I don't get the first line of your post. Are you suggesting SSL doesn't encrypt?
SSL is a handshake and crypto protocol. Data is encrypted, both ways. GETs, POSTs, the whole nine yards. That's sorta the point. SSL version 2 didn't protect the handshake from man in the middle attacks, so it was deemed insecure. Supposedly version 3 is stronger.
You're right about Kerberos. Typical modern day kerberos implementations use AES. Therefore its reasonable to assume a "kerberos based telnet daemon" would also use AES, if its using Kerberos 5.
You're one of those funny Slashdot people who thinks its incredibly hard to explain to people what DRM is, aren't you?
Even if someone doesn't know the details behind the acronym its not exactly difficult to explain. Everyone whom I've explained DRM to has come back with, 'Really? They do that? That's crap.', or some derivative thereof.
Regarding Apple's iTunes...not all DRM's are created equal. The concept behind DRM, however (namely, that your right to a piece of content does not extend to changing its medium, amongst other details), is still something that if you asked people about they more than likely wouldn't like the idea of. Any bare minimum news article about DRM with a cursory explanation would get the point across sufficiently.
Its ridiculous to compare governments with software. Home users of software and companies need software to perform a purpose. The idealogical aspect of it is a far second to that. Communism is not comparable to open source and people need to not associate the two. Open source is about service based business models and removing 'lock-ins'. Its not about giving away stuff for free.
I'm also not knocking Wikipedia, my point is that we need to stop the philosophy of "so what if its bad, its open source!". If the product needs to be improved, then it should be improved. Philosophy is not an excuse for failure. I'm not declaring Wikipedia a failure, either, but it has flaws which I'm hopeful that this new site will address. Competition only increases quality.
I was referring primarily to the person I replied to's assertion that "quality be damned, its about furthering open source". Open source, in and of itself, is only as good as the quality of products it produces.
Wikipedia is 'Ok', but it is not accurate enough to use outside of leisure/hobbies.
In a nutshell, Linux is a fantastic operating system for people who are 'computer people'. They get screwed when it comes to codecs, hardware drivers and etc. Additionally, just due to the culture being what it is, we tend to LIKE doing things in text mode. I, for one, would rather have a simple text command to do what I want to do. Even in Windows, to kill a service I'll use 'sc queryex "service"' 'taskkill pid'. It just comes from old school development, wherein, clicking through screens is a lot harder to tell someone how to do remotely than emailing them a script to run.
Then again, I don't try to force Linux down anyone's throat, because I've learned the hard way its something I like that many other people don't. Also, however, I can use rdesktop and other tools to connect to other servers to do my windows/mac chores, so I'm not as limited as a single PC home user with little-to-know in depth computer knowlegdge.
Either way, if Linux goes 'mainstream', it'll be on select distros and not be 'the norm'. Since...really...its by design that it isn't like Windows. We're, by the nature of our culture, minimalists.
If I go to the local CD store, I'm getting a hard copy which I can use as a backup, easily use in other devices, rip out on my own at higher quality, AND I'm paying for the cd itself, the coverart/slip, the shipping and the guy to sell it to me. ITunes is paying for bandwidth...and they're charging me the exact same price. What kind of dummy would I have to be to buy it through them if I can get the CD at the same price?
If they weren't so hard-set on 900% profit margins, they'd probably sell more, but as it stands they make tons of money so its not like they should care.
Oddly enough, if you have a *gasp* job, paying $100 for Windows is a lot less of a risk than using a copy gotten over P2P. Are you seriously suggesting that pirated cracks, CD-Keygens and software don't contain viruses and spyware?
Then again, it never ceases to amaze me how many people blame Microsoft for non-working pirated copies they obtain. Geez, don't you hate it when someone rips an ISO from a scratched Dvd?
I don't know. I'm not afraid of Microsoft, but similiarly I don't expect them to hire 50,000 programmers and not want to get paid for their products. If you think MS is expensive, go out and pick up an Solaris/ORACLE box.
