this post was submitted on 23 Jul 2024
60 points (100.0% liked)
TechTakes
1494 readers
78 users here now
Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.
This is not debate club. Unless it’s amusing debate.
For actually-good tech, you want our NotAwfulTech community
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
There was a System component called Microsoft Defender that made all other AV obsolete.
Obviously, this caused a lot of European AntiVirus vendors and Intrusion Tool vendors to get upset so there was a court case to prevent Microsoft from bundling Defender with Windows for corporate customers.
Microsoft is arguing that if it wasn’t for the Court Case artificially opening the market to incompetent vendors, the problem wouldn’t have occurred.
Windows has had some major security flaws over the years but ever since Vista, (and before that XPSP2), they have made a concerted effort to fix them. This has caused quite a few compatibility issues for programs that (ab)used these security flaws due to lazy or malicious programming.
I don’t think we need to characterise famously monopolistic/anticompetitive Microsoft as an UwU “trying my best!~” anime character (it’s been done) that needs to be left alone to do their thing while we cheer it on, dawg. There are many issues with how this all went down, and Microsoft is just opportunistically taking shots at their arch-nemesis, legislation specifically targeted at their core business strategy of anti-competition.
I feel a little more ambivalent than usual in this particular case. It's probably because I have little good to say about the AV vendors' side in the matter either.
It's a little different from something like the IE era browser wars, where MSFT was (more than nowadays) able to push de facto web standards, which would then affect users on all platforms. Or the chokehold they and Alphabet have on email, which directly drives people and organizations to commercial email services (namely theirs). Or the fact that approximately 100% of PC games are on their OS and oh oops now they own most of the biggest video game studios too, curious!
By comparison, antimalware is more tightly tied to the OS in the sense that commercial antimalware products for other platforms than Windows are fairly niche and exploits tend to vary a lot by platform. Since Defender is a part of Windows, it doesn't really hurt MSFT's bottom line if someone decides to install a third party antivirus, except when issues like this very outage give a bad name to the whole OS and company. Not that Microsoft's own code is somehow foolproof, but you could argue it's better to have a Defender bug every now and then than CrowdStrike bug today, F-Secure bug tomorrow, Trend Micro next week, Kaspersky soon after than, then Comodo and Check Point followed by Trend Micro again…
So if we are to accept that the plan to give Defender special treatment in the Windows kernel is not for the purpose of selling more copies of Defender (since it comes built-in with Windows anyway) and that it would reduce the occurrence of outages like this one, the main downside (if you consider it such) is that it would instantly obliterate the commercial malware blocker industry. So I guess that's pretty anticompetitive.
And tangentially, having to beg the EU to make big brother Nadella share kewnel intewface with poor widdle AV shops kinda shows the industry is already EEE'd to a terminal stage.
Now, I think all of that is being overly generous to the titan of monopolism that is Microsoft Corporation, but I can indulge in a little bit of lawnmower anthropomorphization when it's mowing a lawn I don't like anyway. Was it a good or bad thing that the 2009 agreement with European Commission required this provision for security vendors? I don't know. Microsoft sure likes to say "regulation bad" though.
Don't threaten me with a good time
Addendum: Today I remembered Microsoft Defender for Business exists, so fuck them and the anticompetitive horse they rode here on lmao.
Even if that's all true and not missing any context it's a pretty bold argument to blame the EU instead of the incompetent vendors themselves or the companies with sufficiently poor practices that this update was pushed to all users without proper testing and validation. Microsoft themselves isn't above pushing a bad update, and it's obviously not like crowdstrike are an unknown bunch of yahoos that everyone should have known not to trust. Instead, largely because of the anticompetitive practices of every company in the IT industry we find ourselves once again facing massive systemic disruptions from a small error in one component of the wider infrastructure.