[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] MS Anti Virus?

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] MS Anti Virus?
From: "Gregory A. Gilliss" <ggilliss@xxxxxxxxxxxxxxxxx>
Date: Thu, 17 Jun 2004 11:03:28 -0700

Dan et al:

You are missing the point here. While it matters little *who* is in the A/V
market, it matters very much when one player is Microsoft, because the M$
business model (according to them and to the US DOJ) is to enter a market,
undercut the market, co-opt the market, drive out the competition, and 
move on to the next market (not unlike a virus, as told by Agent Smith).
So if M$ enters the A/V market and "bundles" their solution with Windows
whatever, they likely will drive Symantec and McAfee out of the market 
over time by co-opting the A/V subscription market.

The security ramifications of a M$ only A/V marketplace relate to Dan Geer's
monoculture argument (already well discussed here) and also a conflict of
interest (since M$ products account for a majority of the A/V infections).
Can we "trust" an A/V solution from M$ that addresses virus infections of
M$ products? And is M$ controls both the virus host and the A/V inoculation,
does that not create a potential area of abuse - no license/upgrade/whatever,
no A/V subscription/update/whatever?

As Reagan told Gorbachev, "Let me tell you why we do not trust you..."

G

On or about 2004.06.17 15:51:19 +0000, DAN MORRILL (dan_20407@xxxxxxx) said:

> You make anti virus software sound like a gun lock on a 9MM.
> 
> Does it really matter who is in the anti-virus market? If Microsoft goes 
> that way, and they have the best knowledge of what they created, what we 
> can reasonably expect to see in the words of Bill Gates "Innovation, with 
> rich user features, deeply embeded in our software".
> 
> So, we can have an AV product that does great things, but maybe only 2% of 
> it will be used, and because it is a microsoft product, we can expect 
> patches every month, with known and unknown vulnerabilites from day one.

-- 
Gregory A. Gilliss, CISSP                              E-mail: greg@xxxxxxxxxxx
Computer Security                             WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] MS Anti Virus?
  - From: Ron DuFresne
- RE: [Full-Disclosure] MS Anti Virus?
  - From: Poof
- RE: [Full-Disclosure] MS Anti Virus?
  - From: joe

References:
- Re: [Full-Disclosure] MS Anti Virus?
  - From: DAN MORRILL

Prev by Date: RE: [Full-Disclosure] MS Anti Virus?
Next by Date: Re: [Full-Disclosure] MS Anti Virus?
Previous by thread: Re: [Full-Disclosure] MS Anti Virus?
Next by thread: Re: [Full-Disclosure] MS Anti Virus?
Index(es):
- Date
- Thread