Defender and Live OneCare

[Guest]

You paint an optimistic picture of what One Care might do, but I have little
faith that it will succeed. So far, every one stop, take care of you and
itself, security suite has failed to do either. And regular users end up
repairing their systems after the suite that promised comprehensive, self
updating protection lets them down. As far as becoming "techie" goes, I had
never possessed a PC except at work until August,2005, and didn't know squat
about the threats on the Internet. It was the failure of Norton Security to
protect my computer that woke me up. Then the miserable failure of the AOL
Safety and Security Center to function properly on my PC drove me to take
matters in my own hands. I have had to learn a lot, and I don't trust any
application or suite to do it for me painlessly. It would be wonderful if One
Care worked to perfection to protect Windows. I'm hoping it works better than
anything before it, because it become part of the OS, but I am waiting to see
"evidence of things yet unseen." I'll have to see it and touch it and know it
works. No blind faith in promises from any source anymore.

 

[Guest]

I should say that it isn't just OneCare, but also the competing products and
the direction OneCare is taking all of them that is the key. Instaed of
obscure 'techie' products that only a geek can understand, the trend is to
make the programs more user friendly, helping the user understand the urgency
of a situation in real terms that inform rather than inflate and confuse.

Your attitude is a good one, since as I said, the OneCare suite isn't
perfect, nor can there ever be a perfect protection suite. The point is
having something in place that protects from the broad range of threats and
evolves as they change. This is the potential power of the self-updating
software, and will exist for any product that takes a posture of continuous
software evolution rather than occasional software 'package' releases,
including suites, which is the current norm. Even the protection packages
currently supplied by the ISPs are simply cobbled together combinations of
products created by this flawed system.

This static form of devlopment leads to 'package wars', where the point
becomes annual one-upsmanship of 'features' rather than the continuos
improvement of a complete protection system. As Plun stated in his response,
this will drive the competition to this more stable model, which includes
both a consistent revenue stream for the vendors and continuous improvement
for the customer, since they can simply jump ship to another vendor if theirs
doesn't keep up. This approach must be driven by Microsoft, since they have
the vested interest, but it doesn't mean they will be the biggest or the
best. They simply have a head start.

This model of continuous improvement more closely follows the reality of
malware creation and evolution, which is also a continuous system of change,
following the exposure of vulnerabilities in OS and other software and the
slower discovery of new general methods of exploit. The protection will in
many cases still follow the malware, but now the gap should be smaller
between discovery and protection. The vendor with the design that evolves
most quickly and cost effectively, with the strongest actual protection from
real threats, should rise to the top.

It's not the vendor or package that makes this work, it's the system.

Bitman

 

[Guest]

You are right about Microsoft moving in the right direction and trying to
drive others to do so. That is one reason it is so frustrating to see that
the biggest issue in the newgroups the undate problems with Defender. I will
be glad when that issued is resolved so that these other issues can be
addressed with more certainty. Thankfully, Defender has been functioning
properly on my PC since its second install. I would like to know that was
true for everyone. I remain very hopeful.

 

[Guest]

Hi Plun,

Yes, the reverse of protection is cleaning up after the fact, which most
here are well aware. The flailing of the uninformed is also a familiar
symptom, since the existing antimalware are often nearly as bad as the
malware itself, scaring and coercing customers into purchasing their
products. How would you know the difference if your weren't a 'techie'
yourself?

Seems to me that MS also wrote that most of the vendors of antivirus had
stated that protection for the known WMF exploits was in place. This was a
positive indicator of the need for antivirus to protect from evolving
threats, allowing time to develop, test and distribute a true solution to the
vulnerability.

You're quite right that driving the competition is a key element with
OneCare, but I believe the first round MUST come from Microsoft, because no
one else has the vested interest to do it right. They may not become the
biggest and best at antimalware, but they will continue to be a force that
guides the other vendors towards what matters, rather than the stupid
'package wars' of useless features and bloat we've seen in the past.

I see how TPM may help to insure that major sites know who you are, but
don't believe it will solve the malware problem. We already know that using
trusted machines as a platform for attack is a simple bypass of identity
systems, no matter how strong. And the continuous evolution of malware means
that the 'agents' that verify the integrity of a local PC will come under
attack, especially if they do not evolve easily themselves.

As usual the hardware vendors are looking for a static way to solve a
dynamic problem and, surprise, sell more hardware. The idea that in our
increasingly mobile society a chip that ties you to a specific device is
going to solve identity problems for the indiviual is wishful thinking. It's
better suited to the PC identity management for enterprise networks it was
originally designed for. Otherwise, it simply looks to me like a sneaky way
to force DRM rights management on the public. Without public acceptance, it
will fail completely.

As for the mess, it already has been worse, though it may still get worse
again before it gets better. What is really required is to get some form of
complete protection on every home PC, which isn't an easy task. It may
require the pre-installation of a protection suite on every PC produced for
several years, with the option to switch to another if you prefer. Like
anything, some will always operate without protection, but those numbers
should eventually decline to some extent.

Bitman

 

[plun]

Hi again

Well.....

This article from Kaspersky labs explain also my point of view.
http://www.kaspersky.com/eugenearticle

His conclusion is really good:
"I think that a computer which is connected to the Internet is rather
like sex - it can be safe, or it can be unsafe. In both cases,
information is the key to survival, and can protect you from unpleasant
consequences. Happy surfing!"

I don´t believe it´s possible to inform about all risks and a Windows
PC
is too weak........... ;(

If you look at Vista and the UAP functionality I really hope that
Symantec/McAfee/TrendMicro directly "exploits" the TPM chip and
makes a better protection.

