Granted, that's the way to stay out of trouble, but sometimes getting things done requires risking some trouble. I'm speaking in the abstract here, not necessarily referring to these kids.
Please note that by do nothing I meant (and hopefully you did understand this) is do not go and try to hack on your own. You can still voice your complaints as usual which is doing something.
If that is still not good enough for you, do not complain when you go to jail. Do not complain when the people who did it go to jail. Again, this is akin to being a vigilante - and that is simply not permissable.
I am not familiar with Marcinko's incident so cannot comment on it.
You feel that breaking the law may be needed. I feel, when it compromises certain pieces of data (classified, my social security number and other perosnal information) it is wrong.
For example, lets say someone felt they needed to crack into IBX to prove to IBX that their security is faulty. While I trust IBX with my confidential data, do you think I trust this good somaritan? No I do not. He circumvented the system and I do not know what he is going to do with that data. Maybe he will destroy it, maybe he will do something bad with it. Maybe someone will hack him.
More like Civil disobedience at its worst. These people were not complaining about a bad legal system, unfair practices, etc they were trying to prove the security system was bad. While a noble act - they simply failed to do the proper thing and get permission - and that makes them guilty. In other words what if they saw the medical records of the students at the HS. Now they find out one of the kids in their class has HIV. Now they, in confidence, tell their friends this - everyone in the school knows this kid has HIV and he gets treated as an outcast...what a shame that would be.
If after you have done the job you still get penalized - sue the living tar out of them and show your contract.
Not that hard, especially for someone smart enough to hack; and I would presume that they have heard some of these "nightmare" stories, and seen EULA's, etc.
The problem is, how will that someone know what is releasable and what is not? Also classified data is probably in a more secure system then non-classified - hence classified.
In the end, the person needs to go through the proper channels or get in trouble. Imagine if it was publicized that you knew how to easily crack into the DoD....who do you think will get you first? The DoD, the CIA, the FBI, or some terrorist group that will ensure you help them out.
The only way people responsible for these computers would risk jailtime was if they did something grossly negligent with the intent of hurting our nation...just making an honest mistake will not net you jailtime...it probably won't even get you fired...they will just say "learn and try not to repeat."
If someone contacts them privately, they might lock up that person in jail as a "national security risk" and add some security-through-obscurity rather than a fundamental fix.
That is very understandable...if you do not have the proper security clearance, how are they to know you won't leak out the information (on purpose or accident)? Classified material is that way for a reason - and if someone wants to try and crack into a known classified area without permission they deserve what they get.
My g/f quickly realized the other night that when I am in my Counter Strike zone there is no amount of hooter jiggling and butt shaking she can do to get me awayfrom the key board...well maybe if she brought a friend in but that ain't happening.
I used to make fun of people who did that. They would go to McDonalds get a burger and fries and a diet soda. Then Irealized - they want a burger and fries - and those things are not the healthiest. But they are still trying to cut back, and every calorie helps so that is why they get diet soda.
I get diet soda because I can't stand the taste of regular soda (too sweet for me).
Now when I went to see the Phantom Menace in theaters, we were in line. And this very large girl 250+lbs (and about 5'4) walked out of the movie theatre with one of those SUPER popcorn buckets, a large box of snow caps, and a super soda. My brother promptly made fun of her....I laughed - ok so I am a mean SOB.
We have so many extra keyboards and mice (new ones). When a new employee starts we ensure there desk is cleaned ( a bit of windex) as well as there computer. If their keyboard/mouse is nasty/faded we give them a new one.
I once worked for a bank, and the keyboard was so bad that I bought a bottle of isophoryl alcohol and spent the next two hours cleaning each and every key separately. I had the computer of the former head teller who would drop food on the floor and let it sit there for days.
Demonstrating to them that the system is not secure doesn't work, because they don't want to believe the problem is with the system -- which implies that the administrators are the problem
It is not that they do not want to know there is a problem, and its not that they aren't willing to fix it. It is the fact that the person did not follow proper protocols. Much of that information is under "lock and key" and allows for people with specific authorization (NDAs, bonding, security clearance, etc). By gaining access to this information w/o getting this clearance you broke their security measures. And they may have to (per their contracts, insurance, law) prosecute you. OR they just want to show that doing this sort of thing without permission (it is sort of like being a vigilante) is not acceptable.
Really I have no sympathy for intelligent people who fail to utilize a little bit of judgement. There are plenty of articles out there that show people who get in trouble for doing these things (i.e. this article).
