Slashdot Mirror
Microsoft May Charge for Security Tools
rscrawford writes "CNN reports that Microsoft may charge extra for security software. So first they edge their competition out of the browser market, then they tie IE into the OS so tightly that a crash in IE can crash the computer, and then they make IE so vulnerable that just using it is hazardous to the typical computer's health, and now they want to CHARGE users to fix it?"
So THAT'S what Step two is. =P
"What do you think?" "I think 'What, do you think?!'"
If Microsoft were to hire on the Verizon Wireless guy, they could have him walking across the country asking "Can I screw you now?"
Yeah, sure, if starting the computer is human error. It takes what, five minutes or less, for an XP box to get riddled with viruses, Trojans, etc.? The error is Microsoft didn't ship an operating system that could remotely be considered secure. You can't connect to the network to download SP2 without risking the computer. Where's the sense in this? Where's the user error?
How am I supposed to fit a pithy, relevant quote into 120 characters?
And they don't see a conflict of interest here? Exactly what incentive would they have to fix security holes which are allowing malware into the machine in the first place if they are selling other products to "block" these kinds of attacks, or are they planning on charging for patches?
I Am My Own Worst Enemy
I mean, they were buying up security competitors as recently as Wednesday! Wouldn't that be a bit too blatant? Are they really trying to monopolize the desktop security market, or are they just trying to help cover costs in what is going to prove to be a very, very expensive area (once they start getting sued for having such a shoddy, insecure product)
What balls!
What a huge, big, heavy set of balls this company has.
Hey, let's kick them!
"Leo Fender was in a 'state of grace' when he designed the Stratocaster." -- Paul Reed Smith
If they can make a shitload of money out of any marketting strategy, Microsoft will do anything in their power to sell the most of anything and make profit.
Yes it is stupid. Users/companies pay for licenses of Windows which is somewhat costly when you compare what other solutions can do for a fraction of a price (Linux?!) and on top of that, they want to potentially sell you crap so their crap can be more secure using the previous crap. What a load of crap.
The only thing in this world I have found to be sleazier than lawyers are software salesmen. This isnt isnt a new idea from Microsoft... IBM did it for years with mainframe releases. You have to have a service contract to get the updates to fix the bugs.
This problem of releasing buggy software and charging for fixes is inherent in the software world.
Fire in the hands of the village idiot is no tool, but a weapon of mass destruction
Security fixes are going to be free.
The question is whether or not the AV and/or AS tools are going to be free.
Think of it as a choice - you can put them in the OS (so they'll be "free") at the cost of adding more bloatware (important bloatware, but bloatware) to the OS.
Or they can fix the @#$@#$ security holes that the spyware vendors are using to install their software and sell anti-spyware software to the dumb users who are stupid enough to download kazaa.
It's not like giant's antispyware software was EVER free...
See? is end-user fault all those security problems, they must pay!
It's no different to the toll road operator where I live that puts their tolls up by the maximum permitted year after year without any explanation at all - the same one who quite frequently refuses to explain their actions for unusual lane closures (usually during rush hour) with no readily apparent reason, who only pays refunds for their mistakes when the media gets hold of the story. Quite simply, if you want to get through my city quickly and easily, you have no choice.
(free "well done" to whomever identifies the city I live in and the toll operator I'm referring to)
You can continue to use free applications to do the work for you.
Look at it this way. They bought an adware company because the see that this is a problem. If they suddenly "bundled" an adware solution, the zealots would say they are trying to drive adaware and spybot out of the market. But since they are selling the solution and hence giving the customers choice, they are trying to screw the customers. No matter how secure they make the OS, there WILL be people who will run as admins and click "yes" to everything. These are the solutions that they are going to sell.
It isn't the first time they've had security software either. Anyone remember MSAV.exe?
Something from the article rubbed me the wrong way:
"Spyware usually gets on your computer through human error," said Marc Maiffret of eEye Digital Security Inc., which regularly discovers serious Windows flaws.
First.. a confession: My name is kRYPT, and I used to use Internet Explorer. I used to keep it patched, and updated. I browsed on High Security. I ran Spybot S&D and Adaware regularly, and TeaTimer always.
Spyware STILL got in. Every Spybot scan would regularly reveal something nasty (normally DSO or other IE Exploits).
