Microsoft May Charge for Security Tools

← Back to Stories (view on slashdot.org)

Microsoft May Charge for Security Tools

Posted by michael on Friday December 17, 2004 @11:13AM from the rated-r-for-racket dept.

rscrawford writes "CNN reports that Microsoft may charge extra for security software. So first they edge their competition out of the browser market, then they tie IE into the OS so tightly that a crash in IE can crash the computer, and then they make IE so vulnerable that just using it is hazardous to the typical computer's health, and now they want to CHARGE users to fix it?"

23 of 642 comments (clear)

oblig... by Mad_Rain · 2004-12-17 11:14 · Score: 5, Funny

So THAT'S what Step two is. =P

--
"What do you think?" "I think 'What, do you think?!'"
Good advertisement. by Anonymous Coward · 2004-12-17 11:15 · Score: 5, Funny

If Microsoft were to hire on the Verizon Wireless guy, they could have him walking across the country asking "Can I screw you now?"
Once again, Microsoft blames the users. by IO+ERROR · 2004-12-17 11:16 · Score: 5, Insightful

Some experts blame Microsoft for Windows vulnerabilities that help spread spyware. Microsoft and some others, meanwhile, said blame should be directed instead at spyware manufacturers.
"Spyware usually gets on your computer through human error," said Marc Maiffret of eEye Digital Security Inc., which regularly discovers serious Windows flaws.

Yeah, sure, if starting the computer is human error. It takes what, five minutes or less, for an XP box to get riddled with viruses, Trojans, etc.? The error is Microsoft didn't ship an operating system that could remotely be considered secure. You can't connect to the network to download SP2 without risking the computer. Where's the sense in this? Where's the user error?

--
How am I supposed to fit a pithy, relevant quote into 120 characters?
1. Re:Once again, Microsoft blames the users. by yelvington · 2004-12-17 11:23 · Score: 4, Funny
  
  When Microsoft activates Skynet, the error-prone users will no longer be an issue.
2. Re:Once again, Microsoft blames the users. by Anonymous Coward · 2004-12-17 11:25 · Score: 5, Insightful
  
  You can't connect to the network to download SP2 without
  risking the computer. Where's the sense in this? Where's the user error?
  
  This is how people think after so much time with viruses. They are used to performing workarounds for Windows that lead to acceptance of viruses (just buy an antivirus) that lead to acceptance of spyware (just buy an antispyware) and that lead to acceptance of systems so bogged down by combinations of the above (just reinstall every 6 months).
  
  It's a bit like living in a really bad neighbourhood and denying it's a problem. "Oh we're OK, we live in a safe area. As long as you put bars on all your windows, don't leave the house when it's dark, put up bullet proof windows, and don't make eye contact with the neighbours you're perfectly safe"
  
  Apart from how it's broken, it works perfectly.
  
  MS is fucked, but they don't mind. The consumer state of society today means MS can just tell people they need to buy something, and people will do what they're told to.
3. Re:Once again, Microsoft blames the users. by Jace+of+Fuse! · 2004-12-17 11:57 · Score: 4, Insightful
  
  They are used to performing workarounds for Windows that lead to acceptance of viruses (just buy an antivirus) that lead to acceptance of spyware (just buy an antispyware) and that lead to acceptance of systems so bogged down by combinations of the above (just reinstall every 6 months).
  
  There are small, efficient, safe, and free programs that perform these tasks without bogging the system down.
  
  But your points do to some degree stand. Though even if the virus/worm/spyware problem weren't as bad today as it is, I probably would STILL run a software firewall and a good antivirus just as a matter of precaution. I also have all of my systems behind the network firewall but not everyone has that option.
  
  The point is, that just because things are worse now on Windows than they have ever been, doesn't mean that good precautions wouldn't be paying off.
  
  It's only a matter of time before MacOS X gains enough popularity that it's own security holes (though admittingly less serious than many of those in Windows) are mass exploited causing many Mac users some grief.
  
  As it stands right now MOST Linux users can fend for themselves. How true do you think that would be if there was a huge wave of new Linux users converting from Windows? The clueless masses would show people that even a Linux box in the wrong hands can exploited, and I would dare say that an arm compromised *nix boxes is a far greater threat to the internet as a whole than the army of zombie Dialup AOL connected budget PCs running XP home that we currently have to dela with.
  
  Security IS a problem right now, but Windows is only PART of the problem. The clueless human side of the equation isn't going to go away no matter how many people ditch Windows.
  
  --
  
  "Everything you know is wrong. (And stupid.)"
  
