Once Again, Security Company Suggests Microsoft Making Its Own Software Secure Is An Antitrust Violation

from the rock-and-a-hard-place dept

For many years, we've pointed out that Microsoft is in a bit of a rock and a hard place when it comes to security software. The company more or less created an entire outside industry in having its software be so incredibly insecure that various other firms had to step up to secure it. But, that puts Microsoft in a really tough position. Does it fix its own security flaws... or is doing so a way to abuse its market position to put the security firms out of business? It's hard to see how that latter position makes much sense to anyone other than those who work for the security companies, but they continue to make those claims. The latest is from Trend Micro, who is complaining that Microsoft Security Essentials (MSE) is an antitrust violation. The article linked here notes that this is even more ridiculous than you might expect, in that MSE is an optional download. Either way, it seems like a pretty huge stretch to claim that fixing your own security holes could possibly be an antitrust violation. The real problem may be that Trend Micro jumped into a business that relied on another company continuing to suck.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Anonymous Coward, Nov 12th, 2010 @ 8:59am

    Here we go with the bogus anti trust violation allegations again. Anti trust laws are never used for a legitimate purpose, only for things that are not relevant to anything.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      A Dan (profile), Nov 12th, 2010 @ 10:03am

      Re:

      The good part of antitrust laws is the prohibition on collusion. That's the part that actually accomplishes its purpose.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Nov 12th, 2010 @ 10:24am

        Re: Re:

        When has it ever been used to accomplish its stated purpose? The last example one can think of maybe the telco example and that was how long ago?

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Nov 12th, 2010 @ 10:25am

          Re: Re: Re:

          is maybe the telco example *

           

          reply to this | link to this | view in chronology ]

        •  
          icon
          The Mighty Buzzard (profile), Nov 12th, 2010 @ 12:52pm

          Re: Re: Re:

          It got me like $15 from the CD price fixing class action. Not that they changed their prices much afterwards but it's better than nothing.

          It's also gotten MS to offer less bundled versions of Windows over in Europe and they now offer you up a choice of default browser in the same.

          They really do need to be more widely and thoroughly applied though.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Nov 12th, 2010 @ 9:26pm

            Re: Re: Re: Re:

            You mean this one.

            http://www.usatoday.com/life/music/news/2002-09-30-cd-settlement_x.htm

            Lets see.

            "Former FTC chairman Robert Pitofsky said at the time that consumers had been overcharged by $480 million since 1997 and that CD prices would soon drop by as much as $5 a CD as a result. "

            Yet they only had to pay

            "Monday to pay $67.4 million and distribute $75.7 million in CDs to public and non-profit groups to settle a lawsuit led by New York and Florida over alleged price-fixing in the late 1990s. "

            Wow, what a bargain.


            "It's also gotten MS to offer less bundled versions of Windows over in Europe and they now offer you up a choice of default browser in the same."

            Wow, that really sounds like it accomplished a lot of good.

            /sarcasm

             

            reply to this | link to this | view in chronology ]

  •  
    icon
    crade (profile), Nov 12th, 2010 @ 9:14am

    " The real problem may be that Trend Micro jumped into a business that relied on another company continuing to suck."

    Well, this is Microsoft we are talking about here. It's a pretty safe bet.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Bruce, Nov 12th, 2010 @ 9:27am

    Trend Micro is trending down.

    Trend Micro is wasting time and money with that claim unless TM can show collusion between MS and one of TM's competitors, such as Symantech. Acting alone, MS can do security. TM will go down in flames on that case unless they have proof of collusion. TM might look to Avast! for a better business model, rather than taking a flyer on a longshot litigation like this. This nowhere close to the powerful antitrust claim MS beat on IE. Trend Micro is trending down toward becoming an insignificant micro-business.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Joseph Durnal, Nov 12th, 2010 @ 9:31am

    MSE is the Ford Fiesta of AV

    It does a reasonably good job for what you pay for it but there are better options available for those who are willing to pay more. I used to use AVG Free on my non business related systems but it got a little bloated and intrusive, so I switched to MSE. I've always kept ClamAV installed with a scheduled scan as a secondary measure.

