Re:How many people actually registers crapware?
on
The Recovery Disc Rip-Off
·
· Score: 2, Interesting
From what I see, people end up registering the stuff that pops up in order to get it to shut up. The usual antivirus program for example that pops up notices that the end of the world will happen because it will stop getting new definitions in 30 days. If they knew better, they would be pulling that stuff out and installing Microsoft Security Essentials which is provided by MS at no charge, but provides as good AV protection as everyone else.
Don't forget that the Apple Tax is completely offset by what people pay for getting a PC fixed up.
Take 3 years of operation on a $2000 Mac for a non-technical person. Other than software, it may not need a thing.
Take 3 years of operation on a generic Windows machine that costs $500. Say Windows needs to be reinstalled every six months, with infections randomly interspersed out, about twice a year. The reinstalls at the PC shop cost $100, the copy of Windows 7 costs $100 (wasn't bundled with the machine), and the cleaning of malware costs $200 each time. Total cost of machine after 3 years will be near the $2000 paid for the Mac.
For someone who knows what they are doing, this isn't an issue, but for someone non technical, a Mac may work out to be a far better bargain because they can use the machine, not have it dropped by a shop every so often.
Don't forget that a retail edition of OS X 10.6 just installs. No CD-keys. No activation. No "genuine advantage". No sudden black screens or notices that the OS may not be genuine. OS X installs, prompts for a username and then to register. OS X Server is a bit tougher, as it asks for a serial number and periodically checks for the same serial on the network, but it doesn't need to repeatedly phone home to keep its "genuine" status.
Why can't Microsoft operating systems do this? The losses they may get to "piracy" will be completely offset by more people keeping with Windows and not jumping ship because they are tired of the CD key BS.
Actually, none of the big names ship their best phones to the US, sadly enough, except for Apple. One can just look at the phones offered in markets like South Korea or Japan to see what should be here in the US. Those places, there is actual broadcast TV that people can easily watch (without being dependent on the data bandwidth.)
Until Apple came out with the iPhone and woke people up in the US, when I showed them what a smartphone was able to do, the response was mainly, "who cares about Bluetooth or E-mail. I just want a phone that is thin and makes calls. Any more and that is what a laptop is for." Ironic how things change. It wasn't that long ago when everyone was lusting after RAZR models and people with smartphones were either geeks or corporate execs.
With the tech support of most computer places, #1 is simple.
#2 however becomes hair-pulling with calling support with some PC vendors. You get on hold for 1-2 hours, told by a tech to run the diagnostics in Windows, then after repeating that you can't due to a dead HDD, he hangs up on you after accusing you of being "difficult". At least at big box stores, you have a couple days to take the whole thing back.
The premium isn't just for disks. It would also be for better CS, better packaging, better components, and just a higher grade of machine overall. For example, I have PSUs on some mass-produced machines which are just downright embarrassing. By replacing them with decent Corsairs, I'm sure I almost doubled the life of the machine.
Most of us here do this, as this is basic sysadmin 101 stuff. But Joe Sixpack and Aunt Tillie don't. They buy the machine at S-Mart, grab a grubby key to cut the tape on the box, dump the parts out, and perhaps look at the "read me first" poster to see that the color-coded wires match the right sockets. Then they turn the machine on, and start pointing and drooling until hardware failure or malware gets them. Here is the point where most of us get sucked into the equation:
Joe Sixpack comes home from work, PBR in hand, looks at the monitor, and finds that it is off or at a blue screen. After tapping a key, maybe mashing the power button a couple times, first thing he will do is find someone "geekish" to call and bellow at them, "FIX MY COMPUTER, YOU KNUCKLEHEAD".
Of course, when someone clued comes over (either because Joe Sixpack is family, or a close friend of a friend) and asks where any CD or DVD media is. As of this point, not just the data on the primary partition is scrozzled, but the recovery partition is sitting right with it in the bitbucket. Of course, Joe will will hand you a stack of random things, likely urine stained by the blue-tick hound/Rottie mix who you just pried off your leg as you walked in the door. Of course, none of them is a boot CD, although you will find plenty of Encarta disks, maybe a Works disk, and an application or two. Of course, nothing that can be used as true boot media to recover the machine. So what ends up happening is that you end up at the nearest computer store looking for an OEM copy of Windows 7. Then, there is a good chance that Joe might just say, "Its $100 for an OEM copy, but I can buy this new machine for $WHATEVER". Result: He lugs a new machine home and the cycle starts again.
