Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Microsoft Protection Racket

Posted by Zonk on from the friday-afternoon-fightin-words dept.

bonch writes "Dvorak writes about the 'Microsoft protection racket' in his latest column--'charging real money for any sort of add-on, service, or new product that protects clients against flaws in its own operating system.' Dvorak argues that someone took a look at the expense of Microsoft's monthly 'Patch Tuesday' and decided to find a way to make money from it instead of fix the code (e.g., abandoning the use of the registry)." I enjoy salt with my Dvorak, but that's just me.

10 of 539 comments (clear)

  1. Frank Nitti by jkind · · Score: 3, Informative

    In case you aren't ready when Dvorak makes Al Capone related references: http://en.wikipedia.org/wiki/Frank_Nitti

    --
    ~jennifer.k~
  2. Pfft. by JanusFury · · Score: 5, Informative

    Anyone who suggests 'abandoning the use of the registry' has obviously never written Windows software. What do you suggest we replace it with, INI files? What do you suppose we do about the thousands of existing applications that use the registry? How do you suggest we support access controls for individual settings and keys - make a single INI file for each one?

    Changes like 'get rid of the registry' are changes you make when you release a new OS, not when you release a service pack. OS X, for example, uses flatfiles to store most (if not all) preferences, but that's something they designed in from the start.

    It's pretty annoying how people always suggest blatantly stupid 'solutions' to problems instead of focusing on real fixes like better design and better testing...

    --
    using namespace slashdot;
    troll::post();
    1. Re:Pfft. by jsight · · Score: 4, Informative

      And what is wrong with an individual INI file per app and/or per user? I mean, *nix has been using that for a long time, and it sure makes down-and-dirty administration ten times easier.


      Unless, of course, you are a Gnome use, in which case you get GConf. What is GConf? Well, it's a nice implmentation of a registry. :)
      --
      Throw the bums out!
    2. Re:Pfft. by omibus · · Score: 3, Informative

      I agree, we can't just do away with the blasted thing, but...

      Even Microsoft is telling people not to use it anymore to store app setting. They actually do recomend using ini or xml files for that. Case in point, the default place to store app settings in ASP.NET and WinForms is in an xml file (either web.config or app.config).

      Now, completely doing away with the registry? Impossible. There are too many things that the registry does for Windows that the blowhards on this list dont even know about. All of .NET and ActiveX run thru the thing at one level or another.

      And as much as the people of slashdot hate ActiveX (and its big brother .NET), that is what makes writing apps on windows do-able, and a lot more fun than Linux.

      Thats right, because of the restistry, stuff just works. We have installs that just work. We have programs that can talk to eachother, and it just works. Linux, not so much.

      --
      Bad User. No biscuit!
    3. Re:Pfft. by ettlz · · Score: 3, Informative

      Yes, but:

      1. it's done in XML and can be hand-edited;
      2. it's stored in a directory hierarchy in the filesystem so it's more robust; and
      3. you can nuke it and not FUBAR the system.
  3. Replacing the Registry with flat files by QuestorTapes · · Score: 4, Informative

    >> Anyone who suggests 'abandoning the use of the registry'
    >> has obviously never written Windows software. What do
    >> you suggest we replace it with, INI files?

    > Or property lists, yes.

    Well, INI files don't scale well; not because they are flat text files, but because the way a hierarchy is modelled in an INI file is inefficient and error prone. Something in the nature of a property list would be quite reasonable.

    It is also worth noting that since DotNet, lots of data that used to be in the Registry is now in XML files in the application folder. That's a big part of the XCOPY install feature MS brags about for DotNet.

    >> What do you suppose we do about the thousands of existing
    >> applications that use the registry?

    > Wrappers for the INI/PLIST files that behave like the old
    > registry calls.

    Perfectly doable.

    >> How do you suggest we support access controls for individual
    >> settings and keys - make a single INI file for each one?

    > Why not?

    Well, it isn't strictly necessary to use the Registry to support access controls on keys and settings. As long as the file itself only allows administrator access, the APIs that model the current Registry APIs can implement key and value level security within the file. This would make the files read-only in a text editor for common users; however a simple editor could be created that allows the appropriate access to the individual keys via the APIs.