Perhaps it's true that most Spyware is the result of user action (such as installing shady "free" smiley-enhancing software), but _lots_ of the Spyware out there is simply a direct result of using IE.
PS: I see the spyware people are trying to attack Firefox too.. see cracks.am for an example. However, in Firefox, a nice dialog pops up, makes it perfectly clear the code that's being requested to run is unsigned and unvalidated, and makes you wait for 2 seconds before you have the chance to accept or deny installing it.
DJ kRYPT's Free MP3s!
There are already good anti-spyware solutions available for home-users (ie Ad-aware, etc.), and I can't imagine home users shelling out a lot of money when they can get a personal version of Ad-aware for free. I suppose Microsoft is going to be targetting corporate users, but if their solutions aren't much better than companies like Ad-Aware (hopefully) corporations will go with competitors. But then again, they might just choose Microsoft because it seems like the "right thing to do" (that is, MS makes the OS, so OBVIOUSLY they should go with MS because it'll "work better" together).
Then again, if the MS anti-spyware is moderately priced and a lot of home-users do buy it, it may serve to drive the gap between richer vs poorer computer users (home users who shell out big bucks for a loaded Windows box vs users who pay a couple hundred for one of those Linux PCs that Walmart and others are selling).
More than anyone or anything else, Microsoft will become the major force pushing users to Linux.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Sorry, english is not my mother tongue
But really, we cry "unfair" over what they did to Netscape. Rightly so; it was unfair. If they had sold IE as a separate product, it wouldn't have been unfair. So now they sell this stuff as a separate product. They're not bundling. So what's the problem?
And there's another way this is good: TCO studies. The more extra charges you have to have from Microsoft to have a working product, the better TCO Linux has by comparison. (That is, if it's an honest comparison. But instead, what we'll probably see is bogus TCO "studies" where Microsoft looks good, but it omits the security stuff. Then when you go to actually buy it, there's these extra costs, like the auto dealers do with "dealer prep".)
Not at all. The word "help" is used in the sense of "Hi. We're from Microsoft and we're here to help... ourselves."
Even a longtime MS user like myself...
I've been an advocate for MS software and OS's for some time now, but the prospect of charging to fix something that is a result of many of the flaws in their software just pisses me off!
It's really unfortunate that Linux isn't viable on the desktop yet because this would likely be the straw that breaks this camel's back.
Unfortunately, Linux is not ready for the desktop yet, and please, save your fingers from typing because I have been evaluating distros for the desktop for many years now, the most recent being Mandrake 10.0 and Fedora Core 3. Although there is slow and steady progress, Linux for the desktop still sucks compared to WinXP.
For now, for me and my clients, a firewalled network behind which lives a well patched XP machine (preferrably kept up to date with SUS) with Firefox, Spybot S&D (with Tea Timer), Ad Aware, Symantec AV corporate and (for my clients), the daily use account does not have administrator privileges.
This will keep most any PC free from spyware and cruft and keep users happy.
You need people like me so you can point your fucking fingers, and say "that's the bad guy."
Let's not call this "security software", Microsoft; remember, software should simply be secure. If you have to add a qualifier like this, guess what: you're saying most of your software has nothing to do with security, and this special extra software, for extra charge, provides the security "feature".
These terminology differences really point to a philosophical difference at Microsoft, which is the root of all their problems. They really don't understand. Why should we think they ever will, at any price?
"Microsoft killed my company, I hold a personal grudge. I don't use Microsoft products and neither should you."-JWZ
MS charges a fee for a necessary tool: "Charging for this? What a ripoff!" (even though their major competitors charge a fee for similar tools)
Yes, that money may have been better spent in actually fixing the items that need these security tools, but it seems like they can't win either way.
Whence? Hence. Whither? Thither.
And for only $59.99 we'll show you how serious we are.
*DrugCheese rants*
*sigh*
You meant....
In Soviet Redmond, the problem is You!
-b
When in doubt, parenthesize. At the very least it will let some poor schmuck bounce on the % key in vi. (Larry Wall)
Apple did this a lot in the '80s so they wouldn't tick off ISVs. They even went so far as to cripple their hard-disk formatting utility to only work with their drives, so utility vendors could make a living.
