What is the differnece?

  • Thread starter Thread starter DotCom
  • Start date Start date
D

DotCom

Can someone explain in a concise manner the difference between all these
security programs MS in coming out with:
Anti-spyware
Defender
OneCare

I'M SOOOO CONFUSED!

DotCom
 
DotCom said:
Can someone explain in a concise manner the difference between all these
security programs MS in coming out with:
Anti-spyware
Defender
OneCare

I'M SOOOO CONFUSED!

DotCom
Click to expand...


Over a year ago, Microsoft purchased Giant AntiSpyware and renamed it
Microsoft AntiSpyware beta 1. Then they began to extensively tinker with
it. They released a 2nd beta of this program last month, but changed the
name to Windows Defender beta 2. The final version will probably be called
Windows Defender as well.

The final version of Windows OneCare will be a fee-based program (about
$50 a month, I believe) that you download/install. The beta is currently
free. OneCare is a comprehensive maintenance program that has anti-virus,
anti-spyware (coming soon), two-way firewall, disk cleanup, disk defrag,
check disk, and probably a few other maintenance tools. All these programs
run on a set schedule that you approve, without any user action required.
Sounds impressive, but you can get good anti-virus, anti-spyware and
firewall programs for free elsewhere.
 
I'm sorry while I have been a stuanch defender of MS through my Long Computer
technical career I trully belisve that this suite (One Care) should be built
in to the OS (Flame ON I got my fire retardant Undies on)
 
I think there would be some significant antitrust rumblings among competing
antivirus vendors.
--
 
I agree with Bill. However, the larger issue is a mis-understanding of what
an Anti-virus and firewall do.

They aren't there primariliy to protect the OS, but rather the user's
personal information. Only a small proportion relates directly to the OS, the
rest includes things like other applications, browsing (Phishing, etc.) and
the largest current problem, the user's themselves.

In fact, Microsoft's primary responsibility is to provide Security and other
updates to fix vulnerabilities in the OS, which they already do for free. The
reason most anti-malware provides significant OS protection is as a backup to
the discovery of new vulnerabilities and the delay or total lack of applying
these updates when they are already available.

Though many would like to relate all of this to the Operating System itself,
the problem is much broader and relatively new. Thus no operating system
really protects it's user's to this degree and Windows is the target simply
because it's got the largest exploitable user base. If all of these average
user's were using a different OS, it would be the target with the same
issues. So does the MAC or Linux provide free anti-malware with the OS?
 
Both of you have valid points, however in a large majority of cases the
viruses, and exploits are attacking the OS itself, or the componets of the OS
(IE, Media Player ect) I think third party AV hasn't a concern I for one
don't leave my Clients or myself with 1 defense mechinism, but instead use a
multi-tiered approach
 
Absolutely, multi-tiered security is exactly what Windows Defender and
OneCare are all about. In fact, with Defender free, the primary OS
protections are really already there, less some browser protections that are
coming in IE7. As I understand it, there's an improved firewall in Vista,
though I know nothing about it myself.

Once Defender and IE7 are in place on a Windows XP system, the need for
anti-virus (AV) is much reduced. It really comes down to detecting files
containing known malware at entry points, such as email, disks or directly
pushed in via open ports (file sharing).

Since anti-spyware detects and flags both known and unknown malware as it
attaches to the OS, it's really like a 'smart' AV. All it will take is to
include common virus/worm/trojan signatures in the definitions and there'll
be no need for anti-virus anymore. I personally believe this is where
anti-malware should be heading, since AV is simply detection of files which
may or may not become active. The Quick and Full scans can also look for
these 'dropped' files and your email provider should be performing some type
of anti-virus check already to reduce the bulk from this entry point.
 
I don't disagree with your background discussion, but Windows Defender isn't
as currently designed, meant to supplant antivirus--and I wouldn't want
folks to think that it will. The definitions available to the real-time
scanning facility won't include many viruses, and updates will not be as
frequent as required to meet new virus outbreaks.

Users still need an antivirus--and Microsoft will be producing such an app
in both the Enterprise and the personal space:

http://www.microsoft.com/windowsserversystem/solutions/security/clientprotection/default.mspx

http://windowsonecare.com/

--
 
That's true and I didn't say that Anti-virus is unnecessary, as I stated in
the following sentence about the entry points that still exist for file based
exploits, currently detected by Anti-virus.

"It really comes down to detecting files containing known malware at entry
points, such as email, disks or directly pushed in via open ports (file
sharing)."

In truth, the Windows OneCare product is the current state of the art,
containing a combination of Anti-Virus, Anti-Spyware and Firewall. Eventually
the often arbitrary designations separating the different types of malware
will look as foolish as they really are and the protection systems will merge
completely. The only useful modularity is in the design of the
detection/protection modules which are already being refined in products like
OneCare.

