StillSecure, After All These Years

One of the newer, but very well known members of the 155+ blogs of the Security Bloggers Network, is the Errata Security blog from Dave Maynor, Rob Graham and Marisa Fagan.  Dave has a post up today about his frustrations with trying to remove McAfee AV from his new mobile phone. I share his frustration.  Having run Windows Mobile for over a year now and changing ROMS in addition to installing and deleting a multitude of applications, I am often frustrated by the lack of visibility you have into the files and system on Windows Mobile.  if an application does not remove itself cleanly, you are hosed.

A far larger frustration for me though is removing AV vendors security from any computer, mobile or otherwise.  It is not just a McAfee thing either.  Symantec, CA and Microsoft are just impossible to remove with out a major pain.  What is the reason?  Do they make it hard because they think people might remove them by mistake?  I don't think so.  Like Dave says, when does AV become a virus itself?

Was reading Amrit Williams blog today on the AV market and followed a bunch of links back to read more. I have to say reading the articles left me with just a bad taste in my mouth for where is the innovation in security, especially the AV market.  As Amrit points out, the first article has Eva Chen CEO of Trend proclaiming "the AV industry sucks".  She says with 5.5 million new viruses, how can anyone claim they are doing a good job.  I don't disagree with her but unlike Amrit, I don't think the Trend response is such an innovative response. In fact I think it is exactly what the folks at Panda Security in Spain have been talking bout doing for some time now.

A couple of other things that Eva says I found disturbing as well. Most of all was her analogy of open source software and proprietary software to capitalism and Communism.  I don't buy into the whole open source - socialist/communist thing.  I think it once again shows that Eva Chen doesn't get open source at all.

The other interesting article that Amrit pointed out was one announcing the new Symantec endpoint management suite. This represents Symantec integrating endpoint security suite with the Altiris management platform.  I think Amrit is right about it takes more than slapping it all in a yellow box and putting a portal interface on it.  Often times that amounts to little more than seeing how high you can make that pile.

These days every one wants to be seen as green.  Larry Seltzer over on PC Mag has an interesting story from McAfee Avert Labs that using anti-virus on your computer is green. The reasoning goes that by keeping your computer free of malware, your CPU usage stays lower, thereby using less energy and lowering your carbon footprint.  OK, I get it.  My question is what about all of the extra CPU cycles that some of the bloated endpoint security suites use on all of these machines they are installed on.  I would bet that they far outweigh any energy savings from clean machines. 

I guess in place of wrapping yourself in the flag, the thing to do now is wrap yourself in the green thing. How long will it be until some company hires Al Gore to hawk thier technology. In the meantime I would beware of Jolly Green Giants.

Over the last day I have had more of a chance to think on the Trend Micro-Barracuda patent war.  I have also done some more research and reading on this one.  In my earlier article I said that this is not about open source so much as it is about gateway anti-virus.  Upon further reflection though I am not as sure.  Here are some other facts to consider:

1. ClamAV may have as many as 1 million users downloaded updates daily. This makes them at least a potential formidable competitor to Trend.  One that I am sure Trend would like to see go away because they can't compete with them on price.
2. Going after individual users of Clam would be like herding cats.  There is no way you can hit them all.  At best you may get a few high profile cases.
3. Barracuda has deep pockets. Instead of herding cats go after one fat cat who has deep pockets to pay you the kind of money you want and send a message to the rest of the cats that they could be next, so either use another AV (like Trend for instance) or pony up some fee for patent use. 

In fact the above scenario is not terribly different than the recording industry going after napster. It was easy to go after one relatively fat cat, rather than herding and chasing a bunch of smaller cats.  In fact the recording industry has given themselves something of a black eye by going after poor grandmothers and children for illegal downloads. I think Trend tries to avoid the same type of black eye by saying this is not about open source but just AV. It is about open source.  They just don't want to be perceived as going after open source and don't want to chase the small fry. But do they want ClamAV as a competitor? Probably not.

