Were you actively using computers when ActiveX was introduced? Were you involved in doing any web development? On one hand you can go on and on about how Microsoft leveraged their monopoly to get into the web arena. I will agree with you there. Perhaps you can realize that at the time that Microsoft introduced ActiveX, there weren't any other technologies out there that allowed the content delivery and functionality with the ease that ActiveX and IE did. It was a big fat security hole and no one in their right mind will argue against that. However the reason that they rolled it out was to enable developers to target web users with applications. I'd say they were right on the money with the need for that. They went ahead and picked ease of use over security to allow app developers to develop web content. We all know how that worked out with regard to malware. You can't argue that it didn't allow content developers to get their content out there... even if 85% of it was unwanted.;)
I disagree that Microsoft doesn't have any financial motivation to fix the problems in ActiveX and their various technologies. Take a look at IE7. Where are all the ActiveX exploits that target IE7? Microsoft has a HUGE installed userbase that depends on IE/IIS and Visual Studio for development. They have a huge incentive to keep that cash cow secure.
From real world experience, I can tell you that Microsoft does just fine with security. I have hands on experience with literally thousands of desktops and hundreds of servers running 2000/XP/2003 and zero security incidents. With good firewalls, security policies, group policies, WSUS, AV, etc. it is possible to secure Microsoft networks. You just have to know what you are doing and stay abreast of the latest developments. It also helps if you use some open source tools like Snort, nmap and the like to keep an eye on what is going on behind the scenes.
The original point of my first post still stands though. As Apple moves forward, they are going to have to face the same challenges that Microsoft faced... balancing the user expectation of an easy to use interface and "it just works" mentality with security needs.
You must have been modded redundent for posting about this in another thread. As far as I can tell, you're right target with this one. Skype doesn't work with the new firewall.
Apple is facing the same problem that Microsoft is facing. Microsoft wanted to make their software appear user friendly and easy to use. They went ahead and created ActiveX and in numerous places like with network shares, setup the default permissions so that everyone could use it. That eventually came back in the end to bite them in the ass. Luckily for Apple, they are able to learn from the collective wisdom of all who have gone before them. But like this instance shows, Apple is not necessarily any better when it comes to making arbitrary decisions about the balance between ease of use and security.
Growing up is selling out, duh! Hackers being accused of selling out is like bands being accused of selling out. For every one hacker/band out there that makes it, there are thousands of others that wish they had the talent/skill/luck to do the same thing. The REAL sell outs go and work for the NSA and various other agencies and companies that you never hear about. The sloppy ones get caught and make some money off of their brief notoriety.
The author of the article trots out the straw man argument that an enterprising Blizzard employee could create some devious code that secretly steals credit card information. If I were that enterprising Blizzard employee, I'd be spending more time focused on stealing ALL of the credit card information that Blizzard has on file to do their monthly reoccuring billing with. I'm sure it's all sitting in a database on Blizzard's LAN, probably encrypted and probably protected by a firewall and some pretty gnarly security policies... but it's there and ripe for the picking if an employee has the right sort of access. I haven't seen anyone mention that yet.
As a very casual WoW player (I only have 1 level 70 main toon and I only just started raiding Karazhan), I'm glad that Blizzard is doing what they can to combat botting. On another toon of mine I just got into a guild where one of the guys was talking about how his friend had botted 75,000 honor during AV weekend. That pretty much pissed me off. I don't care too much because I'm not playing the game in any sort of competitive manner, but it kind of irks me.
I'd really like to see something like Warden being used to combat the problem of aimbots and wallhacks in FPS games. I stopped playing FPS games all together because of that issue.
The way you joke about application needs for Linux is very similar to the way a lot of people joke about switching to Linux in the first place. Sure, it's all great and fine to champion Linux as the cure for the problem of Microsoft dominance in the computerized world. Yet for a lot of real companies, the only "solution" to breaking their dependence on Microsoft on the desktop or the server is to "run your Windows apps in a VM on Linux." Ya, great solution there. Add another layer of complexity to the problem.
How can you take tech support into consideration and put Toshiba in the lead?! Good Lord man. What universe are you living in? Toshiba hardware is pretty rock solid if you buy the top of the line stuff. I still have a Satellite Pro 4200 that is running strong.
The only time I see tablet PCs being used are by delivery guys (FedEx, UPS, etc) and at the In-n-Out drive thru. I don't see organizations like those paying the extra premium to have an idontcareTablet, especially considering that the apps running on their current tablets are probably all MS based.
