Finally Admitting Their OS Weak, M$ Will Ship Anti-Virus With “8”

Cutting out the middleman, M$ intends to cash in on the lucrative anti-virus market by cutting out the industry M$ created by shipping an OS with no inherent security for decades. “8” will include anti-virus.

Fortunately XP and “7” will be around for a decade or more so the anti-virus industry will be around a while longer. Consumers wanting a single point of failure can now choose M$ with confidence.

I recommend Debian GNU/Linux which has few problems with viruses.

This entry was posted in technology. Bookmark the permalink.

24 Responses to Finally Admitting Their OS Weak, M$ Will Ship Anti-Virus With “8”

  1. pogson says:

    Using that other OS is a recipe for an infinite number of forklift upgrades: eg. XP to Vista or “7” or “8”. How is that not a forklift upgrade? All the hardware had to be changed whereas with GNU/Linux it is quite possible to use 8 year old stuff with satisfaction and in the future, apt-get update;apt-get dist-upgrade keeps me going.

  2. oldman says:

    “Why bother with a whole bunch of non-M$ protocols if all they were doing was connecting to that other OS?”

    Because it is a lot cheaper to virtualize the applications that they have than to perform the fork lift upgrade that would need to be put in place to do it your way.

  3. pogson says:

    oldman wrote, “the OS and applications being run are windows apps on windows”.

    Of course, there is a lot of that but GNU/Linux with web applications are making huge inroads and that other OS is not on either end. Anywhere there are a lot of dedicated desktops using a few applications that can be delivered by http, there is just no need for that other OS. That’s good for the users, the admins and the accountants. It costs a lot less and works better.

    See, for example, Revolution Linux. They provide solutions in France, Brazil and Canada and they do a good business. GNU/Linux on the thin clients and only a few apps running on that other OS mean lower costs and better performance.

    See, for example, what Wyse is selling. Why bother with a whole bunch of non-M$ protocols if all they were doing was connecting to that other OS?

    Here’s a hospital giving inpatients GNU/Linux thin client desktops to browse the web.
    “The hospital estimates that the energy-efficient “thin client” computer monitors save 60 percent in electricity costs versus stand-alone PCs. The hospital estimates that the new desktops have saved 98 percent of the IT costs that would have been spent maintaining normal PCs.

    GAMC patients have responded enthusiastically to the desktops, and the hospital sees this service as a way to attend to the patients’ emotional needs and stand out from competitors. Some patients use the computers to blog about their hospital stay or update CarePages, popular patient Web sites that connect patients with chronic illnesses to their friends and families.

    Using virtualized Linux desktops has kept the costs of the patient service low while maintaining a high level of privacy and security. Updates and maintenance to the software can be made on a centralized server by the hospital’s IT staff, while no data is left on the local client monitor after the patient checks out of the hospital room. “

    So, no. The world no longer depends on M$ for everything in IT.

  4. oldman says:

    “Vistors here have asked for a re-purposed 10-15$ thin-client from eBay to do the same now after having seen what we’ve got running, seems this Penguin thing is catching on. ”

    Nope. You are looking a a niche. The real VDI action is with a commercial product like Citrix XenDesktop. And the OS and applications being run are windows apps on windows.

  5. oe says:

    Vistors here have asked for a re-purposed 10-15$ thin-client from eBay to do the same now after having seen what we’ve got running, seems this Penguin thing is catching on. Perhaps TUX and the branding that Canonical has done, though many deem it parasitic, is helping the whole Linux community along.

  6. oe says:

    “The typical US household has multiple personal computers. There is room for a server in every home. M$’s file/print/IIS is a poor substitute for the flexibility of Debian GNU/Linux and other distros to turn any PC into a server.”