    Professorially, the big problem with MSE is that it really isn't manageable. I suppose that a small company with a hig risk tolerance would be OK with MSE but most businesses, organizations, & government agencies need something more. Even Microsoft competes with MSE, with their Forefront client security product.

    The bottom line is that if you can't make an AV product that is better than MSE, you are getting what you deserve if folks aren't buying it.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    out_of_the_blue, Nov 12th, 2010 @ 9:37am

    M$ inherently has inside info that gives it unfair advantage.

    If M$ wants to promote security, they can do it from the direction that they *utterly* control: the original code. If they were competent at writing an OS -- instead of attempting the accessories and thereby leveraging against other companies -- then they actually *could* cut out most security programs in a legal way. But, being M$, they profit from their flaws, and being M$ partners means profiting in the ecosystem that thrives on those flaws, and being M$ customers means a slavish acceptance that M$ is the only *possible* choice.

    Anti-trust to reduce a monopoly -- even if it were "natural" -- is entirely a good purpose in line with historical use. The world basically is held hostage to M$'s stupidity besides cupidity, and if a really good virus is written, it could bring the whole house of cards down. It's too much risk to place on a company with M$'s history of unethical competition.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Nov 12th, 2010 @ 9:58am

      Re: M$ inherently has inside info that gives it unfair advantage.

      Oh, right, MS should just take a lesson from all those other pieces of software that can't be exploited...

      Oh, wait, there is NO SUCH THING as unexploitable software.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Nov 12th, 2010 @ 10:28am

        Re: Re: M$ inherently has inside info that gives it unfair advantage.

        Give me a sledgehammer and a reasonably powerful electromagnet and I can make any system unexploitable and its data unstealable. :)

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Nov 12th, 2010 @ 12:09pm

        Exploit This

        #include
        using namesapce std;

        void main() {
        cout

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      Bengie, Nov 12th, 2010 @ 10:18am

      Re: M$ inherently has inside info that gives it unfair advantage.

      Ummm.. Win7 has very few exploits, about in line with Linux.

      Anti-malware is only useful because people don't care what they install and they click yes to everything.

      MS can't protect their OS against user stupidity, but they can offer a free semi-useful anti-malware to try to help users not shoot themselves in the foot.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        CommonSense (profile), Nov 12th, 2010 @ 12:04pm

        Re: Re: M$ inherently has inside info that gives it unfair advantage.

        "MS can't protect their OS against user stupidity"

        They should be able to...it's their OS that trained the users to be so stupid and ignorant as to click 'yes' or 'continue' to everything...

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Nov 12th, 2010 @ 12:20pm

          Re: Re: Re: M$ inherently has inside info that gives it unfair advantage.

          Uh...

          MS did not make the first GUI OS, nor were they the first to have confirmation boxes...

           

          reply to this | link to this | view in chronology ]

    •  
      identicon
      Bill, Nov 12th, 2010 @ 12:05pm

      Re: M$ inherently has inside info that gives it unfair advantage.

      It sounds like you are saying that if Microsoft wrote software without bugs that we wouldn't need antivirus software. That could not be any more wrong. The reason there are no viruses for Apple computers is because not that many people use them comparatively speaking. Apple OS is full of just as many bugs/security issues as Windows, it's just that no one bothers to exploit them because the impact isn't great enough. Antivirus software will always be necessary no matter if the OS is bug free or not.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        The Mighty Buzzard (profile), Nov 12th, 2010 @ 12:59pm

        Re: Re: M$ inherently has inside info that gives it unfair advantage.

        That was a really terrible argument. A) who said anything about Apple or any other OS? B) No, if your OS has no bugs/security holes it cannot be exploited. C) If your OS cannot be exploited (completely impossible but for the sake of argument...) it does not need anti-virus software.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Bengie, Nov 12th, 2010 @ 3:04pm

          Re: Re: Re: M$ inherently has inside info that gives it unfair advantage.

          Anti-virus does not protect against exploits, it protects against user stupidity.

          Anti-root kits protect against exploits there days.

           

          reply to this | link to this | view in chronology ]

    •  
      icon
      MikeLinPA (profile), Nov 13th, 2010 @ 2:59pm

      Re: M$ inherently has inside info that gives it unfair advantage.