Compare this to the average Slashdotter who, if they are even running Windows and they have an inoperable machine, will boot recovery media, copy off anything possible, and if that isn't doable, just boot off the PXE server, fire up the backup program's bare metal functionality, start the restore, and while that is going on, have a couple drinks of Sam Adams Utopia, or another top tier beverage. Total time lost? Couple hours. Total data lost? None, because the backup program was configured to monitor changes to critical documents (even if they were WoW screenshots) and save them off in real time to a dedicated backup server.
Very true. However, for us who run FDE programs [1], the recovery partition may or may not be usable, so the best option is to dd it off to multiple pieces of media for safekeeping. The UNIX dd command writes and reads it perfectly, but having Acronis or Maxtor's MaxBlast copy it means that it can be easily restored to another hard disk.
[1]: I always have TrueCrypt on my Windows machines. This turns a computer theft into "just" a loss of hardware, not hardware+data. Since I keep good backups (external HDD, backup server hidden, but connected via wireless, and Mozy), I'm more worried about someone getting access for extortion or blackmail reasons than recovering what is on the machine's HDDs.
When you see PHBs, they tend to work the same regardless of business. One can consider it echos of a hive mind, or perhaps the biological equivalent of UNIX hard links where it appears to be a different person, but the same mentality -- MBA, but absolutely no grasp of basic ITIL concepts. It will be the same behavior everyone ones looks, next quarter's sales figures über alles.
Until this attitude is changed in business, the "lost decade" of America will continue.
The trick with those is to buy a U3 flash drive, use some black magic to make the ISO image be OS boot media, copy the other stuff to the data partition, and use that for recovering the netbook. I've done this with some Windows servers which are sans an optical drive.
+1. Even if the cost was 50% more so the PC makers can actually provide the following:
A decent quality level of components. Caps ready to bust are so 2000-2002. A level of phone tech support that is decent (no script readers that hang up on the customer if they can't find where to go on the flowchart). Printed manuals. PDF files don't do squat when there is no machine to read them. CD-ROM media, as well as read-only USB flash drives so machines without CD-ROM drives can be recovered.
Ideally, a purchased PC should have:
Hardware RAID (not hardware-assisted RAID), and two mirrored drives for the boot OS. This way, Joe Sixpack can lose a drive, but still be able to browse his pr0n. A decent power supply that is way underused so it can run quietly. A drive (or mirrored drives) which are used by a preinstalled backup program for nightly backups. This way, Joe Sixpack can be told to "put recovery disk in the drive, boot, click 'restore', go to the sports bar, and after a few Bud Lights [1], it should be back to where it was before the data loss."
I sort of miss the days where computer shops were Mom and Pop businesses similar to how bike shops are today. It wasn't perfect, but there was something about having someone to physically come to, should computer problems happen, that made those shops worth patronizing. The closest thing we have these days to this is the Genius Bar at the Apple Store.
[1]: Using beers as a temporal unit isn't exactly a precise way of doing things, but explaining to someone that setting up backup software and installing an external HDD is a one beer job, versus a reinstall which is a five beer activity gets the point across.
It is a whole ecosystem all benefiting from the cluelessness of the end user.
PC company doesn't ship media, so when (not if) the user gets an infection, they have to either hit Geek Squad, some other computer place, or if lucky a clued friend and have to pay both labor charges and re-buy a copy of Windows, Office, and the other applications. Of course, said places NEVER tell the user that they should buy a backup device and some utility like Retrospect (as well as burn a recovery CD), so when the next malware hits, it is the same crap all over again.
For people reading/., this isn't an issue... something happens, you grab a recovery CD, bare metal restore from the NAS head, or an external drive.
Even Microsoft has gotten wind of this. When one installs Windows 7, and even Vista, the user is prompted to back their stuff up periodically. Usually by an image backup, then file by file incrementals, with prompting for a new image every six months. Windows server operating systems go one step further by allowing for full and incremental imaging so a restore is quite easy. Macs have Time Machine which makes backups trivial given a NAS or an external HDD. Combine this with Mozy or Carbonite, and a home user's data is protected from almost any disaster.
