This issue's topics:
* What a OneCare
* A Red Army of hackers?
* What a OneCare
I really feel Microsoft hasn’t been lampooned enough for the spectacularly silly product naming of its security service/product – Windows OneCare. I heard that Microsoft offices in non-US English speaking countries wrote in to Redmond HQ to explain exactly why “OneCare” is a bad choice of a name but the Americans didn’t budge.
The Americans didn’t budge, however, so pity the poor product managers trying to stifle giggles when presenting OneCare to an audience already sceptic about Microsoft’s record in the area.
Either way, I changed my mind about boycotting the rudely-named security product, and gave the beta a quick spin on Windows XP SP2 – which incidentally is the only version of Windows it runs on. Note that you need to log onto the Windows Live Beta in order to access the OneCare stuff and the service will eventually be subscription based at an unknown monthly charge. Two more caveats: don’t run the OneCare beta with existing anti-virus programs/firewalls and yes, it does require Internet Explorer.
Microsoft’s idea is that OneCare should be a complete PC maintenance solution – that is, no need to buy third-party antivirus, backup, disk defragmentation and firewall programs. How well that will go down with regulators already concerned about Microsoft bundling everything including the kitchen sink in Windows remains to be seen.
There are two versions: a web-based OneCare and a standalone OneCare (I’m so sorry, this is worse than Carry On…); the first one installs ActiveX controls and let you run Protection, Clean Up and Tune Up scans from Internet Explorer. The web-based OneCare requires an internet connection to run as it needs to download updated tools and signature files to do its work.
With the standalone version you get an SP2 Security Centre-like panel from which you launch the different tasks. It is easy enough to use, but doesn’t look much like the web-based version. Presumably the underlying stuff, like the AV scanner, is the same for both versions. The standalone GUI uses colour-coded status flags to alert users as to the condition of their machines — bit like the US Department of Defence does with its terror alerts.
Microsoft’s goal with OneCare is ease of use – and both versions deliver on this, by and large. However, hiding the perceived complexity comes at cost, namely loss of control for users. There are not many settings to tweak to make either version of OneCare to behave in the way you want so all you do is to run the different programs.
Windows Firewall is updated for OneCare: it now filters outgoing traffic as well as incoming, something you notice when you fire up a program not in its exclusion list like Firefox, and which is blocked by default. The firewall blocked Windows svchost.exe a few times too, and while you get message about this, it’s not readily apparent for non-technical users what that program does and whether or not it should be allowed to speak to the “internet” (in my case, a DNS server on the LAN). That bit needs more work.
The Tune Up stuff is pretty simple: it’ll delete unneeded temp files and defrag your disks (the latter only with the downloadable version). The defragger seems to be a GUI shell to the command-line dfrgntfs utility. Curiously enough, while dfrgntfs worked fine when called from the command line or the Windows Disk Defragmenter GUI, it had problems in OneCare. What exactly happened I don’t know, because OneCare wouldn’t tell me, but I left it running and came back after a few hours to find it stuck on 96% done. Restarted the Tune Up (slow, because you have to all the steps again) and it still got stuck at the same point. This is probably to do with the OneCare defragger being set to only work for a certain amount of time, so as not to tie up customers’ computers for ages while chewing through terabyte sized storage. Overall, I would stick with the system utilities rather than OneCare about with the subscription tools.
The backup tool gets the thumbs-up though, with its CD, DVD and external drive support and scheduling. It’ll only cover users’ data though, on per-file basis, so it’s not a replacement for an imaging program. It’s good to see that the Tune Up stage includes nagging users to back up their files as well, however.
So how does the anti-virus scanner which is based on technology purchased in 2003 from GeCAD in Romania work then? The virus detection rate hasn’t been tested by industry publications like Virus Bulletin yet, but there are some worrying signs already about the efficiency of the scanner. I asked Microsoft if the OneCare scanner now looks into Windows System Restore points, but didn’t get a reply. System Restore is one of those great ideas that need to be implemented differently: currently, you can create infected System Restore Points, but as they’re off limits for scanners, you can’t clean them from malware. Also, it doesn’t look like OneCare can deal with password-protected ZIP files, which is a concern.
Reading Microsoft’s OneCare documentation, I got the impression that it would cover spyware as well; however, in this beta it doesn’t look like OneCare does that. The web-based OneCare does however do a portscan of your box and it promptly reported I have “no ports open”. As I have services listening on TCP ports below 1024 which I haven’t firewalled, I expected OneCare to spot them but it didn’t.
Scanning for viruses is clearly a laborious task for OneCare’s AV, because it hogs the processor while doing it. Task Manager reported 50% even on a 3.2GHz Pentium 4 Extreme Edition with Hyperthreading enabled, so it’s not an unobtrusive AV. Scanning was pretty slow too. Going through a 120GB disk with some 35GB used took over two hours. This could be because the OneCare AV indiscriminately goes through every single file on the target drive, including large ISO disc images. There’s no way to tell it not to do that, unfortunately. Furthermore, it’s not possible to scan network shares yet with OneCare.
If you’re curious, by all means try out the OneCare beta. Be prepared that it will be hard to get rid of it from your system though and you’ll likely have to wipe and reinstall Windows. The uninstaller died for me, and I was forced to fire up regedit to excise OneCare from my test box. Even then, some things like ActiveSync 4.1 for PDAs refuse to work afterwards.
Microsoft probably has a lot of pressure on it to show that it’s on track with something at least, now that Vista and Office have been delayed again. Even so, OneCare should’ve been kept under wraps for longer because it feels a long way from completion. Despite the ease of use and slick interface, I wouldn’t subscribe to OneCare until it receives some pretty major improvements, especially for the AV scanner.
* A Red Army of hackers?
Security organisation SANS thinks the Chinese army has been hacking computer systems belonging to the US government and defence contractors – successfully too, with the theft of military flight planning software as one bounty.
The Chinese deny it of course, but as they have a slight credibility problem due to a political system that doesn’t exactly promote free and open debate, my money is that Alan Paller of SANS is onto something. You only need to look at things like “farming” for online games, where thousands of Chinese are paid to sit in front of their computers to amass virtual wealth which is then on-sold for real money, to understand that military and industrial espionage from that part of the world is most probably carried over the internet too.
Paller reckons that most of the intrusions are being hushed up however, something that he believes only helps the Chinese hackers. I would agree with Paller: by now we should’ve learnt that security through obscurity doesn’t work.