    Agreed, I have found Linux on a thin client (about 15 Watts power draw) to be the perfect Swiss Army knife of ssh tunneler, webserver, torrent box, print server, file server, ftp repo, apt-cacher, media server, and more. Wouldn’t have a clue on how to do that on MS products; doubt I could get them running on a 15W thin client anyway, maybe a 150W home media server, guess that will be good for heating a room on the side. Linux, it’s a piece of cake with all the great “HOW-TO’s”, populated configuration files, the so-called FreeTard community (rather, I think, folks whom base quality is more important than slick marketing); bash scripting knowledge learned 15 years ago can still be leveraged for customization tricks…

  7. oldman says:

    “M$’s file/print/IIS is a poor substitute for the flexibility of Debian GNU/Linux and other distros to turn any PC into a server.”

    If you wish to play 1980’s sysadmin Pog, knock your socks off. Nobody other than a small number of tinkerers like youself does.

  8. pogson says:

    The typical US household has multiple personal computers. There is room for a server in every home. M$’s file/print/IIS is a poor substitute for the flexibility of Debian GNU/Linux and other distros to turn any PC into a server.

  9. oldman says:

    “ARM on servers is right around the corner and real people do compute on servers.”

    I’m a real people POg, and I don’t have a server at home. That is your fantasy, not mine. I prefer to have my compute power dedicated to my use for my purposes.

    And I have zero interest in sharing.

    What we do at home is called desktop computing, Pog. I think that you need to get over your obsession with moving us all into the big glass house.

    IMHO, its warping your perspective.

  10. pogson says:

    Performance = instructions executed. ARM executes more instructions per second per watt, per cm2, and per dollar. Therefor, for the same expenditure of resources one can get more done with ARM. Yes, you can get more performance from a single chip or core with x86, but there is no rule against using multiple chips. One can put 8 CPUs on some x86 motherboards but in the same space, one can put dozens of ARMed CPUs so Phenom’s argument is baseless. It assumes a single chip/core. In the real world people use more.

    In an ARMed CPU, the thinking part is almost invisible compared to the area devoted to that in x86. x86 has to have microcode for every instruction and hardware for a wide variety of instructions all clocked at gigahertz rates. That’s why for similar throughput, ARM can use 3 to 5 times less power.

    Phenom’s argument is that one does not need to count the electrical power consumption. That’s false. Given any practical limit on power consumption ARM can do more with less. His assumption is supported by lack of visibility in the market but ARM on servers is right around the corner and real people do compute on servers.

    “Project Moonshot is designed to fuel the advancement of low-energy server technology, while promoting industry collaboration to break new ground in “hyperscale” computing environments such as cloud services and on-demand computing.

    Through these efforts, data center efficiencies are expected to reach new heights for select workloads and applications, consuming up to 89 percent less energy and 94 percent less space, while reducing overall costs up to 63 percent compared to traditional server systems.(1)”

    see HP/Calxeda press release

    HP provides serious hardware for serious people doing serious things in the real world.

  11. Phenom says:

    Pogson, calling x86 bloated is pure crap. Look at that: http://www.tomshardware.com/gallery/die_plan,0101-164882-0-2-3-1-jpg-.html

    A whole 1/3 of the die is the L3 cache. Then you have also a memory controller, and L1 + L2 cache.

    The “bloat”, as you mindlessly name it, is actually performance improvement. x86 strives for performance most of all. Performance is exactly the area where x86 blows ARM out of the water.

    You don’t need performance. But people, who do real work on their computers, do need it. Designers need it. Musicians need it. Engineers need it. Data analysist need it. Games need it. Scientists need it. The list goes on and on.

    At the end, most people will have both an ARM-based tablet, and a powerful laptop / desktop.

  12. pogson says:

    Besides the security issue, x86 is bloated. There is so much backwards compatibility and unnecessary bits being flipped at 3gHz that it’s a huge waste of energy, silicon and space. This is why x86 has done very little in the mobile space. IMHO this is a much larger (literally too) problem than security. So, the world spends tens of $billions on security problems annually. The world spends thousands of $billions on IT. The world could save more switching to ARM than just about anything else that one could do in IT combined. ARM should be running more thin clients than it is and it could be running a lot more servers.

  13. oiaohm says:

    Firmware would also write the reinfect firmware to a clean harddrive inserted in the machine as well.

    Yes a complete prick to remove was what that tech did.

