I get where you're going and I agree. Unfortunately due to the state of third party software for Windows, it will probably take until "windows 2045" for the false positives to finally die down to a point where a warning prompt actually garners serious attention from the average user.:(
One of the interesting things about the OS market is that MS's monopoly gives them huge power to make major changes. If MS had specified in Vista that all software will ship with a certificate and an ACL or it will be running in restricted sandbox with the olde fashioned WinXP looking interface and MS themselves had gone through and made certificates and ACLs for the top 5000 software packages on the market, then we'd be looking at about 3 years until most users are at the state I described. I specified 2045 because I have no confidence that MS has the capability or motivation to actually do this and fix the security problem. To them, the average customer gets their machine infected, throws it in the trash and hits it with a hammer and goes to the store to get a new one, and all their options are Windows machines, so they just pay MS again. MS loses nothing when users' machines are compromised so they won't bother fixing the problem.
At a certain point, networking requires trust in order to realise it's potential benefits... We must rely on community, the most robust tools we can devise, and (finally) building our own web of trust based on things we have found to work. These issues are fundamental to the human condition and (like all social problems) cannot be resolved by technology.
I agree with most of your comment, at least in principal. I think one of the most important ways the industry needs to jump if it is going to make the malware problem a minor inconvenience or a rarity, is to build tools to harness the intelligence and trust of others, be they communities, formal organizations, or commercial enterprises.
OS's need to start relying upon the amount of trust given to a piece of software or network service and restricting them appropriately based upon that level of trust. Channels for "voting" on how much some software or service should be trusted need to be made open and user configurable. And by "voting" I don't mean individual people should be voting on if some software is reliable. I mean the user should be subscribing to intelligence feeds from malware watchdog groups, commercial anti-malware services, OS vendor provided services, and online communities. The end user should be responsible for deciding who they trust and the OS should be responsible for translating that trust into one consolidated policy for restricting the access given to Web sites, applications, network services, etc.
I want to be able to get a random executable in my e-mail inbox, double click on it to run it, and have the OS discover if it is signed, if it is certified, if it matches any malware signatures, and what level of trust it should be given based upon a merge of several different information sources to which I have subscribed. Then I want the OS to automatically apply an ACL to that executable or even run it in a VM, based upon the ACL included in the application (if present) the ACL my OS has specified for that trust level/app type, and the ACL suggestions from said information services. I want all this to happen more or less in the background with me just double clicking it.
I honestly think that until such a system is build into mainstream OS's the malware problem will continue, full speed ahead. The problem with this is only Microsoft is in a position to really do this because of their monopoly and their position as the only real target for current malware. Further, I don't think they are capable of doing it because of the way they are organized. They don't lose enough money when their users are compromised because of their monopoly. Their entire business is built on lock-in instead of quality, so they would almost certainly implement a signing/certifying system that locked user into them, and thus provided mostly useless information since there would be no competition among providers. They have repeatedly shown themselves incapable of taking security seriously and when UI is a vital part of security they have never, ever shipped anything that was not a disaster.
My only real hope for the malware situation to be contained is encroaching OS X on the desktop and encroaching Linux in business that might break their choke hold long enough for someone else to do it right, or for MS to be forced to compete to survive, resulting in a real change in Redmond. Without antitrust laws being enforced, however, it is a long shot.
I don't think you understand the mindset of the average user. If user downloads "dancing bunnies.exe (or.rpm if some other OS was dominant), and the MAC in the OS causes it to not work, then to them, the computer is not doing what it is supposed to do.
So here's the thing. You've been using Windows 2045 for a year or two now and you've never, ever been prompted by the OS to let any program do anything and it has all worked. You, the average user, tries to run said dancing bunnies and the OS says, "This program is completely untrusted and its origin cannot be confirmed. It wants access to your e-mail address book. (Stop it from reading e-mail_address.db)(Let it read e-mail_address.db)(Always let it read e-mail_address.db)(Advanced Options)"
What does the average user do? If they don't expect it to read their e-mail addresses they will probably stop it from so doing. If the program will not run without said access, the OS tries again, in the background invisible to the user and hands the program a dummy file full of randomly generated address info, or just within a dummy VM. Assuming this does not work, the user who really needs to see the bunnies, reruns it and allows it access to that and to set up an e-mail server. In the worst case this too fails and the user, frustrated with it not working, disables all the security and runs it again allowing it to root his machine, but this will still not show the user the bunnies. So what has happened? The most foolish user on the planet manually disabled the security and gained nothing and has learned the expensive lesson that the security is not the problem. Once their computer has been shut down by the ISP and cleaned they will know next time that disabling the security will still not let them see the bunnies.
Such a system can still be defeated, but malware of the type you describe would not live long or spread far, especially once user become accustomed to using such a system and not getting millions of spurious false positive warnings. The way around such a system is to trick users into running a program that the user thinks is supposed to have access to the resources it will be abusing, but that is a lot harder. Not many users want to install a new e-mail program, or IRC client, so the ability for that type of trojan to spread is very limited. Further, since the OS will need to be accessing trust databases for signatures and certifications, it is easy to add a signature based malware list as well making it even harder for that type of trojan to last more than a few days.
There will always be malware. Implementing MAC in the way I described, however, is reasonably secure enough to stop all but a tiny amount of it and is what MS should have started building in 1998 when the malware scene exploded. If they had to worry about customers moving to the competition it is exactly what someone would have created.
Well it can protect against unknown exploits, but a very substantial percentage of malware is user initiated - i.e. they download it and execute it on purpose.
That is part of what MAC controls are specifically designed to address. A user who intentionally downloads and runs some software does not know if it is trustworthy or what it is doing. That is the problem. Someone downloading a shareware game or utility don't expect that to read their list of e-mail addresses or that it will start sending huge amounts of outgoing e-mail. The fact that they don't have info on its trustworthiness, or what it is doing and that it can do these things by default if it is untrustworthy without the user being informed is the main problem.
