Slashdot Mirror
Security as a Profit Center?
Harry Erwin writes "This article seems to suggest Microsoft is now considering charging for security. I don't mind vendors like Counterpane Internet Security selling security services, but I would prefer operating system vendors to treat security as part of the core functionality of their products, if only because effective security has to be designed into the operating system from the start. This proposal would create a two-tier Internet and probably make things worse rather than better. Security is like public health and education--if you think it's expensive, consider the alternative."
Companies are already distrustful of Microsoft; they resent having to pay such high licensing fees for the systems they need to keep their businesses running. Requiring that customers pay additional fees just to keep those systems secure will increase the pressure on cash-strapped (or just financially responsible) companies to make the switch towards alternatives like Linux.
Face it, Microsoft; people resent a monopolist. You can't continue to browbeat your customer base forever, and the more you do, the more will abandon you in the end.
which is perfectly legitmate.
But the idea that Microsoft can parlay their usless reputation in security into profit is laughable.
-Peter
MS has a lot of nerve charging for security when they already charge and arm and a leg for their OS and it is an unsecure piece of garbage! Beyond that it takes them six months to get a security update released, if they even acknowledge the "security hole" as an actual issue!
Why the heck should I pay extra for MS "security"!?!
What a joke!!!
-AThere's a difference between common sense OS security (closing unneeded ports, cutting down buffer overflows, doing intelligent rights/process management) and doing "extra" security that *should* be more $$$ like virus scanners or personal firewall software; things that shouldn't be totally integrated into the installed OS to begin with.
You'd be suprised. Millions of people already pay him for servers, shouldn't they include security? My guess is millions of those same people, will pay him for "security".
--Forest C. Adcock--
How many OSes really consider "security" as a part of "core functionality"? Only one spring to mind and that is OpenBSD.
Neither Windows, Linux, Mac OS X, Solaris state "security" as a "core functionality". Yes, all are securable, but on any OS it needs a certain amount of work (yes, even OpenBSD...you need to apply the patches!) This needs maintenance, and on "homebrew servers" (read: glorified desktops) security is unfortunately just a second thought. I do realise that a well administered server will probably be secured, but that is due to a competent admin, not due to "security as a core functionality".
I don't say that "security out of the box", should not be a worthy goal, I just think that it is a utopian dream.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
that are not trolls?
While not a microsoft fan by any stretch, I don't think this is necessarily a bad idea because of this: Now, when a hacker/virus/trojan attacks, maybe Microsoft will have to accept some accountability, after all I am paying for the security. As it is now, we get hit by nimda, microsoft is not really liable for any damages. If I am paying for security, maybe they would be liable. Just a thought.
No, this is why a new car today costs (on average) about $22,000 (US) whereas when I started driving in 1976 the average was closer to US$10,000. Cars are much better today: more reliable, safer for passengers, better on the environment, etc. That did not come for free: consumers said what they wanted and they got it but someone has to pay the bill.
Again, back in 1976 I was working on minicomputers. Very reliable, very secure, very expensive. Now I work on PCs and related servers: kinda reliable, not very secure, quite cheap. The market spoke and vendors listened. You want a PC with the reliability of a mini and real security but you won't pay US$20,000 for it. Don't feel bad, most people would rather have their own PC, warts and all, than go back to the bad old days of having to beg for timesharing on a big, expensive, secure beast and having to explain to the high priest himself that arrays and pointers are, in fact, recognized computing practices so please can I run my program now...
I've never paid for a patch. They are all freely downloadable from their support site currently.
Do you have a URL where I can download a patch for Office97 for the recent vulnerability in Word? They tell me I have to upgrade to at least Office2000.
The fact that Microsoft is considering providing security services for a fee, just shows that it knows that its OSs are not secure enough. But if they cant build security into the OS itself then is there any guarantee that they will be able to do it later on, for a separate fee? Judging from the number patches, they release, for other patches, i dont think that Microsoft is capable of providing these services for which it plans to charge.
-- Reality is just an extended dream.
It seems to me that if Microsoft didn't have the reputation that they have with regard to security and reliability, the insurance policy wouldn't cost 'em so much. Kinda like auto insurance -- those that prove they can drive responsibly for a period of time pay far less than somebody who crashes 3 times in a week.
No matter what ill will the average /. user bears towards Microsoft, you can't possibly say that they are idiots.
And starting to charge for hotfixes, and obvious security holes in the OS would be an act of complete idiocy.
I have a feeling that whatever security initiatives MS is working on, certainly aren't aimed at hte average home user. There's no money in it. MS makes it's wad off corporate licensing. Where they don't have to worry about retailers, or packages, etc. The home user is an important market to them. But it's not what put Bill on top of the Forbes 400.
"Politicians are interested in people. Not that this is always a virtue. Fleas are interested in dogs." P.J. O'Rourke
Says the story write-up:
Internet Explorer is a fundamental, inseparable part of the operating system; but security is an add-on product. I love it.
it sounds more like they are going to charge for security extras not for basic security patches and what not. This isn't MS cutting its massive user bass off, its MS trying to make a few extra bucks off the companies that need enhanced security. Sure, you could argue that the best possible security should be available on all versions of windows, but they are a for profit company and are trying to make a few dollars in this rough economy.
This is not a troll.
You are neglecting the fact that patches, by definition, are used to 'patch' things up, i.e., to fix something that is broken -okay, so patches can also be used to enhance performance and such, but the point carries across, I hope.
:)
However, the article (which was written based on a hypothesis), doesn't really specify what the new security services would be.. if MS starts offering for example antiviral software and security consultation, this might be reasonable (well, as reasonable as anything they do).