  14. oiaohm says:

    oldman simple answers its two particular answers.

    answer 1 issue with getting spare parts in remote areas. Dominance of x86 forced me to lower my standards due to the high access to parts when things go wrong. Not that I have been happy using x86 just because of this.

    answer 2 with 3d processing I have been kinda left screwed. Nvidia and ATI not doing drivers(or poor quality version of there drivers) for IBM power hardware so unable to user there GPU’s. This is part of the reason I watch open source drivers for GPU’s so much. I want to be able to use proper designed hardware so I can have proper secuirty from the hardware up.

    I do run some servers that are power normally closer to general supply paths. Also looking very closely at the upcoming HP ARM servers. Power saving of arm might be great enough to out weigh the supply issue.

    Basically oldman I will be a very happy person if the day comes that I can Shutdown the last x86 server and my last x86 client I am looking after for good or Intel does truly fix the SMM design error so its not a evil black box to hide infection. Its a very stupid secuirty error allow something to exist that cannot be scanned that can do what ever it god darn pleases to exist.

    Yes I know to some people is shock horror that a major secuirty issue can be hiding in the hardware they are using.

    The thing is I am aware this issue exists and are setup to check systems for it. Horrid to have to remove bios chip.

    There is a make of motherboard that you can get on top of the SMM problem partly. Gigabyte due to the dual bios. The rom copy of bios on the Gigabyte cannot be modifed so by forcing a boot into that you can inspect the Gigabyte flash copy so removing infections means to hide.

    There are also some cards you can get that are not cheap that you can insert into a computer and be able to force alterative bios to be used. http://www.uxd.com/phdpci2.shtml Yes jack hammer with these you can find the infection in the bios of motherboard as well. With non gigabyte brands. Problem here is not one of these cards is rom. So an attacker could in theory flash the infection into the card. So could become a source of infection as well.

    This is the issue lot of techs don’t even have the gear to deal with the problem of a breached bios. Heck a lot are not aware it can even happen. There is no way to detect it from a virus scanner running in the OS on x86 other than the fact the machine may be getting repeatedly infected even without internet connection or connection to any other machine. Even arm and power it can be impossible to detect that the protected areas have been breached from the running OS and require special inspection. But at least the protected areas access is limited.

    So really on x86 you don’t have many valid options for something simple to audit and the danger is far higher than it should be.

    Bios breaches are the worst nightmares since they are hard to detect and can be even harder correct.

    The worst underhanded I found was a tech placing a 60 day timer in the bios that stopped the computer from booting every 60 days. To drum up more business. Year I saw this was 1997. Worse it was a kind of virus. You re flash firmware infection on harddrive would flash it back to the infected state. Yep a computer bricker. This is why I have been highly aware to this kind of problem.

    Really I am surprised that it taken major sections of the malware community to start targeting this area.

  15. oldman says:

    “Power and ARM equals to SMM were done with separation from the running OS so an infection in theirs even than you will not be able to scan it damage is limited since it cannot mess with the running OS memory space. Basically if it can mess with the OS memory space in power and arm it can scan it. Better design of chips basically.”

    So why aren’t you running IBM power systems?

  16. oiaohm says:

    Phenom really funny enough what forums the ones filled with idiots and that is why you are there.

    http://fawlty.cs.usfca.edu/~cruse/cs630f06/duflot.pdf

    The weakness in X86 is System Management Mode (SMM) existed from 486 processor on copied by AMD and VIA so infecting all x86 processors in production today with defective design.

    Not all versions of SMM have been invincible to being scanned but all current x86 processes running off the production mode if you can flash a firmware get code running in SMM there is no way you can see the infection from the OS the SMM can even mask out the firmware hiding its existence. So the only way to find the breach is access the firmware in a way the x86 processor chip does not start up.

    SMM has no restrictions on what it can or cannot do.

    Assault using SMM demoed “Hackers can break into SMM to run high-privileged rootkits as shown at Black Hat 2008” Existing versions in the wild. Mostly high value targets.

    Power and ARM equals to SMM were done with separation from the running OS so an infection in theirs even than you will not be able to scan it damage is limited since it cannot mess with the running OS memory space. Basically if it can mess with the OS memory space in power and arm it can scan it. Better design of chips basically.

