Exactly, for simple end users that don't know (or care) any better, the the
MS solution would probably work for them. With you being a single user with
a single computer (hopefully behind a hardware firewall/router), you can
think that MS offers sufficient security and you may be right. With me in an
NetAdmin of a large firm, I know that isn't the case. It's all about scope.
MS has made great strides in trying to make their products more secure.
However, they do still have a ways to go, it simply takes time. That is why
I said that I would wait at least a year or two. For example, (correct me if
I'm wrong MS), but MS's first shot at creating a firewall solution was a
joke. It's configurabilty was a joke and I believe (again, correct me if I'm
wrong) it didn't even start protecting your machine until after the user
logged in. So, if you are sitting there at a logon prompt (IE, you machine
rebooted during the night), it's unprotected until the user logs back in. in
XP SP2, MS re-did the firewall. It certainly much better. However, it's
still only protects you one way. It can protect people from 'hacking' into
your machine from the outside world, however.. it does not alert you if a
program is already on your machine and is going out to the internet with your
knowledge. (IE: a piece of malware that is reporting back to server about
your personal data on your PC). Other professional products will alert you
about this.
You're arguement about bells and whistles is actually ironic. I've always
thought of MS as a company that cared more about making something 'pretty' as
opposed to making it work. Looks at Windows XP... They spend a lot of money
making it dumbed down and pretty. (fading menus, mouse shadows, beeps and
sounds everywhere, 'clippy' the paperclip', etc). Security has actually
been after thought of sorts (because it wasn't a huge deal in the past. It's
was more of a culture thing than a MS thing in my opinion). That's one of
the reasons why you see so many security updates time and again for Windows
itself. There's a ton of unsecure code in windows (which MS is doing their
best to patch), but since MS products of so heavily intergrated, you can
actually find a bug in 'Microsoft Instand Messanger' and use it to cause
havok on the OS itself
(
http://www.microsoft.com/technet/security/bulletin/ms05-009.mspx). It's
just the nature of the best. One benefit of 'professional products' is they
don't always rely on MS's potentionally buggy code base.
MS knows a lot. I would never take that away from them. However, I would
never be as careless as to say "I don't think anyone on the planet knows more
about security issues with Windows XP than Microsoft". I would think those
companies directly involved with viruses know more abotu viruses than MS,
same is true about companies that are involves with firewalls day in and day
out.
Again, back to my original point.. MS's Antivirus and Firewall products
will probably be just fine for the common end user. But from a corp
prospective, there's no way we'd risk our network until after at least a year
or two.... until the reports came back on how good it is. In the mean time,
I strongly recommand a good firewall for it can help you gaurd against MS's
bugs. I also recommand a good virus scanner because it can help you guard
against yourself (running viruses without thinking).
Ken Gardner said:
CB said:
There's no chance that my firm would ever trust our security to Microsoft.
For a individual end-user, their firewall and antivirus solution *may* be
good enough, but I wouldn't risk it. I would at least keep paying for NAV
for the next year or two. After that, everyone should have a good read on
how reliable the MS firewall and antivirus solutions are.
I don't think anyone on the planet knows more about security issues with
Windows XP than Microsoft. At least from my perspective as an individual
user, I am willing to give them the benefit of the doubt before just about
anyone else -- especially third party vendors who make a living by convincing
people that their systems are dangerous and unsafe unless they add the
additional bells and whistles that they are selling. There is an additional
second reason, which I mention below, why I am so willing to give Microsoft
more benefit of the doubt than other vendors.
[...]
If MS stays true to form, I'm suspect that when you compare their antivirus
product to other Professional AntiVirus products, it will be like comparing
'Notepad' to 'MS Word' or 'WinXP's built in .ZIP support' to 'WinZip or
PowerArchiver', 'WinXp Fireall' to 'BlackIce, ZoneAlarm, etc', "Internet
Explorer" to "Fire Fox", or "MS Instant Messanger" to "Trillian". Basically,
the feature will be there but you'll quickly find out that it doesn't fit all
your needs and ends up being just more bloat to the OS (when looking at it
from a Corp perspective primarily).
What will probably happen is that their stuff will be more basic, and "good
enough" to secure systems operating Windows, but without the additional bells
and whistles that third party vendors provide. Whether that is a good thing
or a bad thing is a subject that is open to debate -- as may be obvious by
now, I happen to come down on the side that "good enough" security is (by
definition) good enough and you therefore don't need the additional bells and
whistles at the cost of a hit on system performance or stability.
[...]
The more [Microsoft] can do to help keep their products from so easily being
taken over by malware, the better their corp. image will be as well. I just hope
it's easily uninstalled/disabled for us corps that don't want the added bloat.
This is the other major reason I referred to above. When it comes to the
actual or perceived security of Windows systems, no one has a bigger dog in
the fight than Microsoft. Unlike other security software vendors, however,
Microsoft has additional dogs in the fight besides security, such as the
overall performance and stability of its operating system. That's why I
think that Microsoft will ultimately do the best job of striking the right
balance between performance, stability, and security. There is no such
thing as a system that is too well-performing or too stable, but there is
such a thing as a computer that is so burdened with redundant and unnecessary
security protection that performance and even stability begin to suffer.
Again, when it comes to security, good enough is good enough.
Ken
I always turn that stuff off whenever I can.