Maybe Microsoft doesn't want to tick off the commercial anti-spyware tool vendors.
Maybe, just maybe, they want to leave the door open for zero-cost or donation-supported anti-spyware vendors like Spybot Search & Destroy. Nahh, Balmer & Co. aren't that altruistic.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
really this is ingenius.
monopoly
+
user-idiocy
+
shitty software
=
self-re-enforcing money machine.
really a brilliantly simple plan if ya think about it from a monopoly business's p.o.v.
no surprise to anyone familiar with thier previously demonstrated propensity for... ahem... evil?
This sounds like a classic protection racket. They create a defective product and then extort the customer. "Pay us or bad things happen to your computer." I wonder if a nice RICO suit will change their mind about this.
Two wrongs don't make a right, but three lefts do.
See, there's been a bit of a noise around the web about this whole thing over the last day or so and I really can't see the problem with it.
Microsoft charge for software. Charge. Money. Whether you pay it, or you pay it when you buy your box, or your suppliers pay it and pass the cost on, or your customers pay it and have less money left over to pay it for you, or your government taxes you then uses that to pay it the basic equation is still there. Micosoft charges money for software. Get over it.
They also charge money for shit software, in case you hadn't noticed. Then they charge more money for shit-software-server, then more again for a CAL onto shit-software-server, then some more for shit-CMS and so on and so forth. So, on the rare occasion that Microsoft buys someone that makes good software and badge engineers it, why is everyone suddenly up in arms?
It's not like this is the first time that Microsoft has used a flaw in one product to sell another.
Dave
I write a blog now, you should be afraid.
I am in much the same situation as yourself, fully patched, running Ad Aware and Spybot regularly with Javascript OFF.
I was researching information on the Roman Empire and was directed by Google to a great web site. About five minutes in I notice a small pop up window that when maximized displayed a blank window. The router, modem and network lights start to blink and the hard drive begins to churn. Ugh, I realize I am the victim of drive by spyware installation on of all things a web site on Ancient Rome. If I can't protect myself given all the above safeguards, how the hell is the average person going to?
It took an hour or two of work with Ad Aware, Spybot and Hijackthis to remove the five or six pieces of spyware shit that installed from an innocuous web site. I am well and truly tired of this bullshit, Firefox here I come...
The fact that the OS gets infected has nothing to do with IE being 'tied to the OS'. It has everything to do with the fact that most people who run windows run as Admin. When you are admin no security in the world can stop a user from clicking 'yes' when asked to install software. While IE definitely doesn't make it hard for the program to be installed, even running Mozilla won't stop grandma from downloading an executable and installing it.
e shold=-1&commentsort=0&tid=109&tid=172&tid=201&mod e=thread&cid=11121239
I'll refer you to my other post for good resources on how to fix the issue:
http://it.slashdot.org/comments.pl?sid=133173&thr
1. Start a software company and fill up a new market with buggy software
2. Charge for bugfixes
3. Profit!!!
...and a used car salesman is that the used car salesman KNOWS when he's lying to you.
If you can't baffle them with brilliance, dazzle them with bullshit.
Mozilla extensions have full access to your system constrained by the users security of course. Therefore if someone wanted to write a malicous extension that installed spyware/trojan/virus, they could. It has nothing to do with the OS. Try running IE under a non priviledge account and see if activex can install stuff.
Have you ever been to a turkish prison?
This is something that has been bothering me lately. How long will it be before Microsoft starts charging for Service Packs and Hot Fixes? So far, they haven't done it but, it occurs to me that it is only a matter of time.
But, the worst part of the idea is that Open Source vendors are opening the door for Microsoft and blazing a trail toward exactly that. Open Source vendors such as Red Hat and Novell/SuSE are selling "cheap" software, built by the Open Source community, and charging a premium for patches. It is a "new business model".
The base software is sold cheap or given away and they make their real money from "support services". However, close inspection of the "support services" show that they offer very little in the way of technical support. They do however offer password protected access to the sites used to download the patches and security fixes for the free/cheap software.
All this isn't going un-noticed by Microsoft, who has toyed with the idea of charging for Service Packs before. In the past however, customers told them in no uncertain terms that they would not pay for bug fixes to software that those customers had already paid a premium for.