With a well designed MAC system a user downloads and runs some malware as usual. But when they run it the system checks several things. Was it pre-installed or user installed? Is is signed? Is it certified? Does it include an Access Control List. From this the computer determines how trustworthy it is. A pre-installed text editor like Wordpad might be given the highest level of trust, while some commercial Adobe app is trusted slightly less while some shareware is trusted even less, while some malware is given the lowest level of trust. Between the included ACL and the ACL for the trust level, the computer decides what that downloaded application can and cannot do without asking the user for more permission. This means if you download some shareware game, it will probably never run afoul of either ACL and the system will be invisible to the end user. This is even more likely once MAC is built in and on by default in an OS because developers will try to avoid triggering it and bothering the user. At the same time a malicious program downloaded probably will run afoul of an ACL because it will try to read your e-mail address book, or set up an outgoing mail server, or gain root access. Once such a system is common malware developers will also try to avoid triggering it, but this will seriously limit the capabilities of any malware they write, probably making them unprofitable.
In a properly designed system, it should ask the user only in very rare instances unlike the current mess that is Windows dialogue box hell. People will need to allow a program to take an action if they are installing a new mail client, or installing some sort of text or image editor that also is not signed by a reputable, known company or organization. There will still be trojans, but they will all have to actually trick the user into thinking their behavior is legitimate, instead of just performing those behaviors silently in the background. This makes them much more limited and the social engineering component a whole lot harder (in addition to breaking all the current malware).
Things like MAC will *not* protect idiots. People want control over their computers. If you try and sell them an "appliance", they will not buy it. That's the problem.
I disagree. Things like MAC in combination with a few other technology certainly will protect "idiots" especially if by "idiots" you mean normal people who just want a tool that works. Why would you assume MAC would make a computer an appliance? It in no way removes the ability of people to do what they want, it simply adds more control.
...as a consumer this doesn't make sense. I like the idea of picking what shows I want to watch, but I actually don't want to own most of them. If the Apple TV allowed me 'rent' a show, I would buy one in a second. Or if I could pay a monthly fee (say: 10 shows subscription), again, I'd totally bite. But paying premium to own something I plan on only watching once has absolutely no appeal to me. It's too expensive.
Content is the hard thing here. In order to really move to IP based television (which would bring many advantages) the incumbents of content creation need to be persuaded or replaced. I remember reading somewhere that $3 a month from every adult American would be enough money to finance the creation and distribution on DVD of every currently produced TV show in the US. So something like $10 a month for permanent access to all the television show you like would not be an unreasonable rate if production was democratized and there was fair and free competition. I don't see Apple ever really bringing content to the people, be it music or video until the expense is something reasonable and the cartels currently running the show are ousted.
So, which consumer OS does that in it's default configuration?
Who claimed any ship with it enabled by default? The consumer (desktop) OS market is monopolized. There are basically three players of any note, MS Windows, Apple OS X, and Linux distro of choice. Of these three the latter two are almost never attacked by malware, making such a system unnecessary at this time. It would be nice, and there are functional systems for both that can be added on, although they are not as polished as if they were built in defaults. At one point a MAC and signing framework were on the Mac OS X 10.5 feature set, but they have vanished from the public docs. The real problem is that only MS has a huge malware problem and hence a need for this, and MS is not exactly renowned for innovation or security or usability or creating technologies that solve their user's problems instead of allow MS to gouge them more.
the tivo is cheaper if you don't pay for the subscription, which is not needed to record shows. you just need to know the time and date of what you want to do and you don't get the guide feature. tivo's interface is extremely easy to use.
So you can either have a crappy interface that makes you manually look up and program in the times, or you can pay an expensive subscription. No thanks. My PVR lets me choose any subscription program guide I want, including Web based, one that are free with a few banner ads. Also, with the Tivo you need a Cable TV subscription to get the shows in the first place, while with the AppleTV you buy the individual shows you want (more granularity but higher prices per show although at there are no ads.)
i just don't see the point. there's other products out there (like tivo) that do a lot more. i just don't see the point in buying one.
The AppleTV and the Tivo both target people who are looking for really, really easy to set up and use stuff. The AppleTV does not do a lot I want, but my parents could use it. Tivo, likewise only has half the functionality I want and is crazy expensive. I'm not going to buy either, but they are both in the same boat as far as I'm concerned.
But others are installed by user action, either when the user installed something else, or as a result of the user being tricked into running a program. This second type will never go away, no matter how secure the OS is, and it could affect a Linux or MacOS user just as easily as a Vista noob. As they say in tech support, the problem is between the chair and the keyboard.
I strongly disagree with this. There will always be exploits and trojans, the point is not to make them impossible, but to make them very rare and hard to exploit. With Vista, MS has finally pulled their security almost up to the granularity of user accounts, which was too little granularity many years ago. That does not mean others cannot do better. Look at an SELinux setup. The user downloads and installs an application they think is one thing, but which is secretly some sort of malware. With Vista it can do whatever the user can do. With SELinux, it cannot even do that, but is restricted to a subset of actions, like writing only to its own files and not overwriting other programs or your personal files or connecting to the internet. In order to make this work there need to be changes to the way application designers make applications and there need to be methods put into place to enforce those restrictions (access controls), ways to determine the "trust" of applications (signing, certifications), and default settings and ACLs that make most of it invisible to a user. This all begins with rejecting the flawed design models that equate running software, with letting software do anything it wants, even if only one in ten thousand people really want to let any software they install start up an e-mail server.
The only way to make a computer idiot proof, is to make it so that new binaries cannot be loaded onto the system. Computers are not toasters.
