back to article Microsoft gets into the advanced intrusion sniffer game – but only for Windows 10

Microsoft will be rolling out a new form of security system for enterprises later this year aimed at stopping attacks as soon as they happen. Dubbed Windows Defender Advanced Threat Protection, the system will monitor a company's computer systems looking for signs that an attack is occurring. If someone starts trying to break …

  1. Palpy

    Any informed opinions on:

    ... the calibre of Microsoft's "best security bods", and what we can expect if "Redmond is confident that the system works well"?

    Granted, MS security researchers have published some papers in the last few years. And Redmond has pushed out some other software that it was confident was borking working well.

    But in all sober honesty, they need to do something about security.

    1. Anonymous Coward
      Anonymous Coward

      Re: Any informed opinions on:

      I'm happy to repeat my comment on Office 365, but this time in context of Microsoft offering what we could only laughingly refer to as "security":

      BWAHAHAHAHAHAHAHA

      Hihihi, hihi,hihhiHAHAHAAAAHAHAHAHA, hooohohaHAHAHAHAA

      (etc)

      You are giving an untrusted 3rd party with zero track record in ESTABLISHING security, let alone managing it, a daemon on your machines which does things you're not aware of, which can in all likelihood be updated/changed at leisure (the excuse will be the "pending threat" of some new virus that will convince management to just bend over and take it), probably after agreeing to the usual Microsoft license which basically confers a metric tonne of obligations and no rights, warranties or guarantees that it will even work, let alone work as described by marketing.

      Even if you are not a security expert (well, you're running Windows, what can I say) you should see the problem with that, but I am confident that about the first government to sign up will be the UK. If I see the lack of depth in IT skills in GDS I'd say it's pretty much inevitable. After all, they use Gmail too so they're already used to being spied on.

      1. Doctor Syntax Silver badge

        Re: Any informed opinions on:

        "confers ... no rights, warranties or guarantees that it will even work ... as described by marketing."

        To be fair that would probably have to apply to any company's products if the company is to stay in business.

  2. Richard Plinston

    Microsoft's 1.2 billion sensors

    > takes information from Microsoft's 1.2 billion sensors

    Those are our computers, not your 'sensors'.

    (well, not mine though)

    1. Anonymous Coward
      Anonymous Coward

      Re: Microsoft's 1.2 billion sensors

      For a bit of clarity, Microsoft has a huge global network that supports, and is part of, their infrastructure for Azure, Office 365, CRM Online, Xbox, Outlook.com, Skype, etc. They have an ungodly number of other sources of network data than just customer endpoints, but customer endpoints are probably part of the 1.2 billion number.

  3. a_yank_lurker

    Over Confidence

    No system can eliminate the false positives or false negatives completely. Also, it will probably skew in direction. If MS thinks their 1.2 billion "sensors" aka suckers will be of value they will need to an awful of details that most will probably balk at giving up.

    1. sabroni Silver badge

      Re: that most will probably balk at giving up.

      If they were aware that's what they were doing then maybe, but as it's happening silently the vast majority won't notice.

  4. Captain DaFt

    Well color me surprised

    " It'll only be available for Windows 10 users and will be turned off by default and activated on a subscription fee basis"

    I never suspected Microsoft'd be rolling out a "Subscription fee for essential services" model for Windows 10.

    Whoever could have saw that one coming?

    (Eye rolling intensifies)

    1. Oengus

      Re: Well color me surprised

      I never suspected Microsoft'd be rolling out a "Subscription fee for essential ALL services" model for Windows 10.

      FTFY

  5. Deckmunki

    Wait, whut?

    APT

    Advance Phreat Trotection...?

    Am I being unusually daft here or...?

    1. Fred Flintstone Gold badge

      Re: Wait, whut?

      Am I being unusually daft here or...?

      I would not want to comment on the "unusually", but yes.

      :)

  6. westlake

    Reading comprehension, D-.

    To all the geeks whining about this being a subscription service:

    This is product for the enterprise market --- which is accustomed to paying for services and support at this level no matter what OS they are using.

    1. Pascal Monett Silver badge
      Trollface

      But, but . . . this is the Internet. It's the only place geeks can whine.

  7. This post has been deleted by its author

  8. Ammendiable to persuasion..

    Hmmmm.

    So THAT is why Microsoft has essentially set up a pen trace on every Windows 7, 8, and 10 system!

    Thus even if they don't report back the _content_ of TCP/IP communications, Microsoft essentially has a social network communications graph for a large portion of the Internet, all being sent back to central services.

