Slashdot Mirror
MS To Build Antivirus Into Win8: Boon Or Monopoly?
jfruhlinger writes "Microsoft has quietly announced that it's planning on baking anti-virus protection right into the Windows 8 OS. Users have been criticizing Windows' insecurity for years — but of course this move is raising howls of protest from anti-virus vendors, who have built a nice business out of Windows' security holes. Is this a good move by Microsoft, or a leveraging of their monopoly as bad as bundling Internet Explorer?"
I would love to see governments attacking Microsoft for making its software too secure. That would keep me laughing for years.
This is awesome and MS should've done this 10 years ago.
So making an OS more secure (I know, they could get rid of security holes... but...) is also monopolistic?
To me, this is kinda like saying IrfanView should sue because MS includes Paint or Picture Viewer or whatever they include.
IE was a bit trickier, because they did their own thing with HTML and stuff and you HAD to use IE in order to view some stuff, so it was a bit nastier. But a virus detector? What are they going to do, write viruses that only their software can find... but then they wouldn't work on other OSes... so it wouldn't be much of a lock-in.
The capitalist in me screams, "Anti-competitive!"
The IT guy in me exclaims, "It is about time."
The consumer in worries, "How will this impact performance?"
I will not mourn that which I never had to lose. - Unknown
It's a good idea overall as long as there is the ability for power users to disable the 'feature' and use third-party software.
It will be good for the less knowledgeable / casual user but to the more discerning user there may be better tools for what they want to do with the system.
Overall I think it might help stem the flow of infection through those will no anti-viral software whatsoever but with many boxes still using ME/XP/Outdated everything it won't drop infection rates THAT signinificantly.
I think this would be a great idea as long as MS keeps it well updated and people don't rely just on it. It would immediately improve the security of the PCs of all the people who don't bother with antivirus, but it may lull others into a false sense of security and give them an incentive to not get any other antivirus which would put a target for virus writers squarely on MS's solution.
I feel sorry for people that don't drink, because when they get up in the morning, that's as good as they're gonna feel
If I somehow end up with a Windows 8 machine, I will continue to use F-Prot or Command anti-virus no mater what is bundled. Microsoft including their own anti-virus software will not compete with such products, it may however be the end of McAfee and Norton. But I honestly think the world is better off without them.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Imagine if God gave humans band-aids instead of giving humans blood clotting. Microsoft should fix their software so AV isn't a requirement.
Why on earth would Microsoft want to put the AV competition out of business? It only costs them money.
It's neither boon nor monopoly, it's acknowledging a begrudging reality that no matter how secure your OS you need AV on top and you can't rely on your users to purchase it.
I'm sure Microsoft would be more than happy for everyone to run Norton and save the development expense but... that would be like requiring your customers to buy hamburger bun separately.
Stacker, IE, etc... now that the DOJ antitrust action/oversight against MS is complete...
Of course MS will argue that it *needs* to be integral to the OS, just as MS argued about Stacker (data compression) and IE.
Stacker did win a pretty big settlement from MS... perhaps Norton and McAfee should take the money and run, far away...
OS X had this 2 years ago. I can't think of any non-security/utility Linux distros that come with one pre-installed, but this is a pretty common sense move forward. To be frank, I'm surprised that MS waited until now. Granted the whole anti-trust restrictions were still active, but I can't imagine the DOJ wouldn't see a common sense ruling in this one as long as MS didn't restrict 3rd party AV effectiveness. IMHO if Windows can have a built-in firewall, why couldn't it have a built-in AV detection system.
I think they're gonna throw parties at ISP hotlines if this AV works good.
I have a question for the people that'd want MS to 'protect' anti virus companies: If the gov't decided to shut Microsoft down for it's anti-competitive practices, would you object to that in order to save companies like Symantec?
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
Bill Gates was right. Microsoft had every right to add whatever features and applications it wanted to its OSes. Look at Chrome OS, Android, Mac OS X, iOS. All have browsers and other applications "built-in". In fact, Chrome OS doesn't even allow you to use an alternate browser, while Windows always allowed this. Adding non-intrusive and automatic antivirus to Windows 8 is a step forward.
and force people to use a non-administrator account for applications?
Because it would break Whizzbangsoft Whizzywriter '96.
Actually, from all I've heard, Microsoft's virus scanner for earlier versions of windows, works pretty darn well, comparable with the better commercial products.
So, given that they are probably going to bundle an update of this... I'd have to say from prior experience, the odds of your guess being accurate are as close to zero as I can imagine.
Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
People are annoyed that Microsoft is making their OS *more* secure?
Really, I wouldn't worry about it, I'm sure there will be plenty of attack vectors. (I could be snarky and say "this is Microsoft after all" but I won't. Oops, I just did.) What it comes down to is, you build a better mousetrap, nature builds better mice.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
I'd rather see something innovative rather than another AV product that is never up to date and always slowing down the system. I'd like to see the current pattern matching approach scuttled. There has to be a better way. What about a serious look at white listing?
UNIX/Linux Consulting
I'm sure that part of the reason that it has taken this long for them to do this is precisely because of the possibility of legal troubles. At the same time, whereas it was difficult to argue that a web browser was truly an inherent function of the Operating System, it's difficult to argue that protection from viruses is not. So, while this may appear reminiscent of the Netscape case on the surface, it may be much less of a legal minefield in reality.
As for the anti-virus vendors, realistically they should have known that it was only a matter of time before Microsoft would clean up their act a bit and obsolete the vendors' products. They got to ride on the coattails of Microsoft's laziness for a long time.
"You cannot simultaneously prevent and prepare for war." -- Albert Einstein
A company creates a product, obviously they have a monopoly on this product, they are the ones creating it.
So iPads are created by Apple. Samsung LCD screens are created by Samsung.
Microsoft Windows is a Microsoft monopoly.
Of-course there are alternative products out there, but to get a legitimate copy of Microsoft Windows you go to Microsoft. If Microsoft makes other products that work with their OS, it doesn't mean they are criminals in any way.
If they use their power as a monopolist to lock others out of making similar products, maybe the laws are such, that they prohibit this behavior (though I am against laws prohibiting this behavior, by the way, purely because government shouldn't be involved in making business decisions).
However if Microsoft lobbied the government and got a law passed that made it more expensive (in terms of taxes, licenses, regulations) for others to create similar software THEN I am against it, because that's what creates real barriers to entry - government assistance to one entity over another.
That's the problem with everything that government does, be it laws on what prices should be or government requiring licenses to do any sort of business activity, any sort of a tax or a franchise license or any labor regulation, for examples imposing pensions/medical insurance requirements, etc. All this stuff creates barriers to entry against any new comers into the business, so people don't even try in many cases. Simultaneously there are all these welfare programs out there, that make it stupid for certain to try and do real work instead of receiving these benefits.
You'd think people would finally realize that government involvement into the economy is the reason the economy is tanking.
You can't handle the truth.
Currently, most if not all home versions of anti-virus programs are poorly written and create a lot of system load. (Business versions are better because businesses won't put up with this nonsense.)