The problem? Users don't have any training or knowledge about backups, and some just don't care because they think their computer-savvy friend will be able to undo any damage. The average/. reader is savvy at this, but the average Joe or Jane on the streets has no clue. You ask them to take a level 0 dump on their machine, and they will look at you funny, the proceed to completely soil their computer and desk. When in college, it was crazy how many people stored their only working copies of their critical documents on a single USB flash drive. Of course this meant they almost had to be put in straitjackets and packed off to the suicide prevention ward when their flash drive gets lost, starts having I/O errors, or their file accidentally gets deleted. When I finished up college, what I used was a SanDisk Cruzer Titanium Plus, which had a cloud backup utility built into the U3 panel. This, plus the fact that I had a utility that backed the drive up daily to the college's Samba server worked out until I finished school, and the backup utility was abandoned by Sandisk a few months later.
You hit the nail on the head right there. Consumer PC making has become a race to the bottom, putting all but the big guys who can cut the most corners out of business.
Want a good PC? One has to do one of three things: Build their own machine from known good parts, buy business line models (Optiplexes, Latitudes, Precisions), or buy Apple.
For a nontechnical customer, it gets even harder, because they don't have the expertise to build their own stuff. Here, it is either find someone trustworthy to build a machine for them, or pay the Apple Tax for a machine + AppleCare for decent technical support.
This is why Apple is succeeding in a market where everything else is stagnating, just because they offer plain old fashioned customer service. A musician who doesn't have much computer savvy can call Apple and have them figure out an issue, regardless of if it is with the Mac hardware, OS X, or Logic Studio. A photographer can do similar with Aperture. Someone doing production video work has a glitch with Final Cut Studio? One 800 number, and no worry about being shoved from company to company.
Until other PC vendors understand that customer service is as important as the hardware itself, Apple will continue to eat their marketshare. And it doesn't seem that they will be getting this anytime soon, from the looks of things.
The stickler in this is that crapware merchants pay PC vendors to have their stuff shoveled onto machines, so it will be present everywhere unless one installs from true OS media. So shipping true Windows media isn't in the PC company's best interest because it means fewer installs and fewer chances of getting handed cash when someone upgrades or activates the crapware.
Lets go 1-2 steps past that, and how about put a read-only image of the OS CDs into Flash storage on the motherboard, preferably with some sort of jumper to prevent it from being overwritten by malware? The next step is not to just offer OS restore capabilities, but a full recovery toolkit, from being able to save data off by files or images (and allow CDs/DVDs/BD-R media, external HDDs, and even NFS or Samba shares), load a Windows PE environment for antivirus scanning, etc.
Everyone would benefit from this type of system: Tech can just boot into the recovery part, run an A/V scanner and clean the machine offline. Users could easily reinstall, or save off data. Users also wouldn't have to worry about activating their copy of Windows, nor worrying if they had the right media. And PC companies would need to ship less with machines. All around win for everyone.
I learned that lesson with all PC makers. That is why if I get tasked with helping someone with a new PC, first thing I do is boot it from a Knoppix CD, plug in an external drive, and both tar and dd off the partitions. This gives me an image I know will work. Then I boot a TrueImage or MaxBlast CD and use that to image the partitions. The reason I do both is that for a novice user, TrueImage is easier to use, but I know the Linux dd image is able to put back exactly how something was laid out, sector by sector in case a PC maker decides to an attempt at DRM.
After that is done, I boot the machine, make the recovery DVDs (preferably onto dual layer DVD+R media), then make ISO images of those.
It sounds like a lot of work, but it ensures that the machine's software can be put exactly into the state it was when it was opened.
Of course, after I do all of this, I boot Knoppix again, dd if=/dev/zero of=/dev/sda, zeroing out every nook and cranny of the drive, then install the OS of choice from scratch. One of the first and fundamental rules of system administration is never go with what is preinstalled, unless it is a custom OS load just for that box from the factory.
It is rare these days to see companies devote 10% of their budget to R&D. Most tend to just not bother with R&D because it doesn't give ROI this quarter, and when they do, they gain the technology by buying a startup, or just copying someone else's work and improving on it.
60 year old glass? Most enterprises can't even think past the next couple quarters or to the next FY, much less this far. Almost any other company would have long since chucked the manufacturing process for it because it wasn't immediately profitable.
I've seen companies and government sites in the US still force IE6, and even use JavaScript/VBScript to check for fake User-Agent fields.