Toasters aren't idiot proof either and people kill themselves with them every year. That in no way excuses the fact that Windows does not have a sufficiently secure design to perform normal tasks in a normal environment in which it is likely to be placed. Believe it or not, some OS's let you run arbitrary binaries, by default, without giving those binaries access to do any useful, malicious activity.
Didn't he say at the World Economic Forum at Dovos that as many as 25% of all machines connected to the internet were infected? That strikes me as a whole lot more than 1.2 million
The summary was misleading. 1.2 million was the number tracked by a given group, in contrast to 500,000 they saw with the same honeynets last week. It is not meant to be a total count and the article title should have read, "botnet activity triples from last week." I just happen to have access to (as far as I know) the largest chunk of realtime traffic analysis data on the planet from a project run by some of my coworkers. Doing some quick and dirty math Mr. Cerf's numbers are not entirely implausible. I'm not saying they're right, just that I can't with certainty contradict his assertion and he's not entirely out of the ballpark anyway.
I get much broader access to content. Yes, iTMS has a lot of shows I watch; but cable has all of those shows plus a whole slue more that iTMS doesn't offer and probably won't for a while (various Discovery shows, Good Eats, How Its Made, etc).
It is true content is king, but with your Comcast service you can watch what is playing on a channel now, what your PVR knew to grab for a while, and stuff you pay for each viewing. The future will tell if that collection is better than whatever content Apple pulls together, including no longer running shows and exclusive content.
If not, I can grab first run movies that I am to impatient to wait for via NetFlix.
Netflix is offering streaming now (in some areas) so you don't have to wait. It will likely be one more channel for content.
I like to throw The Office on in the background to remind me why I work at home
This is why I don't see "channels" going away. People like to throw "something" on TV and playlists or collections or channels or whatever will be necessary for a a market winner.
People complain about Comcast, but they have been wonderful to me. The PVR functionality built into the cable box has a crappy interface compared to a TiVo, but it is perfectly serviceable and only $5 a month
Do you really believe that? It costs you $5 and a chunk of money hidden in your Comcast subscription. Basically Comcast is using their market position to undercut the market by inflating the price of a cable subscription while undercharging for the PVR. In the long run, you're screwing yourself over. Comcast's goal in the world is to make money by insuring you watch as many commercials as possible and pay as much for content as possible. A PVR manufacturer's job is to make money by making you happy, via making you see as few commercials and pay as little for re-watching shows as possible. Those goals are diametrically opposed. If people support Comcast's bid to leverage their regional cable monopolies into dominance in the PVR market, they will end up with a PVR with as limited of functionality as possible and which will make you see as many commercials as possible. Comcast is being strategic here, if consumers are not then Comcast will win and we'll suffer for it.
In short, the Apple TV doesn't really excite me. As exciting as it sounds like on paper...
I don't think it sounds exciting on paper at all. I'm hoping, however, that it does end up being better than I anticipated. The ipod did not sound exciting on paper either.
Now, if it could play video off of YouTube or Google Video, or if it could shoot WMV or DIVX files to my TV.. I would be all over it in a heartbeat.
I'm sure Youtube and the like will not be an issue, at least not for long. Either someone will make a conduit or Google will step up and make a deal with Apple. As for other formats, well that is a harder question to answer and anyone's guess. Personally, I already have an old machine serving as a media center and displaying on my TV, so AppleTV brings me basically nothing.
I was not aware of that, but it makes no difference. We were discussing what features in Vista a normal user would understand and appreciate. A normal user would have no idea how to get XP's indexed search working and would probably be afraid to try. It might as well be a third party application like Google desktop which the average user might be willing and able to install (although many might not). Out of curiosity, what file types does it support? I actually use spotlight to search my "Windows" files since I run XP in a VM on top of OS X.
No aspect of Exchange is "built into" anyone's "Windows desktops".
Outlook Express, now renamed "Windows Mail" shipped with every one. In Vista there is now a calendar application as well. Also, there is the MS Office integration, although MS has fought long and hard to make sure no lawsuits that might see MS Office declared a monopoly ever reach a verdict, being careful to settle them all out of court.
So, is it fair to summarize your position that you think he can successfully exploit the third-party card, but can neither find nor exploit the built-in wireless driver?
No. I'm of the opinion that he exploited the third party card, but tried to play it up as though maybe he was exploiting the built in too, but had not actually done so and found it harder than he anticipated. Then he refused to make a proper statement and waited until Apple released a patch for the vulnerabilities they found in their audit. He then looked at the patch to find the vulnerability and quickly coded a crash of that vulnerability, but not a proper exploit because either he did not have enough time or he did not find it as easy as he hoped.
I have little doubt that with enough time he could have found the problems in Apple's built in drivers and possibly even coded exploits for them. Based on his behavior however, I don't believe that he did. I think he found one in the third party driver, then tried to make it sound like more than it was, then tried to put something together to salvage a little of what was left of his reputation after Apple released a patch for vulnerabilities they found independently.
If you're a windows user, and you got Vista with your computer or whatever, and it does what you need it to, then there's no real drive to switch or investigate other options.
I agree.
What has always boggled me is the number of people who jump on one bandwagon or another... like those I know who bought Vista simply because it was newer.
This is very understandable from a psychological perspective. Humans are social critters. Anything the average person does that makes them different from the herd, like running Linux or OS X or even Vista right now, is something they are likely to be defensive about. Socially, different is bad. To compensate and to help justify their purchasing decisions and defend their ego, people tend to vigorously defend their difference to the point of becoming angry or being motivated to persuade others (ego again).
The problem is the combination of these two factors. People are vigorously defending a choice, but most people are ignorant as to the reality of the differences they are defending. Being ignorant makes people even more defensive and often louder in their opinions and you get the OS war type discussions so common on message boards.