Yeah, no kidding. "MacGeekery"? Give me a break. Since when is it news that *gasp* administrators can *add users*? The fact that they call this a hack makes people who understand what a hack is cringe.
Linux and the various open source BSD's are quality products of their own right, which are capable of doing a lot. They can use some work in some areas (not all of which is their fault, IE, they need to find a way to strongarm hardware providers), but they do a job and they do it well.
Wikipedia is not terrible, but it puts itself out there as a source of information. Except, a lot of that information is false. How many Wikipedia articles are outright advertisements engineered by the subject of the topic? There's a lot of obvious bias and inaccuracies.
I don't believe in the "open source movement" if it produces tripe. There's no progress by producing lower quality goods, whether they're free or not. And if you think that the aim of open source is to produce lower quality goods, you're missing the point.
I should note that there's also Americans like me, who, while appreciating the notion of the US becoming 'noble', realize that singing kumbaya as hard as your lungs will allow at gun-toting sociopathes isn't going to solve the world's problems.
Neither is throwing money at people who will use it to buy bigger palaces while their military kills their own people. If there's a 'sure way' to end the problems of the developing world, I'm pretty sure no one would actually want to carry it out, given that it won't be 'cute' or 'warm and fuzzy'. I'm open to suggestions, but 'throw more money at it' just comes across as naive to me.
If they wanted to knock out Tor, all they'd have to do is DDOS the system. Its not like your typical government doesn't have the resources to pull off something simple as that.
Its by sheer grace that it hasn't been done already. I wouldn't count on it lasting forever though. They'll probably DDOS the system from a slew of gov owned zombie machines and try to blame it on hackers.
Re: MS Office 0-day exploit...were we talking about Office? I didn't think we were. I thought we were talking about the OS itself. Should I post about a Firefox 0-day exploit to prove Linux security is terrible? You're talking apples and oranges.
A locked down Window box is unusable? Geez, I wonder how I've done it all these years then. Guess I just have magical powers.
As far as home users mod'ing their systems...I'm guessing you've never dealt with the lion's share of home users. I'm happy if I walk into a company and their exec's know how to set up their own email accounts. Its a rarity.
As far as the registry...since when do you need to use it? My software doesn't. You don't have to, unless you're modifying MS software's behavior.
I don't really care about Vista. I deal with server systems, what desktop users are using...bleh, don't really care.
That being said :
1) You cannot judge a software's performance by betas.
2) Windows has always been large, but honestly I can't say that my typical Linux desktop that I actually *use* winds up being any smaller. My working Windows machines typically wind up being about as big as my working Linux machines. Windows has never been about customizability, its about working for people who are complete idiots.
3) The admin user should be able to disable that UAC garbage. Frankly, I've never had a problem with Windows security, because I use things like permissions and limited user accounts on my home computers as well as in the office. If you're handing out admin privileges to everyone that touches your box, you're doing something wrong from the get-go. You wouldn't do that on Linux and you shouldn't do it on Windows either, even though Windows makes it easier. Microsoft defaults to that on XP Home edition and such because its too confusing for your "average" user otherwise. For those people, disabling UAC may as well be "constructing a rocket to fly to space".
I'm not sure I agree with you about Windows security system. It isn't bad...it should just have different distros for different users. You'd be surprised how many people don't want to mess with security at all. On the other hand, for those users who want a secure box, they should have that option more readily available and with less configuration. Additionally, the real problem with Windows isn't even Windows, its the software developers that use registry & system folders for everything and don't follow good software design principles. Applications should be capable of running once you copy the folders...unfortunately, few in the Windows world are that simple to deploy.
Re: ASP vs PHP. PHP is garbage compared to ASP.Net. PHP is better than original ASP though (VBScript is terrible). Just my 2 cents.