If anti-virus is built into Windows, and has the same problems, people will (justifiably) blame *Windows* for the system load caused by the antivirus. We've seen with Vista that even with the Windows monopoly, having Windows produce too big a system load will not be tolerated. So having MS supply antivirus may be a blessing in disguise, since we may actually get reasonable antivirus programs.
(Of course, if you can't turn it off, that brings its own set of problems.)
I would not be surprised if what they bundled was a new version of Microsoft Security Essentials, or something similar. If that were the case, I think you'd be able to do just about whatever you would like with it. And it could mean you don't have to worry about shutting it down. MSE is the least intrusive AV I've ever used. It is the first thing I install on new computers for friends and family. They got it right.
1 (short ton / firkin) = 89.1432354 slugs / keg
All the Apple people do, is secure the os and claim "We have no viruses" (even though they do)
It's a monopoly if Microsoft treats OTHER anti-virus programs as viruses and removes them from Windows, like they did with FTP Software, Netmanage, and WRQ's replacement TCP/IP and windows sockets network stacks back in the day. If they don't, and they coexist just fine and allow people to install and use other antivirus applications, then I don't see what the problem is. It's not as if any one antivirus/firewall/ad blocker/cookie blocker/malware remover is ever adequate.
I think this will work in the short term, but eventually they will catch on and just work around it. Just like they do with Norton now. With competition in the marketplace and new versions released at different schedules (building new locks) the virus maker hedges on missing or out of date protection (building new keys). With it built in, not only will everyone exploit the holes (since the lock never changes), but will give users a truly false sense of security (everyone has a master key). Then there is the whole "in order to make it secure he had to build it in to the OS and can't be uninstalled..."
Well microsoft doesn't do it, but Dell and HP (and the likes) do pre-install mcafee and norton on their images.
The Technologist in me screams: "Spend more time making your OS secure and less time trying to band-aid it with virus protection!"
"All great wisdom is contained in .signature files"
MSE already works better then the Norton & Mcafee bloatware, so their chances are pretty good.
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
"Dam company to provide leak protection in future dams. Dam contractors angry."
it may however be the end of McAfee and Norton.
Nothing of value was lost.
Let's hope they don't just step up their attempts to bundle themselves with *everything*.
No sig today...
That wouldn't help. You still need an administrator and that account better be able to run non-MS software.
i could trust microsoft. an all encompassing, overarching built in anti virus into windows, will just increase the routes of intrusion - and convenience too - because it will be present in all windows installations. instead of having to thwart 10-12 major antivirus software that are out on the market separately, exploiters will just need to account for windows antivirus, which is sure to be the main and sole antivirus method for many tech illiterate people. and that means, basically whole public.
Read radical news here
Considering the meltdowns that have occurred with other AV companies (Norton being the one I always shake my head at), and MS hasn't had one yet (it probably will, it's just a matter of time, but I have a feeling there will be no signature that manages to prevent the system from booting...).
I'm running it now. Even if it isn't the default in Windows 8, I'll still download it and use it.
Bryan
Here's what I like about MS's AV software: it catches, more or less what other AV software does; it does so without being obtrusive; it's not a resource pig; it doesn't pester me for more $$$ to renew my subscription; it doesn't come up with BS pitches about my PC possibly being infected -- please buy some more software from us.
Norton? Yowza! It's tougher to get rid of than some rootkits, requiring (last time I did it) multiple reboots, multiple programs to uninstall, some hand-deleting, AND a third-party registry cleaner (which still missed a few entries). And the nagging and scare tactics? Pass.
But maybe, just maybe, third party vendors (*cough*Norton*cough*McAfee*) will pick up their game and stop expecting people to shell out $100 / year for bloated crapware.
There is a significant difference here. In the browser battle, the battle was not over what browser the consumer used, but over what tools the web developer used. If the majority of the users you were developing a web page for used IE, than you were better off using the web development tools from MS than those put out by Netscape. Unless the companies that make anti-virus software want to come out and admit that they are selling development tools to malware developers, it is not the same situation at all. Unlike IE where MS made money off of the browser by selling development tools made to work with their variations from the web standard, I am unaware of MS (or any of the anti-virus vendors) making money by selling to malware developers.
The truth is that all men having power ought to be mistrusted. James Madison
It's not a security flaw because the code to disable it must be running as administrator. Once you have admin credentials, there is no security, by definition.
Is this a good move by Microsoft, or a leveraging of their monopoly as bad as bundling Internet Explorer?"
If the authorities feel they should "do something" about the MS monopoly then they should force them to spin off MS Office and other business apps as a separate business, look deeply into how their Windows licensing deals with OEMs work, and require open standards for all Government contracts. Without that, arguing over whether they can bundle minor utility "x" is just inconsequential.
Modern operating systems are expected to include a pretty comprehensive suite of utilities, protocol stacks and basic applications. Monopoly or no, its getting a bit silly if OS X, iOS, Android, and the major Linux distros can bundle a web browser (or, more specifically have HTTP and HTML APIs in their OS) but Windows can't.
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
You may be technically correct, but most malware for Windows are not viruses. No OS is secure from Trojans, and that's the category most malware falls into.
Because as soon as you do, as soon as you think you're fully secure, Grandma will bypass the security using the Administrator password to install some new program on her computer that she downloaded and thinks she needs... Then all Grandma's base belong to a hacker. You need a virus scanner in the background to babysit the system and stop this stuff, after the fact.
Which is more secure:
Advice: on VPS providers
Security should not be handled by a third-party program, and equipping Windows with a builtin AV is a step in the right direction. Banning it because of antitrust claims would be ridiculous, but only a minor annoyance, those who want could still get it.
No OS is perfectly secure.
In order to be perfectly secure, you have to know that there is no way to jailbreak your OS.
If there is a possibility of any process gaining root access without prior authorization, or putting the CPU in supervisor mode when it shouldn't have that ability, then your OS can be infected by a virus.
AV programs check incoming data for virus signatures, and search your system for any that may already have gotten through.
Microsoft's problem is that it left the idea of security so late that it didn't design its base libraries to prevent promotion of processes to supervisor level. So it's still an easier target for exploits. And it's 50-100X more popular than the competitors, so it's a much more attractive target for exploits.
If MS wanted to lose its reputation as an easy mark, it would take its most secure known system and demand that every MS user on the planet install that before being allowed to access the internet for anything else.
The problem with Internet Explorer was not the bundling. It was that:
a) Internet Explorer was integrated into things like the shell, rather than separating the browser functionality from the OS functionality.
b) Microsoft prohibited other browsers from being installed as the default.
I'd say the appropriate analogy is bundling Windows Media player.
well no, not Windows 1.0, which has essentially ZERO impact on the market. Even Windows 2.x had only a small market impact -- it was probably Excel on Windows 2.x that started the ball rolling though, that and the advantage of video and printer drivers. Windows 3.0 was a pig, hardly used but much prettier than Windows 2.x. Windows 3.1 is the really beginning of the end, or end of the beginning (of the monopoly). Before that, MS was coasting on its monopoly from MSDOS.
But how do you prevent code that runs at the users' access level from being able to access all of the data that the user has access to?
