The question is where does the SYBARI purchase fit into this mix?

Keep in mind that this is for enterprise users. I'm just tickled that there may be Active Directory integration. What about WSUS integration? I should be able to manage my entire WIndows network from the AD consoles, perhaps pushing out the Client Protection through group policies/msi packages, and then configuring the options through group policies, and then pushing out updates through group policy (or even SMS). Halleluia! Of course, we won't yank out our current 3rd party AV solution, and we'll still try to lock down our desktops as much as our crappy applications allow (it's not MS' fault that crappy vendors require admin access--it's the vendor's fault for not following best practices in programming).

Sounds like that app should be a citrix published application. ;-)

First of all, NOD32 has a high rate of fake detections. And most antiviruses will actually detect the same 'way' if you set their engines to sensitive. Second of all...what is it that some of you REALLY have against MS? You try so hard to make them out to be complete villains. They're no angels. They're greedy. But, as I've said many times before, give credit where credit is due. And what would your alternative to Windows be? Please, don't even whisper Linux, because just like Firefox, with the right 'motivation' ie: if it ever became a real target to virus/malware writers, Linux is one OS I can see crashing and burning. 2 or 3 mistakes in there and you're screwed. Which means 2 or 3 files affected by a virus, and there goes the system.
Locking down file access doesn't always help. There are things that get through anyway - but who's going to take the time to write a virus to do that on an OS that is barely noticed to the general populous? Instead, the script kiddies go download some stuff they find online and get stuff to attack a Windows system.
This move shows that MS is taking a step to increase security. Call it what you will - bandaid? tire patch? I don't care. Protection and prevention, sometimes don't beat a cure. After you've been damaged, however it's been done - it's nice to have something to keep your data alive. Nothing on the market is totally secure. If you think it's so easy to make a permanent fix, then do it. Till then, I'll appreciate that they're making this stuff to help protect my PC, and other PCs which could be attacking mine (unknowingly).

I'd like to see if this technology is innovative like Determina VPS. Does it inhibit exploit execution or just look for signatures.

Hmm, here's an idea, fix the problem instead of putting another bandaid on the market. We have plety of bandaids already. what we need is a fix.

Why pay for this stuff. The combination of Avast anti-virus, ZoneAlarm firewall and AdAware work for me. They're free and beat the Hell out of Norton or McAfee...

This is great news.

I am very upset with McAfee and Symantec as they have no malware protection and I recently got hit by malware which caused me to loose allot of data.

I'm currently beta testing Windows OneCare and like it so far, and it's great to see that Microsoft is going to come out with an all-in-one protection package which includes antivirus, spyware and malware protection!

http://en.wikipedia.org/wiki/Malware

You are confusing malware with spyware...Malware encompasses both Viruses and Spyware.

OneCare missed a few that NOD32 caught.

No single package is a perfect solution.

"No single package is a perfect solution."

Absolutely agreed. I just sit back and enjoy when people keep trying to sell their favorite security programs.

Some may be better than others, but relying on only one will still leave your back end sticking out on the net.

I just gotta ask...

How necessary is an AV/Spyware solution in a limited operating environment with system / configuration protection such as a limited user (non-root/admin) account.

If it is impossible for programs to run without permission, why would we need an app that searches for programs that ran/run without permission?

If the OS was secure, we wouldn't need these apps.

It's a catch-22 and definately begs the question of "Conflict of Interest". They build the OS, and the product that bandaids the original products security flaws.

There is no need.
I've been running windows 2000 since day one on a 60 node network, and spyware just doesn't infect machines where users run as users. Yes I have AV installed and yes the AV client scans for spyware (or greyware) and none is discovered.

However, if MS is in the field for 2 years, and proves itself as say symantec or trend has in the corporate arena has, then I'll consider. MS has been known to be wishy washy on security, and it's not something that requires a half-hearted effort.

Unfortunately kernel sploits can allow code executed as a user to run as the system. This will allow for any code to be installed anywhere on a system. The newer root kits out there (yes there ARE root kits for Windows) can't even be detected without powering off the system and scanning it in another box with a root kit detector.

Then a fix for those flaws which allow such exploits would be nice. I'd rather have the fix than a scanner.

I mean, will MS really have the motivation to fix these things when they get paid to bandaid them?

"If it is impossible for programs to run without permission..."

That's the big thing. Remember IE? Do you want to install this ActiveX control? Sure, whatever, go away. People grant permission all the time without realizing. 2K (which really wasn't meant to be installed at home) and XP both started out poorly by creating the user as an Admin. This is something that's not going to be changed in these (soon to be) legacy operating systems. You're not going to be able to move tens of millions of users to restricted user no matter what. That's a fact that MS realizes so their making a product to cope with a mistake or bad decision that they made early on.

"I mean, will MS really have the motivation to fix these things when they get paid to bandaid them?"

I agree with what you're saying. It seems like it would be easier to just fix the exploits. Likely, this is just a marketing ploy to make it look like they're working harder...

...which they are, but it's kinda sense-less.

Let me know of a kernel exploit that exists for a locked down user account, without local access, in Windows 2000 or XP. To further increase the difficulty, the machine has a BIOS password, doesn't book from any other media except the HDD, and a notification is sent if BIOS pw has been attempted three times without success.

