Microsoft May Charge for Security Tools
rscrawford writes "CNN reports that Microsoft may charge extra for security software. So first they edge their competition out of the browser market, then they tie IE into the OS so tightly that a crash in IE can crash the computer, and then they make IE so vulnerable that just using it is hazardous to the typical computer's health, and now they want to CHARGE users to fix it?"
Something from the article rubbed me the wrong way:
"Spyware usually gets on your computer through human error," said Marc Maiffret of eEye Digital Security Inc., which regularly discovers serious Windows flaws.
First.. a confession: My name is kRYPT, and I used to use Internet Explorer. I used to keep it patched, and updated. I browsed on High Security. I ran Spybot S&D and Adaware regularly, and TeaTimer always.
Spyware STILL got in. Every Spybot scan would regularly reveal something nasty (normally DSO or other IE Exploits).
Perhaps it's true that most Spyware is the result of user action (such as installing shady "free" smiley-enhancing software), but _lots_ of the Spyware out there is simply a direct result of using IE.
PS: I see the spyware people are trying to attack Firefox too.. see cracks.am for an example. However, in Firefox, a nice dialog pops up, makes it perfectly clear the code that's being requested to run is unsigned and unvalidated, and makes you wait for 2 seconds before you have the chance to accept or deny installing it.
DJ kRYPT's Free MP3s!
There are already good anti-spyware solutions available for home-users (ie Ad-aware, etc.), and I can't imagine home users shelling out a lot of money when they can get a personal version of Ad-aware for free. I suppose Microsoft is going to be targetting corporate users, but if their solutions aren't much better than companies like Ad-Aware (hopefully) corporations will go with competitors. But then again, they might just choose Microsoft because it seems like the "right thing to do" (that is, MS makes the OS, so OBVIOUSLY they should go with MS because it'll "work better" together).
Then again, if the MS anti-spyware is moderately priced and a lot of home-users do buy it, it may serve to drive the gap between richer vs poorer computer users (home users who shell out big bucks for a loaded Windows box vs users who pay a couple hundred for one of those Linux PCs that Walmart and others are selling).
Let's not call this "security software", Microsoft; remember, software should simply be secure. If you have to add a qualifier like this, guess what: you're saying most of your software has nothing to do with security, and this special extra software, for extra charge, provides the security "feature".
These terminology differences really point to a philosophical difference at Microsoft, which is the root of all their problems. They really don't understand. Why should we think they ever will, at any price?
"Microsoft killed my company, I hold a personal grudge. I don't use Microsoft products and neither should you."-JWZ
I am in much the same situation as yourself, fully patched, running Ad Aware and Spybot regularly with Javascript OFF.
I was researching information on the Roman Empire and was directed by Google to a great web site. About five minutes in I notice a small pop up window that when maximized displayed a blank window. The router, modem and network lights start to blink and the hard drive begins to churn. Ugh, I realize I am the victim of drive by spyware installation on of all things a web site on Ancient Rome. If I can't protect myself given all the above safeguards, how the hell is the average person going to?
It took an hour or two of work with Ad Aware, Spybot and Hijackthis to remove the five or six pieces of spyware shit that installed from an innocuous web site. I am well and truly tired of this bullshit, Firefox here I come...
I work at an educational institute. Connect a Windows machine to our network and you WILL get Welchia in under a minute (assuming you aren't patched). I have done this several times.
The scenario you describe -- plugging into the internet without getting a worm -- is only the case because the chances are lower that you will get a worm. Basically, you are defending Microsoft on the grounds that the chances are not good that you will get a worm. But decrease the number of computers to that of a medium-sized college campus, and suddenly the chances become very good indeed. Your argument is not particularly good.
And this is not user error, unless you count not enabling a firewall before you plug into the network as a user error. But then, how do you enable a firewall on a built-in wireles card as you are installing Windows?
(Note that there are solutions around this problem -- and I use a few of them. I'm just pointing out that the argument, "I don't immediately get a worm on an unpatched Windows machine, so no one does," doesn't hold any water.)
"It's only a matter of time before MacOS X gains enough popularity that it's own security holes (though admittingly less serious than many of those in Windows) are mass exploited causing many Mac users some grief."
It's a matter of proper security design that those exploits will be limited in scope and number.
Windows doesn't get exploited just because it's popular. It gets exploited because it was designed wrong.
Why yes, I AM a rocket scientist!
Once OSx gets hacked in a big way, I expect that Apple will get sued for engineering negligence. I've made it clear to Microsoft that the next time their buggy software nails my server (which runs freebsd), they will have to answer in court. The last time they managed to pay off my hosting provider after their tech support people tried to talk me into installing anti virus software on the server. It wasn't a virus on the server, it was millions of machines trying to talk to my news server. That was Sep of 2003 and the thing is still going wild.
.3% of the product cost, there isn't a judge in the US that won't give the damaged party most of what they are asking for.
If you sell a modern operating system and the install disks aren't safe to use (meaning no innocent third party suffers damage) then the product must be recalled. I've had enough of this crud that the next time I'm in the cross hairs, I'm going after whoever dropped the ball and I don't care if its MS, Apple or Sun. There is no excuse for not recalling a CD since its small and cost so little. In past court cases involving cars, that has made a huge difference in payouts. If sun is shipping hackable software with their cheapest v100 which cost $1000 and the fix of sending everyone a new CD which cost $3 or
The same goes for Apple. They have teamed up with an Antivirus software company with imac when they could have just included that feature in the OS. I have recently found a copy of an old check from an anti-virus company to a student which proves that the student was paid to write viruses to help improve the bottom line. Thats racketeering and the resulting class action suit could kill a company.