4. Trend's decision to pursue this in the ITC seems abusive.  Barracuda does not import the ClamAV software. It is downloaded from servers here in the US. The servers are assembled here in the US as well.  This case does not belong in the ITC and should be thrown out of there. It may have served Trend well with Fortinet who was importing their products into the US, but it is the wrong venue for this suit.

All that being said, I think that this more than ever still demands that Sourcefire as the owners of ClamAV step up to the plate here. If I was a paying customer of Sourcefire for Clam and was subject to a patent infringement case, I would expect them to defend.  I think the fact that Barracuda does not pay them today evidently for the use of Clam is not reason enough to let Barracuda take the brunt of this battle on.

Also looking at the proof gathered, I think there is a better than even chance that this patent will be thrown out. If so Barracuda will have done the open source community and the gateway AV industry a huge service.

Just a little while ago I wrote about the Trend Micro - Barracuda Networks legal tussle where Barracuda is alleging Trend with patent trolling with its controversial patent '600.  I made reference to the fact that why didn't Trend go after the big boys. I wanted to know where was the calvary coming to the rescue here, not leaving Barracuda to fight this fight alone.  Well it takes a big man to admit he did not know all there was to know on the subject.  As several folks pointed out to me, Trend has in fact sued both McAfee and Symantec over this very same patent. Though I have not been able to find anything that points to the outcome of this suit, it makes the most sense that probably there was a quiet cross-licensing deal worked out with some cash changing hands. Symantec and McAfee were not the only ones to be sued either. According to this article, Fortinet actually had a disruption in its distribution as a result of ITC investigation instigated by Trend (the same tactic they are using here), and then totally redid their AV module to avoid any technology that could be deemed to violate the patent in question. This article claims that several companies have been sued in the past and have settled out of court, despite never admitting to the validity of the patent.

I guess that means that Trend must be working out reasonable terms with these companies and begs the question, why didn't Barracuda take a deal?  Dean Drako claims he was never able to speak to someone to work out a deal, but who knows at this point. What does seem clear is that Barracuda has done some real research in trying to have this patent overturned.  If Dean and Barracuda are successful in doing so, more power to them and another blow struck against silly patents. 

Now what about the rest of the calvary? It still seems to me that this is too important an issue for Sourcefire who owns Clam to be sitting on the sidelines.  I am still waiting for them to join the fray or has Trend already scalped them too?

For those who don't know, Barracuda is involved in a wicked patent fight with Trend Micro over the use of Clam AV gateway anti-virus. It seems according to a 1995 patent issued to Trend Micro, they claim that virtually all gateway AV that removes viruses as they move through a SMTP or FTP proxy servers are covered under this patent. Barracuda uses the popular, open source Clam AV product in their appliances and Trend says their use violates the patent.  Evidently this little tiff has been going on for some time, with Trend filing a complaint with the US International Trade Commission in addition to the conventional law suits. Trend also claims that their position here is well established and several previous suits and claims have been upheld including a settlement with Fortinet (does Fortinet use Clam AV too?).

My position is that this is a perfect case of why so much of this patent  stuff is just full of beans.  How can Trend have a patent on gateway AV. If they do why are they wasting time piddling around with the likes of Barracuda.  Why don't they go after the big boys like Symantec or McAfee? Something tells me there is a reason why Trend does not.  Either they are not as confident in their claim as they make out to be or Symantec and McAfee know something that the rest of us don't.  Maybe they have proof of prior use before the patent was filed. 

Many in the open source community including Richard Stallman (no surprise there) and Eben Moglen of the Software Freedom Law Center have joined in to support Barracuda in this legal battle.  Barracuda is in fact very much painting this as an attack on open source and looking to the community for support.  Trend for their part says that this is not about open source or even Clam AV, it is about filtering virus pursuant to the techniques they patented.  Again, my view is I don't think Barracuda is doing anything different than other ClamAV users.  Though Trend's claims may go to all gateway AVs, clearly this is about Barracuda using Clam and about Clam. 

