Microsoft May Charge for Security Tools

rscrawford writes "CNN reports that Microsoft may charge extra for security software. So first they edge their competition out of the browser market, then they tie IE into the OS so tightly that a crash in IE can crash the computer, and then they make IE so vulnerable that just using it is hazardous to the typical computer's health, and now they want to CHARGE users to fix it?"

Or....

[killermookie]

You can continue to use free applications to do the work for you.

Apple did this a lot in the '80s

[davidwr]

Apple did this a lot in the '80s so they wouldn't tick off ISVs. They even went so far as to cripple their hard-disk formatting utility to only work with their drives, so utility vendors could make a living.

Maybe Microsoft doesn't want to tick off the commercial anti-spyware tool vendors.

Maybe, just maybe, they want to leave the door open for zero-cost or donation-supported anti-spyware vendors like Spybot Search & Destroy. Nahh, Balmer & Co. aren't that altruistic.

Ignorant remarks

[ad0gg]

" then they tie IE into the OS so tightly that a crash in IE can crash the computer"

Yawn something called protected memory and considering IE runs in seperate process called IExplorer.exe, how is IE going to crash windows? I just love ignorant remarks.

Re:Ignorant remarks

[dioscaido]

The fact that the OS gets infected has nothing to do with IE being 'tied to the OS'. It has everything to do with the fact that most people who run windows run as Admin. When you are admin no security in the world can stop a user from clicking 'yes' when asked to install software. While IE definitely doesn't make it hard for the program to be installed, even running Mozilla won't stop grandma from downloading an executable and installing it.

I'll refer you to my other post for good resources on how to fix the issue:
http://it.slashdot.org/comments.pl?sid=133173&thre shold=-1&commentsort=0&tid=109&tid=172&tid=201&mod e=thread&cid=11121239

Re:Once again, Microsoft blames the users.

[christopher240240]

Thank God somebody recognizes the problem. I would add one additional caveat, however. I believe the 20 minute figure was arrived at by hooking up a fresh copy of XP (with no service packs that you can't even buy anymore)to an unprotected broadband network and then surfing the net without downloading any security updates. No Linux user in their right mind would do this, I don't know why they would expect otherwise from an informed Windows user. Now that the firewall is turned on by default, MS has corrected it's most aggrevious error, and a new copy of XP is firewalled and has the user turn on automatic updates after install. If they would only force the user on to Windows Update after install, I think that is what you can reasonably expect. Also, I think it's high time that some manufacturer tells the truth about where 90% of trojans, spyware, etc. come from. The truth is that people are going to some pretty nefarious places on the net to pick this stuff up, and that is the majority of the problem. They then pass it on to their contacts, and you have the massive infestation problem we have today.

Re:Once again, Microsoft blames the users.

I had to troubleshoot a DSL install yesterday. For that I had an XP box connected directly into a DSL modem and used XP's pppoe software to get onto the net. This is about as common a setup as you'll see except for those who just ending using the usb port for networking. This box had SP2 and Kerio running. Withing seconds of making the connection I was bombarded with attacks and requests to connect to the machine. Yes Seconds. This is much the same experience that others have reported.

"I've loaded Windows (various versions) onto machines, then downloaded service packs, with no firewall, MANY times, and never gotten a single trojan or spyware."

It's obviously all relative but IMO your very very lucky. Unless your network has a firewall which drops everything coming in NEVER get on the net with a naked Xp install. Have SPwhatever locally on a flash drive etc and install it that way. If you don't have it tell the person its not safe to get on the net without a firewall and then come back once you can do it via flash drive or cdrom.

Re:Once again, Microsoft blames the users.

[TCM]

What are you talking about? Just because rackhamh referred to a trojan in an e-mail attachement doesn't mean that there are no completely automatic ways to catch a worm with an _unpatched_ Windows system without a firewall.

There was at least some RPC issue that worms used to spread completely automatically. The topic never was about a legitimate site spreading trojans.

Re:Once again, Microsoft blames the users.

[Mr.Progressive]

Last year, while at school, I decided to reinstall XP a few times. My school has a policy of automatically disconnecting any infected computer. Before reinstalling, my network access was fine (i.e. no infection). But shortly after reinstalling each time, I found that my network access had been disabled due to infection. This happened at least twice. If having my ethernet cable plugged in while installing an OS is 'user error' then something is seriously wrong.

Re:Once again, Microsoft blames the users.

[zulux]

You can't connect to the network to download SP2 without risking the computer.

Sure you can.

No you can't - in SP1 and below, the firewall gets put in place after the network interface is brought up. In face, the firewall is almost the last thing to initialize during the XP boot process.

Depending on your boot time, there can be few minutes where your computer is vulnerable.

Enjoy!

Re:Once again, Microsoft blames the users.

