Microsoft officially entering the anti-virus industry means the incumbent anti-virus vendors will have to evolve, or die.
Think about it, folks! The AV industry has stagnated over eighteen years because of their reliance on the Addictive Update Model. AV software hasn't significantly advanced in all of this time because users won't buy better products.
A Microsoft anti-virus product is going to penetrate the AV market like Internet Explorer did. It'll be bundled with later versions of Microsoft operating systems, making current AV software obsolete. AV vendors will finally have to release better AV products - products that can catch viruses before the fact - just to stay competitive.
If the incumbent AV vendors respond to this threat to their bottom line, AV security will dramatically improve. About time, too.
Remember him? The guy who wrote the Melissa virus? He got twenty months for writing that critter.
Prosecutors took pity on him because of his parents! His parents? Folks, I don't take pitty on a deadly cyber-terrorist who causes three-hundred-twenty million dollars of damage to the US economy. I for one hope he rots in prison for his heinous cyber-crime, right beside his predecessor.
At least those one hundred community service hours won't be spent on a computer like his predecessor spent his. The judge had some forethought at least.
Memo to "Complete Idiot II": If someone drops a bar of soap in the shower, don't pick it up. You might get infected by a virus!
Least of all your US government. The NSA makes a bulletproof distribution of Linux, and other US government offices shun it in favour of Windows.
Sun Microsystems released Star Office, and a bunch of open source wonks built OpenOffice, with better track records. Yet US government offices shun them in favour of Microsoft Office.
I'm not sure why they do, especially an omniscent body like the US government who knows these things exist. It must be because they don't want to use them.
And every day users? Well, users could have taken e-mail content security into their own hands over a decade ago when PGP was out, or eight years ago when PGP for the Exchange client came out. But NO, they didn't want to use it. They could have used S/MIME which was slightly easier to use, but NO, they didn't want to use it.
Users don't care enough to demand strong encryption in their applications. And Microsoft is in business to make money. They aren't going to waste time making a product that no one will buy. And YOU, slashdotters, aren't going to convince users to buy an alternative through fear, uncertainty and doubt.
...of computers with insecure pirated Windows boxes.
Pirating software is a choice made by the USER. If they can support themselves and they need to save a few bucks, fine. But I won't be able to support them because they won't give me the tools I need to do so.
And what did you think M$ was trying to do with product keys, product activation, etc during INSTALLation as you wished for in your post? "the world would be devoid of pirated Windows..."
What a short memory Slashdotters have. I remember a very loud crowd of you crying "foul!" when Product Activation first came about: "It's a blatant privacy violation! M$ wants to spy on everyone installing XP!" Bah. You want Microsoft to enforce legal copies of Windows on INSTALLATION instead of during a Service Pack deployment? Maybe you should have activated your copy of XP when you installed it, instead of trying to circumvent it.
Cheapass users made piracy the problem it is today. Sure, overinflated prices helped, but supply and demand would have brought those prices down naturally. If more people refused to buy XP instead of pirating it, the price would have dropped in order to sell them. Then we'd have more legit and supportable copies out there. Instead, cheapass users chose to bypass supply and demand, and have now found themselves unsupported. Boo, hoo. You get what you pay for.
And a valid product key as proof of purchase and eligibility for support.
The CDs that Dell provides with their notebooks doesn't even require product activation! But there's a legit key attached to that noteboook, and the CD was actually a customized Windows XP CD-ROM, complete with their standard blue-screen boot-up and installation software. Ditto, Compaq (except maybe for the product activation).
At least it's supportable. I can't say the same thing for the hole-in-the-wall PC shops with their Norton Ghost restoration CDs that use the same product key and SIDs for all of the machines that go out their door. They don't even bother to sysprep them.
When I can't do my job because the customer chose to install seven pirate copies of XP Pro, and I can't install a service pack which I know will solve all of their problems, what exactly am I supposed to do?
And later, if I'm accused of trying to steal a client's money by selling them seven legit copies of XP in place of their seven pirate copies (true story!), exactly how am I supposed to support them? By installing seven copies of SUSE Linux? And then trying to explain that their travel reservation software doesn't work?