It's soooo much like the 1990s that I saw mention of "Web 3.0" a few days ago, as if the comical fluff that is Web 2.0 wasn't bad enough. I think it's time I get on the bandwagon. Know of many brain dead venture capitalists out there willing to give me a few million. If I can beat the bubble's burst, I should be able to pocket a lot of money, live in Hawaii and laugh my ass off at the idiots out there.
I am intrigued by your comments and would like to buy into your newsletter. Can you publish it as an emersive web based experience that will leverage the latest in nVidia 3d graphics technology and an as yet to be standardized physics hardware accelerator?
However, if you can't rely on your OS to perform a simple file move without risking data corruption, then the right solution is definitely not to verify every single operation by hand.
On the contrary, that is exactly the thing to do. When you are working in mission critical environments and are charged with the safety of important data, it behooves you to do things the "slow way" sometimes for the simple reason that you have a safety net. In case of a disaster, it's much easier to restart a file copy than it is to pull data off of a backup tape because some of it got lost in the middle of a move operation.
This reminds me of a lesson I learned A LONG time ago. Doing a move operation on important files is a BAD idea. In my case it involved Windows NT Workstation 4.0 and a Novell 3.12 server, but I'm sure the result was the same. Some files made it, some that hadn't been moved yet were still there... about twenty or so files out of a couple thousand were simply missing. The next couple of hours were spent archiving and recovering data from a backup tape. I don't think that you can really blame Apple for hardware failures. It's not like Macs come with Battery-Backed Write Cache enabled RAID arrays.
..to Oracle. I've seen similar things happen in the past where some VP decides that he doesn't want to go to IT every time he needs a database for something, so he just fires up trusty old Access and makes his own. Six months down the line, he's facing a production deadline and his Access database takes a crap and he goes running to IT to fix it for him. I figure that the same thing happens with Web 2.0, or whatever the new technology is. Technology will continue to get more and more user friendly. However we are a long way from the point where the technology "just works" and runs flawlessly. At some point the new tech is going to take a big fat royal crap and someone from IT who knows what they are doing is going to have to fix it.
At that point, the cycle will continue. IT will point out that the person who relied on the technology without informing them is an idiot. The idiot will blame IT for not supporting their department in the manner that they believe they need to be supported. IT will fire back that if they had more money and resources available to them, they could support everyone in the manner they want to be supported in. Finance will tell IT to shut the hell up and do more with less. IT manager will finally flip out, go through "They're really going to miss ME when I'm gone." syndrome, and quit. He will be replaced. Wash, rinse, repeat.
Porn (and warez) were the two original factors that drove the push for more bandwidth. They were the only files big enough to require fatter pipes. When the net started as a research tool, people were just moving text files around. Then came FTP, IRC and Usenet. Those were the big bandwidth hogs. After those it was streaming video. Although there were "morally legitimate" uses for all of those technologies, I think it's safe to say that over 75% of the early adopters (we're talking early to mid 1990s here) were using whatever bandwidth they had to swap porn and warez. Some of the first commercial server farms were in Chatsworth, CA.
Excuse my stupidity because I'm a PC user, but how does Time Machine differ all that much from System Restore (jokes about preserving system eating zombie botnet code aside)? System Restore points are set every time an application is installed or deleted. Does Time Machine save user data too?
It is my non-expert (I am not certified to say this) opinion that there is no antivirus program or suite that does... anything.
FWIW & YMMV, I setup my family and acquaintances with XP-SP2, IE7, Windows Defender and the latest version of SAV Corporate/Enterprise in Unmanaged mode. I just turn on Automatic Updates in Windows and setup the AV software to update every night. My biggest "problem user" is a girl whose laptop was completely owned by spyware when I first met her. After a pave and rebuild with the above mentioned build two years (I actually gave her IE6 back then), she called me a couple weeks ago because her computer was "broken" again. I figured it was more spyware. Nope. The box was clean. Her problems were that the C: drive was out of space because she wasn't saving anything on the completely unused 40GB D: drive (even though I showed her how to), and MS Messenger wouldn't download files directly because Windows Firewall was blocking it (like it is supposed to). This girl is all over Myspace and clicks on anything that her friends send her in the various IM programs she uses (AIM, MSM, Yahoo, etc.) It isn't THAT hard to keep a Windows box clean these days.
