Once Again, Security Company Suggests Microsoft Making Its Own Software Secure Is An Antitrust Violation
from the rock-and-a-hard-place dept
For many years, we've pointed out that Microsoft is in a bit of a rock and a hard place when it comes to security software. The company more or less created an entire outside industry in having its software be so incredibly insecure that various other firms had to step up to secure it. But, that puts Microsoft in a really tough position. Does it fix its own security flaws... or is doing so a way to abuse its market position to put the security firms out of business? It's hard to see how that latter position makes much sense to anyone other than those who work for the security companies, but they continue to make those claims. The latest is from Trend Micro, who is complaining that Microsoft Security Essentials (MSE) is an antitrust violation. The article linked here notes that this is even more ridiculous than you might expect, in that MSE is an optional download. Either way, it seems like a pretty huge stretch to claim that fixing your own security holes could possibly be an antitrust violation. The real problem may be that Trend Micro jumped into a business that relied on another company continuing to suck.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: antitrust, security
Companies: microsoft, trend micro
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
Well, this is Microsoft we are talking about here. It's a pretty safe bet.
[ link to this | view in thread ]
Trend Micro is trending down.
[ link to this | view in thread ]
MSE is the Ford Fiesta of AV
Professorially, the big problem with MSE is that it really isn't manageable. I suppose that a small company with a hig risk tolerance would be OK with MSE but most businesses, organizations, & government agencies need something more. Even Microsoft competes with MSE, with their Forefront client security product.
The bottom line is that if you can't make an AV product that is better than MSE, you are getting what you deserve if folks aren't buying it.
[ link to this | view in thread ]
M$ inherently has inside info that gives it unfair advantage.
Anti-trust to reduce a monopoly -- even if it were "natural" -- is entirely a good purpose in line with historical use. The world basically is held hostage to M$'s stupidity besides cupidity, and if a really good virus is written, it could bring the whole house of cards down. It's too much risk to place on a company with M$'s history of unethical competition.
[ link to this | view in thread ]
Re: M$ inherently has inside info that gives it unfair advantage.
Oh, wait, there is NO SUCH THING as unexploitable software.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: M$ inherently has inside info that gives it unfair advantage.
Anti-malware is only useful because people don't care what they install and they click yes to everything.
MS can't protect their OS against user stupidity, but they can offer a free semi-useful anti-malware to try to help users not shoot themselves in the foot.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: M$ inherently has inside info that gives it unfair advantage.
[ link to this | view in thread ]
Mike, I have to disagree, this is an antitrust violation
But here they intentionnally don't fix it and push their antivirus solution. So this is unfair competition
[ link to this | view in thread ]
Re: Mike, I have to disagree, this is an antitrust violation
[ link to this | view in thread ]
I'm lost...
Do people honestly believe that the reason Windows is more vulnerable to viruses is because MS's product is or was fundamentally insecure? (OK OK, Internet Explorer was a pretty big open door for a long time) - No, it's because most people use Windows and it has the largest exposure!
It's about MS making a great anti-virus / anti-malware program and Trend can't stand that their customers are dwindling.
Before I started using MSE I did a lot of research... I wanted a native 64-bit app that had a small memory and CPU footprint and that had exceptionally good virus / malware interception capabilities with few false positives. In the studies I found, MSE met or exceeded every one of my requirements.
Why, then, would I pay for a Trend Micro solution? Let's imagine MS is out of the picture for now and MSE isn't available to me for free (or for pay) - I STILL don't choose Trend's AV product / suite because it's simply not as good as other products out there (even the free ones)
I just realized this post makes me sound like a huge MS fanboy and I have to tell you that is FAR from the truth. I just don't have much patience for Trend Micro and the like with their shitty, overpriced products that slow your machine down to a crawl and no-one in their right mind (after doing even modest research) would actually go buy.
[ link to this | view in thread ]
Horse Manure!
[ link to this | view in thread ]
Re: Re: Mike, I have to disagree, this is an antitrust violation
(a) They have an advantage because they know the inherent code, whereas AV vendors don't.