  Moderation Totals: Wrong=2, Stupid=3, Total=5.
4. Re:Once again, Microsoft blames the users. by wastingtape · 2004-12-17 12:13 · Score: 5, Funny
  
  Yes. I noticed the glitch in the Matrix as well.
5. Re:Once again, Microsoft blames the users. by Anonymous Coward · 2004-12-17 12:23 · Score: 5, Interesting
  
  I work at an educational institute. Connect a Windows machine to our network and you WILL get Welchia in under a minute (assuming you aren't patched). I have done this several times.
  
  The scenario you describe -- plugging into the internet without getting a worm -- is only the case because the chances are lower that you will get a worm. Basically, you are defending Microsoft on the grounds that the chances are not good that you will get a worm. But decrease the number of computers to that of a medium-sized college campus, and suddenly the chances become very good indeed. Your argument is not particularly good.
  
  And this is not user error, unless you count not enabling a firewall before you plug into the network as a user error. But then, how do you enable a firewall on a built-in wireles card as you are installing Windows?
  
  (Note that there are solutions around this problem -- and I use a few of them. I'm just pointing out that the argument, "I don't immediately get a worm on an unpatched Windows machine, so no one does," doesn't hold any water.)
6. Re:Once again, Microsoft blames the users. by Moofie · 2004-12-17 12:55 · Score: 5, Interesting
  
  "It's only a matter of time before MacOS X gains enough popularity that it's own security holes (though admittingly less serious than many of those in Windows) are mass exploited causing many Mac users some grief."
  
  It's a matter of proper security design that those exploits will be limited in scope and number.
  
  Windows doesn't get exploited just because it's popular. It gets exploited because it was designed wrong.
  
  --
  Why yes, I AM a rocket scientist!
7. Re:Once again, Microsoft blames the users. by zulux · 2004-12-17 14:07 · Score: 4, Informative
  
  You can't connect to the network to download SP2 without risking the computer.
  
  Sure you can.
  
  No you can't - in SP1 and below, the firewall gets put in place after the network interface is brought up. In face, the firewall is almost the last thing to initialize during the XP boot process.
  
  Depending on your boot time, there can be few minutes where your computer is vulnerable.
  
  Enjoy!
  
  --
  Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
8. Re:Once again, Microsoft blames the users. by DownloadTHIS · 2004-12-17 14:25 · Score: 4, Funny
  
  I actually agree with Microsoft here. These problems are caused by human error. Running Windows definitely falls under that catagory.
ack! by nizo · 2004-12-17 11:16 · Score: 4, Insightful

Microsoft's disclosure that it may eventually charge extra for Windows protection reflects a recognition inside the company that it could collect significant profits by helping to protect its customers.
And they don't see a conflict of interest here? Exactly what incentive would they have to fix security holes which are allowing malware into the machine in the first place if they are selling other products to "block" these kinds of attacks, or are they planning on charging for patches?

--
I Am My Own Worst Enemy
Seems unusually blatant by bigberk · 2004-12-17 11:16 · Score: 4, Insightful

I mean, they were buying up security competitors as recently as Wednesday! Wouldn't that be a bit too blatant? Are they really trying to monopolize the desktop security market, or are they just trying to help cover costs in what is going to prove to be a very, very expensive area (once they start getting sued for having such a shoddy, insecure product)
Just one thing to say: by sgant · 2004-12-17 11:16 · Score: 5, Funny

What balls!

What a huge, big, heavy set of balls this company has.

Hey, let's kick them!

--

"Leo Fender was in a 'state of grace' when he designed the Stratocaster." -- Paul Reed Smith
Software sales - marketing by Ogrez · 2004-12-17 11:17 · Score: 5, Insightful

The only thing in this world I have found to be sleazier than lawyers are software salesmen. This isnt isnt a new idea from Microsoft... IBM did it for years with mainframe releases. You have to have a service contract to get the updates to fix the bugs.

This problem of releasing buggy software and charging for fixes is inherent in the software world.

--

Fire in the hands of the village idiot is no tool, but a weapon of mass destruction
According to /. they will lose either way... by C.+Mattix · 2004-12-17 11:21 · Score: 5, Insightful

Look at it this way. They bought an adware company because the see that this is a problem. If they suddenly "bundled" an adware solution, the zealots would say they are trying to drive adaware and spybot out of the market. But since they are selling the solution and hence giving the customers choice, they are trying to screw the customers. No matter how secure they make the OS, there WILL be people who will run as admins and click "yes" to everything. These are the solutions that they are going to sell.