One way is by making user accounts a tree instead of just a list. Root has access to all the user accounts under it, and each user can make separate sub-accounts and run a less-trusted application in a sub-account. Another way is by attaching capabilities to applications, as in OLPC Bitfrost, Android, and the Mac App Store sandbox (which I've been told is written by the same guy who wrote Bitfrost).
Craftsmanship is the mark of a master. And given the Petree Dish that is windoze; it's good to see a Journeyman become aware of quality. Pride of ownership should begin to emerge next. One would hope.
A sandboxed application can request access to all files _that the user opens_.
Something that I first saw done in OLPC Bitfrost, on which the Mac App Store sandbox is allegedly based. But can the user also "open" a folder so that, say, a backup program can backup all documents in a folder or a photo management program can thumbnail or upload all photos in a folder?
Then you haven't properly designed a secure system. If you already know that Grandma and many typical users have a tendency to do stupid things, the solution isn't AV -- it's either 1) educate the user (which isn't going to happen) or 2) redesign your system so that such a problem that has been known for decades does not perpetuate into newer versions of .
And while we're at it, why don't we just make cars that run on rainbows to solve our energy problems?
Most viruses in Windows today are spread either by stupid users, or flaws in third party applications (hello Flash!). As it turns out, stopping stupid users from doing stupid things an OS that isn't a locked down walled garden is really hard.
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
Norton Corporate Edition used to be on the same level as MSE is now.. but then they went and bloated it.. now we push MSE.
'...if only "Jumping to a Conclusion" was an event in the Olympics.'
Fix the bloody holes!!
Another red-flag is C++ and the need for productivity tools, or memory monitors to program in it at all.
I think this is an admission from Microsoft that their system can not be fixed, but only a little Dutch Boy included to plug the leaks.
In short, you need to make installing software not from repositories so hard that a casual user wouldn't know how to do so
For one thing, the problem would become one of social-engineering the owner of a home PC into adding a malware PPA to the PC's repository list. For another, computer science classes in high school and college would become logistically more difficult.
So how do you keep the same user who downloaded malware in the first place from granting rights to the app? What if you want to use four or five different apps with the same document? iOS has one model where you send a copy of a document to another app, but who wants to do that?
And you have dozens of different permissions that the app asks for (see RIM). How do you keep granny from granting unnecessary rights to the app?
cheapest voice plan is $40
Per month? I pay not much more than that per year for voice on my dumbphone. How does AT&T get away with charging $40 per month when Virgin Mobile USA offers occasional-use voice service at $15 per three months, and then not giving a discount on the plan after the 2-year contract ends?
You have no understanding of the meaning of "monopoly".
- sure I have.
Somebody owns one of the very few Gutenberg bibles. There are maybe 20 of them left at all, that's pretty close to a monopoly, if you own one copy.
It's your book, you bought it, you have a monopoly on it.
Microsoft has a monopoly on Microsoft Windows, for example Microsoft Windows XP is a Microsoft product. Nobody else makes those products.
As a monopolist on that product, the company holds monopsony on the market of Microsoft Windows XP product.
There are substitute products to Microsoft Windows XP, some are also Microsoft products, some are Apple products, some are Free source products, etc.
There is no monopoly on operating systems, it's a large competitive market. Any of the 'smart' phones today runs a different version of an operating system, Windows is just one of the operating systems out there, I haven't touched it in 2 years and my products allow retailers and suppliers to move off Windows to any OS they want not to have to pay OS license fees for example.
The very point of a monopoly is that it prevents competition, and creates barriers to entry.
- well yes, and the natural barrier of entry into the Gutenberg bible monopoly is the fact that there are so few of them, so the cost is very high.
However in a market absent government privileges and regulations the monopolies don't exist, there are only economies of scale that provide a good product. If the product is not good and the price is too high, the market offers a substitute.
As to whether there is 'pure free market', I'd say that there are things that are more regulated than other things, so whatever is less regulated sees more economic activity and more value is being created there, so we want to maximize the freedom in the market, which automatically means minimizing the amount of government involvement.
You can't handle the truth.
How the hell is making your OS behave the way your customers expect anti-competitive?
What if MS made their OS inherently secure, such that it didn't need AV? Would that also make it anti-competitive? That would completely eliminate the AV software companies!
Ridiculous...
in girum imus nocte et consumimur igni
When it's on windows, its called a "Virus", when its on Linux its called "Hacking".
Ever had a server hacked cause someone uploaded something onto it that gave them root access?
But the sooner the anti-malware "ecosystem" disappears the better.
You should not have to purchase third party software to keep an operating system secure or from eating itself (all the snake-oil "registry cleaners" and "application uninstallers"). Such functions should be part of the OS at worst, or better yet, unnecessary.
--
BMO
My main concern is related to see if I can remove the pre-installed AV. Of if it'll be like IE and other MS stuffs that you can only hidden, not a true uninstall. Anyway, I always miss the advanced setup installer for the OS, like in the Win98, when I can select which programs I want install. The Windows for Legacy PCs has this feature, but it's only for MS partners and it's based on XP.
Also, you don't need to elevate to create binaries in user-writable directories (i.e. %home%)
Unless a Group Policy is set on %home% to keep users from running programs there.
or to infect binaries that are already there - e.g. Chrome installs itself there, and can be infected that way.
If Authenticode in Windows were to use self-signed software publisher certificates the way Android does, applications for Windows would become harder to infect because an infected executable's hash would no longer match the stored hash. But no; Authenticode requires software publisher certificates to have been signed by a commercial CA, and most Authenticode CAs deal only with businesses, not individuals.
Looks like a great idea to me if they install it by default and turn on auto updates, because it will mean fewer botnets and less spam. It will raise visibility of virus protection so I don't think it will hurt third-party vendors too much. If people want added protection they will buy it, just like they do today.
Than virus makers will be rejoicing!
Have the whole windows operating system as a guest of an antivirus operating system :)... meant as a joke, slightly insane indeed but at this point may actually be the best way to secure against rootkits, boot viruses and nasty stuff
Never antropomorphize computers, they do not like that
I don't see any criticism here. But Apple is not a monopoly in desktop OSes. They aren't subject to the same rules.
Alright! an F-Prot user! I used to swear by them... until one day I found a machine under my care with one heck of a virus it missed. Unfortunately nothing is perfect, but I've found F-Secure to be better for the viruses I run into. F-prot just seemed to miss all of the ones I ran into for a while, so I needed to switch it up.
Well.. maybe. Or Maybe not. But Definitely not sort of.
But to force MS to allow users to choose a browser to install on start-up is just stupid.
It's called "affirmative action". The ads for Firefox, Chrome, and Opera are intended to give the minorities a bit of a boost closer to the market positions they would have had had Microsoft not forced criminal contracts on PC makers in the Windows 98 era.
This is a form of progress. However, one would expect the OS itself to have much stronger defenses against anything from the outside running at kernel level. There should be no way to get a "boot sector virus" onto a machine while running under an operating system.