(b) Are you sure MSE will always be free?
[ link to this | view in thread ]
Re: Mike, I have to disagree, this is an antitrust violation
Or do you honestly think that drive-by infections are the main issue?
[ link to this | view in thread ]
Re: I'm lost...
[ link to this | view in thread ]
Re: Re: M$ inherently has inside info that gives it unfair advantage.
They should be able to...it's their OS that trained the users to be so stupid and ignorant as to click 'yes' or 'continue' to everything...
[ link to this | view in thread ]
Re: M$ inherently has inside info that gives it unfair advantage.
[ link to this | view in thread ]
Exploit This
using namesapce std;
void main() {
cout
[ link to this | view in thread ]
Wow
It's their software, they can do whatever the hell they want with it.
[ link to this | view in thread ]
Re: Re: Re: M$ inherently has inside info that gives it unfair advantage.
MS did not make the first GUI OS, nor were they the first to have confirmation boxes...
[ link to this | view in thread ]
Give me a break
This comes from an IT Director that had Trend OfficeScan on a network of over 230 workstations and found that Microsoft Security Essentials did a better job than Trend in keeping malware off of the systems.
When we switched from McAfee 8.5 to Trend Micro's OfficeScan 10(?) we had a huge influx of systems infected with malware through drive-by installations such as the AntiVirus 2008-2010 bug. That bug was so tough that Malwarebytes wasn't able to remove it 90% of the time and because of this we re-formatted 100% of systems that came in that way.
When I worked for the state, they were using Trend and it worked very well, but Trend has gotten extremely complacent. Their AV was extremely heavy, slowed systems down a lot, and even though it seemed to be scanning heavily, it wouldn't do an on the fly deletion of most drive-by bugs. It'd let them get to the temp folders and then sent out an email stating "Trend couldn't remove or quarantine X bug from C:\blahblahblah". What good is your crappy ass antivirus product then???
Why should I pay over $4500 for a yearly license when your product doesn't stop squat!?
MSE at least seems to be a decent on-demand virus scanner and according to AV-Comparatives was better than Trend Micro , catching 96.3% of bugs vs Trend's 90.7% and it's FREE!!!
Trend Micro's product also had the highest incidence of false positives out of a test set of 1.2 million malware sample. Trend dinged 38 false positives vs MSSE at 3... THREE! Rhymes with FREE!!!
You wonder why Trend is losing out to MSE...??? Really? You have to ask?
AV Comparatives has four ratings: Advanced+, Advanced, Standard, and TESTED. MSE received the Advanced rating compared to Trend which only received a TESTED rating.
AV Compratives Feb 2010 Report(pdf).[ link to this | view in thread ]
Re: Re: Re:
It's also gotten MS to offer less bundled versions of Windows over in Europe and they now offer you up a choice of default browser in the same.
They really do need to be more widely and thoroughly applied though.
[ link to this | view in thread ]
Re: Re: M$ inherently has inside info that gives it unfair advantage.
[ link to this | view in thread ]
Hrm...
Obviously, that didn't go far.
Heck, I don't even know if Microsoft markets Security Essentials beyond their own website. I was pretty surprised that the CNET rating was rather positive on the product, especially on a product that Microsoft put out only because people kept demanding it.
Ironically, Trend Micro trials are often found on newly purchased PCs - and Security Essentials has to be downloaded and installed. Too bad Trend Micro didn't pay attention to what happened to Norton, because now they're in the same shoes as Norton was a few years ago (losing market share as their program became bloated and not as effective).
[ link to this | view in thread ]
Re: Re: Re: M$ inherently has inside info that gives it unfair advantage.
Anti-root kits protect against exploits there days.
[ link to this | view in thread ]
Re: Re: Re: Mike, I have to disagree, this is an antitrust violation
D) Anti-Virus Software has very little to do with system patches and more to do with ID10T & PEBCAK issues in a modern environment. (IE the moron that does not UPDATE their software on a regular basis)
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Re: Re:
http://www.usatoday.com/life/music/news/2002-09-30-cd-settlement_x.htm
Lets see.
