't predict how users would connect to the internet in 2001 and how they might place themselves at risk, then surely, these other operating systems' safeguards must have been positively laughable. ;)

Let's get something straight:

• More marketshare = more interest in attacking
  
• More marketshare = larger number of idiot users
  
• More marketshare != more code exploits (the code is the same code, after all, regardless of number of users)
  

And you certainly don't find it hard to believe that Linux and OSX had better safeguards in place back pre-2004. Say, like, not running as root/admin? Prompting for system changes? Firewalls enabled by default? Do you really want to compare XP SP0 to any Linux distro of your choice of that same time period?

[LTD]

mark,

Well that's the point now, isn't it?

So how can you explain that MS took so long (say, until 03-04) to implement the most *basic*, obvious security measures? Is it because they thought users would resent the fact that they would have to enter a password every single time they installed something? That they would be up in arms over that horrid inconvenience?

I mean, after all, I'd much prefer to back up my data, have it in a safe place, wipe my HD clean and then re-install everything rather than type in my password and be told *what* I'm about to install. :rofl:

Unless there's a better reason MS didn't implement it before . . . or did they find it far cheaper to do something else?

When I used Ubuntu (and before that PClinuxOS) back in '05, I thought user-permissions/prompts when installing was normal. I mean, you're about to write something important to your drive. And would it not make sense to actually *warn* someone when an application (malware?) was about to be written to the drive without me initiating it in the first place?

But I no longer have those worries, thankfully. If you're not going to innovate, at least don't implement late!

[jamend]

Is it because they thought users woul resent the fact that they would have to enter a password every single time they installed something? That they would be up in arms over that horrid inconvenience?

Yeah you're absolutely right, I mean there hasn't been a pip of complaints about how god damned annoying UAC is...

Oh, and PatchGuard does have a purpose in security. Getting kernel access is a common way of escelating user priviledges (because once you have code running in kernel-space, you can pretty much do anything), be it by a hacker or by a virus. On top of that it also lets poorly-written programs like Symantec's AV and several hardware overclocking/monitoring utilities affect the performance and stability of a system.

[grik]

Still, it's pointless trying to inform other people as they'll just read the headline / skim read the article and come in here guns-a-blazin'. Sadly we just have to watch people festering in their own ignorance. The topic starter is as much to blame as the plebs in here - it's not possible to make the headline much more sensational.

I agree on this completely, High Ranked poster should be more carefull with their answears. They have to know that there are people that just post to back them up just to fall on their graces.

I really like this forum and all that are in it, please dont change me the way i see it !!

[psyko_x]

Yes, but you can't let the truth stop people bashing the EU / Symantec / McAfee / [insert unpopular brand here]. It's pretty obvious to anyone with some common sense that Microsoft wouldn't just disable one of the key security components of Vista willingly - the article clearly states that Microsoft was happy/willing to make the accommodations requested. I really don't like Symantec but I'm fed up with everyone bashing them because it's the "in" thing to do. Unless they EU actually required Microsoft to disable key security components I wouldn't blame anyone except Microsoft - they decided to make these (rather small) concessions, so it is THEM you should blame.

Still, it's pointless trying to inform other people as they'll just read the headline / skim read the article and come in here guns-a-blazin'. Sadly we just have to watch people festering in their own ignorance. The topic starter is as much to blame as the plebs in here - it's not possible to make the headline much more sensational.

Start reading between the lines

"blocking the core area of the operating system was also meant to enhance the performance of the entire computer, noting that unsupported access by outside software programs could affect the overall stability of the machine." <-- yea sounds like they were really "happy/willing" to degrade the performance and stability of Windows. Where did you get that??

Regarding the EU:

"The European Commission, which has fined Microsoft nearly $1 billion for antitrust violations, told the company that it was concerned" <-- Dear MS, do you want to test our nerves and risk another $1 billion? We are concerned about you :rolleyes:

"It looks like Microsoft was really testing the waters here, sort of pushing the limits of antitrust and decided they probably couldn't cross that line just yet"

The point is they didn't do it willingly as you put it. You seriously made it sound like they're ecstatic to make these changes when the reality is that they were tremendously pressured and essentially forced.

I'm gonna get back to reading my book "Understanding English" since I'm just a pathetic "pleb"

[nekrosoft13]

Lets assume what u r saying is correct for a minute. So now since Windows was insecure, they are trying to fix the problem. But they get sued, cos it's their own OS, & still they cannot make it secure

Now Microsoft should add one sticker to the Windows Vista retail box

Note - Due to European Commission strict rules & regulation, Windows Vista for Europe does not provide any security features at all, you are advised to use a third party security application or suite as per your requirement. Charges may very for these suits

they really should put that on the box, this way it would backfire at European Commission, people would start to realize what those dumb ****s are doing

[ecotrojan]

You don't get it. Read my previous post. This has nothing at all to do with Apple or Linux, either.