So overall, I use linux a lot, XP still fairly often, 98 fairly often (old work machines), Vista rarely, and OSX on the odd occasion that I play with a Mac at one of the sites at work.
On my laptop right now I'm running OS X, with WinXP and Kubuntu running in VMs for particular applications. It works fairly well and gives me a good insight into all three platforms and how they differ. I tested Vista during the beta, but it is not stable enough yet for everyday work. I would like to comment on one particular OS fan phenomenon I like to call the "Mac switcher." Time and again I've seen long term Windows users buy a Mac for the first time and you can't get these people to shut up about it for about 6 months. It seems to me that in addition to defending their choice and being different these people are often amazed that they spent so long on Windows not knowing that a lot of the things they took for granted are actual problems with the OS, which they don't need to deal with on a Mac. They get so excited about this revelation they go into revivalist preacher mode and try to preach the message to the masses, usually with limited success. The next time you hear an OS X fan who just keeps going on and on, ask them when they got their first OS X machine. Odds are it was within the last couple of months.
Is interesting anyways, how people is not complaining about Apple iTunes not supporting wma.
Apple does not support WMA because as soon as they do, MS has won the war to be gatekeeper of music. WMA is proprietary and only companies that pay MS can encode them or play them in hardware or software. MS will literally be able to charge a toll on all music and be able to shut out anyone they want. Would you like to switch to Linux, oops, no music for you. Would you like to buy a game console, oops Sony's PS4 and Nintendo's Wii2 can't play all the music you have. Apple saw it coming and jumped into the market to stop the Mac computer from being one of those devices locked out of music in the next few years. They did so by creating a competing solution with fewer restrictions they got the RIAA to buy into.
The conclusion is, once again, that both Microsoft and Apple want to win a war of digital music formats...
I disagree. Apple does not want to win the DRM-music war. They want to stop MS from winning. Apple makes basically nothing on music. They run their store at break even as a way to promote their hardware and stop MS. They have publicly endorsed the removal of all DRM in an attempt to pressure the RIAA to go for it or the government to force them. Apple uses an open industry standard format (AAC is mpeg 4 audio codec, mp4) with DRM added on. Get rid of the DRM and it is cheaper for Apple to deal with and easier for customers who Apple wants to buy music so they are more likely to buy iPods.
I'm opposed to DRM in general and closed DRM in particular, but from my point of view, Apple saved all our butts by jumping in when they did and blocking MS. That is why I don't complain about them specifically, although I do complain about MS's illegal leveraging of their monopoly to push DRM and about the RIAA who is also pushing it.
I hate to nitpick, but you're talking about SINGING. The grandparent is talking about MUSIC, and he is absolutely right. Most common people do not have access to INSTRUMENTS, the things which produce MUSIC.
Generally singing is considered one form of music, but even ignoring that there's this neat technique called "whistling" that has been popular for a little while now. Also the reed whistle, flute, horn and drum all predate even the earliest forms of writing. People were beating rhythms on hollow trees long before the concept of currency was invented.
I don't have a UI or performance comparison of the three, but I've had a list of advantages and disadvantages for each platform running for a good 6 months or more and I've twice posted it in Slashdot forums for comments and additions. If I was planning on picking an OS for some use I sure wouldn't be picking based just on how pretty it is. I'd want to know the feature set and what works and what doesn't and what is better on one platform than another. I've learned about a number of features in Vista I did not know about from the comments of several people, but the conclusion I've drawn is that for the most part, people just pick an OS and use it and don't have a good idea of what other platforms are capable of, even here on Slashdot. It makes for a lot of pointless arguments about how "surely my favorite OS is better at this even though I've never learned how to do that same task on any other OS made in this decade."
Maynor finally presented some of the evidence recently at Black Hat Federal.
I saw what Maynor presented there and it sure wasn't evidence. He presented a half-finished bit of code that could possibly be finished and used to exploit a Mac that had not had the patch applied. It was quite obviously a quick and dirty first pass are reverse engineering Apple's patch by someone without the time or skill to do it properly or in a useful way. It was also obviously not what was presented originally which had been fleshed out to actually work on a different vector in the third party driver.
Apple has now extended their monopoly to include pretty much everything Apple branded...
Congratulations. Your post is so stupid it make me spill my soda while laughing out loud at what a moron you are. You obviously don't know what a monopoly is, but you somehow assume you know better than all the lawyers and economists in the world and for some reason your uninformed opinions must be correct. I actually read your post twice looking for the "ha ha I'm kidding no one is really this dumb" comment. Comedy gold.
It sounds good, but the problem then becomes: how do you define what is a public good? And who gets the last say in this definition, and why?
The people of course, and not just a simple majority. We have a constitution and bill of rights for a reason. More specifically, you need only hold the ISPs to a standard of impartiality such as would be expected of any contractor working on behalf of the taxpayer. The government has already stepped in supposedly on behalf of the people and taken our money and built networks which were then given away. It has granted geographical monopolies to certain companies. It has granted certain companies immunity from the law in exchange for acting as impartial common carriers. It makes sense to me that we actually hold them to that standard to act impartially or rescind their immunity, don't you think?
There are some interesting features of Vista, but none that can impress the computer illiterate folks other than: "Hey, it's pretty!". Tell computer illiterate people about...
All the things you mention are not end user features. Its like trying to sell a new car by telling people it has a steel, helix manifold, instead of that it will go 10MPH faster than last year's model. Almost everything you list fits in the category of "it won't break as much" or "it will run faster." But any given feature does not determine the overall reliability or speed so those features may or may not allow vista to be of any overall benefit to the end user.
Aside from "it's pretty" why not try talking about how you can search quickly and for stuff that is inside the files, not just for the names. Or you could talk about the included software they won't have to buy now. Or you could talk about how you can set the sound for each application. You know, end user features, that people might care about.