      I agree with you.

      M$ shouldn't be making security software. They should make secure software.

      I am not talking about the idiots that will click on anything, either. I am talking about the drive-by downloads that still happen in IE8, (That was supposed to stop being possible in IE7,) and the fake AV that invaded a Vista computer though M$ Outlook. XP was supposedly the safe OS. Then Vista was supposedly the Security First software. I haven't heard any nightmare stories on Win7, yet... (Except the nightmare of trying to administer it. I can't make heads or tails out of Vista or 7. Yuck! No fun at all!)

      I asked this question almost a decade ago. Win2K had some security flaws. Supposedly, XP was more secure, but it was like 7 times the size. Then Vista came out and it was like 9 times the size of that. Now Windows 7 is still bigger, (but not quite as drastically, I don't think.) My question is this:

      If a million lines of code has a thousand potential exploits in it, how can 7 million lines of code have less?

      More code cannot give you less potential exploits. It isn't logical. It is way past time to de-bloat the OS.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Alatar, Nov 12th, 2010 @ 10:33am

    Mike, I have to disagree, this is an antitrust violation

    If Micro$oft were publishing fixes and system patches to correct the flaws, I'd be fine with that.
    But here they intentionnally don't fix it and push their antivirus solution. So this is unfair competition

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      mjb5406 (profile), Nov 12th, 2010 @ 10:46am

      Re: Mike, I have to disagree, this is an antitrust violation

      You're kidding, right? They "intentionnally [sic] don't fix it and push their antivirus solution"? Nowe, if Microsoft (a) Prevented other AV solutions from working and (b) if they CHARGED for MSE, that argument may have a shred of validity, but MSE is free... there are plenty of people out there who don't want a do-all, end-all security suite, so they opt for the free software. And, by the way, is AVG or Panda ALSO guilty of antitrust, since they, too, provide free solutions (AVG Free and Panda Cloud Antivirus)? Anybody? Anybody? Buehler?

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Alatar, Nov 12th, 2010 @ 11:58am

        Re: Re: Mike, I have to disagree, this is an antitrust violation

        "You're kidding, right? They "intentionnally [sic] don't fix it and push their antivirus solution"? Nowe, if Microsoft (a) Prevented other AV solutions from working and (b) if they CHARGED for MSE, that argument may have a shred of validity, but MSE is free... there are plenty of people out there who don't want a do-all, end-all security suite, so they opt for the free software."

        (a) They have an advantage because they know the inherent code, whereas AV vendors don't.
        (b) Are you sure MSE will always be free?

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          BearGriz72 (profile), Nov 12th, 2010 @ 6:19pm

          Re: Re: Re: Mike, I have to disagree, this is an antitrust violation

          C) Micro$oft were publishes fixes and system patches to correct flaws on a regular basis (at LEAST monthly)
          D) Anti-Virus Software has very little to do with system patches and more to do with ID10T & PEBCAK issues in a modern environment. (IE the moron that does not UPDATE their software on a regular basis)

           

          reply to this | link to this | view in chronology ]

    •  
      icon
      telnetdoogie (profile), Nov 12th, 2010 @ 10:54am

      Horse Manure!

      Alatar, that's total horse manure. You think they're ACTIVELY NOT fixing fundamental flaws discovered in their OS and instead address them with MSE? That makes no sense. If that were the case then Trend's solution would be just as capable of doing the same, so MS would be letting ALL BIDDERS (including Trend) solve their problems for them.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Nov 12th, 2010 @ 12:01pm

      Re: Mike, I have to disagree, this is an antitrust violation

      How do you fix users clicking and downloading every file that gets emailed their way?

      Or do you honestly think that drive-by infections are the main issue?

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    telnetdoogie (profile), Nov 12th, 2010 @ 10:51am

    I'm lost...

    This isn't about "Does it fix its own security flaws... or is doing so a way to abuse its market position to put the security firms out of business?"

    Do people honestly believe that the reason Windows is more vulnerable to viruses is because MS's product is or was fundamentally insecure? (OK OK, Internet Explorer was a pretty big open door for a long time) - No, it's because most people use Windows and it has the largest exposure!