These cases are easily addressed on a personal level, but not on an enterprise level -- Windows 7 has XP Mode and IE6, as well as redo logs, so one can browse those sites in the VM (as an ordinary user in the VM, not an admin), then dump all changes when done. On the enterprise level, perhaps the best thing is to have a Citrix VM whose sole job it is to allow people to run IE6 in an extremely locked down environment.
Yep, I heard of this called the "throwing good money after bad" fallacy. People need to realize that if they sank $BIGNUM of dollars, euros, or adena into something smelly and useless, throwing more money will likely just mean that the added cash is wasted, and the smelly/useless item is still smelly/useless.
I won't fault Microsoft on this decision by the UK any more than I'd fault Sun if some organization is still on SunOS 4.1.4 and whining about exploits from 1991, or some organization still using RedHat 5.2. Time goes on, and unless one is running an embedded system that is thoroughly tested and isolated from the Internet, one has to keep upgrading if they value security in any way, shape, or form.
Actually, the tech details are just pushing a.MSI file out with IE8, or just approving it from a WSUS server.
My rant: IE6 is 10 year old technology. A Web browser is on the front lines of keeping a machine secure, almost as much so as a router. IE6 is meant to deal with spyware from the year 2001. Not the botnets and SCADA-seeking malware of 2010. Anyone who has any sense can see this.
There is just no reason to run IE6 on XP unless it is testing backlevel versions. IE8 fixes a lot of security issues. Even Windows XP needs to be binned because it is going to be a decade old, and organizations need to move forward to operating systems more able to handle the security issues of this decade.
This doesn't even need a car example, but a war example: You don't send out Greek phalanxes in formation against people with 10,000 rpm chainguns, Apache helicopters, and flamethrowers. Fielding Windows XP is doing just this.
The blackhats, phishers, scammers, spammers, criminals, and other miscreants are not going to be easing up attacks anytime soon. So why deal with threats of 2010 with an OS made nine years ago?
Of course, firewalls mitigate this, but there is something sort of wrong with compensating for a poor OS's security by having to fortify the router and perimeter instead of having the OS be reliable enough so a blackhat isn't home free once they get into the core network fabric.
I don't think there would be a nuking just knee-jerk unless people are SURE they know the real culprits.
You know how many crackpots have dreams of being able to nuke country "A", make it look like country "B", and watch the two go at it and completely annihilate each other? I'm sure a lot of countries would love to see the US, China, and Russia all go at it just for spite's sake, or perhaps even make a land grab on areas that are habitable after the large firecrackers have gone off and there is little to no command infrastructure left to fire off smaller tac weapons.
Of course, people can do that or just go decompile the Java in the.apk files and strip out the API calls. Frequent updates by app makers will make that a slow job, especially if the developer has a Java obfuscation tool.
I just don't want any more incentive for phone makers to having eFuses, signed kernels, read-only filesystems that stay that way even as root, and other stuff that has to be tediously gotten around by experts in order to mod an Android phone. If piracy is dealt with by a mechanism other than forbidding root access, I'm all for it, because it means that more models of phones (probably by HTC because they are the only company that really gives a crap enough to put out source code and images) are usable by modders and buyable. I'd like to see every Android model easily rooted with a fastboot and an OEM unlock command, as opposed to having to pick and choose the model carefully so one doesn't get a dud that can't be modded, or even rooted.
I don't see the problem, provided the app doesn't pop a license check every time it runs. Instead, it should cache the result against the phone's IMEI and some random obfuscation that would take some disassembly of the.apk to yank. When the app runs, if the IMEI is different, it automatically polls the license server and rebuilds the cached value. If it gets back that the user doesn't have that app purchased, it should either work in a demo mode, or point the user to the store to purchase it proper. If it never gets back a value because of no connection, who cares. If someone is astute to forge a cached hash with the IMEI, they are astute enough to hack all the API references out completely.
All and all, this is a good thing. This beats funky DRM schemes, and it doesn't put as much pressure on device makers to put more eFuses, signed bootloaders, and other anti-modder things in place to ward off piracy. As a modder, I think this method is the best way one could protect apps against piracy. It isn't perfect, but it is a hell of a lot better than forcing Android phone makers to make it harder and harder to mod, much less even root their phones.
Correction: Droidwall doesn't have to be resident all the time for protection. It just makes a list of stuff, then writes some rules for the Linux kernel to allow/deny items. This is way different from Windows software "firewalls" which have to actively intercept each packet on the IP stack.
