Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

MS to Ship Malware Protection Utility

By Ed Oswald, BetaNews

October 6, 2005, 7:24 AM

Microsoft introduced on Thursday a new program that will help to combat viruses, malware and spyware in the corporate environment, as well as provide stronger protection for current and emerging threats.

Called Microsoft Client Protection, the new service could be seen as new competition for McAfee and Symantec, who have otherwise worked closely with the company in recent years to combat the increasing tide of security threats.

Paul Bryan, product management director in the enterprise security division at Microsoft, said in an interview with BetaNews Wednesday night that Client Protection's aim is to "make sure people have fewer security products" to concern themselves with.

Bryan said the product would essentially be an enterprise version of Windows OneCare. That service is expected to include antivirus, anti-spyware and malware protection, as well as computer tune-up and backup functionality when it launches sometime next year.

"A lot of the underlying technologies are used across both services," Bryan explained. "You could consider it a foundation of sorts."

Although the announcement came on Thursday in Munich, Microsoft Client Protection will not immediately ship.

"We will be releasing an early beta shortly to selected customers," Bryan told BetaNews. He said the program focuses on three key areas: integration with current Microsoft applications such as Active Directory, unified protection, and information control.

By information control, Microsoft is building Client Protection so that an IT administrator would have a clearer picture of the threats or malware that could be present on a managed network. "A lot of companies provide reports but not a lot of information behind them," Bryan said.

Microsoft seems to be pushing aside any suggestion that such a program may upset its partners, and has formed a new alliance to collaborate on security products.

While Bryan would not comment directly on whether the company believed Client Protection would strain relations with others, he did say that Microsoft has "knowledge and an understanding of the capabilities of the operating system" that its partners may not have, but it would not hide this information from those companies.

Add a Comment (35 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By MarkCISSP

edited Nov 8, 2005 - 6:56 PM

I am not so sure that I want Microsoft as my security tool vendor for two reasons:

1) Microsoft's history on security, although getting better, has not been very good. It has taken them a very long time to "get it" in terms of networking and they are not there yet for security. The Microsoft gang wants to santitize everything and make it very easy (remembering passwords, etc). Security and very easy are sometimes mutually exclusive.

2) I believe diversity and layering is the best policy when it comes to security. Your office building may have a fence around it but you also lock the doors, might have a security guard, and may take other security measures inside. I prefer my computer security to be the same.

IT industry is "tool crazy" and looking to find the next tool to stop the "bad guys" quicker. The sad truth is the "bad guys" will always be quicker and better than the latest tool. User education plays a huge part in security. Most people would not blindly open the door of their office building late at night without knowing what is on the other side but many users routinely open every e-mail and click on embeded links without concern.

I don't have the ultimate answer but it seems we are always playing catch up.

Even so called trusted sources create security problems. The recent hype about Sony's "root kit" and the behavior of Skype software to automatically find a way through your firewall are two examples.

Mark S, CISSP

Score: 0

By Kalvik

edited Oct 18, 2005 - 7:26 PM

The question is where does the SYBARI purchase fit into this mix?

Score: 0

By dyl

edited Oct 7, 2005 - 9:43 AM

Keep in mind that this is for enterprise users. I'm just tickled that there may be Active Directory integration. What about WSUS integration? I should be able to manage my entire WIndows network from the AD consoles, perhaps pushing out the Client Protection through group policies/msi packages, and then configuring the options through group policies, and then pushing out updates through group policy (or even SMS). Halleluia! Of course, we won't yank out our current 3rd party AV solution, and we'll still try to lock down our desktops as much as our crappy applications allow (it's not MS' fault that crappy vendors require admin access--it's the vendor's fault for not following best practices in programming).