Windows has been insecure since 1995. They did nothing in 1998. They did nothing in 1999, 2000, 2001. And meanwhile, all that time, the antivirus industry has gorwn up around MS' flawed design, and both MS and the antivirus indistry have become dependent on one another. Largely due to MS' irresponsibility or ignorance from the very beginning.

And now, all of a sudden, after years and years of giving YOU the shaft and having YOU spend extra $$ on antivirus software, MS has decided it wants control over Windows security, and the antivirus companies can find something else to do.

No way. No dice. MS cannot simply end the relationship without facing possible legal/legislative consequences.

Who's to blame? MS. 100%. When there was a chance to actually address the problem and find viable in-house solutions, they decided to go the cheaper route and farm the security side out to other 3rd parties. And now MS wants to toss them out of the picture after so many years. Do you honestly think these antivirus developers are going to go quietly? Not a chance. More power to them. MS' chickens are now coming home to roost, and alot of you *still* don't understand the economics of the problem.

Hold on.

Over a century ago Ford produced a car. The Ford model T. Now we all know that at the time this was a fantastic concept although it was flawed.

Over the years Ford has evolved the cars they manufacture, now with lots of nice little safety features, seat belts, lights, air bags whatever.

Today when you buy a car, you get lots of safety features as stated above. Ford didnt think of these features a century ago, they evolved.

What are you saying? M$ are not allowed to evolve?

Whilst you are 100% correct regarding M$ not getting off their lazy behinds, the 1000 mile journey starts with one step. Surely we all agree that M$ is taking that 1st step towards helping Joe Public.

Symantec and whoever else needs to adapt not hinder.

Start reading between the lines

"blocking the core area of the operating system was also meant to enhance the performance of the entire computer, noting that unsupported access by outside software programs could affect the overall stability of the machine." <-- yea sounds like they were really "happy/willing" to degrade the performance and stability of Windows. Where did you get that??

Regarding the EU:

"The European Commission, which has fined Microsoft nearly $1 billion for antitrust violations, told the company that it was concerned" <-- Dear MS, do you want to test our nerves and risk another $1 billion? We are concerned about you :rolleyes:

"It looks like Microsoft was really testing the waters here, sort of pushing the limits of antitrust and decided they probably couldn't cross that line just yet"

The point is they didn't do it willingly as you put it. You seriously made it sound like they're ecstatic to make these changes when the reality is that they were tremendously pressured and essentially forced.

I'm gonna get back to reading my book "Understanding English" since I'm just a pathetic "pleb"

:D

[MindTooth]

And now, all of a sudden, after years and years of giving YOU the shaft and having YOU spend extra $$ on antivirus software, MS has decided it wants control over Windows security, and the antivirus companies can find something else to do.

No way. No dice. MS cannot simply end the relationship without facing possible legal/legislative consequences.

Sure they can. Why couldn't they?

after having a good laugh because this article, I was wondering how much powerful really is Symantec and I stop laughing and start cry

Yeah. They have to much!

hey, im EU citizen, and im a bit offended with things that are beeing said here.

Why do you care so mutch about what comes to EU? If you are citizens of EU you should know that you can get any version you like, american, brasilian or whatever. My point is, most of you are too mutch worried what EU deserves or not about this matter.

If you arent EU citizen, just whatch your tongue, you have many things to protest in your own region.

EU will regulate the best way for their citizens. Dont be worried. Thanks

Well, I live in norway, and the EU can just get the **** out of country. A bunch of more needless peopl, need atleast 100 billions of years. The only thing I can get from this case, is that the EU is corrupt. When I security company manage to make Microsoft less secure, so they can earn more money.. And yes, OneCare shouldn't be there in the first place. But I can't see why OneCare should get more kernel access just because its created by Microsoft.

I can definatley see an Apple Ad in the future saying how the Vista kernel is insecure and that you need an antivirus to run it. We will all know that it was cause of Symantec for the ad.

Yeah, and that ad is made by Symantec in relations with Apple :p

[Syphonic]

If it was only in the N version think about how many more Europeans would either a)buy or b)pirate the US version.

[C_Guy]

Symantec and whoever else needs to adapt not hinder.

At last, someone on this board truly gets it. The whole point is, Microsoft has worked very hard to make Vista more secure. And while certain vendors out there like Zone Labs and Kaspersky Labs are working with Microsoft to develop security products that benefit the end user (without altering critical code in Windows), Symantec, McAfee, Panda, and others want to overtake as much of Windows as it can to maintain its place in the market.