    A machine is getting hammered by a packet flood? Microsoft can identity the actual compromised machines doing the sending, correlate with other machines involved in the flood and allow backtracking to the control nodes, and even report back on what installed software on these machines to pinpoint what executables and processes in question are responsible for the flood.

    It's actual genius in its scope, turning all Windows machines plus Microsoft cloud services into a vast collective immune system.

    ..one which you have to pay to be protected from?!?!

    Oops..

    Maybe this thing, coupled with all the malware interacting on it will spontaneously synergistically awaken.

    "Resistance is futile.. Your technology will be assimilated!"

    .

    .

    .

    .

    .

    [MCP: End Of Line]

  9. Anonymous Coward
    Anonymous Coward

    Oxy

    for Morons?

  10. Anonymous Coward
    Anonymous Coward

    Does this mean..

    .. that Microsoft will now take responsibility for every Windows machine involved in a botnet?

    Nah, thought not. All the money, none of the responsibility. Figures.

    Oh, by the way, it may be worth investigating just how much of a sensor you are. Imagine, for instance, that you're part of a commission investigation, oh, say, Microsoft. I wonder what exact data your machine would be sharing with Redmond.

    Just speculating here, but Microsoft's track record is not exactly good in this area, and we have a former chairman speaking in favour of the FBI in Apple vs FBI. I would have my doubts, personally.

    1. Anonymous Coward
      Anonymous Coward

      Re: take responsibility for every Windows machine involved in a botnet?

      Typical!

      It's my machine! It's MY machine! IT'S MY MACHINE!

      Now MS, take responsibility for it.

  11. Pascal Monett Silver badge

    "no technical reason why the software couldn't run on Windows 7 or 8.1"

    No surprise there. The limitation is for marketing reasons, not technical ones.

    We all know that.

    1. sabroni Silver badge

      Re: The limitation is for marketing reasons, not technical ones.

      It's almost like they're a company!!!

  12. Anonymous Coward
    Anonymous Coward

    Cause for serious concern

    If you're not an enterprise, that is.

    It is clear that telemetry is vital to this business model and I am now even more certain that Microsoft will eventually make it difficult if not impossible for non-enterprise users to get under the hood and block it all.

    More worrying, though, is the implication of their dependence on feedback from the general installation base. From all that has been said about advance threats over recent years, I've formed the impression that the security companies need infections to continue once detected, in order to monitor how they behave.

    Which leads to the conclusion that for non-enterprise users, it is not in Microsoft's interests for their systems to be resilient against infection. Nor is it in their interests for Windows 10 to necessarily do anything about infections it does detect.

    Things are beginning to look just a little unsafe for the common folk.

    1. Known Hero

      Re: Cause for serious concern

      its piss easy to turn it all off. Unplug the internet.

      1. Cari

        Re: @Known Hero

        Turning off the Internet stops MS receiving the data and from putting more digital STDs updates on your machine.

        It won't stop your machine from running the crap already there and trying to send it back to the mothership regardless. Nor will it protect users from the damage updates will have done to their machines already, if infected with the Win10 upgrade preparation updates.

        My old man has been battling with windows update on our family's machines for the best part of a year, if not longer, and he's got the experience and knowledge to do what is needed to rid one's machine of the telemetry updates, pushy windows 10 updates etc. The average home user doesn't stand a chance when it comes to cleaning up their system.

    2. RyokuMas
      Stop

      Re: Cause for serious concern

      "Things are beginning to look just a little unsafe for the common folk."

      If telemetry and tracking for the common folk is your worry, then things have been pretty unsafe for over a decade.

      1. Anonymous Coward
        Anonymous Coward

        @RyokuMas - Re: Cause for serious concern

        If telemetry and tracking for the common folk is your worry...

        Well, it has been my worry (still is), and you're right that Google Analytics has been an enabler of telemetry for a long time (just yesterday I was looking at Avast logs and marvelling at how much private info on my system they were quite happy to send out by that route - with no choice on my part apart from blocking the destination).

        But I used "concern" more in relation to the implications I see in Microsoft using our PCs as 'sensors'. It might be in their interests to let certain infections run while they get the intelligence they need to protect the enterprises, leaving the non-enterprise folk unprotected and un-warned about them.

    3. Doctor Syntax Silver badge

      Re: Cause for serious concern

      "If you're not an enterprise, that is."

      Good point. It's always been obvious that SOHO users were going to be beta testers guinea pigs. Now they're the miners' canaries as well.

    4. Mark 85

      Re: Cause for serious concern

      From all that has been said about advance threats over recent years, I've formed the impression that the security companies need insecure OS's with infections to continue once detected, in order to monitor how they behave. PROFIT.