    It's about MS making a great anti-virus / anti-malware program and Trend can't stand that their customers are dwindling.

    Before I started using MSE I did a lot of research... I wanted a native 64-bit app that had a small memory and CPU footprint and that had exceptionally good virus / malware interception capabilities with few false positives. In the studies I found, MSE met or exceeded every one of my requirements.

    Why, then, would I pay for a Trend Micro solution? Let's imagine MS is out of the picture for now and MSE isn't available to me for free (or for pay) - I STILL don't choose Trend's AV product / suite because it's simply not as good as other products out there (even the free ones)

    I just realized this post makes me sound like a huge MS fanboy and I have to tell you that is FAR from the truth. I just don't have much patience for Trend Micro and the like with their shitty, overpriced products that slow your machine down to a crawl and no-one in their right mind (after doing even modest research) would actually go buy.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      interval (profile), Nov 12th, 2010 @ 12:04pm

      Re: I'm lost...

      You have several interesting & valid points, the plain fact of the matter is that in between the market manipulation and the anti-trust issues there is some genuine innovation that happens at Microsoft; Surface and the F# language are two examples. But when you come from a Unix/Linux background to the Microsoft world, and examine Windows and the like under the covers, some very strange architectural choices come to light, and many of those strange choices are in the security layer of the file system, as a negative example. NTFS has a very complicated and cryptic file protection scheme compared to permissions on a Unix file system. They've made some pretty frankly strange decisions in that arena and that cuts right to the heart of the matter. Also, in making their systems easy to use the decision default " on " all services and subsystems was a pretty bad one. Each and every service on a windows PC is a possible attack vector for malicious 'sploiter to 'sploit. Linux certainly has its own share of problems, the X display system is full of security concerns, for their bad example. But basic security is part of the Unix family, not an afterthought or a "feature".

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Jeff, Nov 12th, 2010 @ 12:17pm

    Wow

    Well, it just shows that Microsoft is stepping up to fix stuff that they overlooked and making it secure, safe, and better.

    It's their software, they can do whatever the hell they want with it.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      MikeLinPA (profile), Nov 13th, 2010 @ 3:18pm

      Re: Wow

      Now if only they would de-bloat it. Patching is good, but rewriting would be much better.

      Every good or bad idea that has ever come across the user experience has been integrated into Windows. Windows needs to take programs out of the kernel. The kernel should be impenetrable, so the OS isn't so easily corruptible. Root kits should not be possible!

      The anti trust nonsense that occurred in Europe wasn't about M$ giving away a free browser, but that the browser was integrated into the kernel and could not be uninstalled. Give away all the crap you want, just don't incorporate it into the kernel so it cannot be removed, and be so easily exploited.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    sniperdoc (profile), Nov 12th, 2010 @ 12:35pm

    Give me a break

    This comes from an IT Director that had Trend OfficeScan on a network of over 230 workstations and found that Microsoft Security Essentials did a better job than Trend in keeping malware off of the systems.

    When we switched from McAfee 8.5 to Trend Micro's OfficeScan 10(?) we had a huge influx of systems infected with malware through drive-by installations such as the AntiVirus 2008-2010 bug. That bug was so tough that Malwarebytes wasn't able to remove it 90% of the time and because of this we re-formatted 100% of systems that came in that way.

    When I worked for the state, they were using Trend and it worked very well, but Trend has gotten extremely complacent. Their AV was extremely heavy, slowed systems down a lot, and even though it seemed to be scanning heavily, it wouldn't do an on the fly deletion of most drive-by bugs. It'd let them get to the temp folders and then sent out an email stating "Trend couldn't remove or quarantine X bug from C:\blahblahblah". What good is your crappy ass antivirus product then???

    Why should I pay over $4500 for a yearly license when your product doesn't stop squat!?

    MSE at least seems to be a decent on-demand virus scanner and according to AV-Comparatives was better than Trend Micro , catching 96.3% of bugs vs Trend's 90.7% and it's FREE!!!

    Trend Micro's product also had the highest incidence of false positives out of a test set of 1.2 million malware sample. Trend dinged 38 false positives vs MSSE at 3... THREE! Rhymes with FREE!!!

