Security Vendors: Microsoft is making Vista Too Secure

re: Security Vendors: Microsoft is making Vista Too Secure

Thomas — Sun, 26 Nov 2006 08:55:56 GMT

"On a final note, no self-respecting IT professional would ever run any products from McAfee or Symantec! There are far better security products out there that are more effective and in many cases cheaper."

Do you really stand by a statement like that, john?

re: Security Vendors: Microsoft is making Vista Too Secure

John A Thomson — Tue, 14 Nov 2006 09:19:12 GMT

Nice post Jesper.

I listen to McAfee and Symantec whinging and think that if their products had actually done the job properly over the years then there wouldn't have been a need for Vista! Now that their years of less than effective products, or should that be bloatware, has come back to haunt them, they start to complain when Microsoft does a good job on hardening the operating system.

On a final note, no self-respecting IT professional would ever run any products from McAfee or Symantec! There are far better security products out there that are more effective and in many cases cheaper.

re: Security Vendors: Microsoft is making Vista Too Secure

micaman — Thu, 09 Nov 2006 08:31:04 GMT

This is really funny when you think about it. For years, the security vendors have been blasting Microsoft for not securing Windows better. All the while, selling consumers products that they can hardly understand or operate. As a security consultant, both for companies and consumers, I sell and install several different brands of security products (McAfee the most) and services. Once I get my clients accepting of 1) computer security and 2) commit the money, they simply can not relate to the screens, instructions and the whole nine yards of security software. This is no fault of consumers, but more of one for the security vendors! They are at fault for not making security easier by now. How long did they think they would have to build a loyal customer base and to invent something new? How long did they think software would be insecure? And how long did they think they could sell consumers products that they don't understand? Which puts machines at more of a risk, because consumers approve the wrong things or they turn them off or quit updating them. I have come across hundreds of machines over the years that when I open the security programs that they have installed, say "153 days since last updated" or something to the effect. This is crazy. If Microsoft can build a better mousetrap - they should do it! And who is stopping "Norton and the lot" from building their own OS to secure? Just think if we told General Motors not to provide lock & key to their cars 'cause the locksmith companies are depending on them for income. We are suppose to be moving towards advanced technologies, and to do this, we need Microsoft or whoever will do it - to move us forward. Vista is a move forward. And yes, Vista will have flaws and us security people will be needed all the same. Vista is the stepping stone we need to bring us to the true technology of tomorrow.

re: Security Vendors: Microsoft is making Vista Too Secure

OS — Mon, 23 Oct 2006 10:43:18 GMT

"In a sense, they have built their business on protecting users of Windows from Microsoft, and Microsoft healing the patient cuts into their business doing the same. As Microsoft's Security Chief Ben Fathi said, the security vendors want Microsoft to "keep the patient sick," and by extension, keep customers at risk, so that the security vendors can keep charging for the healing."

An analogy with the medical world is used here. I think in that world it's common that you don't take the opinion of one single doctor. Your regular doctor cannot prevent you from taking the opinion of others. Your regular doctor can't prevent you to choose another doctor, another hospital. You can even take the opinion of a complete consortium of doctors and pick up the best there are to do the job. Do you really won't your life to be in the hand of the one doctor with the bad track record based on his promise that he's now rehabilitated?

re: Security Vendors: Microsoft is making Vista Too Secure

Al — Thu, 19 Oct 2006 20:49:46 GMT

So, does anyone know more details of this latest development? http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1224622,00.html?track=NL-358&ad=566751USCA&asrc=EM_NLN_650089&uid=1345032 I'm kind of surprised that Microsoft relented on PatchGuard, at least according to what the article states.

re: Security Vendors: Microsoft is making Vista Too Secure

Bravehart — Sat, 14 Oct 2006 03:25:40 GMT

Dear Jesper. The reason I do like to switch to Vista is because of the third party alterations ability of the OS in XP! Particularly McAfee! Do not get me wrong, they "protected" me for many years. As your artical mentions, they like to take the credit? But as you wrote they use "hooks" and there is were the problem lies! When you disable some features of their program, windows is not able to take back or remove the hooks(which they leave in place)! Now your worst off than before( no protection or worst, instability)! McAfee tels me what is best for me, so are the others, they do not ask, or tell you what their program really does nor will they tell you what system resources are effected! That is where patch guard is so very important! McAfee & Symantec have became lazy and it is time they became inovative and work for their money! Please tell Microsoft to stand their ground NO HOOKS period or no VISTA, I might as well stay with XP and get srewed by a third party claiming to protect me? Yours Truly R. V.