So in other words you don't want to/can't invest in the infrastructure to do it effectively? There are products out there like listserv, Lyris, and other mass email programs that can be setup, on a single IP, to do what you want to do.
In one way I feel for the position you're in. You probably feel like you shouldn't have to invest in your own email server, or you shouldn't have to pay an ISP to host your mailing list traffic. You might have a point there. You are free to continue doing things the way that you want to. However, if you don't want to play by the rules that others are setting up, you can't expect your mail to be delivered. The time might be coming that your organization needs to have a real internal conversation to decide whether or not you want to do things right and be done with it, or continue to try to find ways around increasingly more restrictive controls being put in place to deter spam. I think it is just another sign of the times. The internet is becoming more and more controlled. I miss the days when I could have a wide open relay for all of my friends to use.
For me, SPF was a worth while investment of 15 minutes out of my day. Not only did creating an SPF record allow my users to send mails to domains that check for SPF records, it also eliminated the problem of spammers using our domain on forged headers for the spam that they sent out. In your case, SPF may be a big fast waste of time. You might not have spammers who have appropriated your domain name for their purposes. I'm honestly surprised that you're able to change the From: header and have it work. Most of the commercial SMTP servers that I come across these days don't allow that kind of thing anymore. If you are joeblow@earthlink.net and you try to send out an email as joeblow@mailinglist.org, the outgoing server is going to reject your relay attempt.
If you legitimately have mail being sent from your domain via many servers, it's a royal PITA to set up and there is a time lag for any changes to propagate. SPF is based on the obviously untrue idea that each domain from which mail might originate will generate that mail from its own server, or at least a reasonably small and consistent set of servers that can be readily identified. This might work for big business with professional sysadmins setting up all the server boxes, but it's hopeless for small-scale home users, volunteer groups, etc. etc.
It seems like you're talking about two seperate issues here in the same context. One is that if you have a lot of servers sending email for your domain then it is a PITA to setup. Then you talk about how it is a PITA for small-scale home users. In my experience of consulting and working with mail systems over the last ten years, I've never run into an organization with more than two or three outgoing mail servers. I've dealt with some pretty big, multi-site, world wide Exchange deployments and although there may be numerous mail servers in the organizational hierarchy, there are rarely more than a few public facing MTAs and those MTAs have ALWAYS had static addresses. Like I said earlier, I'm not a mail admin by any stretch of the imagination, but I'm having a hard time conceptualizing a scenario where you would have multiple outgoing mail servers that would be changing their IP addresses frequently enough to make keeping an SPF record up to date difficult or time consuming.
It's not an accepted standard: if you support SPF, do you also support Sender ID for this big free mail system, DomainKeys for that one, tomorrow's rehash for the next guy...?
True, it is not a standard. It is just another tool in the toolbox.
Nowhere near enough people use it properly. Of the domains that set SPF records, a very significant proportion are just set to allow all to avoid SPF-related bounces, undermining the entire scheme.
Just because people choose not to impliment it properly doesn't mean that it should be discarded. Less than half of the people in America exercise their right to vote. Maybe we should just take it away?;)
In other words, it's a pain to set up if you're the little guy,
I just don't buy the pain for the little guy line of reasoning. If you're a little guy, odds are you have your domain hosted somewhere else and you aren't doing it yourself. If you're in the SMB segment, you probably have a single mail server for your organization on a static IP. You don't even need to know crap about DNS to setup spf. You can just go to spf.org and use their web form to generate the proper syntax to add to the zone file.
What specifically is your beef with SPF? I'm just a jack of all trades system admin and not a "mail server" admin by any stretch of the imagination, so excuse any perceived ignorance here. SPF seems to be picking up traction in Europe. I work for a major art museum and they are communicating with people around the world. I recently had to add an SPF record for our outgoing server because more and more recipients were bouncing mail back. On the surface it seems like a good system and is very much akin to reverse lookups. It just verifies that the server is who it says it is and in the case of SPF, that the server is authorized to send email for the domain that it is sending email for.
The small companies are the ones that are keeping the major carriers from gouging the end user. They are able to resell the product at a lower price which keeps the major carriers honest. It is true that they don't offer anything different than the major carriers. I don't see that as being a bad thing. By offering the same thing and doing it at a lower price, they keep the market competitive.