For whatever reasons, AboveNet thinks that the owners of those IP addresses are bad-guys, for some definition of bad-guys. Your ISP, or did you mean hosting provider, is listed among the blocked IP addresses. Careful distinction here: your ISP (or hosting provider) is blocked, not your IP address specifically.
I feel your argument has fallen apart at this point. The ISP was blocked specifically because of the user's IP. The definition of "bad guy" was that they were providing a perfectly legal service and exercising free speech.
So, my suggestion to you is to get a new ISP or hosting provider. Quit whining and take action.
Sigh, way to miss the point. He can get whatever IP he wants, but if they consistently block whatever CIDR that is from all their customers, without those customers knowing it, then they have effectively prevented his message from reaching people, across networks funded with out tax dollars, because of blocking by a company that is specifically granted immunity to laws that would make them liable for publishing or transporting materials specifically under the auspices that they are simply impartial transmitters of data.
Do you understand the relationship between rights and power and responsibility? Either an ISP does not take responsibility for content and lets anyone communicate or they do take responsibility for content and exercise their right/power to stop content they don't like. They can't have it both ways. If they are going to filter the speech and business of someone they don't like, then when they don't filter the speech and business of child pornographer they should be held responsible for that as well and go to prison.
Freedom for ME, none for YOU. Especially if YOU are an ISP.
Well, if you're an ISP and built your network using money the government gave you which they took from me under threat of prison time, I'd say I ethically should have some say in how my money is used. Also, if the government is granting you special exceptions from laws that restrict my actions, under the claim that it is because you're providing a public good, well maybe you should be held accountable when your actions are demonstrably not in the public good in that particular way.
One of the interesting things about the OS market is that MS's monopoly gives them huge power to make major changes. If MS had specified in Vista that all software will ship with a certificate and an ACL or it will be running in restricted sandbox with the olde fashioned WinXP looking interface and MS themselves had gone through and made certificates and ACLs for the top 5000 software packages on the market, then we'd be looking at about 3 years until most users are at the state I described. I specified 2045 because I have no confidence that MS has the capability or motivation to actually do this and fix the security problem. To them, the average customer gets their machine infected, throws it in the trash and hits it with a hammer and goes to the store to get a new one, and all their options are Windows machines, so they just pay MS again. MS loses nothing when users' machines are compromised so they won't bother fixing the problem.
I agree with most of your comment, at least in principal. I think one of the most important ways the industry needs to jump if it is going to make the malware problem a minor inconvenience or a rarity, is to build tools to harness the intelligence and trust of others, be they communities, formal organizations, or commercial enterprises.
OS's need to start relying upon the amount of trust given to a piece of software or network service and restricting them appropriately based upon that level of trust. Channels for "voting" on how much some software or service should be trusted need to be made open and user configurable. And by "voting" I don't mean individual people should be voting on if some software is reliable. I mean the user should be subscribing to intelligence feeds from malware watchdog groups, commercial anti-malware services, OS vendor provided services, and online communities. The end user should be responsible for deciding who they trust and the OS should be responsible for translating that trust into one consolidated policy for restricting the access given to Web sites, applications, network services, etc.
I want to be able to get a random executable in my e-mail inbox, double click on it to run it, and have the OS discover if it is signed, if it is certified, if it matches any malware signatures, and what level of trust it should be given based upon a merge of several different information sources to which I have subscribed. Then I want the OS to automatically apply an ACL to that executable or even run it in a VM, based upon the ACL included in the application (if present) the ACL my OS has specified for that trust level/app type, and the ACL suggestions from said information services. I want all this to happen more or less in the background with me just double clicking it.
I honestly think that until such a system is build into mainstream OS's the malware problem will continue, full speed ahead. The problem with this is only Microsoft is in a position to really do this because of their monopoly and their position as the only real target for current malware. Further, I don't think they are capable of doing it because of the way they are organized. They don't lose enough money when their users are compromised because of their monopoly. Their entire business is built on lock-in instead of quality, so they would almost certainly implement a signing/certifying system that locked user into them, and thus provided mostly useless information since there would be no competition among providers. They have repeatedly shown themselves incapable of taking security seriously and when UI is a vital part of security they have never, ever shipped anything that was not a disaster.
My only real hope for the malware situation to be contained is encroaching OS X on the desktop and encroaching Linux in business that might break their choke hold long enough for someone else to do it right, or for MS to be forced to compete to survive, resulting in a real change in Redmond. Without antitrust laws being enforced, however, it is a long shot.
So here's the thing. You've been using Windows 2045 for a year or two now and you've never, ever been prompted by the OS to let any program do anything and it has all worked. You, the average user, tries to run said dancing bunnies and the OS says, "This program is completely untrusted and its origin cannot be confirmed. It wants access to your e-mail address book. (Stop it from reading e-mail_address.db)(Let it read e-mail_address.db)(Always let it read e-mail_address.db)(Advanced Options)"
What does the average user do? If they don't expect it to read their e-mail addresses they will probably stop it from so doing. If the program will not run without said access, the OS tries again, in the background invisible to the user and hands the program a dummy file full of randomly generated address info, or just within a dummy VM. Assuming this does not work, the user who really needs to see the bunnies, reruns it and allows it access to that and to set up an e-mail server. In the worst case this too fails and the user, frustrated with it not working, disables all the security and runs it again allowing it to root his machine, but this will still not show the user the bunnies. So what has happened? The most foolish user on the planet manually disabled the security and gained nothing and has learned the expensive lesson that the security is not the problem. Once their computer has been shut down by the ISP and cleaned they will know next time that disabling the security will still not let them see the bunnies.