Score: 0

By fewt

posted Oct 7, 2005 - 9:56 AM

Sounds like that app should be a citrix published application. ;-)

Score: 0

By Neoprimal

posted Oct 6, 2005 - 11:05 PM

First of all, NOD32 has a high rate of fake detections. And most antiviruses will actually detect the same 'way' if you set their engines to sensitive. Second of all...what is it that some of you REALLY have against MS? You try so hard to make them out to be complete villains. They're no angels. They're greedy. But, as I've said many times before, give credit where credit is due. And what would your alternative to Windows be? Please, don't even whisper Linux, because just like Firefox, with the right 'motivation' ie: if it ever became a real target to virus/malware writers, Linux is one OS I can see crashing and burning. 2 or 3 mistakes in there and you're screwed. Which means 2 or 3 files affected by a virus, and there goes the system.
Locking down file access doesn't always help. There are things that get through anyway - but who's going to take the time to write a virus to do that on an OS that is barely noticed to the general populous? Instead, the script kiddies go download some stuff they find online and get stuff to attack a Windows system.
This move shows that MS is taking a step to increase security. Call it what you will - bandaid? tire patch? I don't care. Protection and prevention, sometimes don't beat a cure. After you've been damaged, however it's been done - it's nice to have something to keep your data alive. Nothing on the market is totally secure. If you think it's so easy to make a permanent fix, then do it. Till then, I'll appreciate that they're making this stuff to help protect my PC, and other PCs which could be attacking mine (unknowingly).

Score: 0

By corenor

edited Oct 7, 2005 - 10:51 AM

I'd like to see if this technology is innovative like Determina VPS. Does it inhibit exploit execution or just look for signatures.

Score: 0

By crashoverride

edited Oct 6, 2005 - 10:29 PM

Hmm, here's an idea, fix the problem instead of putting another bandaid on the market. We have plety of bandaids already. what we need is a fix.

Score: 0

By cousinkix1953

edited Oct 6, 2005 - 10:22 PM

Why pay for this stuff. The combination of Avast anti-virus, ZoneAlarm firewall and AdAware work for me. They're free and beat the Hell out of Norton or McAfee...

Score: 0

By Kompressor

edited Oct 6, 2005 - 3:02 PM

This is great news.

I am very upset with McAfee and Symantec as they have no malware protection and I recently got hit by malware which caused me to loose allot of data.

I'm currently beta testing Windows OneCare and like it so far, and it's great to see that Microsoft is going to come out with an all-in-one protection package which includes antivirus, spyware and malware protection!

Score: 0

By PC_Tool

posted Oct 6, 2005 - 3:14 PM

http://en.wikipedia.org/wiki/Malware

You are confusing malware with spyware...Malware encompasses both Viruses and Spyware.

OneCare missed a few that NOD32 caught.

No single package is a perfect solution.

Score: 0

By wincement

posted Oct 6, 2005 - 6:23 PM

"No single package is a perfect solution."

Absolutely agreed. I just sit back and enjoy when people keep trying to sell their favorite security programs.

Some may be better than others, but relying on only one will still leave your back end sticking out on the net.

Score: 0

By PC_Tool

posted Oct 6, 2005 - 11:38 AM

I just gotta ask...

How necessary is an AV/Spyware solution in a limited operating environment with system / configuration protection such as a limited user (non-root/admin) account.

If it is impossible for programs to run without permission, why would we need an app that searches for programs that ran/run without permission?

If the OS was secure, we wouldn't need these apps.

It's a catch-22 and definately begs the question of "Conflict of Interest". They build the OS, and the product that bandaids the original products security flaws.

Score: 0

By yohimbe9

posted Oct 6, 2005 - 5:34 PM

"If it is impossible for programs to run without permission..."

That's the big thing. Remember IE? Do you want to install this ActiveX control? Sure, whatever, go away. People grant permission all the time without realizing. 2K (which really wasn't meant to be installed at home) and XP both started out poorly by creating the user as an Admin. This is something that's not going to be changed in these (soon to be) legacy operating systems. You're not going to be able to move tens of millions of users to restricted user no matter what. That's a fact that MS realizes so their making a product to cope with a mistake or bad decision that they made early on.

Score: 0

By mjm01010101

posted Oct 6, 2005 - 1:09 PM

There is no need.
I've been running windows 2000 since day one on a 60 node network, and spyware just doesn't infect machines where users run as users. Yes I have AV installed and yes the AV client scans for spyware (or greyware) and none is discovered.

However, if MS is in the field for 2 years, and proves itself as say symantec or trend has in the corporate arena has, then I'll consider. MS has been known to be wishy washy on security, and it's not something that requires a half-hearted effort.

Score: 0

By fewt

posted Oct 6, 2005 - 1:30 PM

Unfortunately kernel sploits can allow code executed as a user to run as the system. This will allow for any code to be installed anywhere on a system. The newer root kits out there (yes there ARE root kits for Windows) can't even be detected without powering off the system and scanning it in another box with a root kit detector.