From what I see, people end up registering the stuff that pops up in order to get it to shut up. The usual antivirus program for example that pops up notices that the end of the world will happen because it will stop getting new definitions in 30 days. If they knew better, they would be pulling that stuff out and installing Microsoft Security Essentials which is provided by MS at no charge, but provides as good AV protection as everyone else.
Don't forget that the Apple Tax is completely offset by what people pay for getting a PC fixed up.
Take 3 years of operation on a $2000 Mac for a non-technical person. Other than software, it may not need a thing.
Take 3 years of operation on a generic Windows machine that costs $500. Say Windows needs to be reinstalled every six months, with infections randomly interspersed out, about twice a year. The reinstalls at the PC shop cost $100, the copy of Windows 7 costs $100 (wasn't bundled with the machine), and the cleaning of malware costs $200 each time. Total cost of machine after 3 years will be near the $2000 paid for the Mac.
For someone who knows what they are doing, this isn't an issue, but for someone non technical, a Mac may work out to be a far better bargain because they can use the machine, not have it dropped by a shop every so often.
Don't forget that a retail edition of OS X 10.6 just installs. No CD-keys. No activation. No "genuine advantage". No sudden black screens or notices that the OS may not be genuine. OS X installs, prompts for a username and then to register. OS X Server is a bit tougher, as it asks for a serial number and periodically checks for the same serial on the network, but it doesn't need to repeatedly phone home to keep its "genuine" status.
Why can't Microsoft operating systems do this? The losses they may get to "piracy" will be completely offset by more people keeping with Windows and not jumping ship because they are tired of the CD key BS.
Actually, none of the big names ship their best phones to the US, sadly enough, except for Apple. One can just look at the phones offered in markets like South Korea or Japan to see what should be here in the US. Those places, there is actual broadcast TV that people can easily watch (without being dependent on the data bandwidth.)
Until Apple came out with the iPhone and woke people up in the US, when I showed them what a smartphone was able to do, the response was mainly, "who cares about Bluetooth or E-mail. I just want a phone that is thin and makes calls. Any more and that is what a laptop is for." Ironic how things change. It wasn't that long ago when everyone was lusting after RAZR models and people with smartphones were either geeks or corporate execs.
With the tech support of most computer places, #1 is simple.
#2 however becomes hair-pulling with calling support with some PC vendors. You get on hold for 1-2 hours, told by a tech to run the diagnostics in Windows, then after repeating that you can't due to a dead HDD, he hangs up on you after accusing you of being "difficult". At least at big box stores, you have a couple days to take the whole thing back.
The premium isn't just for disks. It would also be for better CS, better packaging, better components, and just a higher grade of machine overall. For example, I have PSUs on some mass-produced machines which are just downright embarrassing. By replacing them with decent Corsairs, I'm sure I almost doubled the life of the machine.
Most of us here do this, as this is basic sysadmin 101 stuff. But Joe Sixpack and Aunt Tillie don't. They buy the machine at S-Mart, grab a grubby key to cut the tape on the box, dump the parts out, and perhaps look at the "read me first" poster to see that the color-coded wires match the right sockets. Then they turn the machine on, and start pointing and drooling until hardware failure or malware gets them. Here is the point where most of us get sucked into the equation:
Joe Sixpack comes home from work, PBR in hand, looks at the monitor, and finds that it is off or at a blue screen. After tapping a key, maybe mashing the power button a couple times, first thing he will do is find someone "geekish" to call and bellow at them, "FIX MY COMPUTER, YOU KNUCKLEHEAD".
Of course, when someone clued comes over (either because Joe Sixpack is family, or a close friend of a friend) and asks where any CD or DVD media is. As of this point, not just the data on the primary partition is scrozzled, but the recovery partition is sitting right with it in the bitbucket. Of course, Joe will will hand you a stack of random things, likely urine stained by the blue-tick hound/Rottie mix who you just pried off your leg as you walked in the door. Of course, none of them is a boot CD, although you will find plenty of Encarta disks, maybe a Works disk, and an application or two. Of course, nothing that can be used as true boot media to recover the machine. So what ends up happening is that you end up at the nearest computer store looking for an OEM copy of Windows 7. Then, there is a good chance that Joe might just say, "Its $100 for an OEM copy, but I can buy this new machine for $WHATEVER". Result: He lugs a new machine home and the cycle starts again.