"Former FTC chairman Robert Pitofsky said at the time that consumers had been overcharged by $480 million since 1997 and that CD prices would soon drop by as much as $5 a CD as a result. "
Yet they only had to pay
"Monday to pay $67.4 million and distribute $75.7 million in CDs to public and non-profit groups to settle a lawsuit led by New York and Florida over alleged price-fixing in the late 1990s. "
Wow, what a bargain.
"It's also gotten MS to offer less bundled versions of Windows over in Europe and they now offer you up a choice of default browser in the same."
Wow, that really sounds like it accomplished a lot of good.
/sarcasm
[ link to this | view in thread ]
AV Software
Also, who cares if Microsoft has better knowledge of their own systems? If you are not allowed to build something because you know what others, what are you allowed to build?
Any improvement in the OS could be blocked by such a flimsy argument. Remember, an OS includes programs in it.
[ link to this | view in thread ]
Re: M$ inherently has inside info that gives it unfair advantage.
M$ shouldn't be making security software. They should make secure software.
I am not talking about the idiots that will click on anything, either. I am talking about the drive-by downloads that still happen in IE8, (That was supposed to stop being possible in IE7,) and the fake AV that invaded a Vista computer though M$ Outlook. XP was supposedly the safe OS. Then Vista was supposedly the Security First software. I haven't heard any nightmare stories on Win7, yet... (Except the nightmare of trying to administer it. I can't make heads or tails out of Vista or 7. Yuck! No fun at all!)
I asked this question almost a decade ago. Win2K had some security flaws. Supposedly, XP was more secure, but it was like 7 times the size. Then Vista came out and it was like 9 times the size of that. Now Windows 7 is still bigger, (but not quite as drastically, I don't think.) My question is this:
If a million lines of code has a thousand potential exploits in it, how can 7 million lines of code have less?
More code cannot give you less potential exploits. It isn't logical. It is way past time to de-bloat the OS.
[ link to this | view in thread ]
Re: Wow
Every good or bad idea that has ever come across the user experience has been integrated into Windows. Windows needs to take programs out of the kernel. The kernel should be impenetrable, so the OS isn't so easily corruptible. Root kits should not be possible!
The anti trust nonsense that occurred in Europe wasn't about M$ giving away a free browser, but that the browser was integrated into the kernel and could not be uninstalled. Give away all the crap you want, just don't incorporate it into the kernel so it cannot be removed, and be so easily exploited.
[ link to this | view in thread ]
Good points but....
And I agree that no piece of software is absolutely secure, nor can it be. But, there seems to have been a deliberate calculated decision to leave the security holes open and to plug them after the OS goes to market. Microsoft products have been left vulnerable for many other explanations to make sense. Yes, no software can be made un-exploitable, but, the shear quantity of exploits against Microsoft software leads one to think that the beta testing for security has been somewhat lax.
Further, I'd point out that most of the world's web servers run some flavor of Linux using Apache, and there has been relatively few exploits against these systems. Some yes. But, RELATIVELY few.
I think Microsoft's biggest problems (historically speaking) are a) sloppy coding and b) as MikeLinPA pointed out, software bloat. Trying to do to much without taking time to look for security holes will always render software vulnerable.
[ link to this | view in thread ]
Security permissions for Linux: Download file--->Change file to allow executable--->Change permissions on file to root---> Sudo/$/Root--->run the file---> some small tiny area of your computer is infected...maybe...if a patch hasn't already come out in the 2 days since it was found to completely nullify it.
Mac Security process: Buy Virus because Steve Jobs said so. Install Virus...Call it OS something and name it after a large cat. Automatically deduct from checking into Steve Jobs checking.
[ link to this | view in thread ]
Ah, but here is the argument.....
There is some argument to say that since Microsoft knows where the holes are AND has the source code, they are better able than say.... Symantec to be able to offer solutions that use less memory and CPU power.
[ link to this | view in thread ]
[ link to this | view in thread ]