Re: [Full-Disclosure] MS Anti Virus?

From: Gregory A. Gilliss (
Date: 06/17/04

  • Next message: "Re: [Full-Disclosure] MS Anti Virus?"
    Date: Thu, 17 Jun 2004 11:03:28 -0700

    Dan et al:

    You are missing the point here. While it matters little *who* is in the A/V
    market, it matters very much when one player is Microsoft, because the M$
    business model (according to them and to the US DOJ) is to enter a market,
    undercut the market, co-opt the market, drive out the competition, and
    move on to the next market (not unlike a virus, as told by Agent Smith).
    So if M$ enters the A/V market and "bundles" their solution with Windows
    whatever, they likely will drive Symantec and McAfee out of the market
    over time by co-opting the A/V subscription market.

    The security ramifications of a M$ only A/V marketplace relate to Dan Geer's
    monoculture argument (already well discussed here) and also a conflict of
    interest (since M$ products account for a majority of the A/V infections).
    Can we "trust" an A/V solution from M$ that addresses virus infections of
    M$ products? And is M$ controls both the virus host and the A/V inoculation,
    does that not create a potential area of abuse - no license/upgrade/whatever,
    no A/V subscription/update/whatever?

    As Reagan told Gorbachev, "Let me tell you why we do not trust you..."


    On or about 2004.06.17 15:51:19 +0000, DAN MORRILL ( said:

    > You make anti virus software sound like a gun lock on a 9MM.
    > Does it really matter who is in the anti-virus market? If Microsoft goes
    > that way, and they have the best knowledge of what they created, what we
    > can reasonably expect to see in the words of Bill Gates "Innovation, with
    > rich user features, deeply embeded in our software".
    > So, we can have an AV product that does great things, but maybe only 2% of
    > it will be used, and because it is a microsoft product, we can expect
    > patches every month, with known and unknown vulnerabilites from day one.

    Gregory A. Gilliss, CISSP                              E-mail:
    Computer Security                             WWW:
    PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3
    Full-Disclosure - We believe in it.

  • Next message: "Re: [Full-Disclosure] MS Anti Virus?"