[radish]

Then your admins need to sort their shit out. The company I work for has over 40,000 XP workstations and I can't remember the last time we had any internal infections - it may have been ILOVEYOU. Sure Windows has it's problems, but it is perfectly possible to secure an XP network if you know what you're doing.

Did anyone RTFA? No, of course not.

[NotQuiteReal]

The relevant part is initially will be free but the company isn't ruling out charging for future versions. So maybe they will charge for something later.

So, Microsoft has announced FREE software - rant about that. Later, IF they start charging for it, you can rant again about them charging for it.

Two-rants-for-one special!

Re:Once again, Microsoft blames the users.

[drsmithy]

No you can't - in SP1 and below, the firewall gets put in place after the network interface is brought up. In face, the firewall is almost the last thing to initialize during the XP boot process.

There's a difficult concept to grasp here. You actually have to wait until the OS is booted and the firewall is enabled and _then_ plug the cable in.

Re:Once again, Microsoft blames the users.

[BigWhiteGuy_27]

Or you could boot Knoppix, download SP2 or any necessary security updates to the local partition, unplug the network cable, reboot, install the service pack or update, plug the network cable back in, and be done. Linux saving Windows once again!

Of course Microsoft is blaming users

[Gary+Destruction]

It's like the government scaring people into giving up their freedoms for security. Since most people are uneducated, they will fall for it. They don't know any better. And that plays into Microsoft's hands because A)people will think that Microsoft isn't at fault and B)Experts will appear descredited in the eyes of the consumer. And Eeye doesn't know what it's talking about. They've never heard of "Marked safe for scripting" ActiveX controls. You know, the kind that are *supposed* to be safe but have been modified to infect and/or damage computers. That's hardly a user error.

OOPS!!!! BIG OOOPS!!!BEWARE THE SCIENOS!!!

[Ded+Mike]

It is currently being reported that there is a further problem with the deal:

A Florida-based computer security vendor, Sunbelt Software, said yesterday that it had been part owner of anti-spyware technology developed by Giant Company Software Inc., the company that Microsoft had acquired a day before. Microsoft knew about the relationship between the companies but didn't contact Sunbelt about the Giant deal before announcing it earlier this week...At the same time, Eckelberry declined to comment on reports that Sunbelt continues to hold some related rights to the Giant anti-spyware technology, including exclusive rights to offer software development kits related to the technology.

Sunbelt Software is a Scientology, money-laundering front-company, as seen in this quote:

Sunbelt Software Distribution, Inc (Scientologists in the management: Stu Sjouwerman, Alexander Eckelberry, Sam Licciardi (married to Denise Licciardi, the sister of Scientology boss David Miscavige!), Greg Kras). It is unknown if the parent company Sunbelt International Group is run by Scientologists - I have no information that J.M. is a Scientologist.Corporate Information.

some of whose officers have run afoul of the SEC and who are notorious spammers and spyware distributors themselves. Sunbelt was founded to launder the money of the Scientology cult, and are absolutely notorious spammers. Recently, they also ran afoul of us, here at Slashdot, in the past.

Re:Once again, Microsoft blames the users.

[IamTheRealMike]

OS X won't get hacked in any big way. And even Microsoft hasn't been sued for engineering negligence, let alone Apple.

Erm, OS X is the operating system that automatically extracts code and links it to protocol handlers when the user clicks an internet enabled DMG link. That sort of security is basically ActiveX level but without, you know, those annoying and unfriendly security certificate things.

If the rest of MacOS X is designed with that sort of mentality then I'd say actually OS X has a more insecure design than Windows does. Sure, BSD may be secure, but there's a huge amount of code in there that isn't BSD.

Re:Good advertisement.

[Moofie]

Doesn't it just suck to be totally wrong?

Re:Once again, Microsoft blames the users.

[squiggleslash]

Despite the garbled English, the intent of the grandparent is perfectly clear, and he is correct.

Indeed, the situation is worse than that. If you download a .sit or .zip using Safari in its default settings, the archive will, just as a disk image is automatically mounted, be automatically extracted. The design of OS X means that any applications within that archive will be automatically registered with the system the moment they're unpacked. (By "registered", not a Mac term BTW, I mean the application, normally, will be runnable from whereever it is, and will be associated with any file types it describes itself as supporting, including, in some circumstances, immediately becoming the default for that file type.)

Still think OS X is more secure by design than Windows? It isn't. In every way, it either is as bad as, or worse, than Windows is, in design terms. Right now the only reasons Mac users aren't being hammered are that there aren't enough Macs out there to make a viable email/etc virus or worm, and that nobody's made the effort.

Please, for fuck's sake, quit it with the "OS X is more secure by design". The more people repeat this, the more likely it is that someone will exploit it's weaknesses, and the less likely it is that Apple will fix them before such exploits occur.