It isn't the first time they've had security software either. Anyone remember MSAV.exe?
User error, eh? by kryptkpr · 2004-12-17 11:21 · Score: 5, Interesting

Something from the article rubbed me the wrong way:

"Spyware usually gets on your computer through human error," said Marc Maiffret of eEye Digital Security Inc., which regularly discovers serious Windows flaws.

First.. a confession: My name is kRYPT, and I used to use Internet Explorer. I used to keep it patched, and updated. I browsed on High Security. I ran Spybot S&D and Adaware regularly, and TeaTimer always.

Spyware STILL got in. Every Spybot scan would regularly reveal something nasty (normally DSO or other IE Exploits).

Perhaps it's true that most Spyware is the result of user action (such as installing shady "free" smiley-enhancing software), but _lots_ of the Spyware out there is simply a direct result of using IE.

PS: I see the spyware people are trying to attack Firefox too.. see cracks.am for an example. However, in Firefox, a nice dialog pops up, makes it perfectly clear the code that's being requested to run is unsigned and unvalidated, and makes you wait for 2 seconds before you have the chance to accept or deny installing it.

--
DJ kRYPT's Free MP3s!
1. Re:User error, eh? by rackhamh · 2004-12-17 11:38 · Score: 4, Funny
  
  Spyware STILL got in. Every Spybot scan would regularly reveal something nasty (normally DSO or other IE Exploits).
  
  Moral of the story: pick your porn sites wisely.
Well... by rewt66 · 2004-12-17 11:28 · Score: 5, Insightful

As an employee of a security company, I don't have a problem with this. I would have more of a problem with Microsoft giving it away for free. (And, I hope, the toothless antitrust enforcement might have a problem with it, too, but I wouldn't bet on it.)
But really, we cry "unfair" over what they did to Netscape. Rightly so; it was unfair. If they had sold IE as a separate product, it wouldn't have been unfair. So now they sell this stuff as a separate product. They're not bundling. So what's the problem?
And there's another way this is good: TCO studies. The more extra charges you have to have from Microsoft to have a working product, the better TCO Linux has by comparison. (That is, if it's an honest comparison. But instead, what we'll probably see is bogus TCO "studies" where Microsoft looks good, but it omits the security stuff. Then when you go to actually buy it, there's these extra costs, like the auto dealers do with "dealer prep".)
So let's see by YrWrstNtmr · 2004-12-17 11:33 · Score: 4, Insightful

MS includes a necessary tool for free: "Unfair bundling! They're just trying to muscle everyone else out of the market"
MS charges a fee for a necessary tool: "Charging for this? What a ripoff!" (even though their major competitors charge a fee for similar tools)
Yes, that money may have been better spent in actually fixing the items that need these security tools, but it seems like they can't win either way.
Company charges money for product... by kahei · 2004-12-17 11:33 · Score: 4, Funny

...slashdotters baffled.

--
Whence? Hence. Whither? Thither.
Drive by installs occur on many non-porn web sites by Hamster+Lover · 2004-12-17 11:51 · Score: 4, Interesting

I am in much the same situation as yourself, fully patched, running Ad Aware and Spybot regularly with Javascript OFF.

I was researching information on the Roman Empire and was directed by Google to a great web site. About five minutes in I notice a small pop up window that when maximized displayed a blank window. The router, modem and network lights start to blink and the hard drive begins to churn. Ugh, I realize I am the victim of drive by spyware installation on of all things a web site on Ancient Rome. If I can't protect myself given all the above safeguards, how the hell is the average person going to?

It took an hour or two of work with Ad Aware, Spybot and Hijackthis to remove the five or six pieces of spyware shit that installed from an innocuous web site. I am well and truly tired of this bullshit, Firefox here I come...
Profit? From where? by Alwin+Henseler · 2004-12-17 12:12 · Score: 5, Insightful
I wonder where MSFT thinks the money for this extra software should come from? I mean, are IT budgets of customers (including Joe Sixpack) suddenly going up, so that extra funds are available to sink into these tools? If not, that would mean that either:
1. Windows should get cheaper, otherwise customers wouldn't have money left over to invest in these extra tools. This seems feasible; with competition from Free/OSS and users getting fed up with buggy software, market value of Windows is likely to drop. This could be a covert way to restore profit margins.
2. Hardware should get cheaper, so that more money is left over for software. Doesn't seem likely; hardware does get cheaper, but Joe Sixpack still buys expensive PC's, he just gets more bang for his bucks.
3. These extra tools are meant to replace competitor's offerings. Interesting option: if they are just another offering in a crowded field, okay. But first given away as a freebie, and then start charging after a while, when users become convinced they absolutely need it? In that case, could be an interesting candidate for another anti-competitive investigation.
If you can't baffle them with brilliance, dazzle them with bullshit.