Microsoft then developed the "Software Assurance" subscription model, where customers pay a subscription fee that entitles them to future version upgrades. But, Microsoft is still spending money and effort to provide free patches and they don't like doing it as they perceive it as lost revenue.
But, with the "new business model" that Open Source vendors are acclimating their customers to is likely to open up that revenue stream for Microsoft. Just as all the other software vendors were able to leverage the subscription model after Microsoft had acclimatized the customers, it is entirley likely that customers who are accustomed to the the Open Source method of paying for patches will not balk at paying Microsoft for their patches too.
It's a dark and pessimistic vision of the future, I know. But, can you imagine Microsoft actually passing up a new revenue stream from the same old product? That doesn't seem likely to me.
Sure, that's Microsoft's business model, isn't it? Trap users, screw them, charge them to get into the next trap. Is this a big surprise?
You are lucky. I connected on *dial-up* with Windows to just DL one form from a gov't website and got infected in under 10 seconds. Before I could actually type the URL into Mozilla, the box was already infected.
I'd say your 10 minutes is pretty good :P
has come to this.
The personal computer (Apple/Commadore/Tandy/IBM/Atari/Amiga) was supposed to release the creative gene in all of us. At first it did (1978 - 1995), Viri at most were limited boot sector infestations and nothing more.
Leave it to Microsoft to add BSOD and AdWare, and Windows Virus to the english language (Whats it called in other languages)? Instead of removing IE from the core of the O/S they chose to patch the system by purchasing a supposed solution. Now they are going to charge money for a problem that they induced. I also see that Win98/ME is excluded from the list. If I sold buggy software and didn't update 40 percent of my clients, I would be sacked as a vendor.
I'm sorry. Maybe I'm becoming too old, but Virus/Adware are/should not be the norm. When did it become mainstream to run all these utilities just to use your computer?
Enjoy,
It's just the normal noises in here.
Microsoft is beginning to remind me of the INS. This kind of unreasonable reasoning is, in fact, quite similar to that which occurs in government bureaucracies. Allow me to explain: When I moved to the U.S. from Europe, I had to go through this government disaster called the INS. As it turns out, at the time that my paperwork was being processed by that disorganization, there were some people working there who shredded documents belonging to about 80,000 U.S. immigrants. They did this because there was a huge backlog in paperwork processing, so some wise guy decided that by shredding the documents instead of filing them, he could make it look like his company was making improvements. This was eventually caught, and I believe that criminal charges were filed.
But that didn't exactly help me. I was one of those 80,000 people. The result of this shredding was that after going through the process, which takes years by the way, nearly all of the paperwork from my file was shredded. As a result, the INS got "confused" in a way very similar to that of a computer running Windows, when the operating system is suddenly deleted in mid-operation. It took quite a few years to finally get a hold of someone deep enough in the disorganization who had the power to do something about it.
Here's the part relevant to this story: When they discovered that my file was shredded, they told me that as a result of the INS's errors, I would have to pay a fine of over 1,000 dollars to get the process back on track.
In other words, they create a disorganization so big that putting some stamps on some pieces of papers takes years, then they shred my papers, then they make me wait years (and if I hadn't fought tooth and nail, they would never have acknowledged that they screwed up), and then, I had to pay a fine to fix it.
So, yes, to people who put a system like that into effect, it makes a whole lot of sense to make a browser so crufty and full of holes that it won't hold water even when submerged, and then to charge people for bloated layers of crufty software that is supposed to fix it, except for hundreds of corner cases that malware authors can use to work around it. And, did I mention that they'll charge you for the priviledge? I suggest trying free software instead. It's so much less painful.
So, Microsoft has announced FREE software - rant about that. Later, IF they start charging for it, you can rant again about them charging for it.
Two-rants-for-one special!
This issue is a bit more complicated than you think.
Considering that Giant anti-spyware used a paid subscription-based model, it kindof makes sense that MS would charge for it. I wouldn't expect Halo to come free with windows just because MS owns it and it can run on windows. I would, however, be pissed if service pack 2 wasn't free.
/. front page a few weeks ago.
For all those who have forgotten, Giant showed a lot of promise in the big anti-spyware head-to-head on the
And yes, as people mention this is good competetive behavior. You can buy the MS branded one, or you can buy something else (or use free stuff). If they have to compete for dollars, the spyware database will be maintained with more gusto.