    Really this shows how little you know Phenom. Please get to know the hardware you run and the quality or lack of quality in it design.

    Secuirty is only as good as every layer. OS on defective designed hardware cannot be made as strong as the same OS on well designed hardware.

  17. Phenom says:

    Kozmcrae, don’t listen to Ohio. He’s bullshitting your, and the tragedy is that even he doesn’t realize it. No wonder he is largely ignored and mocked at in most forums and blogs he pollutes.

  18. JairJy says:

    Users using XP, Vista and 7 can easily install Microsoft Security Essentials, a free and well acclaimed antimalware software. Windows 8 will only include it by default and merging with Windows Defender, the anti-spyware that comes included since Vista.

  19. Kozmcrae says:

    Thanks oiaohm, that will give me more incentive to move over to ARM when they become available on PCs. I’m not ready to move over to a tablet. Not sure if I’ll ever be for that matter.

  20. oiaohm says:

    Kozmcrae as an business network administrator is possible to deal with trojans. Only thing android is getting is trojans there are no viruses or worms effecting android.

    Really business solution run own appstore with approved apps in it and no option left in the android phones to install from else where. Yes you can disable android market on android phones.

    Ie 1 000 000 trojans is not a major problem.

    Ivan historically Linux has been breached many times. The result is each time it hardens.

    The recent breach at Linux kernel has moved cgroups from being an optional feature to something that just has to be implemented and other minor annoying weaknesses have to be solved completely.

    Nice wake up call.

    There was a follow up email to that notice that run developers through the process from bios auditing to system auditing. A process I know most windows techs don’t have a clue how todo. Because the next fear is possible bios level infections that are particularly evil since intel x86 processors provide an area that you can run code but you cannot scan and it can alter everything running.

    Arm and Power processer are more secuirty sane. So the first thing if you really want secuirty is drop all x86 intel machines in shredder due to being defective design.

    Yes you need to start at the chips and work up. Secure mode for hardware management on the arm is isolated from non secure mode so the memory spaces are proper split. Secure mode in x86 can edit anywhere in memory it likes. Even the hardware states in the soc of arm are split. So secure and non secure cannot interfere with each other.

    Becoming proper secure is not going to be cheap because we have been using the wrong hardware forgetting the crappy OS selection.

  21. Kozmcrae says:

    When Android gets to, say, around 100,000 virus’, trojans, worms and other assorted malware, let’s talk about problems with security. Until then, Microsoft holds the title for security-so-bad it created a multi-billion dollar industry just to keep it going.

    Ivan, you’ll have to be satisfied with making a big stink about single security breaches. Good luck with that.

    PS Isn’t that the one that needs the user’s permission to launch?

  22. Ivan says:

    “I recommend Debian GNU/Linux which has few problems with viruses.”

    Greg Kroah-Hartman disagrees with you:

    “The compromise of kernel.org and related machines has made it clear that some developers, at least, have had their systems penetrated. As we seek to secure our infrastructure, it is imperative that nobody falls victim to the belief that it cannot happen to them. We all need to check our systems for intrusions. Here are some helpful hints as proposed by a number of developers on how to check to see if your Linux machine might be infected with something:”

    http://lwn.net/Articles/461237/

    And let’s not forget this nice screensaver that was on Gnome-Look.org:

    http://ubuntuforums.org/showthread.php?t=1349678

  23. oiaohm says:

    NT JERKFACE funny. Of course mcafee does not mention the fact that not one of the android infections to date can spread android to android.

    Second there was not one of those malware that the user did not have to install themselves.

    WP7 does not have applications secuirty either. Just like android anyone can make applications for wp7 and release on web. WP7 is a weaker designed OS.

    NT JERKFACE if you want to point to something more secure you would be saying iphone. Again that is app store design difference.

    Really Android does require work but is nothing majorally bad. In fact even Mcafee admits a lot of the infections could have been stopped in the track if users had read what applications were asking todo and thought about it.

    Failure in the user hands is the majority of the problem. Without locking the platform down you cannot stop this.

Leave a Reply