Re: [Full-Disclosure] MS Anti Virus?
From: Gregory A. Gilliss (ggilliss_at_netpublishing.com)
To: firstname.lastname@example.org Date: Thu, 17 Jun 2004 11:03:28 -0700
Dan et al:
You are missing the point here. While it matters little *who* is in the A/V
market, it matters very much when one player is Microsoft, because the M$
business model (according to them and to the US DOJ) is to enter a market,
undercut the market, co-opt the market, drive out the competition, and
move on to the next market (not unlike a virus, as told by Agent Smith).
So if M$ enters the A/V market and "bundles" their solution with Windows
whatever, they likely will drive Symantec and McAfee out of the market
over time by co-opting the A/V subscription market.
The security ramifications of a M$ only A/V marketplace relate to Dan Geer's
monoculture argument (already well discussed here) and also a conflict of
interest (since M$ products account for a majority of the A/V infections).
Can we "trust" an A/V solution from M$ that addresses virus infections of
M$ products? And is M$ controls both the virus host and the A/V inoculation,
does that not create a potential area of abuse - no license/upgrade/whatever,
no A/V subscription/update/whatever?
As Reagan told Gorbachev, "Let me tell you why we do not trust you..."
On or about 2004.06.17 15:51:19 +0000, DAN MORRILL (email@example.com) said:
> You make anti virus software sound like a gun lock on a 9MM.
> Does it really matter who is in the anti-virus market? If Microsoft goes
> that way, and they have the best knowledge of what they created, what we
> can reasonably expect to see in the words of Bill Gates "Innovation, with
> rich user features, deeply embeded in our software".
> So, we can have an AV product that does great things, but maybe only 2% of
> it will be used, and because it is a microsoft product, we can expect
> patches every month, with known and unknown vulnerabilites from day one.
-- Gregory A. Gilliss, CISSP E-mail: firstname.lastname@example.org Computer Security WWW: http://www.gilliss.com/greg/ PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html