Slashdot Mirror
The Microsoft Protection Racket
bonch writes "Dvorak writes about the 'Microsoft protection racket' in his latest column--'charging real money for any sort of add-on, service, or new product that protects clients against flaws in its own operating system.' Dvorak argues that someone took a look at the expense of Microsoft's monthly 'Patch Tuesday' and decided to find a way to make money from it instead of fix the code (e.g., abandoning the use of the registry)." I enjoy salt with my Dvorak, but that's just me.
Anyone who suggests 'abandoning the use of the registry' has obviously never written Windows software. What do you suggest we replace it with, INI files? What do you suppose we do about the thousands of existing applications that use the registry? How do you suggest we support access controls for individual settings and keys - make a single INI file for each one?
Changes like 'get rid of the registry' are changes you make when you release a new OS, not when you release a service pack. OS X, for example, uses flatfiles to store most (if not all) preferences, but that's something they designed in from the start.
It's pretty annoying how people always suggest blatantly stupid 'solutions' to problems instead of focusing on real fixes like better design and better testing...
using namespace slashdot;
troll::post();
>> Anyone who suggests 'abandoning the use of the registry'
>> has obviously never written Windows software. What do
>> you suggest we replace it with, INI files?
> Or property lists, yes.
Well, INI files don't scale well; not because they are flat text files, but because the way a hierarchy is modelled in an INI file is inefficient and error prone. Something in the nature of a property list would be quite reasonable.
It is also worth noting that since DotNet, lots of data that used to be in the Registry is now in XML files in the application folder. That's a big part of the XCOPY install feature MS brags about for DotNet.
>> What do you suppose we do about the thousands of existing
>> applications that use the registry?
> Wrappers for the INI/PLIST files that behave like the old
> registry calls.
Perfectly doable.
>> How do you suggest we support access controls for individual
>> settings and keys - make a single INI file for each one?
> Why not?
Well, it isn't strictly necessary to use the Registry to support access controls on keys and settings. As long as the file itself only allows administrator access, the APIs that model the current Registry APIs can implement key and value level security within the file. This would make the files read-only in a text editor for common users; however a simple editor could be created that allows the appropriate access to the individual keys via the APIs.
But INI files aren't appropriately structured for that; XML files would be better, or any number of less-verbose-than-XML text formats.
> OS X does this like a dream, I can take my Library folder with me
> and wham, everything is the way I like it on a new machine. I'm
> sure it would be possible to do something similar on Windows,
> provided I paid $50 for some crappy shareware product.
Well, it wouldn't be a crappy $50 shareware product to virtualize the Registry. Since the APIs are inside ADVAPI32.DLL, and are used during the boot process, it would be a kernel hack; generally more expensive when done third-party. MS could do it safely; third parties would need to worry about MS breaking the hack with an OS update.
Later versions of CuteFTP supposedly don't contain Aureate. Supposedly. You may or may not believe them. Better to not use CuteFTP, any other Globalscape product, any Aureate/Radiate product, or any product that ever contained Aureate. Here's a old list of programs known to contain Aureate.
Aureate changed its name to Radiate. In 2001, they settled a class action over privacy issues.
Radiate tried again with "Go!Zilla". Some versions of Go!Zilla have adware and/or spyware. The current makers of GoZilla claim "The current Go!Zilla software contains no advertising. There are several older, out-of-date versions of Go!Zilla which contain advertising from 3rd parties." But then they say "Go!Zilla will make certain partner software programs available to you during the Go!Zilla trial version's installation. These products are not necessary to the function of Go!Zilla, and you may decide if wish to install them. Make sure you read the installation prompts carefully to insure you get the best installation for you. Each partner program has its own privacy policy, and Go!Zilla is careful to screen partners for product quality and responsible privacy policies."
Or, in other words, "we're going to load up your machine with adware if you're not very, very careful during the install."
Aureate/Radiate appears to be defunct. Unclear whether they went bankrupt, were acquired, or are on the lam.
AdAware can be helpful if your system is infected with Aureate/Radiate, although it may not find attacks downloaded via the security holes.
For more details about Aureate, Radiate, and CuteFTP, click here (long .pdf).