Yes. You can disable scheduled scans (and limit CPU usage), heuristics scans, or any passive monitoring. The anti-virus is literally exactly the same software that is being used already on Windows 7, Vista, and XP - the menus and graphics is all exactly identical to Microsoft Security Essentials. (And yes, it is present in the Windows Developer Preview from a few months ago)
Interesting. This had me thinking. Many Linux Distros these days: when you create an account it creates a group with the same name. It could follow close to your model with the simple task of allowing the user to create other users with his group account.
I just hope it is better than MSE.
So, I'm supposed to trust that Microsoft's antivirus software will work better than their OS? On what grounds? If they can't make an out-of-the-box OS secure, then why should I trust that their antivirus application will work any better?
I'll stick with my current 3rd party provider until Microsoft can prove that they can take security seriously.
"A plan fiendishly clever in its intricacies"- Homer Simpson
Yeah, I did the same thing with Netscape back in the day. For all the good it did.
Except that their antivirus, right now, is a good chunk better than *most* commercial alternatives.
As virus threats are an ongoing and ever-evolving environment, MS would not be able to allow their product to stagnate without ceding ground to ANY alternative out there.
and virus/malware protection are things that belong.
They've been dancing around this for years now with their anti-malware products. I fail to see how supporting a user's ability to use the operating system through secure patching is any different from providing protection against virus and malware attacks.
No, OS X doesn't have viruses. There were some proof of concept Trojans that haven't worked in a while, but nothing that you can get just by browsing the web or inserting a CD like in the Windows world.
The Trojans that OS X does have were all made as proof of concepts and have no infection vector. They are of academic curiosity.
Retroactive measures like antivirus aren't a proper substitute for having a system that doesn't encourage bad habits like running as administrator and installing whatever flies along in the first place.
Furries make the internet go.
What if you want to use four or five different apps with the same document?
Add those apps to the document's ACL. This can happen automatically when the document's owner drags the document onto the application's window or chooses the document from the application's file chooser.
How do you keep granny from granting unnecessary rights to the app?
The Bitfrost page that I linked explains how it makes some capabilities mutually exclusive at install time. For example, because "connect to the Internet" (P_NET) and "read entire home directory" (P_DOCUMENT_RO) are mutually exclusive, a photo viewer can't leak all your photos to the Internet. If the user wants to upload an entire folder full of photos to the Internet, the application's package would request "connect to the Internet" and the user would drag folders to be uploaded onto the app's window.
The kind of unmistakeable boom which starts with a frustrated howl followed by the sound of 101 tiny plastic keys hitting the floor.
Join the Slashcott! Feb 10 thru Feb 17!
Teach secures his/her machines, then makes her students members of the VM user's group.
Which is sort of difficult when the machines used by students are made by a manufacturer who bans third-party virtual machines. See also Apple's ban on C64 emulators with BASIC on iOS and Microsoft's insistence that Metro apps come from the Windows Store.
Terrible Idea on so many levels.
Firstly, they need to fix the problem, not the symptoms.
Secondly, as most people will now wrongly assume they don't need to bother with 3rd party virus checkers, virus writers will find their life much easier as they only need to make sure their virus is undetectable to the MS checker.
Thirdly, Microsoft has a terrible track record with fast responses to security issues.Their corporate culture of responding slowly or even sometimes choosing to totally ignore new exploits doesn't bode well for frequent and thorough virus checker updates.
What would be so bad about sandboxing non-repository applications?
Not much, as long as the capabilities given to programs in the sandbox make sense. For example, it shouldn't cost a computer science student who owns a PC $99 per year to be able to compile an application and grant the "display a window with text and buttons" capability needed for Hello World, whether or not the student is affiliated with an accredited university. Nor should uploading a couple dozen photos in this folder to a public web page about the event where the photos were taken require the user to click the name of each individual photo.
Actually, this is an old issue in databases. The file is the data and the different programs are transactions. The file access control in personal computer operating systems is quite weak if a change by one app is not immediately reflected in the other apps. The program sending via email or printing should ensure that the most recent incarnation is used even if those changes are in memory only and done by a different app. The use of tokens, semaphores etc has been debated for as long as computer science has existed. It's probably time for PCs to get current. At the very least, the consumer app could warn the user of the discrepancy.
Security guards are complaining that builders have started putting locks on the doors of new homes rendering the security trade obsolete.
Diddums, poor little things.
The months are just too short. I can count the number of days on one hand.
You cannot prevent user's from doing stupid things with their own files. The best you can do is a versioned filesystem with continuous local and cloud backup. This will prevent loss of data and unwanted changes and it can also track who did what when. It does nothing to protect against identity theft though.
Ahh yes. That's why I have a cabinet full of knives I can't stab myself or someone else with. What could be a simpler problem than making safe knives, amirite?
> Microsoft should know better then this and actually do something about the structural security problems in windows (which are myriad).
Perhaps, but I doubt you know. Can you cite an example?
It's not anti-trust, since they created the holes indirectly through poor coding, etc... If Microsoft was a plumber and Windows was the pipe, they are making sure the pipes don't leak. It doesn't mean you can't fire them and have another plumber investigate or watch over your OS. If we take that bad analogy and apply it to Internet Explorer, IE would be the Sink, where it's optional and already installed so why bother looking else ware. They allowed vulnerabilities in their OS, they should secure it. Even if you disagree with my perspective, what's the difference if Microsoft doesn't bundle AV and instead patches the OS daily instead?
www.moonnext.com
...less time trying to band-aid it with virus protection!"
I would tend to agree, except at this point I think consumers have been trained to believe they are not safe without anti-virus. It could very well be that the OS is incredibly more secure than any previous OS, but as a marketing move, they are adding what amounts to a pop up window that says "Your antivirus is up to date and protecting you!". Even if said window actually never updates, scans or really does anything, the average user wouldnt know this difference, and it allows them to put an extra feature on the box and make the average computer user feel better (i.e., convince them to upgrade to Win8, because hey, antivirus is expensive and if its included in the OS now, i'm 'saving' money!).
1) In the windows world, virus protection is necessary. Not having malware protection impacts not only the user, but the internet as a whole. Having it built in reduces that chance of malware distribution so it's a good thing even considering it could lead to a reduction of options in the comsumer market. (Which I highly doubt. Many solutions are free out there, and use the free clients to build up their Enterprise solutions.) I'm just hoping they don't do something stupid, like have it disable if a pirate windows copy is detected.
2) AV companies still can compete (and usually make more money) in the corporate market. MSE is NOT a enterprise malware solution. It can't be monitored or managed remotely. For that you would need to move up to an enterprise solution like Forefront, or Sophos, GFI, Symantec, McAfee, ETC. In the case of Sophos, most of their revenue is enterprise solutions, since that's the sector they focused on. I'm actually surprised they didn't release a free windows client version (they did for Mac) just to build up their virus defs.
In Soviet Russia, Trojan exploits YOU!
All it should take is the ability of the user to drag/drop the photos from their personal folder to the application. The sandbox should take care of the rest. If you want a non-mouse (drag/drop) process, simply have a selection option to "share files/folders with..." where applications would be listed. I can think of about 3 more methods off the top of my head that would make it stupidly easy for the user to "grant" access to the files without having to know about the security, but making them aware that some application has access to those files.
Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
Don't get me wrong, antivirus built into Windows 8 is a step in the right direction, however, anyone that thinks this is going to seriously protect them from the vast sea of malware is living in wishful thinking. At best most antivirus programs are between 50-70% effective against the legion of bugs crawling around out there and the target is a quick moving one with new beasties custom built to subvert their hosts innermost workings being rolled out almost daily. A built-in antivirus is a great thing, but don't fool yourself into thinking it is either the alpha or the omega of designing a secure operating environment.
Just like good nutrition or adequate sleep are important to avoiding seasonal flu outbreaks. Its just as important to remember that there are dozens of things you can do to remain healthy while those around you fall to illness. And finally, that even taking every precaution, you will almost certain catch a bug sooner or later and that what you do after getting infected it just as or even more important that preventing the disease in the first place.
Good start Microsoft... now make the OS really bug resistant from the bottom up.
As I see it the anti-virus peddlers can go the way of the dodo.
What the whole Internet Explorer deal was inherently a different thing, that was about a Microsoft subverting a whole platform and perverting standards with their time honored EEE tactics. In this case I see no harm in them choking the cash flow of the companies that bought us security suites that slow down disk performance to unacceptable rates and consume most of your available RAM. Not to mention the constant fear-mongering on how at risk you are.
If I am bitter it is because I have seen too many computers reduced to useless paperweights by Norton, F-Secure and McAfee and the local ISP is force-selling Internet Protection at 75€/year/computer to customers who don't fight back enough.
Still, I wanted antivirus. I run filters on my client and my e-mail, and I'm careful with my surfing habits, and people I trust suggested that I use Microsoft Security Essentials. God help me, it works and it works well. It doesn't have every last bell and/or whistle that some of the other outfits do, but hell. Shrieking 'antitrust!' in this situation is just as stupid as it would have been if the idiots behind Nero or Roxio CD Creator sued because Windows 7 has basic CD/DVD authoring capabilities built in. At this point, it's not an add-on, it's an expectation.
Atleast Microsoft Security Essentials has been a great antivirus in my experience: it's fast, it really does try its best to avoid harassing users, and in all the reviews I've read it does find just as many viruses and malware installations as the other popular choices if not even slightly more. My own experiences are of course subjective, but I find it a lot lighter on resources than its competitors, plus I have yet to see it cause any issues whereas I just had to repair two computers that were rendered inoperable because of F-Secure screwing things up in a major way.
A few years back I wouldn't have believed the words coming out of my mouth but... I do support the decision of including MS's own AV in Windows 8.
Wow, I can see where can this go wrong:
* Microsoft decides to bundle free anti-virus software with Windows 8, causing millions of Windows users to stop purchasing other antivirus software and use what's pre-installed. Because, hey, people are lazy and will use the default option when given a chance.
* Several of the smaller security software companies get out of the business due to declining profits/market share thanks to the built in antivirus software, leaving only a few major players for Enterprise customers and Microsoft.
* The smarter malware authors take advantage of the situation, and write a virus that specifically targets and disables the Microsoft anti-virus, along with several of the other remaining anti-virus products. Bingo, it's like 2001 all over again.
* People feel the need to start having two anti-virus programs on their computer, in order to protect themselves if the primary anti-virus program gets disabled. A new industry is born: AntiVirus software for your AntiVirus software.
Ah yes. Microsoft's anti-virus offerings so far have been... ...less than impressive and their malware detection is a memory hog that detects nothing. (Except sometimes antivirus software.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Microsoft started cooperating with anti-virus vendors on the understanding that they weren't going to provide their own anti-virus product. They then bought an anti-virus software maker and provided that as their own anti-virus product. They then promised that this wasn't in violation of the anti-trust agreement as they weren't going to have it built into their OS. The anti-trust agreement has now expired and, guess what! It's going right into the OS.
Norton and McAfee are disposable these days - they started off brilliant but that was a long time ago. On the other hand, this will also kill things like DrWeb and ESET. That, to me, is much more of a problem. Those two are actually credible products and they won't be usable on Win8 because they won't install if there's any antivirus (including Microsoft's malware detector that doesn't) installed. Once Microsoft has their AV built into the OS itself, DrWeb and ESET will be unusable because you know damn well Microsoft won't have an uninstall feature, just as they don't for their browser.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I don't know if anyone has pointed this out already, but this is totally different from the IE situation.
In this case, they are working towards eliminating vulnerabilities in a product they created. The fact that other companies have made businesses based on fixing those same vulnerabilities is entirely irrelevant.
IE, on the other hand, is a tool to access a resource they did not create and do not own.
There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
OEMs may not like this as they currently get paid $$$ by vendors to include those trial/demo versions of Norton/McAfee/etc (the ones that only come with 3 months or so of definition updates before you have to buy the full version)
If MS is including anti-virus out of the box, how can these OEMs keep earning that revenue?
mod parent +1
Yeah, nobody ever gets stabbed to death here in the US or in the UK. Same thing with drunk driving, that never happens, I'm glad they never solved that problem.
My sarcasm is boring even me. The simple fact is you're positing some simple solution that doesn't exist. Do you think Linux, for example, is immune to security holes defined by user idiocy? It most certainly is not. There's no knife that you can cut meat with that you can't cut a person with. There's no care you can run over a pothole with that you can't run over a person with. That's the analogy.
MS has made some strides in this arena, but making a large, complex general purpose system perfectly secure is very nearly impossible. Android, OS/X, Linux, Windows, etc... all suffer from the same fundamental issue - people can run apps that someone else developed.
...is not acceptable for professional use. The inferior people who use Microsoft products will dispute this, of course, but one simply must make allowances for their limited intellects -- this simple posit is as far beyond them as quantum mechanics is beyond my dog. Meanwhile, pimple-faced teenagers living in their parents' basements will continue to write malware that infests these systems whenever they can stop stuffing cheesy poofs into their fat, bloated bodies long enough to bother...and these SAME inferior people will whine about how terribly, terribly awful that their systems have been hacked again. Lather, rinse, repeat.
Microsoft already tried this many moons ago, when Windows were but 3.1 I believe... or maybe when DOS was 6.0...?
If memory serves me they started offering some stripped back version of Central Point AV. Don't recall why they stopped.
Three Squirrels
Look at it as a late attempt by M$ to compensate for the woeful intrinsic insecurity of their family of operating systems. It's their own fault, but because they never bothered to fix the problem, a whole industry evolved to compensate for it. M$ could have included a free anti-virus service over a decade ago, except that it was always going to amount to an admission of a glaring weakness. Perhaps they've had a change of heart, but adding their own virus scanner is still not the same as fixing the problem.
Once it's there, however, it will still be possible to disable it so that a competing product can be used instead. I'm not sure if the usual big players in this market will complain, because if they do someone may argue that it would be okay for M$ to fix the problem, but unfair of them to compensate for it as long as they don't. Oh, the irony!
"Is this a good move by Microsoft, or a leveraging of their monopoly as bad as bundling Internet Explorer?"
Security of your software should be *THE* #1 concern for any software company.