No. I am not that desparate for business to deal with that much shit and abuse. And I don't want their friends' business, either, if they do the exact same thing. They're not supportable.
There are enough honest customers out there with broken yet supportable installations to keep me in business.
You might as well have said you will unplug your computer from the Internet. After all:
* All of the Windows viruses and worms come from the Internet * All of the infected MP3 and WMV files with trojans come from the Internet * All of your anti-virus software failed (AGAIN!) to do its job (melissa, iloveyou, stages, lindoze, nimda, and now wmv trojans) until after the fact * All of your desktop computers infected with Windows viruses (with notable exceptions of Blaster and their kin) got infected because you opened some file with some program that you ran on some Windows PC with full administrator access * All of your desktop PCs got infected with Windows worms (including Blaster etc) because you didn't turn on the built-in firewall in XP, or didn't spend the lousy $60 on a broadband router with a built-in firewall
So, what are you waiting for? Have you unplugged from the Internet yet? Because if you DON'T take responsibility for your own computer's security, you're only going to have all this happen to you again and again until you simply unplug yourself. Free Yourself From The Matrix! Take The Red Pill! Unplug Yourself!
If they can't be bothered to pay for their support, they can switch to a "free" operating system with maintainers that give "free" patches to their "free" bugs and "free" vulnerabilities.
It would sure make my job easier as a consultant. If I had a license fee's worth for every pirated installation of Windows XP I've refused to support... "OK I need to replace this file, where's your XP CD-ROM?" "What XP CD-ROM?"
Outpost was an interesting space colonization game by Sierra (pre-EA) for Windows 3.1. It covered the possibility of an asteroid striking Earth around 2050 and an extra-Solar colonization scenario designed around it.
I want to know if there's a company pursuing that possibility and putting together a crash colonization program. I might not get on the ship but I'll be glad to help a hundred (or two hundred) other souls on their way.
A freak weather event did more damage to a computerized reservation system in one night, than all of the hackers, viruses, trojans, spyware and idiot lusers combined over all of 2004.
Unless you take the overinflated guesstimates of the likes of mi2g at face value, anyway.
Toronto faced a blizard last week. Some two hundred flights cancelled because of bad weather. Air Canada, West Jet, Jetsgo, etc didn't go down even if their planes did. That too, caused more damage to YYZ's fiscal health than all of its computer security woes combined through 2004.
And then I read the letter posted here about the IT guys sunning themselves during all of this.
Merry xmas. I hope you can justify your jobs in 2005.
Gee, phones with after-the-fact anti-virus software. Java. Custom games. Trojans posing as games. All because Symbian's the most popular OS for phones.
I don't suppose there's a Limited User mode for a phone, is there?:-)
Seriously, read later responses to queries about what my Mom runs. Besides, if she were running AOL on dial-up, all bets would be off regarding time to exploitation.
As for the screaming? It got your attention, didn't it?
I wish Microsoft included more explicit setup instructions, though. Like power tools that require assembly: "First you install the SAFETY GUARD." That much, I can blame Microsoft for.
However, when an XP Home machine starts up for the first time and offers to create a bunch of user accounts and if you purposefully skip this step, I have to wonder if you skip putting the safeties on your new power tools while you're at it.
She understands me when I explain Limited User vs Administrator. I explain that it's like using safety guards on a power tool. She knows to switch users to the "Owner" account to use Windows Update and Office Update, and not to use anything else when using those update tools.
I only had to show my Mom once - some people I show more than once but that's OK - it's preventing problems before the fact.
Here's my Mom's config for the curious:
AMD K6-2 500, 256 MB RAM Integrated LAN, DSL Internet XP Home Edition, Service Pack 1 (She's waiting for me to visit to install SP2) MS Office 2003 Student & Teacher Edition Outlook 2003 for email
"Owner" Administrator account - password protected "Mom" Limited User "Kids" Limited User for the grand kids
I turned on the built-in firewall before connecting the LAN cable the first time. I explained to her why it needs to stay on, and she doesn't turn it off.