So here is my question: Why haven't we heard from the owners of ClamAV. Sourcefire bought them in August I thought.  This could effect them as much as anyone. They are big supporters of open source and as a public company can bring resources to bear on this.  Why has Marty, Wayne and gang been silent on this.  I would think they should be leading the charge here and standing up for their product.  Leaving Dean Drako and Barracuda to fight this fight on behalf of the Clam community is not fair and also could have repercussions down the road to Sourcefire without them being involved. Is it that Barracuda is not paying for their use of Clam?  I don't know what the answer is but it will be interesting how this plays out.

Blogging this while waiting on the phone for a Microsoft Live One Care technical support person.  I have been on the phone for about 25 minutes, oops someone just picked up, hold on. OK I am back.  The friendly Microsoft technical person, David has me on hold while he researches my problem.  He doesn't sound like a Dave though.  I know that outsourced call centers like to have their people use Western sounding names to make us more comfortable, but frankly I always feel like I am talking to some dancer at a strip club who tells me her name is Kitty or something.  I would perfer they use their real name.  I am a big boy and can deal with it.

Anyway, back to the story. I had installed (and paid for) OneCare on Bonnie's computer a while back. For the most part it has been fine, but frankly Bonnie doesn't get into many high risk activities on line. I knew I was in trouble though a while back when I asked my youngest son Bradley (5 at the time) what he was doing on the computer and he told me he was "Googling".  Then just a few weeks ago, my oldest son Landon told me about this cool 3-D screen saver of fishes he can get for free.  I knew we were headed for trouble.

Anyway tonight I noticed the little green one care icon was no longer in the tray.  My security center was in the red with firewall and AV off. When I manually tried to start OneCare I got an error message that said to restart the machine.  I did that, same problem.  Then I uninstalled OneCare (another reboot) and installed it again.  Same problem.  When I tried to start the service I get another error message. So I log onto the OneCare help site and follow the automated FAQ, useless.  I then try to do a live chat with support after figuring out how to log in to my account (they don't make it obvious). The chat asks to run a diagnostic to help which takes another 10 minutes.  Then the chat client loads only half way and freezes.  Back to go, don't collect the 200 bucks!

Now I log back into help and pick 24 hour phone support.  Same diagnostic gathering takes another 10 to 15 minutes and they give me a phone number and case number.  25 minutes minutes I am on the phone on hold and finally Kitty, I mean Dave gets on to help.  Dave tells me he is going to log into my computer (BTW I find out Dave's name is Jesus, I would have been fine with that).  He logs in with my permission and after 3 or 4 or 5 reboots and checking he confirms it was a corrupted file that he had to reinstall which he did.  Bada bing, badda boom, we are all fixed and good to go. We than rechecked everything and its all good.  While we are on the phone I talk him into downloading Cobia and playing with it, hey ABC (always be closing).

So while the whole thing took over an hour and a half, Dave from Manilla did a heck of a job.  What started out as bitch rant about Microsoft's OneCare support doesn't end that way and as they say in Manilla we have a "happy ending".  Now lets hope it keeps the computer protected from the next thing my kids play with!

According to this PC World article based upon the annual CSI report, 2007 represents a watershed year for security incidents. Insider incidents (59%) were more widely reported than incidents involving computer viruses (52%) in the last year. Laptop and mobile theft was also hot on the heels of viruses with 50% reporting incidents.  I should mention that overall incidents are still trending down from their all time high in the year 2000.

But what does the increased incidence of insider threats and device theft mean for the security industry.  It could be big news.  It is what is driving encryption and data leakage.  In many ways it is also what is driving the NAC market.  For too long, too many security technologies were focused on stopping malicious traffic that may contain a worm., trojan or virus.  Not without reason, but are the AV folks a victim of their own success?  Lets not shed any tears, overall AV is still a cash cow.  But the time has come for the security industry to focus in on what is causing the greatest turmoil and harm now.  That is not virus or worms, but insiders and data theft.

With a tin ear for customer sentiment, Symantec's CEO says consumers are paying less for security products and John Thompson says Microsoft is to blame, according to this article in Network World. And this is a bad thing because?  The Symantec CEO trots out the "M" word to describe Microsoft's pricing scheme.  He says price isn't everything and the Microsoft products still don't measure up to his own companies products. 