Score: 0

By mjm01010101

posted Oct 6, 2005 - 6:53 PM

Let me know of a kernel exploit that exists for a locked down user account, without local access, in Windows 2000 or XP. To further increase the difficulty, the machine has a BIOS password, doesn't book from any other media except the HDD, and a notification is sent if BIOS pw has been attempted three times without success.

Score: 0

By fewt

edited Oct 6, 2005 - 7:14 PM

What application is it running since there are no local users? What other efforts have you taken? It doesn't look like you are secure AT ALL if this is all you have done LOL.

Lets not forget that Blaster didn't require a user account, OR local system access to own your computer and turn it into a drone.

Have you done any services hardening? What permissions does your "locked down user" have to hkey_current_user? How about \documents and settings\%username%\Start Menu\Programs\Startup?

Score: 0

By PC_Tool

posted Oct 6, 2005 - 2:11 PM

Then a fix for those flaws which allow such exploits would be nice. I'd rather have the fix than a scanner.

I mean, will MS really have the motivation to fix these things when they get paid to bandaid them?

Score: 0

By wincement

edited Oct 6, 2005 - 6:32 PM

"I mean, will MS really have the motivation to fix these things when they get paid to bandaid them?"

I agree with what you're saying. It seems like it would be easier to just fix the exploits. Likely, this is just a marketing ploy to make it look like they're working harder...

...which they are, but it's kinda sense-less.

Score: 0

By fewt

posted Oct 6, 2005 - 8:06 AM

"knowledge and an understanding of the capabilities of the operating system" that its partners may not have"

Then why in the world do they have so much more experience protecting Windows than Microsoft does?!

Score: 0

By amcguire

edited Oct 6, 2005 - 10:57 AM

Umm... and how do you mean? I do believe that the advent of security espionage is relatively a new concept still (10 years?). Microsoft has made key acquisitions and really stepped up security in the past couple years. Quite possibly you are still using Windows 3.1? Windows XP SP2 or Windows Server 2003 SP1 are pretty bullet proof IMHO. The malicious software removal tool, anti-phishing Outlook feature, IIS lockdown utility, MSAS, local firewall, etc., etc. What more would you want? I have yet to find someone else secure my stuff better than 'yours truly' - the same goes for Microsoft. Unless of course someone has some code that others haven't seen - doubt it!

Score: 0

By fewt

posted Oct 6, 2005 - 11:26 AM

LOL! No, I'm not on Windows 3.1 and I haven't been in quite a few years. ;-) Microsoft has stepped up, I can't disagree with that however my knowledge and training in internet security & vulnerability assessment(sp?) tools tells me that even with the latest patches these operating systems are absolutely not bulletproof.

You missed a few key components in your 30 second lockdown strategy which would include multiple firewalls on disparate platforms, intrusion detection, and url filtering.

Those just scratch the surface, which even with you still need services hardening, and system hardening which is still not acceptable out of the box on a W2K3 server, though I will admit that it is 1000x better than W2K out of the box.

The 200+ page W2K3 hardening documents shouldn't have to be 200+ pages. ;-)

Score: 0

By atab0y

posted Oct 7, 2005 - 1:51 AM

Isn't this program really more client side (XP)? One shouldn't be web browsing on a server. One reason M$ lockes it down in Server 2003.

Score: 0

By fewt

posted Oct 7, 2005 - 8:11 AM

HUH, Web browsing?

OHHH you are referring to URL scan.. :-)

No, URL scan scans client connections to an IIS server. It's used to filter out any traffic that doesn't match the pattern of normal traffic which you define.

It's a Microsoft product, check it out.

http://www.microsoft.com...rity/tools/urlscan.mspx

Actually according to that documentation it is built in to Windows 2003 server, it should just be tweeked to suit your needs.

Score: 0

By yohimbe9

posted Oct 6, 2005 - 5:39 PM

Actually the Security Configuration Wizard (SCW) is pretty good. Unfortunately you have to manually install it but it does a pretty good job at hardening your machine.

Score: 0

By atab0y

posted Oct 7, 2005 - 1:48 AM

it's built into Server 2003 sp1.

Score: 0

By ds0934

posted Oct 6, 2005 - 8:01 AM

Ok, so, again, does anyone trust the company that made the vulnerabilities possible, to then also make the tools to combat the threats to those same vulnerabilities? And what about the licensing and cost?

