Slashdot Mirror


User: 99BottlesOfBeerInMyF

99BottlesOfBeerInMyF's activity in the archive.

Stories
0
Comments
10,115
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,115

  1. Re:Lots of misunderstandings here on EU Launches Antitrust Probe Into iTunes · · Score: 4, Insightful

    It is unlawful in the EU to restrict imports and exports from one country to another, because that is in restraint of trade and anti competitive. You can sell it for 600 in Germany and 300 in France. But what you cannot do is prevent the Germans from buying the stuff in France.

    Okay, suppose you're Apple. BMG agrees to license you to make a copy of a Frank Sinatra song within France, providing you pay the $0.30 every time you do so. They agree to let you make a copy of the same Frank Sinatra song within Germany for $0.40 every time you do so. The act of making a copy is the act of allowing a person to download it and is dependent upon where the person doing the downloading is located. EU law enforces copyright separately in each country and just because you licensed the right to make a copy in France for $0.30 each copy, that does not grant you any right to do the same thing in Germany at any price.

    So you offer these songs for sale, with one Website per country and one price per country. Now, because of billing you are given extra information about the likely whereabouts of the downloader. If a person goes to the french store and uses a German credit card, the courts are likely to rule that you (Apple) should reasonably know they are actually in Germany. This means if you let them download the song after paying for a license to make a copy in France, while you know they are probably in Germany, you're just committed an act of copyright infringement and failed to perform due diligence.

    So what exactly do you expect Apple to do? According to EU law the right to make a copy in Germany is different from the right to make a copy in France. If you allow the download with the credit card you've broken copyright law in Germany. If you don't you're running afoul of the EU competition laws. Either way you're breaking the law somewhere.

    To further confuse matters, the record companies have nothing stopping them from providing you with a license that applies in all EU countries as a single license. They just don't want to and while the EU commission ordered them to do so, they ignored the order. Can you see where I might consider both the record companies and the EU the problem here. The record company can solve this by offering the license needed. The EU can solve this by forcing them to do so. Apple and all the other services, however, have no ability to force anyone to do anything. They could choose to close up shop in the EU entirely, or they can break one of the two laws.

  2. Re:Since no ones seems to grasp what this is about on EU Launches Antitrust Probe Into iTunes · · Score: 5, Informative

    What the commission is complaining about, and what may very well be determined illegal under EU law, is restricting the sale of French priced tracks only to people with credit cards issued in France.

    This is called "due diligence" to prevent contributory copyright infringement charges leveled against Apple.

    The EU garuntees free movement of goods, services and people between its member states. Shutting out consumers based on where their cards are issued may well be in violation of this.

    So here's the problem. The right to copy a song onto your personal computer in France is considered, under EU law, a different service than the right to download that same song onto your personal computer in Germany because the right to copy it (copyright) is enforced separately in each country. So if Apple did not restrict the sale of a song from the French store to people with a French credit card, then sure a German could purchase the copyright with their German card, but assuming they are in Germany, it would be illegal for them to actually download the song in Germany, because their license to copy only applies in France and they aren't in France.

    Your mistake is trying to equate a download with a CD, when those two things are treated completely differently by EU law. Under EU law, you cannot transfer a copyright (download license) in one country to another, while you can transfer a copy itself (CD).

    Now, you may disagree, and think that imposing this restriction is not in violation of EU law. Fine. But you are grossly misrepresenting the situaton by claiming the EU commission wants Apple to charge the same amount in every country.

    The EU commission is bringing charges against Apple for selling what EU law defines as different services, for different prices. The problem is most of the people involved only understand things in terms of analogies, like CDs and don't understand that the problem is with EU law and the recording industry's exploitation thereof. Apple has exactly zero power to solve this. If they did as you suggest, they'd simply be misleading people into thinking they had a legal right to download a song, when they almost certainly did not, and as a result Apple would be liable for damages because of their knowingly profiting from this illegal behavior.

    Incidently, I agree with the commission on this one. I think refusing to process a credit card tranaction because the card was issued in a different EU state is probably a violation of the single market regulations.

    It is entirely probable that it is a violation, technically. The problem is that accepting payments from foreign cards is also probably illegal. The EU has created a situation where selling music downloads online, is probably illegal no matter which way Apple chooses to do business. All of this, however, would be a moot point if the EU would simply enforce their own edict that requires the recording companies to offer to sell Apple and everyone else a single license at a single price that applies across Europe, so that the copyright license in Germany and in France were the same service. Right now, under EU law, they are not.