Such a system can still be defeated, but malware of the type you describe would not live long or spread far, especially once user become accustomed to using such a system and not getting millions of spurious false positive warnings. The way around such a system is to trick users into running a program that the user thinks is supposed to have access to the resources it will be abusing, but that is a lot harder. Not many users want to install a new e-mail program, or IRC client, so the ability for that type of trojan to spread is very limited. Further, since the OS will need to be accessing trust databases for signatures and certifications, it is easy to add a signature based malware list as well making it even harder for that type of trojan to last more than a few days.
There will always be malware. Implementing MAC in the way I described, however, is reasonably secure enough to stop all but a tiny amount of it and is what MS should have started building in 1998 when the malware scene exploded. If they had to worry about customers moving to the competition it is exactly what someone would have created.
That is part of what MAC controls are specifically designed to address. A user who intentionally downloads and runs some software does not know if it is trustworthy or what it is doing. That is the problem. Someone downloading a shareware game or utility don't expect that to read their list of e-mail addresses or that it will start sending huge amounts of outgoing e-mail. The fact that they don't have info on its trustworthiness, or what it is doing and that it can do these things by default if it is untrustworthy without the user being informed is the main problem.
With a well designed MAC system a user downloads and runs some malware as usual. But when they run it the system checks several things. Was it pre-installed or user installed? Is is signed? Is it certified? Does it include an Access Control List. From this the computer determines how trustworthy it is. A pre-installed text editor like Wordpad might be given the highest level of trust, while some commercial Adobe app is trusted slightly less while some shareware is trusted even less, while some malware is given the lowest level of trust. Between the included ACL and the ACL for the trust level, the computer decides what that downloaded application can and cannot do without asking the user for more permission. This means if you download some shareware game, it will probably never run afoul of either ACL and the system will be invisible to the end user. This is even more likely once MAC is built in and on by default in an OS because developers will try to avoid triggering it and bothering the user. At the same time a malicious program downloaded probably will run afoul of an ACL because it will try to read your e-mail address book, or set up an outgoing mail server, or gain root access. Once such a system is common malware developers will also try to avoid triggering it, but this will seriously limit the capabilities of any malware they write, probably making them unprofitable.
In a properly designed system, it should ask the user only in very rare instances unlike the current mess that is Windows dialogue box hell. People will need to allow a program to take an action if they are installing a new mail client, or installing some sort of text or image editor that also is not signed by a reputable, known company or organization. There will still be trojans, but they will all have to actually trick the user into thinking their behavior is legitimate, instead of just performing those behaviors silently in the background. This makes them much more limited and the social engineering component a whole lot harder (in addition to breaking all the current malware).
I disagree. Things like MAC in combination with a few other technology certainly will protect "idiots" especially if by "idiots" you mean normal people who just want a tool that works. Why would you assume MAC would make a computer an appliance? It in no way removes the ability of people to do what they want, it simply adds more control.
...as a consumer this doesn't make sense. I like the idea of picking what shows I want to watch, but I actually don't want to own most of them. If the Apple TV allowed me 'rent' a show, I would buy one in a second. Or if I could pay a monthly fee (say: 10 shows subscription), again, I'd totally bite. But paying premium to own something I plan on only watching once has absolutely no appeal to me. It's too expensive.Content is the hard thing here. In order to really move to IP based television (which would bring many advantages) the incumbents of content creation need to be persuaded or replaced. I remember reading somewhere that $3 a month from every adult American would be enough money to finance the creation and distribution on DVD of every currently produced TV show in the US. So something like $10 a month for permanent access to all the television show you like would not be an unreasonable rate if production was democratized and there was fair and free competition. I don't see Apple ever really bringing content to the people, be it music or video until the expense is something reasonable and the cartels currently running the show are ousted.
Who claimed any ship with it enabled by default? The consumer (desktop) OS market is monopolized. There are basically three players of any note, MS Windows, Apple OS X, and Linux distro of choice. Of these three the latter two are almost never attacked by malware, making such a system unnecessary at this time. It would be nice, and there are functional systems for both that can be added on, although they are not as polished as if they were built in defaults. At one point a MAC and signing framework were on the Mac OS X 10.5 feature set, but they have vanished from the public docs. The real problem is that only MS has a huge malware problem and hence a need for this, and MS is not exactly renowned for innovation or security or usability or creating technologies that solve their user's problems instead of allow MS to gouge them more.
So you can either have a crappy interface that makes you manually look up and program in the times, or you can pay an expensive subscription. No thanks. My PVR lets me choose any subscription program guide I want, including Web based, one that are free with a few banner ads. Also, with the Tivo you need a Cable TV subscription to get the shows in the first place, while with the AppleTV you buy the individual shows you want (more granularity but higher prices per show although at there are no ads.)
i just don't see the point. there's other products out there (like tivo) that do a lot more. i just don't see the point in buying one.The AppleTV and the Tivo both target people who are looking for really, really easy to set up and use stuff. The AppleTV does not do a lot I want, but my parents could use it. Tivo, likewise only has half the functionality I want and is crazy expensive. I'm not going to buy either, but they are both in the same boat as far as I'm concerned.
I strongly disagree with this. There will always be exploits and trojans, the point is not to make them impossible, but to make them very rare and hard to exploit. With Vista, MS has finally pulled their security almost up to the granularity of user accounts, which was too little granularity many years ago. That does not mean others cannot do better. Look at an SELinux setup. The user downloads and installs an application they think is one thing, but which is secretly some sort of malware. With Vista it can do whatever the user can do. With SELinux, it cannot even do that, but is restricted to a subset of actions, like writing only to its own files and not overwriting other programs or your personal files or connecting to the internet. In order to make this work there need to be changes to the way application designers make applications and there need to be methods put into place to enforce those restrictions (access controls), ways to determine the "trust" of applications (signing, certifications), and default settings and ACLs that make most of it invisible to a user. This all begins with rejecting the flawed design models that equate running software, with letting software do anything it wants, even if only one in ten thousand people really want to let any software they install start up an e-mail server.