Would you feel so cavalier about this if, instead of say MS files, someone busted into the DoD and got information about Nuclear Weapons. And then if the person said "but i safely destroyed the files" would you still be comfortable about it?
You need permission to do these things. If they won't give you permission, but you are adamant, then you need to create your own similar system and show them the flaw. Or find someone in the organization who will give you the time of day... And if all else fails, and it really is a high-risk situation (i.e. security hole in the DoD database) then you can make it public by going to the media (they love this gossip).
Haven't people learned, by now, that even if you have the best intentions at heart - doing this things will result in you getting in trouble. If you really want to test the security of an organization, get their upper management authorization (hell you could even make a profit).
If they were smart about it (and they have to be somewhat smart to do this) they could have spoken to their principal/advisor and gotten sanctions to do this - potentially earning some kind of HS credit or an award from the the school.
I know your trying to be funny - but realize other people take this stance and think it's insightful
And then you gotta ask --- does MS get the Viruses passing by their desk before it is released to the public --- sort of like our/. editors getting the articles (and having to approve them) before it goes public.
is auto-download. People do not want to have to go and download updates, they want it done for them. There should be an option for this. Nowif there is such an option, my appologies - i just haven't seen one.
And then it would look like a submarine from today - except its a space submarine. Unfortunately, even our real modern day space shuttles equipment looks more high-tech then the original series. My computer has a more high-tech look. We cannot blame them on having better set equipment.
Thats because Picard is more diplomatic. Picard wins. I would give Sisko second. Shatner dead last...be..cause....i...can't....sta...nd....hea....ring....him....spe...ak.
The modification was done at little or no cost to existing car owners. I think the threat of multiple lawsuits was the primary consideration with the pricing of this issue. In other words, Audi paid.
So was it at little cost to the existing car owners or at no cost? While people can sue for anything (any maybe Audii figured it is not worth the legal fees) does not make it right that the car company should have to do this for free. Maybe they did it because of cost/benefit - but again that is a flaw with our legal system.
I think software viruses should not be an issue in the first place
FOr that to happen, you better get rid of the evil hackers in this world. There is no 100% secure OS out there and it is nigh on impossible to build. Someone will find a security hole, or they will make one appear via various tricks. Also viruses are not in the scope, always, of security holes. Sometimes they make their own (i.e. person runs a virus which modifies the OS). This is not the fault of the OS but of the user.
In one sense you're right. Microsoft has every right to sell operating systems with seriously flawed security models
I never said nor implied this.
Microsoft could no more blame virus hackers for their unreliable OS, than Yamaha could blame a bump in the road for a rider losing his balance. Both are things which must be accounted for in design.
MS is not blaming virus hackers for their vulnerable OS - MS is blaming virus hackers for making software to corrupt their software. Yamaha designs a bike - if the road is so bad that severe hole is there - when the bike hits it - it is not Yamaha's fault, but the fault of the people who maintain the road.
Totally agreed. For example - I do not think I will ever see the product "Turkey Bacon" receive a Kosher/Parv symbol. Why is that? Because it has the word Bacon in it. It does not matter that it comes from turkey and will follow kosher guidelines - all that matters is the name.
My implication is that now they are diverting resources
How do you know it is diverting resources or they are just hiring new people? Or shifting people from some other defunct project?
Flight Simulators:)
You liked this?
How sad is it that they spend 80 million designing something that does not work nearly as well as Spybot or Adaware
They didn't design this, they bought it from Giant for 80 million. And it is actually much better then spybot or adaware.
Who DOESN'T fix their own security holes for free?
Some companies give you a years worth of patches/updates for free...from then on you have to subscribe. That is not the issue. They are doing it. So you should commend them for that.
Yes, but in many cases, those viruses would not be possible (or at least as devastating) had MS not done so poorly on security
Again, MS does do a lot of QA - but the best QA - no matter what the program - is real life - which can't happen until the software is released to the real world (no not the stupid show);)
The only difference is that none of these companies are providing the software that suffers from the vulnerabilities these evil hackers exploit.
I think this is irrelevant and moot. Obviously Norton is not offering an OS. But MS is not offering a virus. They are offering a program to fight them.
but their history over the years regarding security
And they are trying to fix mistakes. At some point we need to get over it. Nobody is saying forget what they have done - but in all honesty people here on/. REFUSE to give MS any slack what-so-ever. Even when MS does something good, someone always belittles them. It is grossly unfair on our part..
If part of their attempt to turn themselves around and repair the problem that they bear some responsibility for involves making money off their own mistakes, that is where I take exception.