She's had this box for a year in this config and I set it up ONCE.
Is this a good enough example of XP security through proper management?
That's not Microsoft's fault that EA Games decided to use a broken copy protection scheme.
It took me two weeks off and on to fix an old Windows game (Quake II) to work as a limited user in XP. http://www.pan-am.ca/testing.html And I'm not a full time games programmer. What's EA's excuse?
They should have started preaching "don't run as root" as early as NT 3.5. Because they haven't until 2000, developers have six years of old programming habits to break.
Now MacOS X - I haven't run that though I'm aware of its BSD roots. How much legacy Mac software works as non-root on MacOS X?
Not by letting her run IE, but by letting her run IE on a Windows box as full admin.
"... despite the anti-virus, regular Windows updates, having the good sense not to open attachments, using a firewall, and avoiding any type of seedy activities online..."
Let's see, it's 2004, XP is two years old, 2K is four years old, and your wife got spyware for one of two reasons:
* You let her run too old a version of Windows (98/ME) with no built in security, (Melissa got past anti-virus software remember) or * You let her run 2K or XP with full admin or "power user" access.
You two only have yourselves to blame for choosing to run a machine insecurely. Yes, you. You could've stopped all of this before the fact if you ran a modern version of Windows as limited users, if you used a mail program Designed for XP and kept that up to date as well as the OS, if you treated the 'net like any other public place instead of trusting everyone by default.
You chose Windows, and you chose to run it insecurely. If you think running Linux is the cure, go right ahead. But if you run it as root, you don't deserve any sympathy from me. And if you run XP as a full admin, you deserve even less sympathy.
Take charge of your own computer security already, however you do it. Don't whine at Microsoft because you let it happen.
And damn my slashdot karma to Hell anyway. I'm sick of this whining: "Microsoft (this), Microsoft (that), Microsoft (whatever)." Lazy bastards. How come MY MOTHER doesn't get spyware or viruses or whatever when she's running only XP Service Pack 1? Without any AV software? Explain that.
It doesn't take a switch to Linux to get Linux-like protection.
Get Win2K or XP and do your daily work as a limited user. Stick with apps that work as a limited user (Yes, this means dumping Quickbooks for Simply Accounting). Ditch or fix the games that need Admin to run and tell your vendors to clean up their act. Take charge of your PC already and stop blaming Microsoft.
"I see PCs all the time which have IE up to date as well as have up to date anti-virus software that are *still* plagued with problems. Why? IE vulnerabilities."
Well, I see PCs under my care daily which DON'T have up to date anti-virus software and not even up-to-date patches on IE, yet they still aren't plagued with problems. For two years straight.
Why?
Decent security policies, starting with Limited User access. But that's just IT Staff (me) doing its job properly.
Sophos wants us to update our anti-virus software 8760 times a year. Once an hour every day, every year per computer (!) just to keep up with all of the variants of viruses.
mi2g? Well, they started calling vmyths a hate site. They need no further comment.
Solaris, Netware, Commodore 64s... They'd even have to ban themselves.
Because THEY don't take security seriously.
They'd have to ban the Internet because the Internet was never originally designed with security in mind, rather, it was designed with redundancy in mind.
Rather, they would have to ban idiots. And e-commerce would die because the idiots make up the majority of spenders.
It took decades of horrible deaths on the highways before governments mandated safety regulations in motor vehicles. And "cyber-tastrophies" don't cause deaths, nor have I seen a recorded insurance claim over computer security problems.
As much as I want to make everyone security-aware, I'd rather the Internet's users choose to become security aware. We're not at the point yet where public service and public safety really depends on Internet access. Until then, we'll continue to have the idiots driving on the "information highway."
Slashdot Mirror
Microsoft officially entering the anti-virus industry means the incumbent anti-virus vendors will have to evolve, or die.
Think about it, folks! The AV industry has stagnated over eighteen years because of their reliance on the Addictive Update Model. AV software hasn't significantly advanced in all of this time because users won't buy better products.