Toasters aren't idiot proof either and people kill themselves with them every year. That in no way excuses the fact that Windows does not have a sufficiently secure design to perform normal tasks in a normal environment in which it is likely to be placed. Believe it or not, some OS's let you run arbitrary binaries, by default, without giving those binaries access to do any useful, malicious activity.
The summary was misleading. 1.2 million was the number tracked by a given group, in contrast to 500,000 they saw with the same honeynets last week. It is not meant to be a total count and the article title should have read, "botnet activity triples from last week." I just happen to have access to (as far as I know) the largest chunk of realtime traffic analysis data on the planet from a project run by some of my coworkers. Doing some quick and dirty math Mr. Cerf's numbers are not entirely implausible. I'm not saying they're right, just that I can't with certainty contradict his assertion and he's not entirely out of the ballpark anyway.
It is true content is king, but with your Comcast service you can watch what is playing on a channel now, what your PVR knew to grab for a while, and stuff you pay for each viewing. The future will tell if that collection is better than whatever content Apple pulls together, including no longer running shows and exclusive content.
If not, I can grab first run movies that I am to impatient to wait for via NetFlix.Netflix is offering streaming now (in some areas) so you don't have to wait. It will likely be one more channel for content.
I like to throw The Office on in the background to remind me why I work at homeThis is why I don't see "channels" going away. People like to throw "something" on TV and playlists or collections or channels or whatever will be necessary for a a market winner.
People complain about Comcast, but they have been wonderful to me. The PVR functionality built into the cable box has a crappy interface compared to a TiVo, but it is perfectly serviceable and only $5 a monthDo you really believe that? It costs you $5 and a chunk of money hidden in your Comcast subscription. Basically Comcast is using their market position to undercut the market by inflating the price of a cable subscription while undercharging for the PVR. In the long run, you're screwing yourself over. Comcast's goal in the world is to make money by insuring you watch as many commercials as possible and pay as much for content as possible. A PVR manufacturer's job is to make money by making you happy, via making you see as few commercials and pay as little for re-watching shows as possible. Those goals are diametrically opposed. If people support Comcast's bid to leverage their regional cable monopolies into dominance in the PVR market, they will end up with a PVR with as limited of functionality as possible and which will make you see as many commercials as possible. Comcast is being strategic here, if consumers are not then Comcast will win and we'll suffer for it.
In short, the Apple TV doesn't really excite me. As exciting as it sounds like on paper...I don't think it sounds exciting on paper at all. I'm hoping, however, that it does end up being better than I anticipated. The ipod did not sound exciting on paper either.
Now, if it could play video off of YouTube or Google Video, or if it could shoot WMV or DIVX files to my TV.. I would be all over it in a heartbeat.I'm sure Youtube and the like will not be an issue, at least not for long. Either someone will make a conduit or Google will step up and make a deal with Apple. As for other formats, well that is a harder question to answer and anyone's guess. Personally, I already have an old machine serving as a media center and displaying on my TV, so AppleTV brings me basically nothing.
I was not aware of that, but it makes no difference. We were discussing what features in Vista a normal user would understand and appreciate. A normal user would have no idea how to get XP's indexed search working and would probably be afraid to try. It might as well be a third party application like Google desktop which the average user might be willing and able to install (although many might not). Out of curiosity, what file types does it support? I actually use spotlight to search my "Windows" files since I run XP in a VM on top of OS X.
Outlook Express, now renamed "Windows Mail" shipped with every one. In Vista there is now a calendar application as well. Also, there is the MS Office integration, although MS has fought long and hard to make sure no lawsuits that might see MS Office declared a monopoly ever reach a verdict, being careful to settle them all out of court.
No. I'm of the opinion that he exploited the third party card, but tried to play it up as though maybe he was exploiting the built in too, but had not actually done so and found it harder than he anticipated. Then he refused to make a proper statement and waited until Apple released a patch for the vulnerabilities they found in their audit. He then looked at the patch to find the vulnerability and quickly coded a crash of that vulnerability, but not a proper exploit because either he did not have enough time or he did not find it as easy as he hoped.
I have little doubt that with enough time he could have found the problems in Apple's built in drivers and possibly even coded exploits for them. Based on his behavior however, I don't believe that he did. I think he found one in the third party driver, then tried to make it sound like more than it was, then tried to put something together to salvage a little of what was left of his reputation after Apple released a patch for vulnerabilities they found independently.
I agree.
What has always boggled me is the number of people who jump on one bandwagon or another... like those I know who bought Vista simply because it was newer.This is very understandable from a psychological perspective. Humans are social critters. Anything the average person does that makes them different from the herd, like running Linux or OS X or even Vista right now, is something they are likely to be defensive about. Socially, different is bad. To compensate and to help justify their purchasing decisions and defend their ego, people tend to vigorously defend their difference to the point of becoming angry or being motivated to persuade others (ego again).
The problem is the combination of these two factors. People are vigorously defending a choice, but most people are ignorant as to the reality of the differences they are defending. Being ignorant makes people even more defensive and often louder in their opinions and you get the OS war type discussions so common on message boards.
So overall, I use linux a lot, XP still fairly often, 98 fairly often (old work machines), Vista rarely, and OSX on the odd occasion that I play with a Mac at one of the sites at work.On my laptop right now I'm running OS X, with WinXP and Kubuntu running in VMs for particular applications. It works fairly well and gives me a good insight into all three platforms and how they differ. I tested Vista during the beta, but it is not stable enough yet for everyday work. I would like to comment on one particular OS fan phenomenon I like to call the "Mac switcher." Time and again I've seen long term Windows users buy a Mac for the first time and you can't get these people to shut up about it for about 6 months. It seems to me that in addition to defending their choice and being different these people are often amazed that they spent so long on Windows not knowing that a lot of the things they took for granted are actual problems with the OS, which they don't need to deal with on a Mac. They get so excited about this revelation they go into revivalist preacher mode and try to preach the message to the masses, usually with limited success. The next time you hear an OS X fan who just keeps going on and on, ask them when they got their first OS X machine. Odds are it was within the last couple of months.