    You wonder why Trend is losing out to MSE...??? Really? You have to ask?

    AV Comparatives has four ratings: Advanced+, Advanced, Standard, and TESTED. MSE received the Advanced rating compared to Trend which only received a TESTED rating.

    AV Compratives Feb 2010 Report(pdf).

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Transbot9, Nov 12th, 2010 @ 2:21pm

    Hrm...

    This reminds me of when Norton and others (I think Trend was one of them) were suing Microsoft over in Europe for Microsoft to put the security holes back into Windows Vista that Microsoft used to have in XP.

    Obviously, that didn't go far.

    Heck, I don't even know if Microsoft markets Security Essentials beyond their own website. I was pretty surprised that the CNET rating was rather positive on the product, especially on a product that Microsoft put out only because people kept demanding it.

    Ironically, Trend Micro trials are often found on newly purchased PCs - and Security Essentials has to be downloaded and installed. Too bad Trend Micro didn't pay attention to what happened to Norton, because now they're in the same shoes as Norton was a few years ago (losing market share as their program became bloated and not as effective).

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Havvy, Nov 12th, 2010 @ 10:35pm

    AV Software

    All programs have security issues. Not all of them are fixed or knowable to fix right away. Hackers will eventually get into any large system through the various holes. They will leave a virus. Antivirus software cleans up the virus when the signature is known. It is the last line of defense against a virus before reformat.

    Also, who cares if Microsoft has better knowledge of their own systems? If you are not allowed to build something because you know what others, what are you allowed to build?

    Any improvement in the OS could be blocked by such a flimsy argument. Remember, an OS includes programs in it.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    SLK8ne, Nov 13th, 2010 @ 10:23pm

    Good points but....

    I can't speak to 7 or Vista (which I have limited experience with) but, I can speak to XP, 2000. The encrypted file system works, but, only if you deliberately encrypt a file. Any Linux live CD or UBCD4 Windows can cut right through the security of any file that is not deliberately encrypted and password protected.

    And I agree that no piece of software is absolutely secure, nor can it be. But, there seems to have been a deliberate calculated decision to leave the security holes open and to plug them after the OS goes to market. Microsoft products have been left vulnerable for many other explanations to make sense. Yes, no software can be made un-exploitable, but, the shear quantity of exploits against Microsoft software leads one to think that the beta testing for security has been somewhat lax.

    Further, I'd point out that most of the world's web servers run some flavor of Linux using Apache, and there has been relatively few exploits against these systems. Some yes. But, RELATIVELY few.

    I think Microsoft's biggest problems (historically speaking) are a) sloppy coding and b) as MikeLinPA pointed out, software bloat. Trying to do to much without taking time to look for security holes will always render software vulnerable.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    AW, Nov 13th, 2010 @ 11:06pm

    Security process for Windows: Download file--->possibly popup asking for admin access--->File is downloaded computer is infected. This is as complicated as it gets.

    Security permissions for Linux: Download file--->Change file to allow executable--->Change permissions on file to root---> Sudo/$/Root--->run the file---> some small tiny area of your computer is infected...maybe...if a patch hasn't already come out in the 2 days since it was found to completely nullify it.

    Mac Security process: Buy Virus because Steve Jobs said so. Install Virus...Call it OS something and name it after a large cat. Automatically deduct from checking into Steve Jobs checking.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Christopher (profile), Nov 14th, 2010 @ 1:27am

    Ah, but here is the argument.....

    Microsoft is NOT making their software secure, but rather covering up or trying to patch design deficiencies (some of which come from Microsoft's "Run Anything on our OS!" point of view) with their OWN offering.

    There is some argument to say that since Microsoft knows where the holes are AND has the source code, they are better able than say.... Symantec to be able to offer solutions that use less memory and CPU power.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Opinionated Bloviator, Nov 18th, 2010 @ 11:45pm

    Actually MSE is a very clever corporate strategy, what better way to improve your security product that ot throw it out ot the unwashed masses to use, collect the data then profit. Having said that, the time will come when a version of windows designed from the ground up as a "default deny" kernel will in fact be secure. We may even see it by 2020.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This