  3. Re:Obvious unfair advantage. on Serenity Trounces Star Wars · · Score: 1

    Let's see of the results hold after Serenity makes a sequel with Jar Jar Binks.

    I think the quality of the characters and the development of them was one of the main ways in which the Firefly series was better than most of the rest of what is out there. Whedon thinks it is okay to kill off comic relief characters once the audience cares about them. If he wrote Jar Jar into the Firefly universe, Jar Jar would immediately begin to develop more realistic traits and behaviors, and Whedon would probably make him more interesting by having something terrible and emotionally scarring happen to him to push him away from a McDonalds toy with an annoying voice and more towards and mentally handicapped person with serious emotional dysfunction and writing that reflects that... then once people started to care about him and think of him as a real person, Whedon would have him senselessly killed by some adolescent with a gun, or maybe suicide at a dramatic moment.

    That is really why Firefly (not necessarily Serenity) really was one of the better shows in recent history.

  4. Re:EU Fines on EU Launches Antitrust Probe Into iTunes · · Score: 1

    just think of the outcry if Apple charged 57% more for iTunes for customers that live in California versus those that lived in Nevada and had a different prices for each USA state.

    Just imagine if the US had laws that allowed the record companies to license music for different prices in different states. I'd say if the US was so stupid as to do that, then they're getting what they deserve, just as the EU is getting what they deserve for not actually enforcing their edict to require record companies to provide a single price for licensing in all of Europe.

    The countries are all 'states' within a unified europe, akin to the united states of america.

    In this regard, no they're not. In the US you register a copyright with the federal government and it applies to all of the US states. In the EU you register a copyright in each country and they have treaties with one another regarding respecting one another's copyrights in some ways. The UK treats copyrights held by French citizens similar to the way they treat copyrights held by US citizens. Until they fix this, they can't expect businesses operating within the EU to ignore that.

    Quite why a digital downloaded product has such a differential is beyond me - the iTunes servers are offshore and so do not fall foul of any 'extra' taxation and the product is identical for all customers.

    Suppose you start a digital music business that sells to all nations. You put all your servers in Korea for some reason. So you decide to sell a very popular song. When you go to the copyright holder they agree to license it for sale in the UK for $0.80 per download and they agree to license it for sale in Thailand for $0.30 per download because they know they can make more from the relatively wealthy UK citizenry and because there is no law stopping them from doing this. What do you, as the digital music store operator do about this? Do you go out of business? Do you sell them at different prices? Do you jack up the price in Thailand to $0.80, knowing that you won't sell any because another company can sell at half that? Do you charge $0.78 everywhere hoping it will all balance out and subsidizing the cost for purchasers in the UK at the expense of Thai citizens?

    I'm really curious here. What is the right thing for you to do? What action, exactly, is it that the EU should sue you for if you're in this crappy situation because of the EU's crappy laws?

    that's not as bad as the sony playstation 3 or Microsoft Windows Vista that both are immensely more espensive in the UK than the USA for identical products.

    The point here is that under EU law a music download in Spain is a different product from downloading the same song in Germany, because of EU law. That is the EU's fault and the fact that the recording industry is exploiting it is also their fault. Going after any retailer over this issue is plain absurd.

  5. Re:I hate Star Wars on Serenity Trounces Star Wars · · Score: 1

    Therein lies the bankruptcy of the argument. People, outside of a narrow group of "SFX readers" and "Angry geeks reading an article about an SFX poll", are not talking about Firefly.

    I disagree. Firefly was the top selling DVD on Amazon for almost a year. My brother is a self proclaimed redneck who hates technology and is not big on sci-fi, but even he mentioned how much he liked it once he saw it re-run on the sci-fi channel. I've actually heard more discussion of Firefly than many other series, including ones that are currently on the air and popular.

    Firefly was, ultimately, a failure, another cancelled serial on Fox during the period where they tried to find something scifi-ish that had universal appeal.

    The sad thing is that, while it has since been pretty well demonstrated that there was real market value in Firefly, it is also clear that TV executives are horrible at figuring out which shows are desired by their viewers and which are not. Fox just picked up their terrible and terribly rated 30 minute comedy news show for a second season. Fox has, several times now, cancelled shows that were later shown to be wildly popular, resulting in angry complaints from fans and incredible DVD sales.

    All this reflects the broken television market. If we could simply move to IPTV where each user bought just the shows they wanted, then producers would have an easy way to judge the profitability of each show. As it is, they're just guessing, and badly. As a result very popular shows will still be canceled because of timing, pre-emptions, and all the other problems inherent in delivery only as part of a bundle of channels.