The point to argue is rather whether the OS should already display all of this functionality.. certainly things patches are applied for, bugs in code and such should definitely be fixed, but the matter on the more external matters isn't quite as clear.
I, for one, consider security to be one of the core functions of an OS, and, in fact, it IS stated in most of the abstracts/declarations of the operating systems. They promise reliable, robust and (often) easy to use engines for your computer.. and honestly, an insecure computer is d) none of the above.
What should and shouldn't be the responsibilities can and will be argued as long as anyone argues about what should and shouldn't be a responsibility of the OS
E
Marxist evolution is just N generations away!
Sure they did. By touting every new OS as "more secure and reliable, a new era in trustworthy computing", they are getting a couple thousannd of poor schmucks to cough up some major cash to upgrade to a OS that they would have not otherwise needed, to try and get rid of all the "lockups" or "l33t h4x0rs" that are invading.
Any bets on how long it will take MS to get exclusive, multi-billion dollar contracts with US Government Agencies to help secure Microsoft products?
And are an US taxpayers interested in suing both parties when it happens?
That new handgun you purchased is a fine one; however, we are going to have to charge extra for the safety mechanism.
No need. I already have a fully-functional brain.
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
I suspect that inflation has more to do with the issue. Given inflation since 1976 (PDF, sorry. You'll get similar numbers from other sources) cars are now proportionally cheaper. Assuming car prices moved exactly with inflation, your $10,000 car would now run $31,600. Naturally this cost saving is due to other reasons (more efficient manufacturing processes, cheaper foreign labor, newer and cheaper materials). Sure, adding safety features did increase the cost, but not by a huge margin.
Search 2010 Gen Con events
Enough customers do want added features, that product revs are inevitable.
And as the codebase moves forwards, eventually older versions of it are going to become sufficiently arcane that nobody continues to understand them, etc. It's just the nature of business, that they can't possibly support all products forever. Not even when it comes to vulnerabilities. I'm sure that you could dig up vulnerabilities in other 5 year old applications, and odds are, most/all of those vendors either aren't supporting the product anymore. Or they simply don't exist anymore at all.
Just ring up IBM, and ask them for bugfixes for SmarSuite 97. Good luck.
It's the nature of the beast, that eventually support WILL die off for old products. That's the case with almost any industry. And the computer industry prides itself in moving further, and faster than any other industry in history. Part of moving fast, is the danger of getting left behind.
"Politicians are interested in people. Not that this is always a virtue. Fleas are interested in dogs." P.J. O'Rourke
At what point does the consumer stop doing business with a company that admits that everything they sold you in the past is a POS in order to get you to buy yet another upgrade? At what point do corporations decide it might be a bad idea to single source all its software from a company that considers security to be optional?
"Freedom means freedom for everybody" -- Dick Cheney
IANAL, but it seems reasonable to me that if you use a product as it is intended to be used, and it wrecks unexpected havoc on your system, you should be entitled to redress.
If Microsoft now starts charging for extra security and other such 'features,' I'd think that would increase their liability if something does go wrong. I can't believer their EULAs are that iron-clad
I'll tell you what the 'effect' is! It's pissing me off!
Win98 -> Win98SE -> WinME Sounds like they have been charging for patches all along
Windows 98 Service Pack 1 included all Win98se changes that weren't new features.
Will I retire or break 10K?
When people talk about software security, they're putting the cart before the horse. Security is a metaphor for quality. Every time a vulnerability exists, it is because of some sort of an error. This is true almost by definition.
Microsofts products are not crappy because they are insecure. They are insecure because they are crappy.
If you take the article in question and substitute the word "Quality" for "Security," it becomes a much more truthful statement of what's really going on. Microsoft never cared about quality because they had a monopoly. Their overriding concern has never been quality, it's been in maintenance of their monopoly position. So they've shoehorned in any new feature that has shown any promise of being a technology that they can monopolize down the road or that can comoditize the work of a competitor and thus help drive them out of business.
Many people actually choose to do business with Microsoft.
Except for the clued-in few, most people consider doing business with Microsoft about as optional as obeying the law of gravity. That's the funny thing about monopolies.
t'nera semordnilap
Again, back in 1976 I was working on minicomputers. Very reliable, very secure, very expensive.
Umm, NO.
They only seemed very reliable and very secure because they weren't exposed to a hostile network.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
So Microsoft's *web browser* is a vital part of the core operating system, inseparable despite all the efforts of their engineers...but security is an add-on product.
Odd how "harsh technical realities" always seem to favor MS's bottom line.
May we never see th
Seattle doesn't have "real winter weather", yet every fourth car here is an SUV. Odd.
I grew up in central Illinois, where we did have some bad winters. Somehow, my family always survived with just a normal sedan. Sure, my dad had big pickup trucks (hey, he's a farmer, they're actually used as workhorses like they were designed), but only in the very worst of winters did we ever need to break one of them out instead of the car. So while I'll give credence to the argument that an SUV is nice to have where weather is bad, I will disagree that it's a necessity as some people will try to tell you. (If so, why would they continue to drive the SUV in nice weather? And that says nothing about the 2-wheel drive SUVs ...)
Ahh, but if you started working in 1976 for $20,000/year you would now be earning $60,000 or your raises did not keep up with inflation. Starting slaraies are not generally $60,000 so car prices now cost more relative to real earning power. Oh dear, the golden calf costs way too much.
As for M$, if their software had kept up with hardware developments it would have four virtual desktops, be able to support four concurent users on four different machines, be able to play and edit movies with ease and do other neat tricks right out of the box. Instead, the capabilities right out of the box are about the same as Win3.1, but it does not last as long. Oh dear, the M$ tax has grown but the software has failed to keep up with what's available that's free.
Friends don't help friends install M$ junk.