Compare this to the average Slashdotter who, if they are even running Windows and they have an inoperable machine, will boot recovery media, copy off anything possible, and if that isn't doable, just boot off the PXE server, fire up the backup program's bare metal functionality, start the restore, and while that is going on, have a couple drinks of Sam Adams Utopia, or another top tier beverage. Total time lost? Couple hours. Total data lost? None, because the backup program was configured to monitor changes to critical documents (even if they were WoW screenshots) and save them off in real time to a dedicated backup server.
Very true. However, for us who run FDE programs [1], the recovery partition may or may not be usable, so the best option is to dd it off to multiple pieces of media for safekeeping. The UNIX dd command writes and reads it perfectly, but having Acronis or Maxtor's MaxBlast copy it means that it can be easily restored to another hard disk.
[1]: I always have TrueCrypt on my Windows machines. This turns a computer theft into "just" a loss of hardware, not hardware+data. Since I keep good backups (external HDD, backup server hidden, but connected via wireless, and Mozy), I'm more worried about someone getting access for extortion or blackmail reasons than recovering what is on the machine's HDDs.
When you see PHBs, they tend to work the same regardless of business. One can consider it echos of a hive mind, or perhaps the biological equivalent of UNIX hard links where it appears to be a different person, but the same mentality -- MBA, but absolutely no grasp of basic ITIL concepts. It will be the same behavior everyone ones looks, next quarter's sales figures über alles.
Until this attitude is changed in business, the "lost decade" of America will continue.
The trick with those is to buy a U3 flash drive, use some black magic to make the ISO image be OS boot media, copy the other stuff to the data partition, and use that for recovering the netbook. I've done this with some Windows servers which are sans an optical drive.
+1. Even if the cost was 50% more so the PC makers can actually provide the following:
A decent quality level of components. Caps ready to bust are so 2000-2002.
A level of phone tech support that is decent (no script readers that hang up on the customer if they can't find where to go on the flowchart).
Printed manuals. PDF files don't do squat when there is no machine to read them.
CD-ROM media, as well as read-only USB flash drives so machines without CD-ROM drives can be recovered.
Ideally, a purchased PC should have:
Hardware RAID (not hardware-assisted RAID), and two mirrored drives for the boot OS. This way, Joe Sixpack can lose a drive, but still be able to browse his pr0n.
A decent power supply that is way underused so it can run quietly.
A drive (or mirrored drives) which are used by a preinstalled backup program for nightly backups. This way, Joe Sixpack can be told to "put recovery disk in the drive, boot, click 'restore', go to the sports bar, and after a few Bud Lights [1], it should be back to where it was before the data loss."
I sort of miss the days where computer shops were Mom and Pop businesses similar to how bike shops are today. It wasn't perfect, but there was something about having someone to physically come to, should computer problems happen, that made those shops worth patronizing. The closest thing we have these days to this is the Genius Bar at the Apple Store.
[1]: Using beers as a temporal unit isn't exactly a precise way of doing things, but explaining to someone that setting up backup software and installing an external HDD is a one beer job, versus a reinstall which is a five beer activity gets the point across.
It is a whole ecosystem all benefiting from the cluelessness of the end user.
PC company doesn't ship media, so when (not if) the user gets an infection, they have to either hit Geek Squad, some other computer place, or if lucky a clued friend and have to pay both labor charges and re-buy a copy of Windows, Office, and the other applications. Of course, said places NEVER tell the user that they should buy a backup device and some utility like Retrospect (as well as burn a recovery CD), so when the next malware hits, it is the same crap all over again.
For people reading /., this isn't an issue... something happens, you grab a recovery CD, bare metal restore from the NAS head, or an external drive.
Even Microsoft has gotten wind of this. When one installs Windows 7, and even Vista, the user is prompted to back their stuff up periodically. Usually by an image backup, then file by file incrementals, with prompting for a new image every six months. Windows server operating systems go one step further by allowing for full and incremental imaging so a restore is quite easy. Macs have Time Machine which makes backups trivial given a NAS or an external HDD. Combine this with Mozy or Carbonite, and a home user's data is protected from almost any disaster.