    The poll may be right or wrong, but it's a surprise to hear something as obscure and unwatched as Serenity beating out something as popular as the Star Wars franchise.

    What are you basing your perception of popularity on? I thought the Serenity movie was so-so, but I also noted it was also the number one selling DVD on amazon for 6 months after it was released. Those are direct sales numbers and while they don't represent the entire demographic of TV watchers, it has a lot more to do with real popularity than either TV ratings systems or television executives decisions about which shows to renew.

  6. Re:EU Fines on EU Launches Antitrust Probe Into iTunes · · Score: 4, Insightful

    Hmm, maybe it's the other way around .. maybe it's just the companies aren't used to play by the law.

    Have you ever looked into the situation. It has been years since the EU ordered the different music licensing cartels across Europe to offer a single, pan-european license and those record company groups have ignored them. Now they're demanding Apple charge the same amount in different countries, when Apple pays a different amount in different countries, because the EU has done nothing about their previous edict. It is idiocy. Should Apple raise prices in some places and lower them in others to cover costs and effectively subsidize pricing in some countries with money from customers in other countries? Does anyone believe Apple will still be selling any music in poorer countries when they're forced to raise prices drastically above what CDs cost in those countries?

    If the EU wants to be one big economic cluster, great. Pass some fricking laws forcing the record companies to charge one flat license fee for Europe and pass some laws requiring all EU countries to tax music the same. Then if Apple is still charging different prices (something they don't want to do in the first place) you can threaten them with legal action.

  7. Re:uhm on Serenity Trounces Star Wars · · Score: 1

    why isn't anyone talking about Dune or something else that is probably 100x better?

    Most of us probably read the book Dune, and so when the TV series and movie aired, we were so disappointed by how much of the important stuff they left out and how they glossed over all the depth, that we tried our best to forget it ever happened.

  8. Re:Serenity/Firefly: overhyped? on Serenity Trounces Star Wars · · Score: 1

    I have always had difficulties understanding the popularity of Firefly.... As for the best SF-TVshow which *does* have an emotional ring to it, that is without any doubt Farscape.

    It's interesting. I really, really liked the Firefly series (movie was so-so) because of the acting and the writing. I hated Buffy, because it was simply too cheesy and the characters were not believable to me and not consistently developed. I went into Firefly expecting the same, but was very surprised to see that Whedon had much improved. The setting may have had inconsistencies, but it was pretty and the characters were believable people. The writing was excellent. It was one of the very few shows I ever saw that had one character misunderstand what another said and then did not belabor that point for the next five minutes to make sure the audience understood what had happened. I can't think of another TV series that has done that and pulled it off or a TV writer who gave his audience enough credit to try.

    In contrast to this, I can't even watch Farscape. The cheese factor is too high. Lots of humanoid muppets who all seem to have the same emotional and intellectual drives as humans and all of whom are played by indifferent actors. I have trouble even watching the episodes of Stargate where those hacks have been imported. Farscape is so painful to watch, that between the bad acting and the cliche, dumbed down writing I prefer to turn the TV off than have it play in the background.

    Maybe the difference between us is that I watch shows for the plot and acting, and the setting and action scenes are less important. With that in mind, I'm constantly disappointed by new sci-fi and fantasy series that are obviously more influenced by the CGI creators than by the writers. I am holding out a little hope that the upcoming HBO series based upon George R. R. Martin's "Song of Ice and Fire" series will manage to accurately translate his elaborate, convoluted plot lines and character development and interactions; but realistically, I'm not sure there is reason for hope. "A wizard of Earthsea" by Ursula LeGuinn was short and fairly simple, but very deep and with excellent character development, but the TV adaption managed to present the worst sort of half-assed dreck possible. I suppose as someone who reads a lot of books, I look at and hope for it to present the same depth and sophistication, and so I am constantly disappointed by watered down versions and writing that aims at the least common denominator of the TV watching populace.

  9. Re:Not at all on A Look at the Compiz and Beryl Merger · · Score: 1

    Have you tried?

    No, I haven't. I'm one of those people who always runs multi-purpose servers for the most part, and as nice as OS X is, I don't trust its reliability as a server, or its flexibility for varied serving needs. If I want to run some oddball Web app or server there is probably a Linux solution. There is probably not an OS X solution and the Linux solution may or may not be easily adapted. Then, I'm also a pretty cheap guy and while I know Xserve is price competitive for what it is, it probably does not exactly meet my needs (or not as closely as Linux running on some other hardware).

