Posted on 07/18/2004 8:13:38 PM PDT by Stoat
SEATTLE - As a vice president at security software leader Symantec Corp., Matthew Moynahan applauds Microsoft Corp.'s effort to make its Windows operating system safer from attack.
But Moynahan is not so excited about the flood of help-desk calls almost certain to come when Microsoft releases a comprehensive security overhaul of Windows XP next month. His company's Norton antivirus software runs on about 100 million desktop computers.
To make the new Microsoft system work smoothly with Norton, customers will need to download a Norton update. The company is already bracing for the change, working with its customer support staff and making plans to increase phone support. "We don't want consumers to panic," Moynahan said.
He's not alone. As Microsoft prepares to launch its biggest security upgrade ever to Windows, dubbed Service Pack 2, the company is trying to strike a difficult balance between making things safe and making things work.
It's a tough job that is eliciting grumbling from companies whose applications could require major changes - and glee from security experts who say any software product that doesn't work wasn't secure enough in the first place and needs to be fixed.
"I hope it breaks more things than it's already broken," said Russ Cooper, senior scientist at TruSecure Corp.
That's because Cooper believes the free SP2 update is badly needed in the ever-rowdier world of Internet-connected computing - and a good wake-up call for other companies that also need to improve security functions.
"The applications that will break with SP2 were essentially doing things wrong from a security perspective," said John Pescatore, vice president of Internet security at Gartner Research.
SP2 comes in response to a series of attacks that have plagued the software giant's products, taking advantage of vulnerabilities to spread viruses, steal personal information and otherwise wreak havoc.
Some companies rushing to make their applications compatible - or trying to negotiate last-minute Microsoft changes - complain that SP2 is creating headaches.
"The changes Microsoft is proposing for SP2 will have serious negative consequences on the consumer experience of many applications and Web sites," RealNetworks spokeswoman Erika Shaffer said. The Microsoft rival makes a digital music and video player and sells subscription download services.
The new system bolsters security on Windows, its built-in Internet Explorer browser and Outlook Express e-mail. Among the changes, a Windows Firewall will automatically be turned on, helping to guard against attack. The browser has been fortified, and a new attachment manager will offer tougher policing against e-mail-borne attacks.
The changes in the way Windows polices itself - particularly the newly strengthened firewall - could cause troubles for applications that are used to working with Windows' old ways. Some say that's particularly true of applications that regularly interact online, such as gaming programs or music services.
Compatibility
Security experts say it's tough to know how many companies may have to change their products to be compatible.
The company has delayed SP2's release, originally scheduled for June, amid efforts to improve compatibility. Microsoft group product manager Barry Goffe says the "vast majority of applications" should function properly when SP2 comes out.
In the end, analysts believe most consumers will avoid major problems because most companies that have problems will fix them by the time SP2 is released. Gartner Research estimates that a mere 3 percent of applications that run on Windows won't work once SP2 is out.
But Microsoft's Goffe says corporations running customized applications could have more complex problems, requiring them to specially configure SP2. Many legitimate corporate programs depend on just the type of interactions that would also alarm the security system.
It could take months for businesses to adopt the upgrade.
In the end, Cooper expects most corporations will run a very scaled-down version of SP2, both because they want to avoid compatibility problems and because it could be a nightmare to manage things like personal firewalls on thousands of desktops.
Still, many big businesses are likely running separate security applications as well.
Perhaps the biggest change with SP2 will be a host of new alerts the user will suddenly get, offering more detailed information about what programs are trying to contact the computer and giving the user more chances to accept or decline.
Macromedia Inc.'s Flash technology required only minor technical changes to make it compatible with SP2. But the company was more concerned about early language in these warnings that could make even legitimate interactions seem scary and unwise.
David Mendels, Macromedia's senior vice president in charge of developer products, said Microsoft was very responsive to its concerns. Now, he said the prompts are less dire and more specific.