A Microsoft anti-virus product is going to penetrate the AV market like Internet Explorer did. It'll be bundled with later versions of Microsoft operating systems, making current AV software obsolete. AV vendors will finally have to release better AV products - products that can catch viruses before the fact - just to stay competitive.
If the incumbent AV vendors respond to this threat to their bottom line, AV security will dramatically improve. About time, too.
Remember him? The guy who wrote the Melissa virus? He got twenty months for writing that critter.
Prosecutors took pity on him because of his parents! His parents? Folks, I don't take pitty on a deadly cyber-terrorist who causes three-hundred-twenty million dollars of damage to the US economy. I for one hope he rots in prison for his heinous cyber-crime, right beside his predecessor.
At least those one hundred community service hours won't be spent on a computer like his predecessor spent his. The judge had some forethought at least.
Memo to "Complete Idiot II": If someone drops a bar of soap in the shower, don't pick it up. You might get infected by a virus!
Least of all your US government. The NSA makes a bulletproof distribution of Linux, and other US government offices shun it in favour of Windows.
Sun Microsystems released Star Office, and a bunch of open source wonks built OpenOffice, with better track records. Yet US government offices shun them in favour of Microsoft Office.
I'm not sure why they do, especially an omniscent body like the US government who knows these things exist. It must be because they don't want to use them.
And every day users? Well, users could have taken e-mail content security into their own hands over a decade ago when PGP was out, or eight years ago when PGP for the Exchange client came out. But NO, they didn't want to use it. They could have used S/MIME which was slightly easier to use, but NO, they didn't want to use it.
Users don't care enough to demand strong encryption in their applications. And Microsoft is in business to make money. They aren't going to waste time making a product that no one will buy. And YOU, slashdotters, aren't going to convince users to buy an alternative through fear, uncertainty and doubt.
...of computers with insecure pirated Windows boxes.
Pirating software is a choice made by the USER. If they can support themselves and they need to save a few bucks, fine. But I won't be able to support them because they won't give me the tools I need to do so.
And what did you think M$ was trying to do with product keys, product activation, etc during INSTALLation as you wished for in your post? "the world would be devoid of pirated Windows..."
What a short memory Slashdotters have. I remember a very loud crowd of you crying "foul!" when Product Activation first came about: "It's a blatant privacy violation! M$ wants to spy on everyone installing XP!" Bah. You want Microsoft to enforce legal copies of Windows on INSTALLATION instead of during a Service Pack deployment? Maybe you should have activated your copy of XP when you installed it, instead of trying to circumvent it.
Cheapass users made piracy the problem it is today. Sure, overinflated prices helped, but supply and demand would have brought those prices down naturally. If more people refused to buy XP instead of pirating it, the price would have dropped in order to sell them. Then we'd have more legit and supportable copies out there. Instead, cheapass users chose to bypass supply and demand, and have now found themselves unsupported. Boo, hoo. You get what you pay for.
And a valid product key as proof of purchase and eligibility for support.
The CDs that Dell provides with their notebooks doesn't even require product activation! But there's a legit key attached to that noteboook, and the CD was actually a customized Windows XP CD-ROM, complete with their standard blue-screen boot-up and installation software. Ditto, Compaq (except maybe for the product activation).
At least it's supportable. I can't say the same thing for the hole-in-the-wall PC shops with their Norton Ghost restoration CDs that use the same product key and SIDs for all of the machines that go out their door. They don't even bother to sysprep them.
Moral grounds? This isn't funny anymore.
When I can't do my job because the customer chose to install seven pirate copies of XP Pro, and I can't install a service pack which I know will solve all of their problems, what exactly am I supposed to do?
And later, if I'm accused of trying to steal a client's money by selling them seven legit copies of XP in place of their seven pirate copies (true story!), exactly how am I supposed to support them? By installing seven copies of SUSE Linux? And then trying to explain that their travel reservation software doesn't work?
No. I am not that desparate for business to deal with that much shit and abuse. And I don't want their friends' business, either, if they do the exact same thing. They're not supportable.
There are enough honest customers out there with broken yet supportable installations to keep me in business.
"We reserve the right to refuse service."
"I will not open WMV files any more."