  10. Re:Not at all on A Look at the Compiz and Beryl Merger · · Score: 1

    If you believe that all GNU/Linux users will leap on Leopard when it comes out then you are sadly mistaken.

    There are two sides to this. As a Linux and OS X user, each has its place for me. I'm not going to be running OS X for a file server anytime soon. I'm not going to be building devices on top of OS X anytime soon. I doubt I'm going to be using Linux as my primary desktop workstation anytime soon either.

    In the last few years I've seen a huge number of GNU/Linux people move to OS X. Partly I attribute this to OS X becoming an accepted and mature platform for geeks and partly I attribute this to more and more people I know needing more time for work and recreation and less for hacking on problems long solved by Apple. I agree that people are not going to abandon Linux, but I also can see that four years ago I knew a couple of professionals who ran OS X on the desktop and today, I know easily a hundred including a lot of professional Linux and BSD developers. I do fear that Linux on the desktop will develop more slowly since so many people who care about a usable desktop, no longer need to create solution on Linux, as they can just buy a mac.

  11. Re:Good job everyone! on Steve Jobs Announces (some) DRM-free iTunes · · Score: 2, Informative

    Ahh, but apple CAN make that argument!!! Apple is in the top five music retailers... right behind Walmart and Target... Apple and iTunes is NOT trivial anymore...

    Walmart and Target together make up about 45% of sales. Apple's iTMS makes up about 3% last I looked. Just because Apple is in the top 5 does not indicate they have anything close to the power of either Walmart or Target.

    Apple is about to have even MORE power than that!!

    Not really. With the move away from DRM, music and music sales become more of a commodity, not less. Sure Apple may gain some influence, but seeing as they aren't making any actual money on music sales, only on the iPod and Mac sales it enables, I don't see them as any credible threat to the music market and a possible benefit as indy bands are given the same exposure as major labels.

  12. Re:Good job everyone! on Steve Jobs Announces (some) DRM-free iTunes · · Score: 4, Insightful

    Who owns what format is irrelevant, what is relevant is who can play them.

    Agreed.

    DRM'd WMA? Hundreds of different mp3 players from tons of companies.

    Yes, only those people MS is willing to license to and who pay MS. MS can use this to kill off anyone in this space they don't like or degrade service. This means they can prevent Linux from playing most new music, or the mac, or even competing players in the future if they decide to push the Zune.

    DRM'd AAC? ONE mp3 player from ONE company.

    Yeah, no one else has bothered to wrap AAC in DRM, but anyone that wants to can do so and neither Apple nor MS can stop them. More importantly, this also holds true for non-DRM'd versions of the same, which is not the case with WMA.

    How can you claim that Microsoft is trying to control the music industry and Apple isn't, when Microsoft is the only one of the two who implements an open-format DRM scheme to foster interoperability?

    MS does not implement an open format DRM scheme. Their format is closed and their DRM is closed and all of it is proprietary. They simply licensed it temporarily to hundreds of companies who make hardware because they did not have hardware of their own. Now they have hardware and you'll note there are already compatibility problems between the Zune, the Zune store, and other WMA players.

    Look to motivation. Apple has no real way to "take over" the music market. Nothing they have done stops anyone else from doing the same thing. Apple also has consistently made moves to lessen and remove DRM, including making public statements that they would prefer if they could license DRM free music and now their pushing for a label to remove DRM. If their plan was to control the music industry, why would they do this?

    Apple uses music sales as a way to sell iPods and a way to stop MS from leveraging one more market against them. For both those purposes DRM-less AAC or MP3 or another standard works fine. DRM-less WMA, is still an MS controlled format, with MS being the only one who can agree or not agree to some implementation of it.

  13. Re:Good job everyone! on Steve Jobs Announces (some) DRM-free iTunes · · Score: 4, Insightful

    Don't fool yourself, DRM'd WMA and DRM'd AAC serve the same purpose; To attempt to control the online music industry, and to attempt to control what people do with the music they buy online.

    Apple doesn't own AAC. It is a standard, like MP3. MS does own WMA and has patents on it. Apple is close to having monopoly influence with their iPod product. MS has monopoly influence with Windows. Apple bundles AAC with iPods. MS bundles WMA with Windows. Can you objectively look at what this implies?