They are...their free patches that I am sure they spent a lot of time and effort on; the free anti-spyware program...hell they are even giving free licenses of windows to people who bought illigitmate windows copies from venders.
Tritium is not safe because of its casing, it is safe because it is extremely low radiation that cannot penetrate human skin
Juggle some tritium in your hands and nothing will happen to you - sleep with it and nothing will happen. Eat it or let it into your blood stream and then you are in trouble... But then again let regular battary acid into your blood strream (or ingest it) and you are in trouble there too.
Not running a personal firewall makes you foolish, unless you are running it at another level (i.e. your router). And if you are running it at that level you were trying to bait me which makes you an ass.
Being savvy is not the issue. Spyware can be well hidden, and it never hurts. If you think you are some guru and you can avoid spyware/worms/viruses without those protection programs -- well keep thinking that.
I am cautious, and I can say that in all my years of computing (from 1987+) until today I have never gotten a virus installed on my computer.
Did they install the part or just design it and offer it as an upgrade for a fee?
Also, that is a one time deal where this will be an ongoing thing with no end in sight.
Also, even if they gave it for free - why does that mean MS is responsible to give it for free? Anti-virus software is not training wheels. Training wheels are just that TRAINING materials. So a user guide with "steps you should take to help your computer". They already do this. They also have that security center which lets you know if: 1) you do not have a firewall or 2) do not have a virus protection tool.
No MS is not responsible for the virus hackers nor are they responsible to give anti-virus programs for free.
One thing you need to realize about QA testing - especially for insanely large and complex programs - is the best QA testing happens in the actual field. Even when they beta-test their software it is still no-way in comparisson as when it hits the major market. Every program will have this problem - including your favorite OSS programs like Linux, and Firefox. Saying I'd also be impressed if they could stop introducing new ones is kind of wishful thinking. I hope Linux and Firefox also produce flawless software- but they won't...nobody will. It is fairly impossible. Even if you have the brightest and best minds working on the problem - someone will always find a loophole.
I would be more tickled if they abandoned the idea of marketing antivirus and antispyware tools and instead tried making their OS more secure
They have been doing this for years. Every time they release a patch/update they are trying to make their OS more secure. So I do not understand what you are trying to imply. Now why can't they hire more people and do extra things? Why are you trying to limit them to one specific function: an OS. Microsoft's largest product is WIndows, but it is not their only product - nor do I think it "should" be.
And I am frankly a bit concerned with the idea of MS profiting from these vulnerabilities.
MS is not profitting from these vulnerabilities. First they anti-spyware program that they spent $80 million for and they are giving it away for free. Second they patch holes for free - when was the first or last time Windows Update asked you to pay for the patches? Third They didn't write the viruses - evil hackers did. They are working to prevent these evil hackers and they have a right to make a profit on it - just like McAfee, Norton, Computer Associates, etc.
Without turning to a trollish fighting (i prefer debating points) but in this case it seems you are just attacking MS because of who they are.
Its inaccurate - or as i said, does not compare apples to apples.
The portion of Company A selling to Company B. MS fixes many of its flaws for free (you cannot deny this). In fact any known security holes it works on and releases. Maybe not as fast as some would hope, but it does it.
And a better analogy:
Company A sells a widget to Company B. Stranger comes to sabatoge the widget. Company A sells Company B a detection system that will help stop the stranger.
Again while MS has its flaws it did not create these viruses. While MS can fix flaws as they find it, it is a bit different with preventing viruses short of using an anti-virus program.
Users should know a respectable amount about their machines. For example: I buy a car and part of my obligations (for the betterment of my car) is to get oil changes, tranny oil changes, tune-ups, break-checks, etc. If I do not do these things I will quickily find that my: engine seizes, transmission dies, car runs crappy, and I can't stop my car to avoid hitting the old lady pushing a baggage cart.
Now the difference between a car and a comptuer (other then the obvious) is price. People look at their $600 computer and say "eh" people look at their $20k+ car and say "hold the phone".
I do not expect the everyday user to be an expert - but I do expect them to have a bit of knowledge and take some precautions (get that anti-virus, anti-spam, firewall) and don't open strange files.
I was going to edit your analogy because it sucks - then I realized the whole house analogy is just plain stupid because it does not compare Apples to Apples, I don't even think you are in the same species.
Slashdot Mirror
Granted, that's the way to stay out of trouble, but sometimes getting things done requires risking some trouble. I'm speaking in the abstract here, not necessarily referring to these kids.
