lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040617180328.GB44657@netpublishing.com>
From: ggilliss at netpublishing.com (Gregory A. Gilliss)
Subject: MS Anti Virus?

Dan et al:

You are missing the point here. While it matters little *who* is in the A/V
market, it matters very much when one player is Microsoft, because the M$
business model (according to them and to the US DOJ) is to enter a market,
undercut the market, co-opt the market, drive out the competition, and 
move on to the next market (not unlike a virus, as told by Agent Smith).
So if M$ enters the A/V market and "bundles" their solution with Windows
whatever, they likely will drive Symantec and McAfee out of the market 
over time by co-opting the A/V subscription market.

The security ramifications of a M$ only A/V marketplace relate to Dan Geer's
monoculture argument (already well discussed here) and also a conflict of
interest (since M$ products account for a majority of the A/V infections).
Can we "trust" an A/V solution from M$ that addresses virus infections of
M$ products? And is M$ controls both the virus host and the A/V inoculation,
does that not create a potential area of abuse - no license/upgrade/whatever,
no A/V subscription/update/whatever?

As Reagan told Gorbachev, "Let me tell you why we do not trust you..."

G

On or about 2004.06.17 15:51:19 +0000, DAN MORRILL (dan_20407@....com) said:

> You make anti virus software sound like a gun lock on a 9MM.
> 
> Does it really matter who is in the anti-virus market? If Microsoft goes 
> that way, and they have the best knowledge of what they created, what we 
> can reasonably expect to see in the words of Bill Gates "Innovation, with 
> rich user features, deeply embeded in our software".
> 
> So, we can have an AV product that does great things, but maybe only 2% of 
> it will be used, and because it is a microsoft product, we can expect 
> patches every month, with known and unknown vulnerabilites from day one.

-- 
Gregory A. Gilliss, CISSP                              E-mail: greg@...liss.com
Computer Security                             WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