    Apple got into the music business to counter MS's takeover via a proprietary format. They had to include DRM because a cartel runs the show and required it, but Apple managed to negotiate looser restrictions than anyone previous to them. I doubt Apple even planned to make it big with the iPod. I think they saw it as a way to stop MS from locking macs out of the new generation of music and making them second or third class players. Apple still does not significantly benefit from DRM, which is why they have been pushing to remove it. They don't need a lock-in for their player since most people don't use Apple supplied music anyway. The customer confusion and bad press probably costs them more than the lock-in makes them.

    Microsoft or Apple could demand DRM-less music and record industries would have to comply, because they know they would lose tons of money to piracy or lack of purchasing if they didn't.

    MS might be able to make such a demand, but I doubt it. Apple sure can't. Online music sales are still a tiny fraction of the market and the RIAA is not afraid of breaking the law as they've proved numerous times. For MS, DRM is a benefit as it adds more lock-in to Windows, which is what they care about. To Apple, it is a detriment because they don't make any money on the music itself and they've already done everything they can to mitigate the lock-in.

  14. Re:Players on Steve Jobs Announces (some) DRM-free iTunes · · Score: 3, Informative

    What players, besides iPod, support the non-DRM AAC format?

    From Wikipedia:

    • Microsoft Zune
    • SanDisk Sansa e200R
    • Sony PlayStation Portable (PSP)
    • Sony Walkman (Walkman)
    • Sony Ericsson phones such as the P990, K800, and the Walkman-branded W series music phones such as the W950 and the W810 support MP4 files with audio encoded using AAC-LC, HE-AAC v1 and HE-AAC v2.
    • Palm OS PDAs
    • Nokia Nseries multimedia phones
    • Sony PlayStation 3
    • Windows PCs

    I imagine a few more hardware vendors will now be looking to try to add support, however.

  15. Re:Don't play dumb. on AppleTV Becomes OSX Workstation · · Score: 1

    If a paint manufacturer put a label on the paint can seal that was 'accepted upon opening' that stated that you couldn't use the paint except on PaintCo Brand Wood, would we call 'pirate' painters criminals or would we all just laugh in unison at PaintCo for misunderstanding freedom?

    For your analogy to be be consistent with the current market, some other company would have to have a monopoly on paint and have tied that paint monopoly to other markets. All wood would ship pre-painted with that other paint company's paint and a significant part of your lumber purchase price would go to paying that other paint company.

    What Apple is doing is playing by the rules of the game. EULAs are generally accepted as valid in the computer industry. Thus Apple uses the EULA as a way to cement their hardware/software bundle. Without a bundle of this sort, Apple dies because MS's monopoly kills them. I'm all for invalidating EULAs via the courts, but I have no illusions that it will change any practical concerns. Apple will still need to cement their bundle, so they will go one of two routes. Either they will tie them with hardware enabled DRM and online checks or they will simply stop selling their OS as a stand alone product at all and include a "subscription" to OS X with every computer while raising their prices to cover that, or requiring a yearly payment or whatever. In any case, it won't stop OS X from being bundled with hardware. The only real way to to that in the long term is to break MS's monopoly. Unless that monopoly becomes significantly weaker or is broken altogether, OS X and Macs will be bundled or Apple will be forced out of the personal computer and desktop OS business.

  16. Re:I dont get it? on AppleTV Becomes OSX Workstation · · Score: 2, Funny

    doesn't say that % of system has to be be Apple Hardware. It doesn't say that the machine in question has to be an Apple. It says "Apple Hardware".

    From what I've read, it doesn't say that either. I believe it was "Apple labeled personal computer" or some such and I believe it does have a legal description of what that refers to.

    So yes. A hackintosh is legal, as long as you have a piece of "Apple Hardware" on it, such as an Apple Keyboard.

    Anyone who gets their legal advice free on Slashdot, probably gets what they paid for.

  17. Re:I Call April Fools on EMI May Remove DRM From Parts of Catalog · · Score: 1

    The idea that Apple would sell non-DRMed music is laughable.

    Not really. Apple makes money selling iPods. They run their music sales business as break even as a way to sell more iPods. Unlike the computer market, where hardware is a commodity and Apple's differentiator is software, music is a commodity. I think last time I looked only 15% of iPods had any music from the iTMS on it, with the rest coming from CD rips and filesharing. Further, Apple advises all users to back up purchases onto non-DRMed CDs right after they are purchased. So the only "lock-in" is the small number of people who both bought from iTMS and did not back up and who do not want the hassle of burning and re-ripping. Remember, Apple was the first company to get the record companies to allow a way to burn to CD and bypass the DRM in the first place. Why would they fight to get that if they're concerned about lock-in and how do they benefit from this lock-in?