However, I have to wonder if his marketing/PR people could not come up with a better angle then blaming Microsoft for people paying less for security. Are we supposed to shed yellow tears for poor Symantec not being able to charge more? I for one am glad that consumer AV and security is finally following the pattern of other consumer software by getting cheaper as time goes by.  For too long consumer AV was artificially high and never seemed to suffer from price competition.  What could John say next, Microsoft's competition is forcing Symantec to make a better product?  Come on John, give us a break.

Saw the announcement today on Sourcefire buying ClamAV.  My first thought was why and how.  How do you buy an open source project.  But that became obvious reading the press release.  All of the copyright holders of the ClamAV project agreed to sell their rights in the software to Sourcefire.  You have to admit that it is a different kind of acquisition.  I did not bother doing the math, so do not know how much Sourcefire paid. 

For those who do not know ClamAV is an open source gateway AV project.  It is very widely used within many UTM solutions and MSSP offerings.  So how does Sourcefire monetize this?  What does this mean for ClamAV's customers.  If you are an individual or corporation using ClamAV as a stand alone product, it means you will still probably have free use of the AV engine.  However, any AV is only as good as its latest update.  We will see similar to what was done with Snort, a VRT certified, pay for AV signature update feed?  Will people not paying for the feed get updated AV signatures on a delayed basis?  What about all of these people using ClamAV in their UTMs?  Will we see a "clarification" to the ClamAV license that says they can't use it as part of UTMs?  Will Sourcefire now seek to commercially license the product to all of these UTM and MSSP vendors?  I don't know, but it seems likely, based upon their past moves.

AV is not exactly a cutting edge technology but it can be a cash cow.  There are lots of options in the AV market.  If I was a UTM provider or MSSP using ClamAV right now, I would be exploring my options, waiting for the other shoe to drop here. I think this once again shows that if you are incorporating open source tools into your technology as a vendor, unless you own the copyrights, do so at your own risk.

A recent visitor to the blog commented that my last post about what Hooter girls use for protection was hypocritical in light of my anti-booth babe stance.  I did some soul searching and have to agree with the comment. It was a sexist post on two counts.  One was the tongue-in-cheek play on the word protection, which frankly I could live with.  The other thing was relying on the picture of the two hot Hooter girls to get your attention (and frankly I didn't mind looking at them myself).  That was clearly exploitive and sexist and the reader was right to call me on it.

So in the interest of fairness and to keep my reputation for speaking out  against sexual exploitation, I am posting this picture of a Hooter's guy.  You can assume that he is using Sophos for protection as well.

OK, I could not resist after reading this article in ITPro.  Looks like the food chain with the scantily clad women is replacing their current anti-virus solution with Sophos.  Sophos is doing a good job of moving beyond just AV into endpoint solutions.  It doesn't sound like this is a NAC deal, but the way Sophos is packaging they have certainly moved beyond just AV.

The article points out that the Hooters folks especially liked a special "Sophos Competitor Removal Tool" that uninstalled their old AV automatically without even rebooting (removing some of these AV programs are a pain I know).  They also tout automatic updates.  If this was a factor, I would love to know what AV they were using that did not automatic updates. I thought they all did at this point.

In any event I am sure we will all sleep easier and be more likely to frequent Hooters knowing that the Hooter girls are using protection ;-)

Here at StillSecure we rely on our SAT (Security Alert Team) to protect our customers up to the minute against the latest threats. We don't hold ourselves out to be an eEye security research company or even an ISS X-force (haven't heard about them much lately, have you?).  For the most part our team which is now spread across multiple continents makes sure that our products have the ability to detect and defend against the latest bad stuff. They do a great job doing it, keeping all of our products up to snuff, whether it be vulnerability scans, IDS signatures, latest test updates for our NAC, etc.  Every once in a while though we come across something that can help and when we do, we try to be a good security neighbor.  Just this sort of thing happened this past week.

