“Customers will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets the following registry key”
Another incentive to stop using questionable AV software (since this was implemented because they can't get their act together).
No, another incentive to stop using Windows. 3rd party applications should NOT be responsible for insuring that the OS can receive critical security updates, and Microsoft should not be relying on 3rd party applications to determine whether or not their customers receive critical OS security updates (and of all things, hilariously defaulting to 'no')
From the article: "There is a problem where some anti-virus vendors are using techniques to bypass Kernel Patch Protection by injecting a hypervisor which they use to intercept syscalls and make assumptions about memory locations — memory locations which are now changing with the Meltdown fixes."
Difficult situation for Microsoft. If you install applications which mess with the operating system in unsupported ways you can't expect your system to function correctly with automatic updates. On the other hand, users are likely not aware of what they have done and bricking millions of computers is also not good. Might for example cause a backslash when people stop updating their systems.
This sounds like a quick and dirty fix they put in place while figuring out what to do.
I'm not sure it's that difficult for Microsoft. Unless I misunderstand something, the requirement is on the antivirus systems already registered with Microsoft. They had half a year. MS could force vendors to patch their shit in a few weeks by giving them an ultimatum: in January, either you don't interfere with kernel patching, or we're showing your customers "you antivirus is stopping you from receiving latest security patches, consider finding an alternative vendor".
They have reasons for doing it the other way, but I definitely blame them for not standing up to crap AV vendors in this and many other situations.
They could, but this isn't just a technical issue it's also a legal and political issue where several AV vendors are currently suing MS in the EU for alleged anti-trust behavior. So the lawyers compromise everybody's security.
that seems like a fairly questionable blame-shift for MS. If they don't have the guts to provide even that level of protection, yet more reason to shift away from them except for trivial things like gaming.
So if you edit the Kernel on your version of Ubuntu, then Canonical should be held responsible?
That seems like a crazy thought process. You're running software that modifies Window's internal functionality. The vendor knows it's unsupported. How can you blame the company who just made the platform you compromised?
Might as well set your root password to "password" and open it to the public then complain that the security is bad.
In fact your kernel does become "tainted" if you install unsupported kernel drivers (the closest equivalent to what the problematic Windows AVs do). If your support comes from RH, SuSE or similar vendors it usually becomes limited, depending on the kind of taint.
That's definitely one of the reasons to do it the way they have. But it's their choice. They chose to have a technical/security problem rather than a political/legal one. Or specifically they choose the customers to have a problem rather than themselves.
>>> I'm not sure it's that difficult for Microsoft.
Yes it is.
AV use various hacks and exploits to hijack calls to the kernel. How did you think they notify you of an infected file before you open the infected file? The AV intercepts kernel API calls to list and open files.
I wouldn't be surprised if the patch for meltdown/spectre breaks these techniques. Generally speaking, these techniques will crash the system if they didn't work as intended. Microsoft doesn't want AV to BSOD millions of computers so they don't update when they detect an AV. It's perfectly reasonable to me.
Might for example cause a backslash when people stop updating their systems.
So, again, the "where do you want to go today?" company decides "never mind, this is where you are going: we're stopping updates because you might have thought about it."
The problem is that anti-virus software is not a normal application, it is a weird, very complex kind of parasite that burrows deep into the operating system. This means Microsoft must be very careful, lest the parasite unintentionally kill the host.
Symbiont. The word you're looking for is symbiont, not parasite. A symbiont lives in harmony with the host, exchanging something in exchange for the resource it consumes (in this case protection). A parasite just takes, and gives nothing back to the host.
(Of course, let's ignore the obvious joke about some AV solutions like Symantec.)
Yeah, the distinction between a symbiont and a parasite is mostly of degree, not kind, and AV software these days is increasingly being found on the blurry line between the two.
> > and of all things, hilariously defaulting to 'no'
> It does not default to "no" since the default is to run MSE / Defender.
I think that it's reasonable to read the grandparent's post as meaning "defaulting to 'no' under certain conditions on the system". It would surprise me if there weren't plenty of users out there who have legacy workflows with antiquated antivirus software still running, either because they set it up and haven't changed it or because their local tech geeks set it up and they don't know how to change it. I know that, as I've tried gradually (and unsuccessfully) to ease back into Windows after a long time away, it's been hard for me to believe in Defender as a full AV solution, and my first instinct was to run old favourites like ClamAV as an extra layer of defence.
Seems like the EU and/or the FTC would want to talk to microsoft about microsoft requiring microsoft's AV to be installed before microsoft will update the OS.
Windows isn't going anywhere, if for no other reason than because Microsoft Excel is basically electronic paper to the business world -- and there is simply no adequate substitute for it. (No, neither OpenOffice Calc nor any of the Web-based offerings -- including Microsoft's own -- count.)
Coping with Windows is a fact of life. Get used to it.
Agreed. MS should cut off shady AV software if they are interfering in the windows update or security of the system. If they don't it tells us they have AV vendors higher on their priority list than end users. And that sucks.
> Microsoft should not be relying on 3rd party applications to determine whether or not their customers receive critical OS security updates (and of all things, hilariously defaulting to 'no')
The default is to use the 1st party product, Windows Defender, which defaults to 'yes'.
I'll never understand why AV is a third party software solution. I don't buy an Audi and then go to some other company and buy ABS and seat belts. This is a MS issue and should be handled in house.
Why doesn't Microsoft supply every component? Because of Anti-Trust Lawsuits. Microsoft has a monopoly position as a desktop operating system vendor. Any time they bundle software with the OS, it's grounds for a lawsuit in Europe.
Right, but MS provides AV or you can install a third party option instead. Just like you can install aftermarket brakes, suspension, ECUs or even seats and seatbelts in your Audi.
Ok but now you are talking about a different product (a PC) vs Microsoft Windows. The third party AV vendors are paying the PC manufacturer to bundle their products, they are not paying Microsoft.
In the PC case both Windows and AV are third party products.
In terms of catching viruses that are out there in the wild, ClamAV is the least good antivirus solution. But hey, open source and completely auditable!
Clamav (clamWin) will happily false positive and quarantine all sorts of files on a windows box, occasionally including required system files. I've tried it on 3 different boxes at different times over the past ~5 years and the amount of false positives was insane every time.
I don't think its ready to be run on Windows boxes unless you are a power user willing to manually verify ~100 files are not actually malware.
You can’t just stop using AV software I’m told. The key is checked for everyone, including people with no AV. Contrary to the sensational headlines, it is implied to be a temporary measure. It’s not really clear whether you’d have to only do this manually once, or on every subsequent update.
If you do it once, it may be that your AV isn't compatible with the patch and will cause your system to bluescreen and maybe not even turn on, so no, you really shouldn't do that.
Microsoft could at least pop up a nag screen every 15 minutes to notify the user that their AV software is crap and needs to be removed. The average user wont know that their AV is actively keeping their OS unpatched.
at initial patch release, not even all the well known had the registry key setting in place.... so its not just about questionable AV software when big corps considered "safe" (debatable) didnt have "their act together" either.
Perhaps one advantage of the walled-garden of Windows S. No virus checker needed if every piece of software is vetted by an online repository and everything runs in its own sandbox
Another incentive to stop using questionable AV software (since this was implemented because they can't get their act together).