    Apple is not afraid to let the iPod compete on its own merits. They don't need DRM lock-in and the inconvenience caused by DRM to users and the bad press they get probably costs them more money than what they make from users too lazy to bypass the DRM who buy an iPod only for that reason.

    If Apple really wanted to strip DRM from some of their music, they would have already done so for the labels that are begging for it.

    Because you know what contractual obligations Apple has to the RIAA members? Please post the confidential "trade secret" contracts Apple has with those RIAA labels so that we can see none of them include a clause saying Apple can't offer any non-DRMed music without permission from that label, and I'll take your argument seriously. Otherwise, you're just talking from a position of ignorance.

  18. Re:So you monopoly is the main problem... on AV Software Isn't Dead, But It's Not Healthy · · Score: 1

    But the problem I have here is the simple fact that *this* is the current reality.

    There are avenues for change. One is the courts acting to stop MS and fix the market. Another is MS's monopoly eroding as Linux takes the business world and/or OS X grabs a big chunk of the home user market. We shall see.

    You are probably correct to assume there would be a different response to security if it was in the hands of the larger community. But things can get thorny there too. Q&A (which slows down the release cycle). Project forking. Compatibility. Right now Linux is good, but it's hard to know what the mainstreaming (if Linux was ready) of Linux would result in. Dumbing down? Certainly. Some concessions to security for convenience? Likely.

    I have a lot of faith in the power of greed. If Linux were in use by everyone, it would fork in a hundred directions and companies would be investing in it in order to get their slice of the money people pay for a computer system and accompanying services. The thing is, all the forks and companies would be striving to outdo one another and give users what they wanted, be it security or usability or both and good solutions would emerge because somebody would be making big bucks if they got it to work.

    Linux mostly follows a what? 20 or 30 year old security model?

    That's just the thing. "Linux" is a broad category. Some Linux distros, maybe even most have pretty antiquated security models, but some are cutting edge. If malware exploded on Linux causing a problem for users, guess what all the distro maintainers would be focusing their efforts on. Whether they are paid corporate developers or a hobbyist they have an interest in making their box secure, and they'd pull in some really cool, but mostly unused tech to do it.

    If we saw widespread Linux adoption *today* the most interesting thing about it would not be how it is, but how it would adapt. Because honestly for that kind of use, Linux and the existing security model isn't good enough either.

    We'd probably see the cutting edge stuff move to the mainstream. That means trust levels, certificates in repositories, MACLs, active scanning and a lot more tech you only see today at the NSA or some other security minded location. And none of this is necessarily going to decrease usability. Much of it makes things easier on the average user than Windows does today. Double clicking an executable on Windows today, might mean my computer is turned into a spam bot. That is not usable. If instead my OS in the background checked it against a malware list and a whitelist and restricted it in a sandbox by default so that did not happen, well that is more usable, not less.

    But locking down a system *still* requires you know more about the software then most people should care to (default services/software patching/configuration/basic use).

    Good defaults, AV like subscriptions, and pre-configurations by security experts can go a long way towards letting the experts secure your box for you.

    More importantly, I can treat my users with respect and help them have the best possible experience even under somewhat adverse circumstances. How frequently do you think my XP system has been compromised? Or yours for that matter?

    I agree we have to deal with what we have and make the best of a bad situation sometimes. I just think that equating security on Windows and Linux without accounting for the underlying motivational difference is a mistake. As for how often my XP box is compromised, well it is running in VM with internet access that needs to be enabled every time I use it and is filtered through another OS with better security. I also reset it to a known good image for every use, aside from one directory of only data. The issue, however, is not how secure either of our XP boxes is, but how secure the average person's computer is and what we can do to make that a better situation.

  19. Re:yes you're dead on on AV Software Isn't Dead, But It's Not Healthy · · Score: 1

    No in terms of a client only solution it's a dead end. Any of you are relying whether you recognize it or not on, a desktop firewall, an AV scanner, a spyware scanner, a local router, an ISP that scans 'something' or maybe a corporate LAN with its own perimeter and/or email protection. The fact that you are not egregiously harmed on any one day is indicative of all the other work and horsepower that goes on behind the scenes.