re: Security Vendors: Microsoft is making Vista Too Secure

*** Carlson — Tue, 10 Oct 2006 21:15:23 GMT

What you're seeing here is not at all unusual -- if it didn't rain, I wouldn't need an umbrella. Look at the HMO model, auto insurance, or even getting married. (I'll wait here for some of you to catch up. All done? Good!) As a member of the MS hive, my views on this have certainly changed from my pre-Borg experience. There's really nothing that says because you have an existing business model that's working, you are guaranteed it will continue to. This applies to Detroit Autoworkers, home-based web designers, and all manufacturers of buggy accessories. Things change. It would be great to see some of these companies change their focus to OTHER areas where our product is still suck -- lacking. Not a security problem, but certainly something that would make me want to send money. 1. Improved UI and interface experience 2. Integration with other common tools and experiences 3. Faster, smoother, cooler experience Many of our existing products would be a ripe garden for the picking.

re: Security Vendors: Microsoft is making Vista Too Secure

Alun Jones — Tue, 10 Oct 2006 15:52:00 GMT

The difference between Microsoft making money off their OS, and Symantec / McAfee making money off Microsoft's OS is clear. Microsoft make money if the system is more secure, more usable more of the time. Symantec and McAfee make money if the system is less secure, less reliable more of the time. A little like Red Hat with their "we don't make money selling the OS, we make money selling support and consulting", while the initial intent may be a good one, you have to realise that the monetary pressure (which is a strong driving force in most companies) is pointing in a direction that is counter to your best interests as a consumer. Red Hat will obviously make more money if the OS they ship is a mess that needs lots of support and customisation; Symantec and McAfee will make more money if they can convince you that your OS is unsecure; Microsoft will make more money if they can convince you that you'll get more use out of your OS.

re: Security Vendors: Microsoft is making Vista Too Secure

Susan — Tue, 10 Oct 2006 00:39:32 GMT

And interesting counter to this is the thoughts by Joe Wilcox about the 64 bit platform - http://www.microsoftmonitor.com/archives/2006/10/shooting_stars.html will it have enough of an impact to really matter? I know that in my own firm and personal computing, I am not running 64bit at this time and don't see going there other than for beta testing and what not in the near future. But all it takes is one read of this: http://www.securiteam.com/windowsntfocus/6Z0032AH5U.html Ask ourselves... given that history...that track record... should they have access?

re: Security Vendors: Microsoft is making Vista Too Secure

ASB — Sun, 08 Oct 2006 13:35:16 GMT

Jesper, thanks for another source of information on this... And keep having fun in your post-Microsoft existence... :)

re: Security Vendors: Microsoft is making Vista Too Secure

jesper — Fri, 06 Oct 2006 02:33:49 GMT

Al, of course, yes. Microsoft is obviously in it for the money, and don't think for a second that they would do something for the pure goodness of it without at least a remote chance that they would get the money back some way, somehow. That said, I am not convinced that Microsoft is in it to take away revenue from Symantec and McAfee; to compete with the anti-* vendors. It is more likely they are trying to get better at security to avoid having their own revenue stream taken away by someone else. It is not so much a matter of adding revenue in this case as it is not losing it.

Oh, and thanks for the good feedback!

re: Security Vendors: Microsoft is making Vista Too Secure

Al — Thu, 05 Oct 2006 23:48:23 GMT

Let's be fair here - Microsoft is in it for the money, too. And both issues seem to have the feel of Microsoft starting to elbow out the competition. That being said, McAfee and Symantec's argument against PatchGuard seems a bit weak to me; however, I am more open to their points regarding Security Center. If Microsoft can beat the 3rd-party security vendors at their own game (with regard to product quality, innovation, and/or value), then good for them. Personally, I don't see it happening regularly anytime soon. Jesper, thanks for taking the time to blog. I really enjoy your perspective and insight.

re: Security Vendors: Microsoft is making Vista Too Secure

Dan Halford — Thu, 05 Oct 2006 20:14:57 GMT

A while ago, Nottinghamshire Police (in the UK) complained that their fancy new digital speed cameras (one set read your registration plate on the way in, another set on the way out, working out your average speed) were so effective in reducing speed that the revenue from fines had dropped to almost nothing, meaning that they cameras were now running at a loss. For thsi reason, they suggested shutting them down. Why is this relevant? Well, Symantec and McAfee are have a similiar missions statement to the Police; "keeping you safe". But, the organisations raison d'etre is not security - it's making money. Vista's security threatens their user base and revenue model. It's easy to see why they'd be worried.

re: Security Vendors: Microsoft is making Vista Too Secure

Steve — Wed, 04 Oct 2006 23:59:56 GMT

Jesper, Yes, I agree. Sorry for the verbosity.

re: Security Vendors: Microsoft is making Vista Too Secure

jesper — Wed, 04 Oct 2006 22:40:49 GMT

Roger: There have been a few reports about people bypassing PatchGuard, but as far as I know, they have all been blocked now. That does not mean new ones won't come up though. That being said, this is a moving target, like Steve says (I think). If you secure it, it will change.