Score: 0

By oubeaver

posted Oct 6, 2005 - 9:13 AM

They didn't make the vulnerabilites possible. Windows is just the number one target for hackers because its the most widley used Desktop OS by far. So Windows will always seem like they have the most vulnerabilities. Now cost is important though. But they do patch their OS for free. Client Protection is pretty much a program that protects the idiots that get spyware. So, why not charge for it. I mean, if you use Microsoft's AnitSpyware Beta app as an example of what's to come, I'm willing to bet Client Protection will be a quality program. I have personally never got one piece of spyware installed on my pc and I'm on the Internet all day, everyday. Again, these programs are for the idiots....I mean the ignorant. (That's sounds nicer.)

Score: 0

By ryanyogan

posted Oct 6, 2005 - 5:49 PM

I am going to have to agree with beaver on this one. Lets not say quite idiots, but computer impaired retards, or the unaware. Out of every client our company supports (sometimes 4 times a a day), most of the time a call they make sound like there computer blew up, turned out to them dragging something somewhere, or a pop up telling them they need to "Tune" there pc and 30 adware apps are installed instead. We only handle medium sized business, our biggest client would have around 150 workstations, out of them 130 have no idea what the hell they are doing. However any somewhat savvy person can stay away from adware, it simple, do not use IE, stay away from sites that you don't trust, I don't open any attachment if it isn't business, I could care less about the chain letters in the mail...

Score: 0

By PC_Tool

edited Oct 6, 2005 - 12:02 PM

They made the vulnerabilities infinitely possible by giving computer admin privlidges to all users by default.

This is absolutely the worst way to run a computer and is an open invitation to viruses, adware/spyware and hackers. The default initial users in any OS should be a limited environment where execution of potentially harmful installations must be approved.

Arguing that this is not desired by the majority of users is not valid and never was. They become the zombie systems and are then used to infect others. If they want to operate as full admin, they need to learn how to do so in such a way as to not cause potential harm to other systems connected to the net.

Score: 0

By dex23462

posted Oct 6, 2005 - 8:44 AM

I agree. If they have a deeper understanding of security vulnerabilities inherit to the OS, they should fix them.

Cost is a concern to me. I've beta tested Windows OneCare, which will eventually become a subscription service, so I assume Client Protection will as well. I believe a company charging to protect their own product is a conflict of interest.

Score: 0

By PC_Tool

posted Oct 6, 2005 - 11:41 AM

Damn straight. And interestingly enough, their "intimate knowledge" isn't helping when I install NOD32 and it catches 3 viruses OneCare totally missed.

Score: 0

By ryanyogan

posted Oct 6, 2005 - 5:50 PM

Microsoft did not make the anti virus or adware programs, they baught them out, and changed the interfaces and added some new features....

Score: 0

By Adrian79

posted Oct 6, 2005 - 8:33 PM

actually..they bought Giant and removed features the interface only removed 'giant' and put'microsft'.. tsk manager still shows it as "gaintantispywaremain.exe"

i must agree with the fact that NOD32 is the best AV and OneCare will not change this.

Score: 0

By atab0y

posted Oct 7, 2005 - 1:55 AM

nice program... Their website www.nod32.com is inaccessible (at time of my post). Seems only the australia one is up and running.

Score: 0

Dec 5 - 1:45 AM ET Shazam: eight million songs of the eternal Now

Dec 4 - 7:30 PM ET Comcast to offer bandwidth consumption monitor

Dec 4 - 5:37 PM ET Counterfeiters sing the 'Blue' as Microsoft lawyers up

Dec 4 - 4:40 PM ET Opera 10 alpha shows off new Presto rendering engine

Dec 4 - 2:29 PM ET Apple: Psystar clone-maker is working with unnamed collaborators

Dec 4 - 2:21 PM ET Windows Live rollout sketchy, team apologizes

Dec 4 - 2:20 PM ET Stinging from a revenue shortfall, Adobe to shed workers

Dec 4 - 11:47 AM ET The storm hits AT&T, with a five-digit headcount reduction

Dec 4 - 11:42 AM ET TV sports adopts Web coverage, plays with iPhones

Dec 4 - 11:24 AM ET Microsoft seeks 'community' help to make IE8 Standards Mode work out