    I agree that it is not the only place efforts should be focused, ideally, but neither is it something we should abandon. In future I still suspect there will be honeypots and honeynets and large scale scans, but the main use of AV type services will be when a client runs an executable. After all, that is the only time it can really do any damage. A quick check of just that executable against the blacklists and whitelists and whitelists with accompanying restrictions, certification, and recommendations. That is not too resource intensive.

    Avast running an 'average' scan on a 17GB partition takes about 25 minutes give or take. Spybot takes 9-11 minutes on the same partition (60,000+ checks) The writing is on the wall - eventually these bulk approach tools are either going to take too much time or take much heuristic horsepower.

    That is because you're scanning all your data periodically instead of checking your executable when you run it. This is mostly because OS's do not have built in support for the latter, but there is no reason why they should not.

    Better we all convert to a BSD or *Nix core before it's too late. At least we'll have a few years head start.

    BSD and *Nix are a bit ahead right now, but more important in my opinion is simply to move away from a monopolization of the market so OS development becomes competitive, innovative, and responsive. The WinNT core is a fine basis for such a system, if the market was not monopolized and the players had a real financial interest in competing to solve the problem.

  20. Re:Why reputation-based approaches suck big time on AV Software Isn't Dead, But It's Not Healthy · · Score: 1

    Why reputation-based approaches suck big time. All it takes is for a user to get pissed off at your software and mark it down on the list for the ball to get rolling.

    Having multiple, competing commercial and free sources for information, preferable with a user definable weighing system, solves that problem. Users who have to deal with incorrect information move to more accurate services, or weigh them more heavily. Capitalist competition can work here, unless MS creates the system, then you will locked in to just their data, which will suck.

    Same thing applies to spam. I know people who cannot be bothered to unsubscribe from mailing lists. Instead, they just mark it all as spam, not even caring that they signed up for the stuff in the first place!

    This is a usability problem, not an inherent problem with reputation based systems. If it was easier for users to unsubscribe from a list than it was for them to mark something as spam, you'd probably see users accidentally trying to unsubscribe from spam lists and failing. The real issue here is that Webmail providers and customize e-mail client developers have a vested interest in making spam marking easy, but not so much in making mailing lists easy to use and manage.

  21. Re:You have to trust something on AV Software Isn't Dead, But It's Not Healthy · · Score: 1

    nit-pick with an otherwise interesting comment: very few virus writers are doing it for fame and 1337ness points these days. They're here for the money.

    Amusingly, the same an be said for graffiti to some degree. More and more graffiti is corporate sponsored advertisements, from Sony or MS or some hip clothing label.

  22. Re:Right. Because Linux is perfect... on AV Software Isn't Dead, But It's Not Healthy · · Score: 1

    Blaming Windows on security problems cart-blanc seems pretty ridiculous...

    I disagree. Almost all major or widespread security problems are the result of Windows and their domination of the market and the fact that because of their monopoly they have no financial incentive to fix the problem, while they are the only ones in the position to do so.

    ...but *as* a systems admin I'm sure you know the security/usability trade-off...

    As a person with extensive experience in both usability and security, I call BS on this. The idea that usability and security are inherently opposed is tripe. Security is making sure the computer only does what the user wants and not what someone else wants. Usability is enabling the user to easily do what they want and not do things they don't want. Usability and security are complementary. Some security measures decrease usability, especially notably broken and ineffective security measures. Many technological decisions are made that decrease usability under the assumption that they will increase security, but objective analysis usually shows this is not true. You have to take the user and interface into consideration when planning security or you're just taking measures to shift the blame instead of increase real security.

    I'm tired to death of hearing this tired old false assumption trotted out again and again. A huge part of MS's security problem right now is that they've ignored the user interface component of it. "OK/Cancel" dialogue boxes that operant condition people to click "OK" reflexively is not a good security design and decreases real security because it is not usable.

    Do you think because Linux distro's do things slightly differently that with mainstream adoption they would have such an easier time or simply become a more mainstream target?

    If Linux had 60% market share for home users tomorrow, in a month malware on Linux would be almost as bad as it is on Windows now... but 6 months later the problem would be all but eradicated as Linux developers implemented new security measures to counter the problem and Linux would hold its own in the arms race that would ensue. This is because of the licensing of Linux. Linux will never wield monopoly influence in the market because it can always fork and lock-in is almost impossible with GNU licensed code. That means while right now MS has little or no financial incentive to fix the malware problem (Windows users generally can't/don't switch or even know there are other options when exploited), Linux developers would always have that incentive because the users are the developers and they are always going to be competing with other distributions.