Please note that by do nothing I meant (and hopefully you did understand this) is do not go and try to hack on your own. You can still voice your complaints as usual which is doing something.
If that is still not good enough for you, do not complain when you go to jail. Do not complain when the people who did it go to jail. Again, this is akin to being a vigilante - and that is simply not permissable.
I am not familiar with Marcinko's incident so cannot comment on it.
You feel that breaking the law may be needed. I feel, when it compromises certain pieces of data (classified, my social security number and other perosnal information) it is wrong.
For example, lets say someone felt they needed to crack into IBX to prove to IBX that their security is faulty. While I trust IBX with my confidential data, do you think I trust this good somaritan? No I do not. He circumvented the system and I do not know what he is going to do with that data. Maybe he will destroy it, maybe he will do something bad with it. Maybe someone will hack him.
More like Civil disobedience at its worst. These people were not complaining about a bad legal system, unfair practices, etc they were trying to prove the security system was bad. While a noble act - they simply failed to do the proper thing and get permission - and that makes them guilty. In other words what if they saw the medical records of the students at the HS. Now they find out one of the kids in their class has HIV. Now they, in confidence, tell their friends this - everyone in the school knows this kid has HIV and he gets treated as an outcast...what a shame that would be.
Protocols are easy to follow:
1) Ask for permission (in writing)
2a) If you do not receive permission do nothing.
2b) If you receive permission do the job
If after you have done the job you still get penalized - sue the living tar out of them and show your contract.
Not that hard, especially for someone smart enough to hack; and I would presume that they have heard some of these "nightmare" stories, and seen EULA's, etc.
The problem is, how will that someone know what is releasable and what is not? Also classified data is probably in a more secure system then non-classified - hence classified.
In the end, the person needs to go through the proper channels or get in trouble. Imagine if it was publicized that you knew how to easily crack into the DoD....who do you think will get you first? The DoD, the CIA, the FBI, or some terrorist group that will ensure you help them out.
The only way people responsible for these computers would risk jailtime was if they did something grossly negligent with the intent of hurting our nation...just making an honest mistake will not net you jailtime...it probably won't even get you fired...they will just say "learn and try not to repeat."
If someone contacts them privately, they might lock up that person in jail as a "national security risk" and add some security-through-obscurity rather than a fundamental fix.
That is very understandable...if you do not have the proper security clearance, how are they to know you won't leak out the information (on purpose or accident)? Classified material is that way for a reason - and if someone wants to try and crack into a known classified area without permission they deserve what they get.
My g/f quickly realized the other night that when I am in my Counter Strike zone there is no amount of hooter jiggling and butt shaking she can do to get me awayfrom the key board...well maybe if she brought a friend in but that ain't happening.
I used to make fun of people who did that. They would go to McDonalds get a burger and fries and a diet soda. Then Irealized - they want a burger and fries - and those things are not the healthiest. But they are still trying to cut back, and every calorie helps so that is why they get diet soda.
I get diet soda because I can't stand the taste of regular soda (too sweet for me).
Now when I went to see the Phantom Menace in theaters, we were in line. And this very large girl 250+lbs (and about 5'4) walked out of the movie theatre with one of those SUPER popcorn buckets, a large box of snow caps, and a super soda. My brother promptly made fun of her....I laughed - ok so I am a mean SOB.
We have so many extra keyboards and mice (new ones). When a new employee starts we ensure there desk is cleaned ( a bit of windex) as well as there computer. If their keyboard/mouse is nasty/faded we give them a new one.
I once worked for a bank, and the keyboard was so bad that I bought a bottle of isophoryl alcohol and spent the next two hours cleaning each and every key separately. I had the computer of the former head teller who would drop food on the floor and let it sit there for days.
Demonstrating to them that the system is not secure doesn't work, because they don't want to believe the problem is with the system -- which implies that the administrators are the problem
It is not that they do not want to know there is a problem, and its not that they aren't willing to fix it. It is the fact that the person did not follow proper protocols. Much of that information is under "lock and key" and allows for people with specific authorization (NDAs, bonding, security clearance, etc). By gaining access to this information w/o getting this clearance you broke their security measures. And they may have to (per their contracts, insurance, law) prosecute you. OR they just want to show that doing this sort of thing without permission (it is sort of like being a vigilante) is not acceptable.
Really I have no sympathy for intelligent people who fail to utilize a little bit of judgement. There are plenty of articles out there that show people who get in trouble for doing these things (i.e. this article).