Our SAT folks became aware of a new email attachment that came with a very legitimate email purporting to be a bill and it had an invoice attached. Of course the invoice contained a nasty executable.  Your typical trojan that has been making the rounds lately like the IRS one a few weeks ago.  However, a finance or accounts payable person or anyone for that matter would probably click on this if they did not know better.  So we had a look at it, saw that none of the AV stuff we had was picking it up and realized this could be a problem. We of course made sure our products protected against this right away.

Brad Doctor, our director of security research (who is about to have his first child and is pretty up to his ears with that) went beyond that though and immediately notified as many outlets as possible about our findings.  We were glad to see that ClamAV put a signature out for it today. We saw McAfee post it and will have protection in a .dat file update soon.  Of course McAfee did not give us any credit for sending it in, but hey that is OK, maybe they saw it in other places first or maybe they don't want to ruin their security gunslinger image, whatever.  Interestingly, Brad mentioned that Symantec had no address to send it into, so we were unable to send it to them. For the first time, he actually thought of Microsoft as a company to notify.  Good for Microsoft!

I also read where PC World saw this one too.  Anyway, this is hardly another Code Red worm.  I am not holding our SAT team out as the premier security research team in the industry. We won't be sporting sarcastic shirts at Black Hat taunting Microsoft.  But then again we aren't laying off any engineers and our SAT team keeps plugging away keeping out customers protected and trying to do the right thing by the security community.  For that I say, great work team! At the end of the day isn't that what it is all about?

Read this article in TheStreet.com about the new Symantec product called Hamlet. Hamlet seems to be a combination of the next generation of Symantec AV and their attempt to take on McAfee EPO, while at the same time demonstrating their ability to integrate some of the many acquisitions they have made. 

Let me say that I have not actually seen this product, but reading about it, I am not sure Hamlet delivers on its big promise.  On the AV side, it seems one of the big advances is that they have combined some of the behavior based detection techniques that they bought with the WholeSecurity acquisition.  Additionally, other modules can be purchased that will give you Sygate firewall, network admission control and other functionality.  John Thompson, Symantec CEO thinks Hamlet will drive higher revenue for Symantec as customers will be more likely to add products to the base, rather then buying separate applications.  Others think Hamlets value over the current Symantec offerings will be hard to show and that unless they are putting it in one agent, the true integration is not there.

Besides the McAfee EPO competition, Microsoft's new Stirling suite of security may give Hamlet a run for the money, pound for pound (little pun intended)

My impression is that Hamlet will have to go through some growing pains in delivering on the promise and vision it offers before we can say: "Though this be madness, yet there is method in 't." Hamlet quote (Act II, Scene II).

Its a common saying in the tech business to never buy a 1.0 version of a Microsoft product.  However, even the most rabid Redmond hater would have to admit, that eventually Microsoft gets it right, making improvements with every subsequent release.  It looks like the same thing can be said with Microsoft's OneCare AV product.  According to this article in the ITPro (which I heard about in this article on infosecsellout blog), in the latest round of testing Microsoft has made some improvements in OneCare and actually did better than they have in the past.  In fact they came out ahead of AVG and Fortinet.  Bad news for those two, but bad news for the rest of the AV market as well.  Microsoft will continue to improve OneCare and eventually it will be a market leader.  It is the Microsoft way.

For those interested, Eset's NOD32 came out on top.  Good for them, I have heard good things about their product.

ITPro: News: Microsoft improves OneCare anti-virus product

Lawrence Walsh from CRN has an article I read up on Dark Reading, asking if Symantec is still an anti-virus vendor. I actually think it is an unfair or even inaccurate question.  Symantec is certainly an AV vendor.  The question is, have they lost their premier position to McAfee and/or Trend in the enterprise market, while at the same time bracing for the consumer market onslaught from Microsoft.

Lawrence brings up some excellent points about the corporate version of Symantec AV.  It is a "bloated memory hog" seems to be one popular feeling and frankly running it here at work and running Symantec Internet Security on our home PC's (until we switched to OneCare at home over the summer), I can confirm that.  The article also notes that a new ERP program at Big Yellow has made dealing with them difficult from a partner point of view.  Finally, a lack of a clear vision of where the product is going is hurting them to, according to the article.