    I certainly won't start trying to strong-arm my friends and family into using *my* operating system of choice. I'd rather have them follow a few basic security measures that they can take with them across operating systems

    I agree you can't solve this problem from the bottom up. The root problem that needs to be solved is that the desktop OS market is monopolized and thus there is no competition for our money and no innovation and responsiveness to customers' needs because of that competition. Solving the malware problem is fairly simple. Break MS into multiple companies each with full rights to Windows and forbid them from having any unmonitored communication. They'll fight tooth and nail to make Windows secure fastest and best and Linux and other OS's will be right there fighting it out with them. That is how users will win and OS's will win the fight against malware in general.

  23. Re:yes you're dead on on AV Software Isn't Dead, But It's Not Healthy · · Score: 1

    Screw AV it's dead end. Take all that time and resource and brainpower and focus on making the OS stronger and hackproof.

    There are two items to address with your comment. First, only MS can secure the OS and they have little incentive. Lots of commercial companies have a financial interest in solving the malware problem, but they cannot fix the core of the OS as you propose. To solve this, we need to fix the broken, monopolized desktop OS market.

    Second, I don't think AV services are a dead end. Rather, I see subscriptions to information feeds about software, both blacklists and whitelists and more advanced variations thereof, as a vital role in a truly secure OS. No one has the time to test all the software they run and see if it is well behaved. No one has the time to audit all the code they will run, even if it is open source. There is definitely a place for selling the service of investigating software and telling end users how trustworthy it is and what it should be doing and how it should be restricted by the OS and signing and certifying it. There is also a place for selling this same service as applied to Web sites, network hosts, and online services in general.

    The trick is, for such services to be truly effective there must be a competitive marketplace so the data is useful (MS is undermining this now with Defender) and it must integrate sensibly with the OS such that the OS can act directly on the information provided (which requires either MS starts to care or MS is ousted).

  24. Re:This is Crazy Making! on AV Software Isn't Dead, But It's Not Healthy · · Score: 1

    Because with mass installations of Linux distros, we'll still be facing the same problems -- just with a different OS. Don't think that Linux has no holes. The biggest security advantage wrt viruses etc that Linux has now is small market share. If 90 % of the world used Linux, then I'd bet that *Windows* would be effectively (not inherently) more secure than Linux.

    I think you're dead wrong on all points. Sure Linux benefits from having a small market share, but that is not the main factor. The biggest problem with Windows security is that MS has a monopoly on desktop OS's. As such, MS has no real motivation to respond to and solve users' security problems. When a user's Windows box gets infected, they don't look at other options because every computer in the store is running Windows. If somehow the user finds out about Linux, the chances are they still have to buy a copy of Windows to get their hardware and that means MS got paid. If MS lost customers and hence money because of the malware problem, they would solve it.

    Linux, even if it had 90% of the market, would never wield monopoly influence in the market because of the licensing. If there was one Linux distro with all that share and malware on Linux got terrible and the developers ignored the problem, someone would fork it and solve the problem and nothing would stop users from moving to the new, secure distro because it is free and the software still works and there is no lock-in.

    I'm sure that Windows is inherently less secure than Linux -- but it wouldn't really matter if it were the Linux holes being exploited by the majority of malware.

    It would matter a great deal because Linux would adapt to solve the problem by adding layers of security and granularity of security and new services and technologies. Signing, certification services and blacklists, MACLs, active scanning, whatever it takes Linux developers would do it because those developers have a direct financial interest in securing the boxes. MS has no such financial incentive. The idea is called a capitalist free market, which brings competition and innovation. The base problem with Windows security is not their design principals, it is that they have broken capitalism with a monopoly and like the former soviet union, the consumers are suffering for it.

  25. Re:Effort going in the wrong places on AV Software Isn't Dead, But It's Not Healthy · · Score: 1

    Think about it. Symantec is a billion dollar company selling a product that barely works. Nobody is spending that kind of money making operating systems more secure.

    Symantec is a billion dollar company spending money to make money. MS has not such motivation to fix their OS since if it is insecure, people have to buy it anyway... it is the only thing in Walmart or K-mart or 90% of all stores.

    The real threats are subtle, until it's too late. The commercial computer security industry does not get this at all, and doesn't want to.

    The commercial "security" industry has given up Windows as a lost cause. No credible security person who wants a secure server or workstation considers Windows a viable option. There is plenty of work being done on real security, like SELinux based solutions. The problem is you're looking at the "fixing the worst of Windows insecurity" market instead of the security market.