I used Windows OneCare last year but am presently running free Avast and am satisfied with it.  But, curious if anyone has an opinion about this new offering due out end of this month.

http://www.maximumpc.com/article/news/microsoft_offer_free_antivirus_software

Indeed I do have an opinion.  Microsoft has to create software which they are “generous” enough to give away for free that is made to protect you from threats that take advantage of their own operating system’s vulnerabilities.  That seems completely ridiculous to me.

You pay a lot of money for a license to use Windows (it’s not even yours to own), then you have to either pay more money (Norton, McAfee, etc) or hopefully find something free (Avast, AVG) that will do the trick of making sure your system, your personal data, and your files don’t get PWNED.  Even more ridiculousness.

It should be protected out of the box when you lease it.

Are you suggesting the freebie is not worth downloading? I would really like to know, comparitively speaking, what’s the best deal here? I’ve tried a number of free services and am using Avast but how is the average Joe to know which is good enough?  Is there some truth to the idea that unless you pay for it you aren’t getting the best protection?

I was in the habit before OneCare, of buying Norton System Works, an older version, usually paying $20, but the OneCare needed no monitoring or relatively little.

Quite the opposite!  I am all for free, open source software.

I use Avast or AVG on my two Windows boxes.  Both have free versions which work quite well.  I have read recently that Avast does a better job at real-time, active detection, so I think I’ll migrate to it.

Norton and One Care are both trash imo.  The best defense to back up your files, its always free and there is no better way to be virus free than a clean install.

What happened to Norton? It used to be great, and then about four or five years ago, it became all but useless bloatware.

Steve Shanafelt - 19 June 2009 05:17 PM

What happened to Norton?

Mergers and acquisitions, they have become a jack of all trade master of none. Top that off with the fact that you need another program to remove the software you purchased from them, oh yea they also killed Sygate personal firewall and replaced it with crap!

Their enterprise solutions are quite nice though.  That’s where they make their bread and butter.

willc - 18 June 2009 12:51 PM

Microsoft has to create software which they are “generous” enough to give away for free that is made to protect you from threats that take advantage of their own operating system’s vulnerabilities.  That seems completely ridiculous to me.

The really sad part is that Vista and 7 are considered the most secure consumer OS. (Not including FreeBSD and UNIX) However the mass care less about their OS security, when MS and NSA pushed the XP/Vista patch that contained a backdoor into all Windows machines no one said a word.

Will - 21 June 2009 10:14 PM

The really sad part is that Vista and 7 are considered the most secure consumer OS. (Not including FreeBSD and UNIX) However the mass care less about their OS security, when MS and NSA pushed the XP/Vista patch that contained a backdoor into all Windows machines no one said a word.

What?  Do tell where you heard this from.

About the backdoor or MS being secure? :)

This was designed and pushed by the NSA. It is now installed by default on new Windows machines.
http://en.wikipedia.org/wiki/Dual_EC_DRBG

http://www.schneier.com/essay-198.html

The fact that the NSA also has their hands in most Linux OS leads me to believe they already have or are currently working on a backdoor into Apple’s OS.

http://www.nsa.gov/research/selinux/index.shtml

/tinfoil hat

Another reason to use Ubuntu.  Still, I have my doubts:

From the Bruce Schneier (a highly respected cryptanalyst and information security guru) article you linked to:

It makes no sense as a trap door: It’s public, and rather obvious. It makes no sense from an engineering perspective: It’s too slow for anyone to willingly use it. And it makes no sense from a backwards-compatibility perspective: Swapping one random-number generator for another is easy.

From another article of his:

Microsoft has added the random-number generator Dual_EC-DRBG to Windows Vista, as part of SP1. Yes, this is the same RNG that could have an NSA backdoor.
It’s not enabled by default, and my advice is to never enable it. Ever.
EDITED TO ADD (12/18): I should make this clear that the algorithm is available as a program call. It is not something that the user can enable or disable.

As for SELinux, which I use on numerous Red Hat servers at work every day, I find it very difficult to believe there could be any such back door.  In enterprise data centers there is often so much intrusion detection and traffic monitoring going on, red flags would start flying as soon as one of these back doors was accessed.  Not to mention the security mechanisms in place on the individual systems themselves. I know that is true where I work—we monitor everything very heavily with firewalls, NIDS, HIDS, and more. 