The problem? Users don't have any training or knowledge about backups, and some just don't care because they think their computer-savvy friend will be able to undo any damage. The average /. reader is savvy at this, but the average Joe or Jane on the streets has no clue. You ask them to take a level 0 dump on their machine, and they will look at you funny, the proceed to completely soil their computer and desk. When in college, it was crazy how many people stored their only working copies of their critical documents on a single USB flash drive. Of course this meant they almost had to be put in straitjackets and packed off to the suicide prevention ward when their flash drive gets lost, starts having I/O errors, or their file accidentally gets deleted. When I finished up college, what I used was a SanDisk Cruzer Titanium Plus, which had a cloud backup utility built into the U3 panel. This, plus the fact that I had a utility that backed the drive up daily to the college's Samba server worked out until I finished school, and the backup utility was abandoned by Sandisk a few months later.
You hit the nail on the head right there. Consumer PC making has become a race to the bottom, putting all but the big guys who can cut the most corners out of business.
Want a good PC? One has to do one of three things: Build their own machine from known good parts, buy business line models (Optiplexes, Latitudes, Precisions), or buy Apple.
For a nontechnical customer, it gets even harder, because they don't have the expertise to build their own stuff. Here, it is either find someone trustworthy to build a machine for them, or pay the Apple Tax for a machine + AppleCare for decent technical support.
This is why Apple is succeeding in a market where everything else is stagnating, just because they offer plain old fashioned customer service. A musician who doesn't have much computer savvy can call Apple and have them figure out an issue, regardless of if it is with the Mac hardware, OS X, or Logic Studio. A photographer can do similar with Aperture. Someone doing production video work has a glitch with Final Cut Studio? One 800 number, and no worry about being shoved from company to company.
Until other PC vendors understand that customer service is as important as the hardware itself, Apple will continue to eat their marketshare. And it doesn't seem that they will be getting this anytime soon, from the looks of things.
The stickler in this is that crapware merchants pay PC vendors to have their stuff shoveled onto machines, so it will be present everywhere unless one installs from true OS media. So shipping true Windows media isn't in the PC company's best interest because it means fewer installs and fewer chances of getting handed cash when someone upgrades or activates the crapware.
Lets go 1-2 steps past that, and how about put a read-only image of the OS CDs into Flash storage on the motherboard, preferably with some sort of jumper to prevent it from being overwritten by malware? The next step is not to just offer OS restore capabilities, but a full recovery toolkit, from being able to save data off by files or images (and allow CDs/DVDs/BD-R media, external HDDs, and even NFS or Samba shares), load a Windows PE environment for antivirus scanning, etc.
Everyone would benefit from this type of system: Tech can just boot into the recovery part, run an A/V scanner and clean the machine offline. Users could easily reinstall, or save off data. Users also wouldn't have to worry about activating their copy of Windows, nor worrying if they had the right media. And PC companies would need to ship less with machines. All around win for everyone.
I learned that lesson with all PC makers. That is why if I get tasked with helping someone with a new PC, first thing I do is boot it from a Knoppix CD, plug in an external drive, and both tar and dd off the partitions. This gives me an image I know will work. Then I boot a TrueImage or MaxBlast CD and use that to image the partitions. The reason I do both is that for a novice user, TrueImage is easier to use, but I know the Linux dd image is able to put back exactly how something was laid out, sector by sector in case a PC maker decides to an attempt at DRM.
After that is done, I boot the machine, make the recovery DVDs (preferably onto dual layer DVD+R media), then make ISO images of those.
It sounds like a lot of work, but it ensures that the machine's software can be put exactly into the state it was when it was opened.
Of course, after I do all of this, I boot Knoppix again, dd if=/dev/zero of=/dev/sda, zeroing out every nook and cranny of the drive, then install the OS of choice from scratch. One of the first and fundamental rules of system administration is never go with what is preinstalled, unless it is a custom OS load just for that box from the factory.
It is rare these days to see companies devote 10% of their budget to R&D. Most tend to just not bother with R&D because it doesn't give ROI this quarter, and when they do, they gain the technology by buying a startup, or just copying someone else's work and improving on it.
60 year old glass? Most enterprises can't even think past the next couple quarters or to the next FY, much less this far. Almost any other company would have long since chucked the manufacturing process for it because it wasn't immediately profitable.
I've seen companies and government sites in the US still force IE6, and even use JavaScript/VBScript to check for fake User-Agent fields.
