Microsoft and anti-X
Microsoft is trying to make waves in the spyware and malware prevention market -- but it has a lot of work to do to get it right.
The software giant's initiatives began with the purchase of New York-based Giant Company Software Inc., the consumer antispyware maker. They continue to collaborate -- now with the recent announcement about the beta launch of Windows OneCare, Microsoft's subscription service to help keep PCs healthy and protected.
According to Ryan Hamlin, general manager of Microsoft's Technology Care and Safety Group, "Windows OneCare is the next major advance in our ongoing efforts to help keep consumers' Windows-based PCs 'healthy' in a way that's simple and as worry-free as possible for them. We're designing the service so it will continually update and evolve over time, helping to ensure that our customers will have the most complete and effective protection and safety services in place every time they turn on their PCs."
Well, that's interesting. I thought the way to do that would be to securely rewrite the Windows codebase and release it for free. Doesn't it seem like this service is about getting consumers to pay to fix Microsoft's own mistakes?
Aside from the irony of the announcement, Microsoft has a lot of work to do if it wants to be successful in the anti-X market.
Microsoft and viruses
All forms of security have to be as seamless and transparent to the user as possible -- and antivirus (AV) software is particularly sensitive to that need. It must know when a user embarks on a particularly malicious path and intercept it, protecting the naÏve while not irritating the experienced user. AV software needs to be very configurable and manageable on a wide range of desktops (perhaps it should be made available through Group Policy) and it needs regular, automatic, effortless updates. The closest product to match this panacea is Computer Associates International Inc.'s eTrust Antivirus, and it's not even near the goal line yet.
Microsoft and spyware
Spyware protection programs have their own challenges. Of course, you need detection technology and those easy updates, but it must also keep tabs on the Web browser, potentially heading off spyware installation attempts. It needs to watch installed programs that may have spyware or adware integrated. Plus, it needs to be manageable across the enterprise. There are several good antispyware products on the market, and Giant's is one of them, but they all lack manageability, which is critical to getting mass adoption within corporate environments.
It may be a while before you're able to standardize on one complete malware solution, but I suspect good things come to those who wait.
Spyware prevention dos and don'ts
If you're careful, you don't have to worry much about spyware and virus problems. Here's a handy checklist to make sure you won't get infected by any spyware in the wild today:
1. Do use Firefox and its built-in pop-up blocker
Don't rely on Internet Explorer as a primary browser. In fact, in about four months of continuous use I've come to prefer Mozilla's Firefox to IE, and I twitch a bit when I'm using a machine without Firefox available.
2. Don't open e-mail messages if you're not sure about the sender
Unless you're positive an e-mail message is really from the person indicated, don't open it. Don't fall for spoofing. And don't feel bad if you can't figure it out -- I received a couple that made me think twice; these crackers are getting good at what they do.
3. Don't download and click on just anything
Refrain from downloading software from unknown sources and don't click on links that go to unsafe sites. These sites may spawn pop-ups that will silently install adware or spyware on your machine, and the security alerts that are supposed to warn you of this installation won't always activate.
4. Do use common sense
Try to think like someone who would want to plant spyware on your machine -- would he or she use this avenue to do so? If in doubt, don't click it.
Follow those steps religiously, and you will have no problems with spyware and viruses, regardless of which product you may eventually choose to use.
- Read this and learn how to protect your company.
- Test your spyware savvy.
- Visit our spyware resource center and get the latest news and expert advice.
About the author
Jonathan Hassell is author of Hardening Windows (Apress LP), and is a SearchWindowsSecurity.com site expert. Hassell is a systems administrator and IT consultant residing in Raleigh, N.C., who has extensive experience in networking technologies and Internet connectivity. He runs his own Web-hosting business, Enable Hosting. His previous book RADIUS (O'Reilly & Associates), is a guide to the RADIUS authentication protocol and offers suggestions for implementing RADIUS and overall network security.
This tip originally appeared on sister site SearchWindowsSecurity.com.
This was first published in June 2005