Another thing I have observed about Symantec is who they sell to in the organization.  While most security vendors are dealing with the security, desktop, network or risk management groups.  Symantec makes their sale to the finance guy.  More than any other security company I have seen, Symantec sells to the finance guy.  I guess it has served them well in the past, but wonder if that is the right strategy going forward.

For those of you who read my blog regularly you know that more than occasionally I will make a mistake.  Hey, its only human.  But I was always taught that the measure of a person is do they own up to it and do the right thing. So under the category of owning up and doing the right thing, let me apologize to Mike Fratto.  I wrote yesterday about an article that Mike had done on NAC where he had some facts about our Safe Access product that were a bit out of date.  I said he did not speak to Mitchell or I about it and we do all of the press interviews.  Well it seems I was wrong, as Mike so politely pointed out in a comment to the article and an email to me.  He did speak to Mitchell on August 9th. 

The question then is, did we not make the right presentation, did something get lost in the translation or was it something else?  I don't know the answer, but I have our folks reaching out to Mike to let me sit down with him and give him the latest.  As long as I am at it, I will probably put something up here on the latest Safe Access functionality as well. 

Just a few days ago I wrote about Athentium using a loophole to get around PatchGuard in Vista.  At the time I said I hoped Microsoft did something about it.  Well it did not take the Redmond boys long.  Today comes word that Microsoft has slammed shut the loophole used by Athentium.  Furthermore, they have vowed to close any other holes that pop up and allow access to the kernel equally as fast. I think it is a good thing and we will all be safer for it. 

Of course I am sure the squealers will say that the fact that Microsoft did not do this in the course of the regular Patch Tuesday stuff is further evidence of their anti-competitive behavior, but let them squeal.

My friend Matt Hines (he is all right for a Red Sox fan) over at e-Week has a good story on Athentium, a security company from down in Palm Beach Gardens, Fl (not far from my house actually), that has circumvented the PatchGuard kernel protection in Vista.  This is I think bad news for Vista security.  PatchGuard really was not supposed to keep Symantec, McAfee and the rest out of Windows security, it was supposed to keep the bad guys out of the Windows kernel though.  If Athentium this easily worked around PatchGuard, how long do you think it is going to take the bad guys to do it?  Not very long would be my guess. I don't think we have seen the last of this one.  I hope Microsoft does something about it and soon!

On another front, the solidarity of the anti-virus, anti-Microsoft cartel seems to be cracking.  Now, Sophos and Kaspersky have come out and said they agree with Microsoft and don't understand the bitching and moaning from the Big Yellow and McAfee.  Could make it harder for the EU to come down on MS and could make for an opportunity for Sophos and Kaspersky.  Time will tell.

So now it seems that an apparent innocent MS Live Meeting mishap is being used by Symantec and McAfee as further proof of Microsoft's intent to shut them out of the Vista security sweepstakes.  It seems MS sent out the wrong invites to everyone, had to restart the meeting and then because of schedule times had to restart it yet again.  McAfee and Symantec don't believe this could have happened with just a lone gunman and claim someone on a grassy knoll did this just to them to keep them out of Vista's kernel.  Even Alex Eckelberry, of Sunbelt Software, who has been critical of MS's moves in the security market admitted that it was an innocent series of mishaps from a group under a lot of pressure.

Of course McAfee also had their European attorneys come out blasting today about Microsoft's hollow promises and evil intentions causing them damage.  It seems they have a sympathetic ear in the EU and they are playing it for everything it is worth.  Guys, lets get on with it.  Both Symantec and McAfee are better served by emphasizing their visions on what they are going to do to make us all more secure and remain competitive, rather than the squealing.  It is tiresome already.