Would you feel so cavalier about this if, instead of say MS files, someone busted into the DoD and got information about Nuclear Weapons. And then if the person said "but i safely destroyed the files" would you still be comfortable about it?
You need permission to do these things. If they won't give you permission, but you are adamant, then you need to create your own similar system and show them the flaw. Or find someone in the organization who will give you the time of day... And if all else fails, and it really is a high-risk situation (i.e. security hole in the DoD database) then you can make it public by going to the media (they love this gossip).
Haven't people learned, by now, that even if you have the best intentions at heart - doing this things will result in you getting in trouble. If you really want to test the security of an organization, get their upper management authorization (hell you could even make a profit).
If they were smart about it (and they have to be somewhat smart to do this) they could have spoken to their principal/advisor and gotten sanctions to do this - potentially earning some kind of HS credit or an award from the the school.
I know your trying to be funny - but realize other people take this stance and think it's insightful
/. editors getting the articles (and having to approve them) before it goes public.
And then you gotta ask --- does MS get the Viruses passing by their desk before it is released to the public --- sort of like our
is auto-download. People do not want to have to go and download updates, they want it done for them. There should be an option for this. Nowif there is such an option, my appologies - i just haven't seen one.
And then it would look like a submarine from today - except its a space submarine. Unfortunately, even our real modern day space shuttles equipment looks more high-tech then the original series. My computer has a more high-tech look. We cannot blame them on having better set equipment.
Thats because Picard is more diplomatic. Picard wins. I would give Sisko second. Shatner dead last...be..cause....i...can't....sta...nd....hea.. ..ring....him....spe...ak.
The modification was done at little or no cost to existing car owners. I think the threat of multiple lawsuits was the primary consideration with the pricing of this issue. In other words, Audi paid.
So was it at little cost to the existing car owners or at no cost? While people can sue for anything (any maybe Audii figured it is not worth the legal fees) does not make it right that the car company should have to do this for free. Maybe they did it because of cost/benefit - but again that is a flaw with our legal system.
I think software viruses should not be an issue in the first place
FOr that to happen, you better get rid of the evil hackers in this world. There is no 100% secure OS out there and it is nigh on impossible to build. Someone will find a security hole, or they will make one appear via various tricks. Also viruses are not in the scope, always, of security holes. Sometimes they make their own (i.e. person runs a virus which modifies the OS). This is not the fault of the OS but of the user.
In one sense you're right. Microsoft has every right to sell operating systems with seriously flawed security models
I never said nor implied this.
Microsoft could no more blame virus hackers for their unreliable OS, than Yamaha could blame a bump in the road for a rider losing his balance. Both are things which must be accounted for in design.
MS is not blaming virus hackers for their vulnerable OS - MS is blaming virus hackers for making software to corrupt their software. Yamaha designs a bike - if the road is so bad that severe hole is there - when the bike hits it - it is not Yamaha's fault, but the fault of the people who maintain the road.
Totally agreed. For example - I do not think I will ever see the product "Turkey Bacon" receive a Kosher/Parv symbol. Why is that? Because it has the word Bacon in it. It does not matter that it comes from turkey and will follow kosher guidelines - all that matters is the name.
Perception is everything.
My implication is that now they are diverting resources
:)
;)
/. REFUSE to give MS any slack what-so-ever. Even when MS does something good, someone always belittles them. It is grossly unfair on our part..
How do you know it is diverting resources or they are just hiring new people? Or shifting people from some other defunct project?
Flight Simulators
You liked this?
How sad is it that they spend 80 million designing something that does not work nearly as well as Spybot or Adaware
They didn't design this, they bought it from Giant for 80 million. And it is actually much better then spybot or adaware.
Who DOESN'T fix their own security holes for free?
Some companies give you a years worth of patches/updates for free...from then on you have to subscribe. That is not the issue. They are doing it. So you should commend them for that.
Yes, but in many cases, those viruses would not be possible (or at least as devastating) had MS not done so poorly on security
Again, MS does do a lot of QA - but the best QA - no matter what the program - is real life - which can't happen until the software is released to the real world (no not the stupid show)
The only difference is that none of these companies are providing the software that suffers from the vulnerabilities these evil hackers exploit.
I think this is irrelevant and moot. Obviously Norton is not offering an OS. But MS is not offering a virus. They are offering a program to fight them.
but their history over the years regarding security
And they are trying to fix mistakes. At some point we need to get over it. Nobody is saying forget what they have done - but in all honesty people here on
If part of their attempt to turn themselves around and repair the problem that they bear some responsibility for involves making money off their own mistakes, that is where I take exception.
