Vista Scares The Industry. This is a Good Thing.
Written by Gordon Fecyk, 5/25/2006
Let's start with Wikipedia:
Windows XP has been criticized for its susceptibility to malware, viruses, trojan horses and worms. Security issues are compounded by the fact that users, by default, receive an administrator account that provides unrestricted access to the underpinnings of the system. If the administrator's account is broken into, there is no limit to the control that can be asserted over the compromised PC.
Yeah, yeah, yeah, yeah. Let's play Mad-Libs with this one, shall we?
The Automobile has been criticized for its susceptibility to weather, rust, metal fatigue and car thieves. Security issues are compounded by the fact that motorists, by default, receive a hood release catch that provides unrestricted access to the underpinnings of the system. If the ignition system is broken into, there is no limit to the control that can be asserted over the compromised car.
Sure, you'll criticize me by saying that said hood catch isn't something that motorists usually play with. Right. I'll remember that the next time you check your oil, or update your anti-virus software.
Not everyone plays with their car's hood. Certainly, no one plays with it while they're actually driving. So close the hood on your computer, already, and start driving the information highway safely.
Anti-virus firms at Infosec say they expect Vista and [Internet Explorer 7] to change nothing for the industry. Microsoft used its presence at the show to laud the security features they've been busy building in the upcoming software.
Eugene Kaspersky, founder of [Kaspersky Labs] said he expects the new privilege regime to have little effect. He said: "Of course [virus writers] will find a way round it. Within a year there will be something like a rootkit for Vista."
If you don't know what a "root kit" is, Wikipedia also provides an informative article on it:
Rootkits come in three different flavours, kernel, library and application level kits.
This last line's particularly ominous:
Kernel rootkits can be especially dangerous because they can be difficult to detect without appropriate software.
As usual, this type of writing jabs on and on and on about how difficult it is to remove this evil piece of software, but never, ever touches on how to keep it off in the first place.
They won't tell you, so I will.
Do I sound like a broken record yet?
Actually, "replacing system calls" and "replacing application binaries" are things that viruses, spy ware and trojan horses already do. All the Wikipedia's told you is a fancy, scary new name for the same old things.
"Overall, Microsoft Vista will bring spectacular improvements to the overall level of security for users, but only if Microsoft succeeds in making customers and ISVs comfortable with the new security system," Yankee Group security solutions and services program manager Andrew Jaquith said.
Ahh, yes. Tantalize customers with a glimer of hope, then stomp all over it with fear, uncertainty and doubt. And don't forget to sell more
And if that isn't enough to encourage more AV sales, then perhaps the legal angle will work:
Microsoft will also have to be careful that the new system adheres to competition rules. Microsoft has already been put on the alert by EU regulators, who will be closely watching Vista for signs of anti-competitive practices.
Translation: It might become illegal for Microsoft to protect their own customers in the name of fair competition! Computer security firm Symantec already fired the first legal salvo just last week!
The security firm is after Microsoft for unspecified damages and an injunction that could halt the release of Vista and the Longhorn server suite. The case relates to a 1996 contract between Microsoft and Veritas [Now part of Symantec] which licensed the latter's software for dealing with large chunks of data.
Yes, yes, yes, I know it has nothing to do with Vista's built in security capabilities, just its built-in data handling capabilities. But if the computer security industry doesn't let the facts get in the way of a good story, why should I?
You have to appreciate the irony here, folks. A computer security firm will take any steps necessary, including legal ones, just to stop Microsoft from protecting its own customers.
If that actually comes to pass, then Microsoft would have to be fined retroactively starting from about Fall 1999, when they released Windows 2000.
Let's take a look at how much Windows 2000 would have cost, compared to what Windows Millennium Edition cost you, from Winter 2000 through Summer 2006:
A note about the numbers: Pricing information from Winter 2000 wasn't easy to find, and the software prices are actually based on full retail costs as of May 2006. I can only say with authority that the Windows 2000 price is reasonably close to what I paid in Summer 2000, which was just over C$350.00.
Not a whole lot of difference, in the end. You actually would have saved a little with Windows 2000 up front, but you would have saved a lot more in prevented downtime by catching most computing problems before the fact. And you'd probably even have a slightly faster PC, since the Pentium II and AMD K6 series processors of the day ran Windows 2000 faster than they ran Windows Millennium.
The Windows ME user wouldn't have avoided I-Love-You, BadTrans, etc because Norton Antivirus could only catch viruses after the fact. The Windows 2000 user wouldn't have avoided Blaster, but by about late 2002 hardware firewalls were available, adding about $100 to each side's total, which would have saved the Win2K user before Blaster came out.
By this logic, Microsoft's Windows 2000 operating system represented unfair competition to Norton Antivirus. By the same logic exercised by computer security firms today, Windows Vista represents unfair competition to the entire computer security industry! The horror!
Indeed, Microsoft will force the IT security industry to up their game, and the industry is doing all they can to delay it, right down to legal tactics and smear campaigns.
I don't know what my peers think of all this, because let's face it, this is the end of their prized cash cow. But if this finally forces the IT security industry to evolve, then I'm all for it.
Recently Edited Categories:
All trademarks are property of their respective owners.