Man, I surf porn sites using Mac OS X, and just as I need no protection in real life, I need no protection in cyper space, save for blocking pop-ups. Safari usually gives the prettiest, fastest and most accurate rendering, but for porn surfing I usually turn to Firefox or Mozilla (I need them bookmarklets, particularly the "increment" one).
The average Windows user will feel that MS is sooo wonderful for securing their computers against the wild and wooly internet. As the Windows machines again slow down and bcome even more clunky, the solution will be to buy a newer computer, and sales people will show the buyers how economical the new PC's are compared to those sooo expensive Mac's. Doesn't sound much different than the past 20 years, and people still put up with it.
So now we can expect a shopping cart icon to appear on MS Security Bulletin page...!!!
Please explain. What design flaw of Windows forces a user to run as an administrator?
The fact that Windows started out as a single user OS, and a lot of programs are built with that mindset. Windows as a multiple user OS still feels like a hack upon a single user OS. A few years ago, Microsoft could of said, "Sorry, many of your old Win9x programs aren't going to work in the NT line", and we wouldn't have this problem. They even could of provided us with a "classic mode" sandbox to run them in too. But instead they went the backwards compatible route. Ferthermore, since all the old programs basically run as they used to, it didn't give the programmers any incentive to change their habits. So to this day, many programs, including some of MS's own applications do not run right (or at all) unless you are Administrator.
It's like the government scaring people into giving up their freedoms for security. Since most people are uneducated, they will fall for it. They don't know any better. And that plays into Microsoft's hands because A)people will think that Microsoft isn't at fault and B)Experts will appear descredited in the eyes of the consumer. And Eeye doesn't know what it's talking about. They've never heard of "Marked safe for scripting" ActiveX controls. You know, the kind that are *supposed* to be safe but have been modified to infect and/or damage computers. That's hardly a user error.
Remember guys, this is Amerika. Just because you have the most votes, doesn't mean you get to win.--Fox Mulder
Which somehow means that virus-infested files are critical to Windows' operation?
I'm still trying to figure out what people mean by 'social skills' here.
Since about the days of NT4.0 many people in the IT business were saying something along the line: "MS got their act together, they have released a professional O/S with security built-in, a reasonable kernel, good performance, that runs on multiple platforms including commodity hardware. This is the end of UNIX, and not a moment too soon, we are tired of the expensive hardware and of the Unix wars".
However MS has continually disappointed. Security ended up being very very bad, and becoming in fact worse with every new release (Microsoft still hasn't been able to break the old conflict between ease-of-use and security, unlike Apple).
Since then we've had Linux and the BSDs maturing (including Darwin). MS security is in fact worse with XP than it ever was with NT4 and this is affecting mere users in a huge way. Spyware removal has moved from a little cottage industry to big multinational business. Running a simple PC with Windows is fast becoming harder and more labour intensive than simply installing Linux on it.
My family members and friends are constantly asking me for advice. I'm always happy to help them with their Windows troubles (after all this keeps my skills up to date to a degree). I never mention the fact that they should try Linux or buy and Apple but when they ask me why I don't run Windows I simply say: "no spyware, no virus" and they start thinking about it. A few more years of Linux and OpenOffice maturing, and we'll see a shift of the order of the Firefox one.
Unless Microsoft get their act together, fast. But they are not, witness the current decision.
Microsoft is unable to make long term decisions that will affect their users positively. This is because they are driven by short-term profits. Even thought they have the resources 10 times over to make the right decisions, they are being trounced, little by little, by a band of volunteers.
This is both heartening and disheartening.
BTW I find all the replies to remarks along the line "but you can't even plug a windows machine in default mode to the Internet more than 10 minutes before becoming infected" absolutely hilarious.
1- first find a secure machine
2- download all the patches by hand
3- burn to CD
4- go to insecure machine.
5- unplug from network
6- install OS
7- install patches
8- boot
9- make sure firewall is on
10- plug network cable in. Browse to you heart's content!
11- Oh, and make sure you don't run IE, and keep your machine up-to-date! and don't run as the admin! What? games don't run except as admin? don't play games!
Easy! speaks for itself, doesn't it?