Apple does not support WMA because as soon as they do, MS has won the war to be gatekeeper of music. WMA is proprietary and only companies that pay MS can encode them or play them in hardware or software. MS will literally be able to charge a toll on all music and be able to shut out anyone they want. Would you like to switch to Linux, oops, no music for you. Would you like to buy a game console, oops Sony's PS4 and Nintendo's Wii2 can't play all the music you have. Apple saw it coming and jumped into the market to stop the Mac computer from being one of those devices locked out of music in the next few years. They did so by creating a competing solution with fewer restrictions they got the RIAA to buy into.
The conclusion is, once again, that both Microsoft and Apple want to win a war of digital music formats...I disagree. Apple does not want to win the DRM-music war. They want to stop MS from winning. Apple makes basically nothing on music. They run their store at break even as a way to promote their hardware and stop MS. They have publicly endorsed the removal of all DRM in an attempt to pressure the RIAA to go for it or the government to force them. Apple uses an open industry standard format (AAC is mpeg 4 audio codec, mp4) with DRM added on. Get rid of the DRM and it is cheaper for Apple to deal with and easier for customers who Apple wants to buy music so they are more likely to buy iPods.
I'm opposed to DRM in general and closed DRM in particular, but from my point of view, Apple saved all our butts by jumping in when they did and blocking MS. That is why I don't complain about them specifically, although I do complain about MS's illegal leveraging of their monopoly to push DRM and about the RIAA who is also pushing it.
Generally singing is considered one form of music, but even ignoring that there's this neat technique called "whistling" that has been popular for a little while now. Also the reed whistle, flute, horn and drum all predate even the earliest forms of writing. People were beating rhythms on hollow trees long before the concept of currency was invented.
I don't have a UI or performance comparison of the three, but I've had a list of advantages and disadvantages for each platform running for a good 6 months or more and I've twice posted it in Slashdot forums for comments and additions. If I was planning on picking an OS for some use I sure wouldn't be picking based just on how pretty it is. I'd want to know the feature set and what works and what doesn't and what is better on one platform than another. I've learned about a number of features in Vista I did not know about from the comments of several people, but the conclusion I've drawn is that for the most part, people just pick an OS and use it and don't have a good idea of what other platforms are capable of, even here on Slashdot. It makes for a lot of pointless arguments about how "surely my favorite OS is better at this even though I've never learned how to do that same task on any other OS made in this decade."
I saw what Maynor presented there and it sure wasn't evidence. He presented a half-finished bit of code that could possibly be finished and used to exploit a Mac that had not had the patch applied. It was quite obviously a quick and dirty first pass are reverse engineering Apple's patch by someone without the time or skill to do it properly or in a useful way. It was also obviously not what was presented originally which had been fleshed out to actually work on a different vector in the third party driver.
Congratulations. Your post is so stupid it make me spill my soda while laughing out loud at what a moron you are. You obviously don't know what a monopoly is, but you somehow assume you know better than all the lawyers and economists in the world and for some reason your uninformed opinions must be correct. I actually read your post twice looking for the "ha ha I'm kidding no one is really this dumb" comment. Comedy gold.
The people of course, and not just a simple majority. We have a constitution and bill of rights for a reason. More specifically, you need only hold the ISPs to a standard of impartiality such as would be expected of any contractor working on behalf of the taxpayer. The government has already stepped in supposedly on behalf of the people and taken our money and built networks which were then given away. It has granted geographical monopolies to certain companies. It has granted certain companies immunity from the law in exchange for acting as impartial common carriers. It makes sense to me that we actually hold them to that standard to act impartially or rescind their immunity, don't you think?
All the things you mention are not end user features. Its like trying to sell a new car by telling people it has a steel, helix manifold, instead of that it will go 10MPH faster than last year's model. Almost everything you list fits in the category of "it won't break as much" or "it will run faster." But any given feature does not determine the overall reliability or speed so those features may or may not allow vista to be of any overall benefit to the end user.
Aside from "it's pretty" why not try talking about how you can search quickly and for stuff that is inside the files, not just for the names. Or you could talk about the included software they won't have to buy now. Or you could talk about how you can set the sound for each application. You know, end user features, that people might care about.
I feel your argument has fallen apart at this point. The ISP was blocked specifically because of the user's IP. The definition of "bad guy" was that they were providing a perfectly legal service and exercising free speech.
So, my suggestion to you is to get a new ISP or hosting provider. Quit whining and take action.Sigh, way to miss the point. He can get whatever IP he wants, but if they consistently block whatever CIDR that is from all their customers, without those customers knowing it, then they have effectively prevented his message from reaching people, across networks funded with out tax dollars, because of blocking by a company that is specifically granted immunity to laws that would make them liable for publishing or transporting materials specifically under the auspices that they are simply impartial transmitters of data.
Do you understand the relationship between rights and power and responsibility? Either an ISP does not take responsibility for content and lets anyone communicate or they do take responsibility for content and exercise their right/power to stop content they don't like. They can't have it both ways. If they are going to filter the speech and business of someone they don't like, then when they don't filter the speech and business of child pornographer they should be held responsible for that as well and go to prison.
Well, if you're an ISP and built your network using money the government gave you which they took from me under threat of prison time, I'd say I ethically should have some say in how my money is used. Also, if the government is granting you special exceptions from laws that restrict my actions, under the claim that it is because you're providing a public good, well maybe you should be held accountable when your actions are demonstrably not in the public good in that particular way.