To call this anti-competitive or anti-trust is simply trolling, shit-mitter.
Bet you work for the AV companies too, you fucking virus writers.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
"Why not make the OS more secure and just call it a more secure OS?"
"This OS has an antivirus"
Normal Person: "Horray! Now I don't need to buy more antivirus!"
Richard Stallman: "This is so not free. We wouldn't be having this problem if everyone read all the source to all their programs. And ran my unfinished OS instead"
M$ "Look! We work so hard to make it secure! This is why you need to pay so much for Windows!"
so many xkcd on /. I know, but this was seriously the first thing I thought of.
http://xkcd.com/670/
...be it your government, press or even computer. I don't understand people who think we can achieve a utopian future where there is no malware in our public spaces and yet we are still open and free. It takes the community, working together in constant vigilence, to keep the streets clean and the law respected. Look at the human body, it is an amazing information system and yet it spends upwards of 10% of its resources fighting malware. If manmade system x is not doing the same it is either not as adaptable or the malware it faces is pretty pathetic compared to what nature can design. Walled gardens are the end of free and open systems that are essential to creativity. MS expanding the defenses of their operating system is not anti-trust. And it won't solve the problem of course.
an industry built on the failure of MS to secure their own product, now complains when MS secures their own product. wtf? they made money out of MS mistakes and people's misfortune, now that the golden goose is keeping the eggs, they complain? tough!!
There was an unknown error in the submission.
That's a very unique and interesting take on the issue. Thanks.
Microsoft integrates the virus protection. It hires out all the employees in the AV companies that have actually been finding the viruses (and not bogging the system down). Hire more people to make the operating system more secure so that the AV doesn't have to be so omnipotent. Problem solved.
The effectiveness (as limited as it might be) of AV stems from the fact that there are lots of different products out there...
If there is only a single monopoly product, then malware authors have a much easier time of it since they now only need to evade and/or disable one product.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Finally we have an admission (though in a back asswards way) from MS that their OS has security problems in the first place, without them having to come right out and say it in those words...
WARNING: Smartphones have side effects--most of them undocumented.
At program installation time, the program is given a list of areas of the computer and other behaviors that it is allowed to access. It can't do more than that even if installed and run by a 100% privileged account.
This is otherwise known as "mandatory access control".
Why do you insist on calling them MSFT? That's what their Nasdaq symbols is. The company's called Microsoft.
Just as everything evolves, so does a modern OS, and in a modern OS we as a consumer expect stuff like Browsers, mediaplayers, Anti-virus/malware protection, firewall, notepad, emailclient etc.. Ofcourse it should also be possible to have a substitude for those, BUT it should at least come with one default installed. If Apple is allowed to do it with their MacOS/iOS, so must microsoft be able to do it..
There's always room for 3rd party substitudes..
As a consumer I don't care if MS has a monopoly, if it works it works and I'm happy (and don't come crying that it doesn't, as the tools MS is suplying with Windows 7 are very solid, also the anti-virus/malware. And don't come yelling about IE as we all know all the other browsers have just as many (and sometimes even more) flaws as IE), and if you're not happy, then go buy/download YOUR favorite browser/mediaplayer/anti-virusmalware/firewall/emailclient/etc, that the nice thing about Windows, you can do that too.. And if you're not happy with Windows, then stop crying and go use Linux/MacOSX or whatever suits your needs..
Somehow accidentally posted this in the wrong thread. Go me. Anyways...
The reason this pisses me off isn't because I have a security system set up, but because I contacted them three years ago about incorporating actual security into their operating system using a format that is only limited by internet, and to an extent, by hardware latency. What I was told was, "We only accept ideas from Fortune 500 companies". Fuck that. Seriously. I'm willing to bet money that they use the same (or extremely similar) format I have.
I'm not talking a few hundred megabytes of malware definitions, I'm talking around 20GB+ worth of raw information, not including a heuristics database that has a detection rate of 99.986%. Entire scantimes (ignoring the average 30 second wait time for file mapping) is about 15 minutes via dialup. Mark me as a troll all you'd like, my proof is in the goddamn pudding: http://www.tot-ltd.org/ [tot-ltd.org]
Aw geez APK, while I appreciate you trying to point out FOSSie bullshit when you see it, you DO know that crazy guy is gonna follow me around for a month accusing me of being you again, right? hell last month he followed me around for damned near a month posting as AC "die you fat fucker die" over and over again, and when you show up even on the same page as me much less the same thread he REALLY goes off his meds. I mean hell the guy is using half of one of my sentences as his fricking sig, if THAT ain't batshit I don't know what is.
Besides I honestly think the FOSSies won't be worth bothering with much longer. The number of FOSS programmers is tanking, Linux server has dropped 15% in less than 2 years, all the DE breakage has got old time Linux admins I talk to so damned fed up they are switching to Macs, and finally I'm betting Google locks down Android with code signing so that they can secure their appstore and play protected H.264 which they can't do with an open kernel.
So let the crazy FOSSies cook up their "M$ Ninja!" conspiracy stories and leave them to rot. After BSD crapped itself on the last batch of refurbs I personally washed my hands of the whole mess and don't even bother posting on Linux articles anymore, I'm already hunting down somebody who can sell me Win 7 Starter and just calling it a day. FOSS was a nice idea but then like politics the batshit loons took over and made it more about poo flinging and squeeing fangirl crap than about OSes.
Hell they aren't even sane enough to poke fun of anymore, like old Twitter who could cook up great fantasies where Linux conquered the world. Instead you get like what I got last week, where I said IE was a bad joke I don't allow on my systems and was accused of "Sekrectly being an M$ Ninja!" for INSULTING the product! I guess if you don't say windows kills babies or something you must be "one of them". THAT level of batshit ain't even fun to laugh at, its just rather sad and more than a little scary. Peace bro.
ACs don't waste your time replying, your posts are never seen by me.
No more going off to fetch an anti-virus after a windows install. There's nothing anti-competitive about making your product better.
While I see the point of this thread, unfortunately I also see the ability and need for suites of programs to create, open and write to related files, e.g. Office Automation. I have written quite a few apps that take advantage of this capability, for example, an Access app that opens numerous Excel spreadsheets and then writes selected portions of the data to a SQL Server database. I suppose that I could sandbox the app I wrote so that it can see only certain directories (much of that is done in the code, anyway), but there are moments in the app where the file to open is unknown until run-time, and pops up the built-in get-folder-file dialog. Maybe there is a way to narrow the selection of folders that are visible, but if so, I don't know how. Arthur
What about how people weren't going to buy Windows 8 The same way they stuck with Older versions of Ubuntu... Fanboys and people who know not how bitchy Windows 8 is going to be, will I imagine build up the whole of the demographic sales. If I for any reason NEED to install Windows 8, I'm installing the best antivirus out there. Malwarebytes! :)
Then you register that your application opens any arbitrary files. The point is, the user knows when they choose to buy and/or install the application that it has asked for permission to do that. If that makes sense to the user, they'll buy it. If it doesn't, they won't.