Having two products scan the same files twice for different sets of
signatures simply because the original delivery systems are different is
quite pointless. In fact, the sweeps performed by Anti-Spyware scanning have
often exposed the existence of malware to the real-time file system
monitoring of Anti-Virus, even when produced by different organizations.

We're not there yet, but it's getting closer.
 
Hi
In truth, the Windows OneCare product is the current state of the art,
containing a combination of Anti-Virus, Anti-Spyware and Firewall. Eventually
the often arbitrary designations separating the different types of malware
will look as foolish as they really are and the protection systems will merge
completely. The only useful modularity is in the design of the
detection/protection modules which are already being refined in products like
OneCare.
Click to expand...

Well.... call One Care "State of the art" ???!

It´s IMHO bloaty and have a firewall which is open for the bad guys to
use.

http://news.com.com/2100-1029_3-6033589.html

http://www.benedelman.org/news/020305-1.html

regards
plun
 
After I made that reply, I was looking through an error log from a failed
Windows Defender update that is posted in one of these groups. The text
description of the Defender update included the word virus, among others, in
the names of things that the update was meant to detect.

The scanning engine for Windows Defender and for OneCare presently have
different names--and I assume are different code--but I may be wrong about
that, and it may well be that the longer term plan is for a single scan
engine to do the work for all classes of malware--that seems only logical.

--
 
Hi Plun,

I shouldn't have stated that Windows OneCare is State-of-the-Art, since it's
really still a Beta at this moment. However, the current real situation for
much of the OneCare target market is severely out of date or nonexistent
antimalware and OS updates, at least until a major malware infestation
occurs. Then everything gets updated or installed in a flurry, and ignored
until the next malware infestation.

The Windows OneCare Team responded to the firewall issue in their blog here:
http://spaces.msn.com/windowsonecare/blog/cns!C29701F38A601141!598.entry

The key issue isn't the firewall itself, rather its the Digital Signing and
Java. Ben Edelman's blog article exposes issues with VeriSign's handling of
certificate registration that need to be addressed regardless of the
certificate type. The CNET News.com article would concern me more had it come
from an independant source, rather than the security management arm of
McAfee. Allowing Digitally Signed ActiveX to pass through, since it is easily
identified, associated to a specific organization and blocked if necessary,
seems less risky than requiring the average user to decide.

The fact is that OneCare has the existing malware protection industry
running scared, which is a good thing for all of us. OneCare has defined what
a basic protection suite should really look like (AV, AS , FW), with the
'extras' simply invocations of existing Windows provided tools or functions
in most cases. This is the least bloated combination product I've ever seen,
with many previous users of major competing products echoing this sentiment.

Sure, a techie could put together a leaner set of products, but it would
require a techie to operate it, which is the primary problem with existing
products. But the best part is it's causing the antimalware industry to
respond in kind, with products for a broader range of customers, per the
following article and I'm sure many others.
http://news.zdnet.com/2100-1009_22-6034127.html?tag=zdfd.newsfeed

Bitman
 
Bill,

Though it's obviously possible to combine a number of detection systems into
a single 'Engine', I'm not concentrating on that side of the equation in my
comments, so don't let me confuse you.

There are potentially good reasons to maintain independant
detection/protection modules for different methods of either delivery or
detection. Partially this could be due to design issues or the efficiency of
operation, say on hyperthreaded processors. There is also the potential issue
of direct DoS attack on the engine(s) by malware, where an alternate engine
might leave some level of protection in place or even protect the other
engine from attack. These are really internal design issues though, and
weren't my primary focus.

My intended focus is the user interface end of the system, which now
encompasses much more then the main GUI screen. With all of the alert
notifications and configuration that exist in these systems, you'll note the
obvious overlap in antivirus and antispyware. They both contain similar sets
of detection, protection, configuration and management.

To the average user, the differences in these malware are elusive and
confusing, which makes them an issue. Since the purpose is to detect, block
and remove or quarantine in both cases, these systems should appear to be one
to the user, since subtle differences can confuse. How this is performed on
the backend is unimportant to the user, since they have no real control over
it and simply expect it to perform as they ask.

As you stated, you can't effectively have antispyware without antivirus, and
the reverse is also true. However, creating entirely duplicate systems to
perform both tasks is both operationally inefficient (duplicate scans) and
confusing to the user as the recent attempted merge of Defender into OneCare
is clearly showing. That's why I believe the overlapping requirements will
eventually merge both internally and in the user interface, where it's really
more important.

I won't tell the antimalware team how to design their specific backend. I
will, however, say that the separate definitions of Virus, Spyware and all
their variations are lost on the general population and serve no purpose in
protecting them. The ultimate goal of OneCare to simply 'make it work' leads
to this obvious conclusion, and so eventually will its own evolution.

Bitman
 
Back
Top