    But INI files aren't appropriately structured for that; XML files would be better, or any number of less-verbose-than-XML text formats.

    > OS X does this like a dream, I can take my Library folder with me
    > and wham, everything is the way I like it on a new machine. I'm
    > sure it would be possible to do something similar on Windows,
    > provided I paid $50 for some crappy shareware product.

    Well, it wouldn't be a crappy $50 shareware product to virtualize the Registry. Since the APIs are inside ADVAPI32.DLL, and are used during the boot process, it would be a kernel hack; generally more expensive when done third-party. MS could do it safely; third parties would need to worry about MS breaking the hack with an OS update.

  4. Re:Microsoft addresses Windows security concerns by YU+Nicks+NE+Way · · Score: 3, Informative

    He claims to be qualified to blame Microsoft for security holes in its products, doesn't he? It's clear that he was slammed by a security hole in a third-party application he was running on his system as an Administrator. (Not to mention, a third party application with a history of known defects...)

    He has no business complaining about Microsoft's "protection racket" if he honestly doesn't understand that his recent issue has jack-squat to do with Microsoft.

  5. No, sadly, CuteFTP contains exploitable adware by Animats · · Score: 4, Informative
    Unfortunately, some versions of CuteFTP contain the Aureate adware client. Aureate is an entry point for attacks. "It is able to secretly download and cause Windows to execute any arbitrary program into the unsuspecting user's computer". ... ""phones home" every single time you use your web browser" ... "can, at their whim, accept and download any file into your system named "update-dll.exe" and then arrange for Windows to run this unknown program" ... "is trivial to "redirect" so that instead of phoning home to one of Aureate's servers, it connects to any other arbitrary server on the Internet." ... "They will always be responsible for sneaking 22 million copies of buggy and frightfully insecure spyware into the world's Windows PCs."

    Later versions of CuteFTP supposedly don't contain Aureate. Supposedly. You may or may not believe them. Better to not use CuteFTP, any other Globalscape product, any Aureate/Radiate product, or any product that ever contained Aureate. Here's a old list of programs known to contain Aureate.

    Aureate changed its name to Radiate. In 2001, they settled a class action over privacy issues.

    Radiate tried again with "Go!Zilla". Some versions of Go!Zilla have adware and/or spyware. The current makers of GoZilla claim "The current Go!Zilla software contains no advertising. There are several older, out-of-date versions of Go!Zilla which contain advertising from 3rd parties." But then they say "Go!Zilla will make certain partner software programs available to you during the Go!Zilla trial version's installation. These products are not necessary to the function of Go!Zilla, and you may decide if wish to install them. Make sure you read the installation prompts carefully to insure you get the best installation for you. Each partner program has its own privacy policy, and Go!Zilla is careful to screen partners for product quality and responsible privacy policies."

    Or, in other words, "we're going to load up your machine with adware if you're not very, very careful during the install."

    Aureate/Radiate appears to be defunct. Unclear whether they went bankrupt, were acquired, or are on the lam.

    AdAware can be helpful if your system is infected with Aureate/Radiate, although it may not find attacks downloaded via the security holes.

    For more details about Aureate, Radiate, and CuteFTP, click here (long .pdf).

  6. Re:Microsoft addresses Windows security concerns by sconeu · · Score: 3, Informative

    The problem with "Run As..." is that it still requires you to give out the Admin (root) password. There is no equivalent to su/sudo/setuid programs, where you can give out privileges on a per-program basis.

    Would you give out the root password to your users?

    --
    General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
  7. Re:I can write on PC Magazine too! by Anonymous Coward · · Score: 3, Informative

    You appearently are not familiar with Dvorak or his writing. He is definately NOT a linux zealot and he always writes like that. I've been reading his articles for 15 years and he almost always makes me laugh at least once per article. This one was no exception.

    Nope. He's not a troll or a zealot. He's just another pissed off user who's not afraid to tell the hard truth.