You might as well have said you will unplug your computer from the Internet. After all:
* All of the Windows viruses and worms come from the Internet
* All of the infected MP3 and WMV files with trojans come from the Internet
* All of your anti-virus software failed (AGAIN!) to do its job (melissa, iloveyou, stages, lindoze, nimda, and now wmv trojans) until after the fact
* All of your desktop computers infected with Windows viruses (with notable exceptions of Blaster and their kin) got infected because you opened some file with some program that you ran on some Windows PC with full administrator access
* All of your desktop PCs got infected with Windows worms (including Blaster etc) because you didn't turn on the built-in firewall in XP, or didn't spend the lousy $60 on a broadband router with a built-in firewall
So, what are you waiting for? Have you unplugged from the Internet yet? Because if you DON'T take responsibility for your own computer's security, you're only going to have all this happen to you again and again until you simply unplug yourself. Free Yourself From The Matrix! Take The Red Pill! Unplug Yourself!
If they can't be bothered to pay for their support, they can switch to a "free" operating system with maintainers that give "free" patches to their "free" bugs and "free" vulnerabilities.
It would sure make my job easier as a consultant. If I had a license fee's worth for every pirated installation of Windows XP I've refused to support... "OK I need to replace this file, where's your XP CD-ROM?" "What XP CD-ROM?"
Outpost was an interesting space colonization game by Sierra (pre-EA) for Windows 3.1. It covered the possibility of an asteroid striking Earth around 2050 and an extra-Solar colonization scenario designed around it.
I want to know if there's a company pursuing that possibility and putting together a crash colonization program. I might not get on the ship but I'll be glad to help a hundred (or two hundred) other souls on their way.
A freak weather event did more damage to a computerized reservation system in one night, than all of the hackers, viruses, trojans, spyware and idiot lusers combined over all of 2004.
Unless you take the overinflated guesstimates of the likes of mi2g at face value, anyway.
Toronto faced a blizard last week. Some two hundred flights cancelled because of bad weather. Air Canada, West Jet, Jetsgo, etc didn't go down even if their planes did. That too, caused more damage to YYZ's fiscal health than all of its computer security woes combined through 2004.
And then I read the letter posted here about the IT guys sunning themselves during all of this.
Merry xmas. I hope you can justify your jobs in 2005.
- Undiscovered security holes ...
- Netscape invented Javascript and HTML e-mail, remember
- Buggy Mozilla core instead of buggy IE core
- Undiscovered bugs in RSS reader
-
Conclusion: Same insecurity, different pile.
Gee, phones with after-the-fact anti-virus software. Java. Custom games. Trojans posing as games. All because Symbian's the most popular OS for phones.
:-)
I don't suppose there's a Limited User mode for a phone, is there?
heh heh
Seriously, read later responses to queries about what my Mom runs. Besides, if she were running AOL on dial-up, all bets would be off regarding time to exploitation.
As for the screaming? It got your attention, didn't it?
That exists in XP Home just fine.
I wish Microsoft included more explicit setup instructions, though. Like power tools that require assembly: "First you install the SAFETY GUARD." That much, I can blame Microsoft for.
However, when an XP Home machine starts up for the first time and offers to create a bunch of user accounts and if you purposefully skip this step, I have to wonder if you skip putting the safeties on your new power tools while you're at it.
She has Internet on DSL. I turned on the XP firewall before plugging it in.
She understands me when I explain Limited User vs Administrator. I explain that it's like using safety guards on a power tool. She knows to switch users to the "Owner" account to use Windows Update and Office Update, and not to use anything else when using those update tools.
I only had to show my Mom once - some people I show more than once but that's OK - it's preventing problems before the fact.
Here's my Mom's config for the curious:
AMD K6-2 500, 256 MB RAM
Integrated LAN, DSL Internet
XP Home Edition, Service Pack 1 (She's waiting for me to visit to install SP2)
MS Office 2003 Student & Teacher Edition
Outlook 2003 for email
"Owner" Administrator account - password protected
"Mom" Limited User
"Kids" Limited User for the grand kids
I turned on the built-in firewall before connecting the LAN cable the first time. I explained to her why it needs to stay on, and she doesn't turn it off.