They are...their free patches that I am sure they spent a lot of time and effort on; the free anti-spyware program...hell they are even giving free licenses of windows to people who bought illigitmate windows copies from venders.
Tritium is not safe because of its casing, it is safe because it is extremely low radiation that cannot penetrate human skin
Juggle some tritium in your hands and nothing will happen to you - sleep with it and nothing will happen. Eat it or let it into your blood stream and then you are in trouble... But then again let regular battary acid into your blood strream (or ingest it) and you are in trouble there too.
Not running a personal firewall makes you foolish, unless you are running it at another level (i.e. your router). And if you are running it at that level you were trying to bait me which makes you an ass.
Being savvy is not the issue. Spyware can be well hidden, and it never hurts. If you think you are some guru and you can avoid spyware/worms/viruses without those protection programs -- well keep thinking that.
I am cautious, and I can say that in all my years of computing (from 1987+) until today I have never gotten a virus installed on my computer.
The military uses tritium in Lensatic compasses and it poses no harm. Though the running joke is that no guy should put one next to his crotch.
Did they install the part or just design it and offer it as an upgrade for a fee?
Also, that is a one time deal where this will be an ongoing thing with no end in sight. Also, even if they gave it for free - why does that mean MS is responsible to give it for free? Anti-virus software is not training wheels. Training wheels are just that TRAINING materials. So a user guide with "steps you should take to help your computer". They already do this. They also have that security center which lets you know if: 1) you do not have a firewall or 2) do not have a virus protection tool.
No MS is not responsible for the virus hackers nor are they responsible to give anti-virus programs for free.
One thing you need to realize about QA testing - especially for insanely large and complex programs - is the best QA testing happens in the actual field. Even when they beta-test their software it is still no-way in comparisson as when it hits the major market. Every program will have this problem - including your favorite OSS programs like Linux, and Firefox. Saying I'd also be impressed if they could stop introducing new ones is kind of wishful thinking. I hope Linux and Firefox also produce flawless software- but they won't...nobody will. It is fairly impossible. Even if you have the brightest and best minds working on the problem - someone will always find a loophole.
I would be more tickled if they abandoned the idea of marketing antivirus and antispyware tools and instead tried making their OS more secure
They have been doing this for years. Every time they release a patch/update they are trying to make their OS more secure. So I do not understand what you are trying to imply. Now why can't they hire more people and do extra things? Why are you trying to limit them to one specific function: an OS. Microsoft's largest product is WIndows, but it is not their only product - nor do I think it "should" be.
And I am frankly a bit concerned with the idea of MS profiting from these vulnerabilities.
MS is not profitting from these vulnerabilities. First they anti-spyware program that they spent $80 million for and they are giving it away for free. Second they patch holes for free - when was the first or last time Windows Update asked you to pay for the patches? Third They didn't write the viruses - evil hackers did. They are working to prevent these evil hackers and they have a right to make a profit on it - just like McAfee, Norton, Computer Associates, etc.
Without turning to a trollish fighting (i prefer debating points) but in this case it seems you are just attacking MS because of who they are.
Its inaccurate - or as i said, does not compare apples to apples.
The portion of Company A selling to Company B. MS fixes many of its flaws for free (you cannot deny this). In fact any known security holes it works on and releases. Maybe not as fast as some would hope, but it does it.
And a better analogy:
Company A sells a widget to Company B. Stranger comes to sabatoge the widget. Company A sells Company B a detection system that will help stop the stranger.
Again while MS has its flaws it did not create these viruses. While MS can fix flaws as they find it, it is a bit different with preventing viruses short of using an anti-virus program.
Users should know a respectable amount about their machines. For example: I buy a car and part of my obligations (for the betterment of my car) is to get oil changes, tranny oil changes, tune-ups, break-checks, etc. If I do not do these things I will quickily find that my: engine seizes, transmission dies, car runs crappy, and I can't stop my car to avoid hitting the old lady pushing a baggage cart.
Now the difference between a car and a comptuer (other then the obvious) is price. People look at their $600 computer and say "eh" people look at their $20k+ car and say "hold the phone".
I do not expect the everyday user to be an expert - but I do expect them to have a bit of knowledge and take some precautions (get that anti-virus, anti-spam, firewall) and don't open strange files.
I was going to edit your analogy because it sucks - then I realized the whole house analogy is just plain stupid because it does not compare Apples to Apples, I don't even think you are in the same species.