Not only would they detect a back door on a Linux server, but they would also detect back door access to any of the 200+ Windows boxes here.

While there are definitely some unanswered questions about Dual_EC-DRBG, and it has obvious potential vulnerabilities, it seems quite far fetched that it is being used to snoop on private computers of citizens.  There are much easier, less overt ways to do that, if the NSA really wanted to.

Why use an algorithm with such weaknesses? There are others that are considered much more secure without the flaw. As for the speed it does not need to be fast if say they wanted to take control (remote admin) the machine at hand. 

I don’t think the NSA or anyone else would use these possible backdoors to spy on anyone. It could be there just in case. Maybe to control the flow of information in a crisis such as the one in Iran. Sorry I just don’t see the NSA giving away anything to the world without some major benefit.

While I don’t doubt your system is heavily monitored, once someone has root level access you choices are much more limited if you want to gain control of your systems. RedHat has had it share of failures as well, they were duped into distributing a trojan to there Red Hat Enterprise customers such as yourself in the past.

Will - 23 June 2009 02:34 PM

Why use an algorithm with such weaknesses? There are others that are considered much more secure without the flaw. As for the speed it does not need to be fast if say they wanted to take control (remote admin) the machine at hand.

Well, I wasn’t arguing for using it ;) As Schneier mentioned, it is slow, clunky, not secure, and public, so it’s best not to use it for any reason.  I was questioning why the NSA would use something so clunky and obvious if their goal was to be surreptitious.

Will - 23 June 2009 02:34 PM

I don’t think the NSA or anyone else would use these possible backdoors to spy on anyone. It could be there just in case. Maybe to control the flow of information in a crisis such as the one in Iran. Sorry I just don’t see the NSA giving away anything to the world without some major benefit.

I’m curious as to how that would work, exactly.  Controlling the flow of information through an unused encryption algorithm?

Don’t forget, the NSA is a public service, and they exist for protecting you.  For example, they offer excellent guides on hardening servers to protect from exploits such as those you are talking about.

If you want to control the flow of information, it would be much easier (and quicker) to take out the root DNS servers in the US—something the NSA could probably do if they wanted to.  Or, just tighten your grip on the ISP’s.

Will - 23 June 2009 02:34 PM

While I don’t doubt your system is heavily monitored, once someone has root level access you choices are much more limited if you want to gain control of your systems. RedHat has had it share of failures as well, they were duped into distributing a trojan to there Red Hat Enterprise customers such as yourself in the past.

How would the NSA gain root access through SELinux?

SELinux is completely open source (as is Red Hat), so the code is there for everyone to see.  SELinux is not an application, rather it is a set of policies.  There is no way to use it as an application to gain entry via a back door.  By now, every piece of code in SELinux has been scoured through by sysads everywhere (not to mention the development team), so anything hidden in it which the NSA could use to monitor or take control of your systems would have been found.

Lastly, Red Hat Enterprise Linux wasn’t duped, exactly, rather someone found a way to exploit a couple of OpenSSH packages and sign them to look like they came from Red Hat.  It was detected quickly and fixed.  This did not effect the Red Hat Network, which is what Enterprise customers use to update their systems (more on that here).

Whatever all the experts say about it, I am using Microsoft Security Essentials Beta as of an hour ago.

https://connect.microsoft.com/securityessentials

I was questioning why the NSA would use something so clunky and obvious if their goal was to be surreptitious.

No idea, why push for its use in the first place?

I’m curious as to how that would work, exactly.  Controlling the flow of information through an unused encryption algorithm?

It is now enabled by default so its not unused. If it was access to a backdoor it would be simple. Gain admin control and download your desired script, say one for DoS. Do this for every Windows machine that has this enabled and you could have one hell of a DDoS.

If you want to control the flow of information, it would be much easier (and quicker) to take out the root DNS servers in the US—something the NSA could probably do if they wanted to.  Or, just tighten your grip on the ISP’s.

No and no imo. Thats only half the battle so to speak. Iran already has a very tight grip on its ISP. They all run through government servers I think and they cannot control the flow of information.

How would the NSA gain root access through SELinux?

The same way you do. I am not suggesting that the NSA has a backdoor into the kernel at all, I am just suggesting it has to be of some benefit to them to release this other than the greater good.