Microsoft's own products are not immune. Joe Wilcox, a senior Jupiter Research analyst who is testing an early version of SP2, recently was blocked from using Microsoft's Office Live Meeting conferencing product. Although he could have overrode that, Wilcox instead skipped the online option and called on a regular phone.
Wilcox sees this as a victory for Microsoft, because it changed his behavior and kept him from exposing his computer to potential risk.
To Pescatore, such inconveniences are worth it.
"From a security perspective, the problems we've been having - these worms and such - we can often blame on thing that need to be fixed in Windows," Pescatore said. "So when Microsoft finally gets around to fixing them, it's going to take some pain to get past that point."
That's what ya get when you tie your OS to a browser.
The added security protection level of SP2 may well encourage computer users to do things that reduce their exposure risks on their computers. Safer is Better Than Sorry.
I think I should be glad I'm still using Win98SE. 3% times the number of WinXP users equals how many? Thousands? That's a lot of ticked off people.
"Wide open naked" should not be the default on shipped operating systems. Unfortunately with M$ it is.
This is pretty much what I've heard from the beta testers. Aside from a few minor bugs, the main problem is with other programs that have defects or security problems. The makers of these other programs need to get them fixed.
Well microsoft can slap together all the security pac's they want i'll d load em and keep using my mozilla firefox. never again will i use IE,cept to keep my puter updated. I will just d load the norton update and keep on keepin on.
bump for later
With a new security fix being released almost weekly, his hands must be bloody stumps by now.
| FREE PC PROTECTION: (Not an exhaustive list. Your results may vary. Void where prohibited. For entertainment purposes only. No wagering, please. Whattayawantfernuthin'.) (Thanks, but "Buy a Mac" doesn't qualify as "FREE PC protection") |
|
 |
|
I won't let Norton any where near my computers. I have had nothing but problems from their software. It is extremely difficult, if not impossible at times, to get their software of the computer.
There are other AV companies out there that are much easier to work with.
Ive had norton on my machines since 2000 and havnt had problems. I haveused other programs as backups though.
I have Norton on my computer also and I was curious about whether I should have another program also.
Can I use AVG (free version) with Norton?
I am still fighting with my W2K machine. I recently was forced to give "Power User" status to my 10-year old's account because when office was installed the security model was not properly taken into consideration. Subsequently the Photo Editor is unable to access configuration data in the registry. This is pathetic. Microsoft has always assumed that the logged-in user has Admin privileges. This came on the heels of uninstalling Kodak's Easy photo thingy because it creates a repository in the installing user's profile directory instead of some neutral location that all local users can access. So other users wanting to use the Easy photo thing got nasty messages about the repository being busy (actually inaccessible because of security). To top it off the repository contained thumbnail photos from each user accessible by ALL OTHER users on the machine (but not the full image). In my 15 years of Windows software development I've never seen software that reasonbly takes the security model into consideration. So most companies will use the neutered version of SP2 and continue to expose themselves.
It is not normally a good idea to use two different antivirus programs at the same time. They tend to conflict.
All this heat over messages that everyone takes for granted with ZoneAlarm.
Most big corporations have firewalls set at the internet access point. Workstation firewalls are for home and small business use.
There are other AV companies out there that are much easier to work with."
Lemme tell ya: I was a loyal McAfee user for years. I 'upgraded' to version 8 and it was a nightmare. Simply would not install because it kept seeing vestiges of older versions which its uninstaller failed to uninstall. I spent about 15 hours and paid $39 for phone tech support and got NOWHERE. I finally demanded a refund of my purchase price and phone support bill.
Later I discovered that another software company uses a directory called "VSO" and McAfee put some of its files in there ("Virus Scan Online"). I had to pull it out root and branch by hand; editing the registry.
They drove me to Norton because I will not ride bareback in this environment. Sorry, but by-by McAfee; they owe me lots of hours of frustration and wasted effort.
--Boris
Thank you!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.