This is more corporate welfare to the tune of many billions of dollars of revenue to whomever they bless with the contract.
Corporate welfare? WTF? Did you read something in the article that I didn't? I saw an article that talks about Microsoft making progress where other companies (Google, Cisco, etc.) haven't. The article talks about Microsoft signing up major partners to participate in the program. I don't see anything about Microsoft driving corporate welfare and that's what my interpretation of your statement is... you are implying that Microsoft is driving corporate welfare. If you want to talk about HIPAA and other government programs (like SOX) being corporate welfare for companies that get contracts for implementing it then sure, I can buy that. In this case, I see Microsoft catering to a market need and that market need is required compliance with Federal standards.
I'm probably going to get modded down for this, but here goes. It makes sense for Microsoft, or some other major vendor to do an initative like this. There are so many governmental regulations regarding the storage of patient medical records that keeping up with those regulations is a major burden on doctors offices, hospitals and clinics. The system is geared towards a centralized model. Put the burden on a vendor to keep up with the regulations and security of patient records and let the clinic staff focus on treating the patients. Last time I checked, SQL Server 2005 offers some pretty elegant on the fly encryption of data in the tables down to the specific, individual fields.
Of course the merits of using an OS that is a prime target for information theft like Windows can be debated all day long. I don't really see much of a problem with accessing an online database with a 256bit SSL connection though. People do it all the time for their online banking transactions, and not all of them are doing it with a Microsoft operating system. I can pretty much bet that MS will require IE7, ActiveX and all of that nonsense, but you never know... there might be a Java API for it.
Slashdot Mirror
I disagree that Microsoft doesn't have any financial motivation to fix the problems in ActiveX and their various technologies. Take a look at IE7. Where are all the ActiveX exploits that target IE7? Microsoft has a HUGE installed userbase that depends on IE/IIS and Visual Studio for development. They have a huge incentive to keep that cash cow secure.
From real world experience, I can tell you that Microsoft does just fine with security. I have hands on experience with literally thousands of desktops and hundreds of servers running 2000/XP/2003 and zero security incidents. With good firewalls, security policies, group policies, WSUS, AV, etc. it is possible to secure Microsoft networks. You just have to know what you are doing and stay abreast of the latest developments. It also helps if you use some open source tools like Snort, nmap and the like to keep an eye on what is going on behind the scenes.
The original point of my first post still stands though. As Apple moves forward, they are going to have to face the same challenges that Microsoft faced... balancing the user expectation of an easy to use interface and "it just works" mentality with security needs.
You must have been modded redundent for posting about this in another thread. As far as I can tell, you're right target with this one. Skype doesn't work with the new firewall.
Apple is facing the same problem that Microsoft is facing. Microsoft wanted to make their software appear user friendly and easy to use. They went ahead and created ActiveX and in numerous places like with network shares, setup the default permissions so that everyone could use it. That eventually came back in the end to bite them in the ass. Luckily for Apple, they are able to learn from the collective wisdom of all who have gone before them. But like this instance shows, Apple is not necessarily any better when it comes to making arbitrary decisions about the balance between ease of use and security.
Growing up is selling out, duh! Hackers being accused of selling out is like bands being accused of selling out. For every one hacker/band out there that makes it, there are thousands of others that wish they had the talent/skill/luck to do the same thing. The REAL sell outs go and work for the NSA and various other agencies and companies that you never hear about. The sloppy ones get caught and make some money off of their brief notoriety.
As a very casual WoW player (I only have 1 level 70 main toon and I only just started raiding Karazhan), I'm glad that Blizzard is doing what they can to combat botting. On another toon of mine I just got into a guild where one of the guys was talking about how his friend had botted 75,000 honor during AV weekend. That pretty much pissed me off. I don't care too much because I'm not playing the game in any sort of competitive manner, but it kind of irks me.
I'd really like to see something like Warden being used to combat the problem of aimbots and wallhacks in FPS games. I stopped playing FPS games all together because of that issue.
The way you joke about application needs for Linux is very similar to the way a lot of people joke about switching to Linux in the first place. Sure, it's all great and fine to champion Linux as the cure for the problem of Microsoft dominance in the computerized world. Yet for a lot of real companies, the only "solution" to breaking their dependence on Microsoft on the desktop or the server is to "run your Windows apps in a VM on Linux." Ya, great solution there. Add another layer of complexity to the problem.