Once upon a time there were two little pigs. These two little pigs over time grew very fat by living off of the goose that laid the golden eggs.  All of the time they were gorging off of the goose, they complained that it was the gooses fault for laying the golden eggs that allowed them to grow into the big, fat pigs they had become.  They in fact grew so big and fat, that they were able to buy or get almost any thing they wanted and did not have to even pay attention to the regular market forces at play in the farm they lived on.  One day the goose said that it would listen to the pigs and do something about the golden eggs.  This set the pigs off on a real feeding frenzy to build up enough reserves to find something else to take the place of the golden eggs, while at the same time hoping it would never come to that.  Sure enough, the goose got serious and turned into a wolf.  At this point the two pigs saw the gravy train coming to a stop and started squawking and squealing like fat pigs are prone to do.  The farmer would not listen to them, so they swam across the pond with stories of doom and gloom trying to get someone to turn the wolf back into the goose.  Moral of the story: Be careful what you wish for, it may just come true.

Recognize anyone here?  After years of chuckling, winking and blaming Microsoft for the security issues that it was plagued with, while at the same time making a mint, Symantec and McAfee now know that the game is almost up.  As I have written before they have gone on a PR campaign in the EU to try and make some sort of anti-trust claim against Microsoft.  This past week they made another claim that Microsoft was shutting them out of the Vista security trough. However, when you look at their claims, you see that they are weak attempts to fudge and cloud the facts.  Worse than that even, they are trying to make Vista less secure for the sake of their own financial gain.  For a security company this is a cardinal sin.

You can read about these ugly facts in a number of places.  Larry Seltzer in eWeek has an excellent post called Security, Hypocrisy and the Kernal Patching Spat. TechNewsWorld's, Sonia Arrison has a great piece up focused mostly on how McAfee is trying to stifle anyone's security efforts other than their own (they have of course bad mouthed open source security for a while now). A more technical explanation of the issues raised by Symantec and McAfee and why they are bunk, is up on the securitycurve blog and is an excellent read. I won't repeat everything written in these three articles, but let me give you my own take on them.

The bitching and moaning by Symantec and McAfee come down to two areas.  One is in the Windows Security Center.  If you have XP with SP2 you probably have this now.  As you know it can integrate with 3rd party security tools, but by default works with the MS stuff.  It is a really sweet integration with MS OneCare.  Under Vista, McAfee and Symantec will not be able to automatically kill the Security Center.  To do this will require actual user intervention.  McAfee and Symantec claim this is unfair.  Give me a break guys.  Either continue to make your product show up in Security Center or make a good wizard to walk users through disabling it. 

The second issue is over something called PatchGuard which will only effect 64 bit versions of Vista at first. This makes sure that 3rd parties cannot use undocumented and unsupported techniques for modifying the kernel to make it more secure.  Microsoft themselves will have to live by these rules, as well as everyone else.  Again McAfee and Symantec want us to believe that MS in trying to make the OS and kernel more secure, they have inhibited their ability to compete.  Again, enough guys.  In none of these are either Symantec or McAfee saying what the real problem is, namely that with OneCare Microsoft has a product that competes head on.  If not for that, they would not be saying boo here.  Lower your prices guys, make better distribution deals and either compete or get out of the market.  But stop the propaganda and lets not make us all suffer with less security for the sake of your appetites.

CA announced today a warranty to home users of its anti-virus and Internet security suite that would reimburse them for technical support, repairs and hardware replacement up to $1,500.00. There are a couple of obvious limitations however.  It only covers Windows boxes, you cannot log on to a network domain at work and you cannot turn off settings for automatic updates.  My experience is most of these types of warranties are not worth the paper they are written on.  There are so many gotchas and loopholes that it will be next to impossible to ever collect anything and I doubt CA or the company administering it will ever pay out anything.

The question then becomes, is this just a clever marketing ploy on their part or will this give home users a sense of security (no pun intended) that will allow them to pick CA's security offerings over those that may be easier to use with Vista (see my article on Symantec's nightmare below).  I think in order to compete in the home security market companies are going to have to think a bit out of the box like this to stay in the game.  I think over the long run, this program will cost CA peanuts compared to the good press and PR they will receive.  I think this is a much better strategy than running to the EU and throwing themselves at the mercy of the anti-trust regulators. Now if the product is any good, it may actually be worthwhile.