You have to look at the intention of the monopoly and the competition they face. When the bundling of IE happened, there was no desktop OS competition. All they had was the competition of moving the desktop into the browser, and MS wanted to be sure that they controlled that migration and limited it to their browser. Their competition was Netscape and their intention was to eliminate this competition by bundling and keeping their product "free."
When you look at the AV space, MS doesn't face competition from the AV vendors, they are helping their product work safer. Their competition is from Apple in the consumer space, Linux in the server space, and Google in the mobile and cloud space. Adding AV to their OS is an attempt to compete in the market, not to eliminate their competition of AV vendors.
That said, it will be interesting to see if and how 3rd party AV vendors will be allowed to replace the built-in AV.
Some of us have friends/life and need more than 300 minutes per year.
That's why every adult in the household chips in to pay for an unmetered land line. Perhaps going mobile-only is more attractive in Europe, where land lines are metered, than in the United States, where they have long been unmetered for local calls. In fact, VoIP providers such as Vonage and MagicJack offer nationwide unmetered long distance calls by now.
AT&T "gets away" with charging more because it's not an occasional-use voice service.
I'm looking for a smartphone designed for use with occasional-use voice service. Can you recommend one? Or are people supposed to buy a separate PDA and dumbphone for this use case?
All it should take is the ability of the user to drag/drop the photos from their personal folder to the application.
Should. Ideally, dragging a file to an application's window would add the application to the file's ACL, and dragging a folder would add the app to all files in that folder. But I haven't seen confirmation as to whether existing sandboxes, such as the Mac App Store sandbox, are designed to let the user drag a folder full of photos as opposed to just one individual photo.
At program installation time, the program is given a list of areas of the computer and other behaviors that it is allowed to access.
Please allow me to rephrase Karlt1's question in terms of your post: How do you keep granny from granting access to unnecessary areas and behaviors on this list when installing the program?
the system builders like me will put a decent free AV like Avast or Comodo
Right now I'm putting MSE on systems that I maintain for friends and family. What makes Avast better than the current MSE?
you had to fuck up and do the whole "M$" thing.
In early versions of the BASIC programming language, all string variable names ended with $. I see it as BASIC's counterpart to the shell- or Perl-style $PHB mentioned in the Jargon File, except alluding to Microsoft's beginnings as a developer of BASIC interpreters.
If Microsoft really wanted to actually help users it would build the anti-virus anti-spyware stuff into a pluggable architecture for the OS that would default to the Microsoft version but allow you to swap it out for Norton, Avast, McAfee or whatever else you wanted. So that it provided a tightly integrated default level of security that any other anti-virus vendor would be able to make use of. Just require a special sort of signature or authorization to install new AV software. That way it should be a win-win for everyone. More choice and a more secure OS by default.
Will that be what happens? Most likely not! I mean look at what it took Microsoft to just consider unbundling IE, if it really needs a web browser shell it should be able to allow the shell to be swapped out for other browsers. Would it be more work? Yes, but that's where you can obviously tell there's a bit of monopolization at play. Rather than do the work to let their products stand for themselves they'll just lock you into theirs because it'd be "TOO HARD!" to make choice available.
Ah yes. Microsoft's anti-virus offerings so far have been... ...less than impressive and their malware detection is a memory hog that detects nothing. (Except sometimes antivirus software.)
That's funny, because every test I've seen online shows it finding the same number, or more viruses as the independent software. So far It's been using far fewer resources than Comodo on my machine. Comodo routinely uses 3-7% CPU at idle, while MSSE is almost always hovering around 1%.
So pretty much the exact opposite of what you said.
Sorry I don't have the first one, as that one was REALLY out there, but here is one where he not only accuses me of being you, but that I have some "war room' where I keep files on him for "attacks" Oooookay persecution complex anyone?
I just wish I'd saved his post I ragged him for it was SOOOO funny! I swear to God he said ALL windows users use "Start>>>Run" to launch ALL their programs and THAT is why having constant CLI in Linux was okay! Hell for the last 2 years of the run HP windows Home machines DIDN'T HAVE A START>>>RUN because somebody at the factory goofed and left it off the image and nobody noticed because hey, nobody but admins use that! Hell if I hadn't have been trying to do IPConf on some home units I got on a palette even I wouldn't have noticed!
Oh and it frankly doesn't surprise me that you posting how to remove malware gets him pissed, he is the classic "Must use teh FOSS" type of batshit where the ONLY correct answer is "Use Linux" to ANY question. Even when you point out something doesn't work with a dozen citations he'll just fling poo and call you a "Sekret M$ Ninja!" These guys are so batshit I had one last week accuse me of being an M$ Ninja for Saying IE was shit and I STILL haven't figured out how insulting a product is supposed to be shilling FOR the product. shows the insane troll logic these types run under I guess. I suppose the only answer you could give he'd approve of was 'ZOMFG Windows eats babies, Linux loves you!" Ya know, I thought when I came up with the FOSSie thing I thought it was just a parody, now? not so sure. they do strike me as more like Moonies than even fanbois.
I don't know whether to laugh or be worried someone so batshit is running loose out there. you can read by that link he is practically foaming by the end of it and total loses it, ignores more than 20 citations i provided backing up my position with the sentence 'You are a fucking liar!" like suddenly i now control PC World.AU, Cnet, oh and 4 of the links were /. articles so apparently I must also sekretly be Taco AND Timothy AND two other guys as well as YOU and myself. Wow i must keep busy, i hope MSFT sends me some $1000 hookers on that invisible money truck that never gets here.
So while like you I don't have proof considering the guy's postings are as easy to spot as a monkey flinging poo on a street corner and it wasn't until i pointed out his bullshit that I got stalked by the "mysterious" die fucker die AC frankly I really don't think it takes Kojak to crack "The Case Of The Batshit FOSSie" Considering it is ALWAYS exactly TWO minutes between one of his rants and the AC "fucking die" posts we can even see that Linux has lousy browser performance from the amount of time it takes him to log off, LOL! Peace bro.
ACs don't waste your time replying, your posts are never seen by me.
Well, you could have generally prohibited areas. For example, except for a conceptual new installation region, the program could be prohibited from reading or writing anything in Windows and/or Program Files.
Your rephrased question amounts to a policy question. A lot of noggin' time needs to be spent on that. But various sandboxing and/or MAC techniques could certainly be put to good use. For example, the web browser process, even when run as Administrator, has no business modifying certain files on your computer. Same with your mail client (if you have one). This would naturally apply to any process spawned by any of the mentioned parent processes.
Imagine that all the web browser could do was set a cookie, record a favorite, or write files into downloads. And that restriction applied to all derivative processes. Elevations wouldn't be allowed. Such a web browser would be mostly harmless to the local computer, even under the worst of circumstances.
While one might dream up exceptions to this, what I am saying is that Microsoft needs to dream up an approach for which actually works using mentioned approaches, in a practical way.
I certainly do not think they have exhausted all options here, by any stretch.
For example, except for a conceptual new installation region, the program could be prohibited from reading or writing anything in Windows and/or Program Files.
And if you don't implement the capability to make a new installation region, or you charge the end user a recurring fee for this capability, you'll get the DIY crowd complaining about the "App Store monopoly". There are a bunch of people who won't buy an iDevice for exactly this reason.