Can it be customized to do what this does? http://www.altec-inc.com/
How about a Linux accounting package for the SMB market that does the equivalent of what this does? http://www.sagesoftware.com/pfw/
While you're at it, got any waste management software for Linux? Waste Management went with AS/400. http://www.eweek.com/article2/0,1895,1773666,00.asp
...political pirates pwn j00. Yarrr!!!!!
How can you take tech support into consideration and put Toshiba in the lead?! Good Lord man. What universe are you living in? Toshiba hardware is pretty rock solid if you buy the top of the line stuff. I still have a Satellite Pro 4200 that is running strong.
The only time I see tablet PCs being used are by delivery guys (FedEx, UPS, etc) and at the In-n-Out drive thru. I don't see organizations like those paying the extra premium to have an idontcareTablet, especially considering that the apps running on their current tablets are probably all MS based.
I am intrigued by your comments and would like to buy into your newsletter. Can you publish it as an emersive web based experience that will leverage the latest in nVidia 3d graphics technology and an as yet to be standardized physics hardware accelerator?
On the contrary, that is exactly the thing to do. When you are working in mission critical environments and are charged with the safety of important data, it behooves you to do things the "slow way" sometimes for the simple reason that you have a safety net. In case of a disaster, it's much easier to restart a file copy than it is to pull data off of a backup tape because some of it got lost in the middle of a move operation.
This reminds me of a lesson I learned A LONG time ago. Doing a move operation on important files is a BAD idea. In my case it involved Windows NT Workstation 4.0 and a Novell 3.12 server, but I'm sure the result was the same. Some files made it, some that hadn't been moved yet were still there... about twenty or so files out of a couple thousand were simply missing. The next couple of hours were spent archiving and recovering data from a backup tape. I don't think that you can really blame Apple for hardware failures. It's not like Macs come with Battery-Backed Write Cache enabled RAID arrays.
...since it is targetted at Mac users.
At that point, the cycle will continue. IT will point out that the person who relied on the technology without informing them is an idiot. The idiot will blame IT for not supporting their department in the manner that they believe they need to be supported. IT will fire back that if they had more money and resources available to them, they could support everyone in the manner they want to be supported in. Finance will tell IT to shut the hell up and do more with less. IT manager will finally flip out, go through "They're really going to miss ME when I'm gone." syndrome, and quit. He will be replaced. Wash, rinse, repeat.
Porn (and warez) were the two original factors that drove the push for more bandwidth. They were the only files big enough to require fatter pipes. When the net started as a research tool, people were just moving text files around. Then came FTP, IRC and Usenet. Those were the big bandwidth hogs. After those it was streaming video. Although there were "morally legitimate" uses for all of those technologies, I think it's safe to say that over 75% of the early adopters (we're talking early to mid 1990s here) were using whatever bandwidth they had to swap porn and warez. Some of the first commercial server farms were in Chatsworth, CA.
Excuse my stupidity because I'm a PC user, but how does Time Machine differ all that much from System Restore (jokes about preserving system eating zombie botnet code aside)? System Restore points are set every time an application is installed or deleted. Does Time Machine save user data too?
FWIW & YMMV, I setup my family and acquaintances with XP-SP2, IE7, Windows Defender and the latest version of SAV Corporate/Enterprise in Unmanaged mode. I just turn on Automatic Updates in Windows and setup the AV software to update every night. My biggest "problem user" is a girl whose laptop was completely owned by spyware when I first met her. After a pave and rebuild with the above mentioned build two years (I actually gave her IE6 back then), she called me a couple weeks ago because her computer was "broken" again. I figured it was more spyware. Nope. The box was clean. Her problems were that the C: drive was out of space because she wasn't saving anything on the completely unused 40GB D: drive (even though I showed her how to), and MS Messenger wouldn't download files directly because Windows Firewall was blocking it (like it is supposed to). This girl is all over Myspace and clicks on anything that her friends send her in the various IM programs she uses (AIM, MSM, Yahoo, etc.) It isn't THAT hard to keep a Windows box clean these days.
In one way I feel for the position you're in. You probably feel like you shouldn't have to invest in your own email server, or you shouldn't have to pay an ISP to host your mailing list traffic. You might have a point there. You are free to continue doing things the way that you want to. However, if you don't want to play by the rules that others are setting up, you can't expect your mail to be delivered. The time might be coming that your organization needs to have a real internal conversation to decide whether or not you want to do things right and be done with it, or continue to try to find ways around increasingly more restrictive controls being put in place to deter spam. I think it is just another sign of the times. The internet is becoming more and more controlled. I miss the days when I could have a wide open relay for all of my friends to use.