MS is hiding within Bitlocker and thats a real shame..... building a
OS which can be used by phedofils and criminals to lock a PC.
Incredible !

So I hope we will have the TPM chip in action and stop this
never ending "Junk yard" situation.

regards
plun

 

[Guest]

Hi Plun,

Though written from the point of view of an antivirus orgniziation (e.g.
proactive systems don't work, only signatures are effective), it's a good
overview of the current problems facing antimalware. Read my response to Old
Rebel in this thread for my take on the current and future state of the
antimalware industry.

You're right that everyone can't be fully informed about current risks, and
they shouldn't need to be, the antimalware needs to do that for you when it
detects a [potential] attack. I won't get into the issues of Windows itself,
this is personal opinion, the reality is that Windows XP PCs is what most
have and need protected today.

I look forward to improvements in Vista and the other antimalware vendors
products and hope they improve their portion of the protection. However, I
really can't see where you believe the TPM chip is going to contribute to
solving the malware problem. It's an identity management system, nothing
more. I'm assuming you feel the antivirus vendors can use it to do something,
but all I see it doing is potentially protecting the other machines it
connects to, not the PC it resides on. This assumes that the PC 'follows the
rules' and reports its status properly to the remote PC, an assumption I
would find difficult to trust if the local PC is already compromised.

I don't understand what you mean by 'Bitlocker', but any OS can be misused,
as with any tool. TPM sounds like the 'panacea' that the Kaspersky article
mentioned, promising to resolve all of the problems, but having yet to show
that it can perform such a task. You're really asking for major improvement
from the antivirus vendors, somehow tied to the TPM chip.

Note that Kaspersky's article only supplies one real solution; "information
is the key to survival". This is exactly what OneCare is attempting to
provide, via signatures and real-time system monitoring (AV and AS),
perimiter ingress/egress (FW), minimal disaster recovery (Data Backup) and
the continuos updating of all of these. As always, however, it's up to the
user to take advantage of this information.

Bitman

 

[Guest]

Sometime ago I selected Onecare and followed their installation instructions.
I have removed Norton Antivirus, Retrospect, and Zone Alarm. Kept Perfect
Disk 7.0 because it does a better job than Windows Disk Defragmenter with the
MFT and Metadata files. Recently purchased OneCare for $19.95 for use in 3
computers. It has worked flawlessly and I feel secure having it maintaining
and protecting my PC. Go for it, it's good.

 

[plun]

Hi Bitman

Well, we will for sure see what happens....

TPM Specs

https://www.trustedcomputinggroup.org/specs/TPM



regards
plun

Hi Plun,

Though written from the point of view of an antivirus orgniziation (e.g.
proactive systems don't work, only signatures are effective), it's a good
overview of the current problems facing antimalware. Read my response to Old
Rebel in this thread for my take on the current and future state of the
antimalware industry.

You're right that everyone can't be fully informed about current risks, and
they shouldn't need to be, the antimalware needs to do that for you when it
detects a [potential] attack. I won't get into the issues of Windows itself,
this is personal opinion, the reality is that Windows XP PCs is what most
have and need protected today.

I look forward to improvements in Vista and the other antimalware vendors
products and hope they improve their portion of the protection. However, I
really can't see where you believe the TPM chip is going to contribute to
solving the malware problem. It's an identity management system, nothing
more. I'm assuming you feel the antivirus vendors can use it to do something,
but all I see it doing is potentially protecting the other machines it
connects to, not the PC it resides on. This assumes that the PC 'follows the
rules' and reports its status properly to the remote PC, an assumption I
would find difficult to trust if the local PC is already compromised.

I don't understand what you mean by 'Bitlocker', but any OS can be misused,
as with any tool. TPM sounds like the 'panacea' that the Kaspersky article
mentioned, promising to resolve all of the problems, but having yet to show
that it can perform such a task. You're really asking for major improvement
from the antivirus vendors, somehow tied to the TPM chip.

Note that Kaspersky's article only supplies one real solution; "information
is the key to survival". This is exactly what OneCare is attempting to
provide, via signatures and real-time system monitoring (AV and AS),
perimiter ingress/egress (FW), minimal disaster recovery (Data Backup) and
the continuos updating of all of these. As always, however, it's up to the
user to take advantage of this information.

Bitman

Hi again

Well.....

This article from Kaspersky labs explain also my point of view.
http://www.kaspersky.com/eugenearticle

His conclusion is really good:
"I think that a computer which is connected to the Internet is rather
like sex - it can be safe, or it can be unsafe. In both cases,
information is the key to survival, and can protect you from unpleasant
consequences. Happy surfing!"

I don´t believe it´s possible to inform about all risks and a Windows
PC
is too weak........... ;(

If you look at Vista and the UAP functionality I really hope that
Symantec/McAfee/TrendMicro directly "exploits" the TPM chip and
makes a better protection.

MS is hiding within Bitlocker and thats a real shame..... building a
OS which can be used by phedofils and criminals to lock a PC.
Incredible !

So I hope we will have the TPM chip in action and stop this
never ending "Junk yard" situation.

regards
plun

 

[Jim Higgins]

Zone Alarm AV may conflict with Windows Live OneCare as it is an
always on. resident AV scanner. I don't see any problems with the
others, except that their schedules could overlap. Note also that
Windows Live OneCare tuneup can only be scheduled to run weekly and
not at a specific time.
-steve

I have enjoyed reading the mail after my original query. My conclusion is
that I am better served by reasonable paranoia and maintaining my current
system using Zone Labs Internet Security Suite, SpySweeper, Spybot S&D and
Ad-Aware SE as I have not had problems getting them to work and play as long
as I don't run two at once. Scheduled scans in the wee hours is what I will
stick with, I just can't bring myself to trust only one source.