Your rephrased question amounts to a policy question
Ideally, as with OLPC Bitfrost, the sandbox's architect would model the threats to the system and to the user's data and set up policies that address the threat model. But in practice, several device manufacturers have tended to answer these policy questions in a way that promotes lock-in.
Imagine that all the web browser could do was set a cookie, record a favorite, or write files into downloads.
How much space should a web browser be allowed to use to store cookies? (HTML5 Web Storage recommends several megabytes per site.) Should a web browser have access to the OpenGL stack? (WebGL requires it.) Should it have access to the computer's microphone and to its camera, if present? (Voice and video chat features on web sites require them.)
How much space should a web browser be allowed to use to store cookies?
This is a good question, and I appreciate that unrestricted space consumption is its own form of denial of service, but while thinking about better security it's not always a good idea to shackle oneself with best. It is certainly better to be sure that the web browser cannot overwrite kernel.dll, yes?
As for you question about microphone and camera, I think that this would be a very good case for UAC. This website wants to active your computer camera, will you let it? You could kind of treat it like popup denial. Sophisticated users might turn that off entirely, and look for an obscure browswer warning in the GUI when the website's not quite right (ala denied popups).
BTW, if you're interested in this sort of security, you can implement it pretty well now:
1. Install your favorite type-II hypervisor (e.g., VMware workstation).
2. Install, configure, patch the OS and your favorite browser.
3. Configure the OS to allow access to the parent computer on a limited bases, into two sections only: a folder in which the child VM stores things like favorites, and a second section where you can download stuff.
4. Configure a checkpoint.
5. Configure the VM to always rollback to checkpoint when rebooted.
Voila. You have a box that unp0wns itself on reboot.
Use it for all your internet browsing.
If you want to really play the security game, clone this box. Conduct any online financials exclusively on this VM, and on this VM only.
C//
This is a good question, and I appreciate that unrestricted space consumption is its own form of denial of service, but while thinking about better security it's not always a good idea to shackle oneself with best. It is certainly better to be sure that the web browser cannot overwrite kernel.dll, yes?
True. But I've still seen cases where a device manufacturer uses such quotas as a lock-in method. I seem to remember that on iOS, web applications viewed in a web browser are limited to 5 MB of application cache and 5 MB of local storage, which the user cannot override, but applications downloaded from the curated application repository can use more space.
Well, if all browsers did this, you could just install a different one. Whatever else is true, no browser should write to windows or programs (except to install/update itself, a special case which admittedly gives you a quick headache), but what I'm saying is that the protection methods exist, and are being underexploited. MAC is one way; VM isolation is another; "jailing" all ftp roots is another. More here, please.
As far as the confined locked in appstore, don't worry, Apple will encounter an antitrust demon... eventually.
What rule of the internet was it that deemed any debate about any subject will eventually devolve into an argument about whether or not viruses and/or other malware exist for Apple computers? I forget...
I can't speak for everyone else, but I would have much less of a problem with Microsoft having a monopoly if they got it by providing a superior product for less, rather than through sneaky underhanded tactics and FUD. At least then we would have a superior product at a potentially grossly inflated price.
People don't understand why monopolies are and are not bad. There is a mistaken belief floating around out there that monopolies are always more profitable than perfectly competitive firms, and that's just not so. There is a belief that innovation always suffers, and that monopolists always mistreat their customers because they can. Though one or more of these things may often be true of monopolies, it's not always the case. Monopolies are often granted by the government, even yes, the US government, in the form of patents, to name just one. A limited time monopoly is granted to help a firm recover the expense of innovation. If there is a product that has sufficiently close substitutes, the monopolist can't jack prices too high or mistreat or disrespect customers because they can go elsewhere. The original makers of clingy plastic wrapping had to defend themselves against the government accusing them of being a monopoly, and they proved they weren't by pointing out that although they were at the time the only ones who were producing that product, there were other products people used instead, such as tin foil and wax paper.
The real problem, according to economists, is that Monopolists, in an effort to keep prices high, since they have no competition, and therefore face the demand of the entire market for one or more products, they (monopolists) will underproduce so as to ensure there is always an artificial scarcity. The upshot of this is that society loses out on the benefits of having more of whatever product(s) the monopolist alone produces, or services he/she/it/they alone provide.
With software, however, it is different from a physical product in that the cost of producing more individual copies of the software actually go down as the number produced goes up, and no one buys an OS (or whatever) without having a computer (or planning to build or buy one) to use it with. This is very unlike, for instance, a car, where you have substitutes (walking, cycling, the bus) but would rather have a car, and each car produced passed a certain level of production becomes more expensive than the last. With software, once the product reaches the "release" stage, all the big costs have already been incurred, by and large. The box, the disc, the installation instructions and registration card are trivial expenses compared to R&D. Even tech support is at least for the most part a cost that increases proportionately with the number of installed systems, less if you start to get enough people using your software that they can and often will help their family, friends, colleagues and coworkers with your product. Then cost actually goes down for that too as you get more and more copies of your software out there. I'll put it this way: how many people today have to ask for help for how to use "notepad.exe"? But I digress...
OK... well this is a more general comment. GP was just arguing that Apple should be subject to the same rules and I was commenting that legally they weren't.
I'm not sure they didn't have a superior product for less.
1) MSDOS was better than CP/M and helped people make the transition to faster machines and more memory (1m RAM+ROM). And in the language department, GW-BASIC was one of the better basics around.
2) IBM was attempting to use their operating system to lock people into Micro Channel architecture, which while arguably better was much more expensive and would have allowed IBM to tax hardware and prevent the rise of inexpensive clones. Once they made OS/2 generic it was good, but as a company IBM lacked direction and zigged and zagged, their divisions frequently working at cross purposes. While despite that I personally would have selected OS/2 as the future, Microsoft Office was the key to desktop productivity and given its availability, I can see Windows 3.0 / 3.1 / Workgroups won and people were not being irrational.
Further OS/2 was a Microsoft product in the early years. And during the time when OS/2 was at its strongest it contained a lot of Microsoft Windows code, which IBM would have had to play licensing fees on. So even if OS/2 had won....
3) Visual Basic was a huge productivity boost in terms of allowing mediocre programmers to create GUI Business apps.
4) Windows 2000 was if you cared about compatibility a terrific business operation system. Windows XP brought those advantages to home and small business. I think Windows XP closed the windows that Linux needed to win on the desktop over the Windows 95/98/ME. With XP Microsoft was no longer technologically behind Linux.
Which leaves us to today. Other than OS/2 I don't know when Microsoft really could have lost. I don't think they got there by FUD. I think they were scummier than they had to be, but ultimately I think that cost them in their ability to expand. Had they been a more benign monopoly I suspect their dominance could have gone much further.
____
As for monopolies the problem is that substitution creates economic drag. Further monopolies have tremendous power that competitive firms do not, their policies become little different than government regulations unless we are in a period when the government is very strong. Our society is based on competitive firms with low substitution costs. Changing that equation is a negative in terms of our whole economic and regulatory structure.