Microsoft is the leader in innovation. Windows has evolved quite a bit and if the only way Symantec and McAfee can keep up is by holding Microsoft back or whining to the Eu then they should do us all a favor and exit the software market.

I am happy to boycott Symantec and McAfee because I support innovation, not whining and crying.

[Dane]

So has it been answered if it will effect the US version? I havent got on this topic in a few days and there are too many replies to look through. .

[hagjohn]

Symantec is just getting Microsoft make Vista as insecure as other Windows versions before. Just to make more money.. It is just absurd...!

Makes you sick.. doesn't it. I never recommend anyone use them.

[matty13]

Right.. PatchGuard. If its locked in RC's then get it and transfer to new release... But this is so god damn ****ING Annoying

Sysmantec Sucks!

[AxelStone]

are you guys idiots? Just in general. I read the first 2 pages and had enough. It isnt about the whole "securing vista" it really is about locking the software down. Microsoft also could have easily used an API with a certificate type authorization. Yet, they went with this. WHy? To use the simple blame game. Seems everyone took the bait hook line and sinker. Yeah and the whole "helping" by soliciting Windows One-care in the OS. Oh no, that isnt abusing power. Right, a totaly seperate product in a totally seperate established market, soliciting for free... no its perfectly fine.

[C_Guy]

are you guys idiots? Just in general. I read the first 2 pages and had enough. It isnt about the whole "securing vista" it really is about locking the software down. Microsoft also could have easily used an API with a certificate type authorization. Yet, they went with this. WHy? To use the simple blame game. Seems everyone took the bait hook line and sinker. Yeah and the whole "helping" by soliciting Windows One-care in the OS. Oh no, that isnt abusing power. Right, a totaly seperate product in a totally seperate established market, soliciting for free... no its perfectly fine.

With all that sarcasm, you missed the entire point. This has nothing to do with Live One Care and everything to do with security. Why? Because other vendors (such as Kaspersky Labs) are not whining and crying about the situation. They are making security software geared to Vista without a problem. Working with Microsoft rather than agaisnt it. (Which is good since in a large sense, Windows and 3rd party security software is complimentary, not competitive) This was going to be a good thing because the 3rd party tools would add a level of protetion over and above what Vista was already providing, whereas now, Vista's security has been compromised to allow vendors to more tightly integrate their software with Windows.

If Kaspersky and others can offer security software for Vista whithout whining and crying so could Symantec, McAfee, and Panda. However, they chose this immature and extremely unprofessional approach. Without Windows, these vendors would barely have a market at all.

It's ironic that in order to secure Windows, these vendors want Microsoft to cripple it...just a little bit... so they can go in and offer to protect it.

Microsoft should have held their ground.

[boogerjones]

Alright, so Symantec is greedy. If you were on their executive board, you'd be doing the same thing.

But I have a hard time believing all of your whining: "Oh, Vista is going to be so insecure because of Symantec." Does anyone actually have evidence that this PatchGuard move will actually reduce overall security? It doesn't sound like MS is just opening up the kernel to every 16-year-old with VBS knowledge. Don't be so critical until you know exactly what technical changes are being made and what the implications of those changes are.

[Slimy]

Microsoft's partners are continuing to cry foul over the decision to lock down the Windows Vista kernel with a feature called PatchGuard, claiming an announcement about sharing security APIs is simply a "red herring" to fool the press.

The contentious issue revolves around the ability of security vendors to write applications that essentially "patch" the Windows kernel to protect it from viruses and other malware. With PatchGuard, Vista attempts to do this on its own, in turn thwarting both protectors and attackers.

While partners such as Symantec, McAfee and Sunbelt Software understand the intentions of PatchGuard, they allege that Microsoft is actually making the operating system less secure by locking out third parties. These companies say that patching the kernel is of critical importance to security software, especially when new threats surface.

This is where opinions diverge. Microsoft, along with security software firms Sophos and Kaspersky don't believe that patching the operating system is a necessity for security, and say PatchGuard shouldn't get in the way of application developers. In fact, Sophos says it has no need to currently access the internals of the Windows kernel.

Symantec and McAfee, which are much larger than both Sophos and Kaspersky combined, dispute that viewpoint. They utilize kernel patching to stop viruses from shutting down security software with a feature called Tamper Protection, as well as for Behavior Blocking and host-based intrusion prevention systems (HIPS).

"The more general problem illustrated by the Tamper Protection example is as follows: Currently when a security company needs to provide security against a certain class of threat, we are able to do so even if Microsoft does not offer an API. With PatchGuard Microsoft is stepping in and changing the rules," says Rowan Trollope, Symantec?s VP of Consumer Products and Solutions.