      FTFY

      If the OS was totally secure, there would be no need for security companies. MS has been very bad about this and apparently are now trying to close the barn door at least for their enterprise customers.

      1. Anonymous Coward
        Anonymous Coward

        @Mark 85 - Re: Cause for serious concern

        in order to monitor how they behave. PROFIT.

        I think there's room for both versions of that sentence. Profit is indeed the primary motive of all the (non-gov) players. I've long thought that 'security' firms are really more interested in the profit to be derived from others' pain, rather than in curing the disease.

        As for shutting the barn door for enterprise customers - I would suggest that they are actually building a whole barn for them, leaving the rest of us outside. Or is it an ark?

        1. Cari

          Re: @Mark 85 - Cause for serious concern

          "As for shutting the barn door for enterprise customers - I would suggest that they are actually building a whole barn for them, leaving the rest of us outside."

          And how did that pan out in The Walking Dead? :^)

        2. Anonymous Coward
          Anonymous Coward

          Re: @Mark 85 - Cause for serious concern

          As for shutting the barn door for enterprise customers - I would suggest that they are actually building a whole barn for them, leaving the rest of us outside. Or is it an ark?

          Some would suggest the correct designator is "asylum", but I prefer "Hotel California".

  13. Doctor Syntax Silver badge

    "incredible awareness about several critical security vulnerabilities in our network"

    Translation: "I don't believe it".

  14. Captain Badmouth
    Devil

    Hope it works better

    than their EMETic toolkit .

  15. Mr Dogshit
    Headmaster

    "trialing"

    There is no such verb as "to trial". Something it either "on trial" or it is "being tried".

    1. Mark 85

      Re: "trialing"

      Not a marketing droid are you? They've been turning nouns into verbs for decades and it's getting worse.

      1. Anonymous Coward
        Anonymous Coward

        Re: "trialing"

        They've been turning nouns into nouning verbs for decades

        FIFY. Regards, a marketeer :)

        (only kidding - they wouldn't dear venture here other than to downvote criticism of Microsoft).

    2. Richard Plinston

      Re: "trialing"

      > There is no such verb as "to trial".

      Dictionaries appear to disagree with you.

      http://www.thefreedictionary.com/trial

      https://dictionary.cambridge.org/dictionary/english/trial

  16. Anonymous Coward
    Anonymous Coward

    From personal experience

    After a substantial amount of research, including published reports, interwebs tests, and a hands on test of 9 commercially available AV packages on some 5 different machines over a period of 2 weeks, I can conclusively, unequivocally and definitively state that :

    MS Defender (latest version) is the worst of the bunch by a substantial margin.

    So I would advise my fellow readers of ElReg giving this scheme a wide berth untill such time that professionals who know a lot more about this stuff than I do have a chance to take it around the block a few times.

  17. Dwarf

    GWX

    How does it classify that ?

    Looks like malware, smells like malware, behaves like malware.

  18. Anonymous Coward
    Anonymous Coward

    One more reason to not upgrade to WIN10

    The spyware in WIN10 is precisely why many people refuse to upgrade to WIN10.

    Microsoft is trying to force all Windows customers to update to WIN10 by refusing to provide the simple patches required for users to run the new AMD Zen cored products and new Intel/Qualcomm processors being released in 2017. Authorities need to force MS to provide the proper patches for Win 7-8 so that all new hardware/software designed to run on Windows and released before Jan. 2020 will actually run properly on Win 7-8. Jan. 2020 is the official end of support for Win 7 so MS is obligated to provide the required patches for Win 7 and 8.

  19. jack d
    Big Brother

    Microsoft - a study in monopoly

    Remember the days when Bill, Steeve and a bunch of fine and bright kids, literally from a garage, defied the established computing giants, and indeed, they brought computing to the masses the world over? See how they are now, having tasted the real big money and the power it brings. From a David fighting Goliath they grew into a big parasite, being now at a stage when the germ massively sends out into the host's body millions of spores that will eventually kill the host and in all probability, the parasite itself as well. Sadly, big money turns people, people with a weak moral stature especially, into tyrants, ready to please all those, who protect them. Look at Monsanto, trying to monopolize the world's food production with patented seeds, look at big oil trying to sabotage electric cars and reasearch on new ways of generating electricity, look at big pharma struggling to research a cure for cancer but not too soon, look at big banks or just stop looking and without further ado, upgrade to Windows 10.

    1. Anonymous Coward
      Unhappy

      Re: Microsoft - a study in monopoly

      ...stop looking ...

      I've stopped looking - it is all so fucking depressing.

      But I won't be 'upgrading' to Windows 10.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like