For me, SPF was a worth while investment of 15 minutes out of my day. Not only did creating an SPF record allow my users to send mails to domains that check for SPF records, it also eliminated the problem of spammers using our domain on forged headers for the spam that they sent out. In your case, SPF may be a big fast waste of time. You might not have spammers who have appropriated your domain name for their purposes. I'm honestly surprised that you're able to change the From: header and have it work. Most of the commercial SMTP servers that I come across these days don't allow that kind of thing anymore. If you are joeblow@earthlink.net and you try to send out an email as joeblow@mailinglist.org, the outgoing server is going to reject your relay attempt.
It seems like you're talking about two seperate issues here in the same context. One is that if you have a lot of servers sending email for your domain then it is a PITA to setup. Then you talk about how it is a PITA for small-scale home users. In my experience of consulting and working with mail systems over the last ten years, I've never run into an organization with more than two or three outgoing mail servers. I've dealt with some pretty big, multi-site, world wide Exchange deployments and although there may be numerous mail servers in the organizational hierarchy, there are rarely more than a few public facing MTAs and those MTAs have ALWAYS had static addresses. Like I said earlier, I'm not a mail admin by any stretch of the imagination, but I'm having a hard time conceptualizing a scenario where you would have multiple outgoing mail servers that would be changing their IP addresses frequently enough to make keeping an SPF record up to date difficult or time consuming.
It's not an accepted standard: if you support SPF, do you also support Sender ID for this big free mail system, DomainKeys for that one, tomorrow's rehash for the next guy...?
True, it is not a standard. It is just another tool in the toolbox.
Nowhere near enough people use it properly. Of the domains that set SPF records, a very significant proportion are just set to allow all to avoid SPF-related bounces, undermining the entire scheme.
Just because people choose not to impliment it properly doesn't mean that it should be discarded. Less than half of the people in America exercise their right to vote. Maybe we should just take it away? ;)
In other words, it's a pain to set up if you're the little guy,
I just don't buy the pain for the little guy line of reasoning. If you're a little guy, odds are you have your domain hosted somewhere else and you aren't doing it yourself. If you're in the SMB segment, you probably have a single mail server for your organization on a static IP. You don't even need to know crap about DNS to setup spf. You can just go to spf.org and use their web form to generate the proper syntax to add to the zone file.
The gold farmers are going to have to stop farming gold and start farming zombie bots. That is definitely going to cut into the bottom line...
What specifically is your beef with SPF? I'm just a jack of all trades system admin and not a "mail server" admin by any stretch of the imagination, so excuse any perceived ignorance here. SPF seems to be picking up traction in Europe. I work for a major art museum and they are communicating with people around the world. I recently had to add an SPF record for our outgoing server because more and more recipients were bouncing mail back. On the surface it seems like a good system and is very much akin to reverse lookups. It just verifies that the server is who it says it is and in the case of SPF, that the server is authorized to send email for the domain that it is sending email for.
The small companies are the ones that are keeping the major carriers from gouging the end user. They are able to resell the product at a lower price which keeps the major carriers honest. It is true that they don't offer anything different than the major carriers. I don't see that as being a bad thing. By offering the same thing and doing it at a lower price, they keep the market competitive.
Corporate welfare? WTF? Did you read something in the article that I didn't? I saw an article that talks about Microsoft making progress where other companies (Google, Cisco, etc.) haven't. The article talks about Microsoft signing up major partners to participate in the program. I don't see anything about Microsoft driving corporate welfare and that's what my interpretation of your statement is... you are implying that Microsoft is driving corporate welfare. If you want to talk about HIPAA and other government programs (like SOX) being corporate welfare for companies that get contracts for implementing it then sure, I can buy that. In this case, I see Microsoft catering to a market need and that market need is required compliance with Federal standards.
Of course the merits of using an OS that is a prime target for information theft like Windows can be debated all day long. I don't really see much of a problem with accessing an online database with a 256bit SSL connection though. People do it all the time for their online banking transactions, and not all of them are doing it with a Microsoft operating system. I can pretty much bet that MS will require IE7, ActiveX and all of that nonsense, but you never know... there might be a Java API for it.