What application is it running since there are no local users? What other efforts have you taken? It doesn't look like you are secure AT ALL if this is all you have done LOL.

Lets not forget that Blaster didn't require a user account, OR local system access to own your computer and turn it into a drone.

Have you done any services hardening? What permissions does your "locked down user" have to hkey_current_user? How about \documents and settings\%username%\Start Menu\Programs\Startup?

"knowledge and an understanding of the capabilities of the operating system" that its partners may not have"

Then why in the world do they have so much more experience protecting Windows than Microsoft does?!

Umm... and how do you mean? I do believe that the advent of security espionage is relatively a new concept still (10 years?). Microsoft has made key acquisitions and really stepped up security in the past couple years. Quite possibly you are still using Windows 3.1? Windows XP SP2 or Windows Server 2003 SP1 are pretty bullet proof IMHO. The malicious software removal tool, anti-phishing Outlook feature, IIS lockdown utility, MSAS, local firewall, etc., etc. What more would you want? I have yet to find someone else secure my stuff better than 'yours truly' - the same goes for Microsoft. Unless of course someone has some code that others haven't seen - doubt it!

LOL! No, I'm not on Windows 3.1 and I haven't been in quite a few years. ;-) Microsoft has stepped up, I can't disagree with that however my knowledge and training in internet security & vulnerability assessment(sp?) tools tells me that even with the latest patches these operating systems are absolutely not bulletproof.

You missed a few key components in your 30 second lockdown strategy which would include multiple firewalls on disparate platforms, intrusion detection, and url filtering.

Those just scratch the surface, which even with you still need services hardening, and system hardening which is still not acceptable out of the box on a W2K3 server, though I will admit that it is 1000x better than W2K out of the box.

The 200+ page W2K3 hardening documents shouldn't have to be 200+ pages. ;-)

Actually the Security Configuration Wizard (SCW) is pretty good. Unfortunately you have to manually install it but it does a pretty good job at hardening your machine.

it's built into Server 2003 sp1.

Isn't this program really more client side (XP)? One shouldn't be web browsing on a server. One reason M$ lockes it down in Server 2003.

HUH, Web browsing?

OHHH you are referring to URL scan.. :-)

No, URL scan scans client connections to an IIS server. It's used to filter out any traffic that doesn't match the pattern of normal traffic which you define.

It's a Microsoft product, check it out.

http://www.microsoft.com...rity/tools/urlscan.mspx

Actually according to that documentation it is built in to Windows 2003 server, it should just be tweeked to suit your needs.

Ok, so, again, does anyone trust the company that made the vulnerabilities possible, to then also make the tools to combat the threats to those same vulnerabilities? And what about the licensing and cost?

I agree. If they have a deeper understanding of security vulnerabilities inherit to the OS, they should fix them.

Cost is a concern to me. I've beta tested Windows OneCare, which will eventually become a subscription service, so I assume Client Protection will as well. I believe a company charging to protect their own product is a conflict of interest.

They didn't make the vulnerabilites possible. Windows is just the number one target for hackers because its the most widley used Desktop OS by far. So Windows will always seem like they have the most vulnerabilities. Now cost is important though. But they do patch their OS for free. Client Protection is pretty much a program that protects the idiots that get spyware. So, why not charge for it. I mean, if you use Microsoft's AnitSpyware Beta app as an example of what's to come, I'm willing to bet Client Protection will be a quality program. I have personally never got one piece of spyware installed on my pc and I'm on the Internet all day, everyday. Again, these programs are for the idiots....I mean the ignorant. (That's sounds nicer.)

Damn straight. And interestingly enough, their "intimate knowledge" isn't helping when I install NOD32 and it catches 3 viruses OneCare totally missed.

They made the vulnerabilities infinitely possible by giving computer admin privlidges to all users by default.

This is absolutely the worst way to run a computer and is an open invitation to viruses, adware/spyware and hackers. The default initial users in any OS should be a limited environment where execution of potentially harmful installations must be approved.

Arguing that this is not desired by the majority of users is not valid and never was. They become the zombie systems and are then used to infect others. If they want to operate as full admin, they need to learn how to do so in such a way as to not cause potential harm to other systems connected to the net.

I am going to have to agree with beaver on this one. Lets not say quite idiots, but computer impaired retards, or the unaware. Out of every client our company supports (sometimes 4 times a a day), most of the time a call they make sound like there computer blew up, turned out to them dragging something somewhere, or a pop up telling them they need to "Tune" there pc and 30 adware apps are installed instead. We only handle medium sized business, our biggest client would have around 150 workstations, out of them 130 have no idea what the hell they are doing. However any somewhat savvy person can stay away from adware, it simple, do not use IE, stay away from sites that you don't trust, I don't open any attachment if it isn't business, I could care less about the chain letters in the mail...

Microsoft did not make the anti virus or adware programs, they baught them out, and changed the interfaces and added some new features....

actually..they bought Giant and removed features the interface only removed 'giant' and put'microsft'.. tsk manager still shows it as "gaintantispywaremain.exe"

i must agree with the fact that NOD32 is the best AV and OneCare will not change this.

nice program... Their website www.nod32.com is inaccessible (at time of my post). Seems only the australia one is up and running.