Essentially, PatchGuard detects unauthorized patches of certain data structures or code in the kernel and in turn initiates a system shutdown. Microsoft has not specified what exactly will take place if such a patch is discovered, but Symantec claims a Windows computer will give a "blue screen of death" and turn off.

Most consumers, however, are unlikely to see any problems initially. PatchGuard will only affect 64-bit versions of Windows Vista, and x64 Editions of Windows are rarely sold in retail or to consumers. Nonetheless, Windows Vista will include both 32-bit and 64-bit versions in the box, and OEMs are likely to begin pushing 64-bit systems once the new operating system begins shipping early next year.

"When Vista 64 gets released, we will not have the APIs we need, and Microsoft expects customers to stand-by, unprotected, waiting for 'multiple upcoming Windows releases as we understand the exact requirements'," adds Trollope.

Symantec claims it has attempted to work with Microsoft for two years on the issue, but the Redmond company has refused to budge from its position. Trollope says Symantec proposed alternatives, such as leaving PatchGuard in place but offering a secure API for security vendors.

"There has been a lot of confusion based on what Microsoft has said publicly. First, to be clear, Symantec already uses all available security related APIs provided by Microsoft. The key word here is 'available'; there are no available APIs for these advanced protection technologies we offer today," explains Trollope.

For its part, Microsoft says it is trying to work with partners on the PatchGuard issue. The company also asserts that its own new security products such as Windows Live OneCare and Forefront do not have any advantage, although Symantec notes that Microsoft's offerings also don't include any advanced protection technologies.

"We?re totally committed to working with ISVs, and have been working with them for years now, to provide new documented and supported interfaces in 64-bit versions of Windows that will allow them to leverage the kernel on x64bit systems. Thus enabling a comparable level of functionality to what they have today on x32bit systems without direct access to the kernel," remarked Stephen Toulouse, a security expert who recently left Microsoft's Security Response Center for the Vista team.

But another problem, critics say, is that PatchGuard primarily hamstrings Microsoft's security partners, not the hackers. Symantec claims it has already figured out ways around PatchGuard, which means hackers have as well. But if Symantec were to release a product that bypasses the protection, Microsoft has promised an update to Vista that will cause the computer "to bluescreen."

"We of course cannot pursue a path when Microsoft tells us that they will bluescreen our customers machines. Hackers on the other hand have no such issues. Once they workaround patchguard (which they already have), they don?t really care if the system becomes unstable or bluescreens or anything else," asserts Trollope. "So in fact PatchGuard works in favor of hackers in this case."

JupiterResearch senior analyst and Microsoft pundit Joe Wilcox broke down the argument for BetaNews. "The situation is like this: Before, Microsoft security partners could take whatever path they wanted to climb the mountain and reach the summit," he said. "Now, they will have to use Microsoft security APIs, which create a path--and the only way they're allowed to go up the mountain."

"But Microsoft's APIan Way won't take them all the way to the summit. There is going to be a problem if the hackers can scale up to the summit by another route, while the security vendors are stuck below on the path," Wilcox added.

Sunbelt Software CEO Alex Eckelberry agrees with Symantec's conclusion. "Folks, this is a real issue. Microsoft has created a PR coup by ?agreeing? to give APIs to security companies. It?s a red herring," he said. "The security industry needs full access to the kernel. Period."

With Windows Vista expected to be released to manufacturing before the end of the month, third party security vendors are unlikely to see any of their demands fulfilled - at least before launch. What's still unclear is how this will change Microsoft's partner landscape. Symantec was once a close bedfellow to Redmond and a major supporter of the Windows XP launch in 2001.

Now, Microsoft has become a competitor.

Source

[Menge]

i still think this is ridiculous.

Microsoft's already said that if hackers could compromise PatchGuard, it'd update PatchGuard... so essentially, software vendors should NOT have to worry about that. they just don't want to lose their cash cow.... bastards.

[L3thal Veteran]

Good ol' Symantec :rolleyes:

[hajj_3]

this is very old! btw ms have now given those companies api's now. you should delete this topic, its 1 week old!

[XerXis]

this is very old! btw ms have now given those companies api's now. you should delete this topic, its 1 week old!

if you would have gone to the trouble of reading the first sentence you would have seen it's a reply of symantec and co to those api's. but you didn't

[L3thal Veteran]

Thread merged

[scoult01]

No way. No dice. MS cannot simply end the relationship without facing possible legal/legislative consequences.

That could be the most utterly retarded thing ive read today. Grats.

On a side note, I'd be glad to see the bloatware POS that is Symantec * gone forever.