She's had this box for a year in this config and I set it up ONCE.
Is this a good enough example of XP security through proper management?
That's not Microsoft's fault that EA Games decided to use a broken copy protection scheme.
It took me two weeks off and on to fix an old Windows game (Quake II) to work as a limited user in XP. http://www.pan-am.ca/testing.html And I'm not a full time games programmer. What's EA's excuse?
They should have started preaching "don't run as root" as early as NT 3.5. Because they haven't until 2000, developers have six years of old programming habits to break.
Now MacOS X - I haven't run that though I'm aware of its BSD roots. How much legacy Mac software works as non-root on MacOS X?
If it's 2K and she wants to burn CDs, she can run a modern version of Nero (v6) or Roxio (v5 and later) which work for restricted users.
Not by letting her run IE, but by letting her run IE on a Windows box as full admin.
"... despite the anti-virus, regular Windows updates, having the good sense not to open attachments, using a firewall, and avoiding any type of seedy activities online..."
Let's see, it's 2004, XP is two years old, 2K is four years old, and your wife got spyware for one of two reasons:
* You let her run too old a version of Windows (98/ME) with no built in security, (Melissa got past anti-virus software remember) or
* You let her run 2K or XP with full admin or "power user" access.
You two only have yourselves to blame for choosing to run a machine insecurely. Yes, you. You could've stopped all of this before the fact if you ran a modern version of Windows as limited users, if you used a mail program Designed for XP and kept that up to date as well as the OS, if you treated the 'net like any other public place instead of trusting everyone by default.
You chose Windows, and you chose to run it insecurely. If you think running Linux is the cure, go right ahead. But if you run it as root, you don't deserve any sympathy from me. And if you run XP as a full admin, you deserve even less sympathy.
Take charge of your own computer security already, however you do it. Don't whine at Microsoft because you let it happen.
And damn my slashdot karma to Hell anyway. I'm sick of this whining: "Microsoft (this), Microsoft (that), Microsoft (whatever)." Lazy bastards. How come MY MOTHER doesn't get spyware or viruses or whatever when she's running only XP Service Pack 1? Without any AV software? Explain that.
It doesn't take a switch to Linux to get Linux-like protection.
Get Win2K or XP and do your daily work as a limited user. Stick with apps that work as a limited user (Yes, this means dumping Quickbooks for Simply Accounting). Ditch or fix the games that need Admin to run and tell your vendors to clean up their act. Take charge of your PC already and stop blaming Microsoft.
It's not like we don't already see spyware installed behind one's back when visiting certain web sites.
Then I'd like to see the first judge that orders you to run your computer as Admin so they can install spyware behind your back.
"I see PCs all the time which have IE up to date as well as have up to date anti-virus software that are *still* plagued with problems. Why? IE vulnerabilities."
Well, I see PCs under my care daily which DON'T have up to date anti-virus software and not even up-to-date patches on IE, yet they still aren't plagued with problems. For two years straight.
Why?
Decent security policies, starting with Limited User access. But that's just IT Staff (me) doing its job properly.
Sophos wants us to update our anti-virus software 8760 times a year. Once an hour every day, every year per computer (!) just to keep up with all of the variants of viruses.
mi2g? Well, they started calling vmyths a hate site. They need no further comment.
Solaris, Netware, Commodore 64s... They'd even have to ban themselves.
Because THEY don't take security seriously.
They'd have to ban the Internet because the Internet was never originally designed with security in mind, rather, it was designed with redundancy in mind.
Rather, they would have to ban idiots. And e-commerce would die because the idiots make up the majority of spenders.
It took decades of horrible deaths on the highways before governments mandated safety regulations in motor vehicles. And "cyber-tastrophies" don't cause deaths, nor have I seen a recorded insurance claim over computer security problems.
As much as I want to make everyone security-aware, I'd rather the Internet's users choose to become security aware. We're not at the point yet where public service and public safety really depends on Internet access. Until then, we'll continue to have the idiots driving on the "information highway."