These cases are easily addressed on a personal level, but not on an enterprise level -- Windows 7 has XP Mode and IE6, as well as redo logs, so one can browse those sites in the VM (as an ordinary user in the VM, not an admin), then dump all changes when done. On the enterprise level, perhaps the best thing is to have a Citrix VM whose sole job it is to allow people to run IE6 in an extremely locked down environment.
Yep, I heard of this called the "throwing good money after bad" fallacy. People need to realize that if they sank $BIGNUM of dollars, euros, or adena into something smelly and useless, throwing more money will likely just mean that the added cash is wasted, and the smelly/useless item is still smelly/useless.
I won't fault Microsoft on this decision by the UK any more than I'd fault Sun if some organization is still on SunOS 4.1.4 and whining about exploits from 1991, or some organization still using RedHat 5.2. Time goes on, and unless one is running an embedded system that is thoroughly tested and isolated from the Internet, one has to keep upgrading if they value security in any way, shape, or form.
Actually, the tech details are just pushing a .MSI file out with IE8, or just approving it from a WSUS server.
My rant: IE6 is 10 year old technology. A Web browser is on the front lines of keeping a machine secure, almost as much so as a router. IE6 is meant to deal with spyware from the year 2001. Not the botnets and SCADA-seeking malware of 2010. Anyone who has any sense can see this.
There is just no reason to run IE6 on XP unless it is testing backlevel versions. IE8 fixes a lot of security issues. Even Windows XP needs to be binned because it is going to be a decade old, and organizations need to move forward to operating systems more able to handle the security issues of this decade.
This doesn't even need a car example, but a war example: You don't send out Greek phalanxes in formation against people with 10,000 rpm chainguns, Apache helicopters, and flamethrowers. Fielding Windows XP is doing just this.
The blackhats, phishers, scammers, spammers, criminals, and other miscreants are not going to be easing up attacks anytime soon. So why deal with threats of 2010 with an OS made nine years ago?
Of course, firewalls mitigate this, but there is something sort of wrong with compensating for a poor OS's security by having to fortify the router and perimeter instead of having the OS be reliable enough so a blackhat isn't home free once they get into the core network fabric.
I don't think there would be a nuking just knee-jerk unless people are SURE they know the real culprits.
You know how many crackpots have dreams of being able to nuke country "A", make it look like country "B", and watch the two go at it and completely annihilate each other? I'm sure a lot of countries would love to see the US, China, and Russia all go at it just for spite's sake, or perhaps even make a land grab on areas that are habitable after the large firecrackers have gone off and there is little to no command infrastructure left to fire off smaller tac weapons.
Of course, people can do that or just go decompile the Java in the .apk files and strip out the API calls. Frequent updates by app makers will make that a slow job, especially if the developer has a Java obfuscation tool.
I just don't want any more incentive for phone makers to having eFuses, signed kernels, read-only filesystems that stay that way even as root, and other stuff that has to be tediously gotten around by experts in order to mod an Android phone. If piracy is dealt with by a mechanism other than forbidding root access, I'm all for it, because it means that more models of phones (probably by HTC because they are the only company that really gives a crap enough to put out source code and images) are usable by modders and buyable. I'd like to see every Android model easily rooted with a fastboot and an OEM unlock command, as opposed to having to pick and choose the model carefully so one doesn't get a dud that can't be modded, or even rooted.
I don't see the problem, provided the app doesn't pop a license check every time it runs. Instead, it should cache the result against the phone's IMEI and some random obfuscation that would take some disassembly of the .apk to yank. When the app runs, if the IMEI is different, it automatically polls the license server and rebuilds the cached value. If it gets back that the user doesn't have that app purchased, it should either work in a demo mode, or point the user to the store to purchase it proper. If it never gets back a value because of no connection, who cares. If someone is astute to forge a cached hash with the IMEI, they are astute enough to hack all the API references out completely.
All and all, this is a good thing. This beats funky DRM schemes, and it doesn't put as much pressure on device makers to put more eFuses, signed bootloaders, and other anti-modder things in place to ward off piracy. As a modder, I think this method is the best way one could protect apps against piracy. It isn't perfect, but it is a hell of a lot better than forcing Android phone makers to make it harder and harder to mod, much less even root their phones.
Correction: Droidwall doesn't have to be resident all the time for protection. It just makes a list of stuff, then writes some rules for the Linux kernel to allow/deny items. This is way different from Windows software "firewalls" which have to actively intercept each packet on the IP stack.