The idea of patenting a formula/hardware piece/algorithm is intrinsically easier to understand and makes more sense than viewing something like "using a database to access data". The problem is that techniques in computer science are abstracted into ideas that are represented in an object structure which is easy to confuse people. If you understand, for instance, what MVC is you'd understand its not something that should be patentable. A judge however doesn't understand that a model-view-controller approach is somewhat common sense and that model/view/controller aren't literal objects that are composed of proprietary algorithms but rather organization of common concepts (accessing, manipulating and displaying data).
As far as patents in general, I don't see pharmaceutical companies profitting as a bad thing. Its what drives research. My only problem with it is when some countries (typically the US) pay MORE than other countries do to those countries putting price caps on drugs. Now, I'm not going to get into that whole thing, as its entirely political and off-topic, but I don't think removing all patents is the answer.
This is about the software. The fact that they don't even look at Palm's software products makes me think the publisher of the article has an axe to grind.
Here's a hint, if I write an email program for you and store your password in plaintext, there's *NOTHING* Windows can do to stop me.
The fact of the matter is that sadly, a huge amount of software has security flaws in it, which is why most of us real developers aren't so quick to whip out the "MS is the only software company that makes insecure software" card at the drop of a hat.
Corporate phones with customized features that suit the corporation, things of that nature.
I think if you're considering it for "Your average Joe", you're missing the point. Its for both Linux/mobile buzz and IMHO, where it will shine is for large corporations.
Patents make sense in a lot of markets. They make sense in hardware engineering, metallurgy, pharmaceuticals, etc.
They make no sense whatsoever in software engineering.
Frankly, the problem is that lawyers and to some extent business people don't understand how programming works. Most of the "nature" of a program is a matter of organization, *not* research. There are very few things I could see as patentable in software engineering. Namely maybe Google's search algorithm, or some program that makes scientific predictions based on an algorithm, things like that. The problem is that judges and business people can't make that distinction because they are too far removed from how computer programming is done.
So you have what we have today. People are trying to patent even the most fundamental aspects of software design. All it does is completely clutter the industry with bs lawsuitery and legal nonsense. It staggers progress and increases cost of development due to patents which should never have been granted due to their vagueness.
Honestly, I'd rather see people ripping off Google's algorithms than what occurs now, this is a serious case of the cure being worse than the disease.
This I tend to agree with but I don't view it so much as a "security software shortcoming" as a "convenience against security tradeoff" in their business model. I classify it as a separate thing because that isn't a "hole", its very much "by design" in order to cater to people who know jack all about computers.
And its not a matter of being insecure at the software level, its a matter of bad practices implemented to make things convenient for "low knowledge users" in home environments.
While I get what you're saying, I separate the two issues, because you're fundamentally talking about two separate things. If every UNIX engineer wrote software the way they write it for Windows, you'd have an equal amount of UNIX issues. But either way, its more of a procedural practice thing than it is a "bug" thing. When I'm talking about security holes I restrict it to things you can't prevent (remote exploits like buffer overruns) or things that shouldn't be happening (ie, elevated privileges).
No I didn't make that implication at all, you just misunderstood what I was saying. FYI, most open source is done in low level languages, which are a pain in the ass. Sometimes its more of a tradeoff than its worth and closed source is merely more efficient in many projects.
Viruses and you. In this case we're talking about locally executed binaries that are being run with root(admin) privileges.
I just felt it had to be said but : Since when can you not totally mess up a Linux system when you're running software as root?
I don't see local software running as root and therefore having root permissions as "a security hole". The only security holes I worry about is elevated permissions and unauthorized installs such as the 0-day IE exploit and buffer overruns.
While I'm glad MS is securing stuff, I'd rather they do it via preventing 0-day exploits/permission elevations and implementing "sudo/pass-request" sorts of requirements for installing software and accessing system internals in order to make the process more transparent and auditable.
Summarily, you should not be able to totally mess up the system with any piece of software you run in a standard Windows home installation. Force a root login for that sort of thing, at least that'd make it somewhat obvious what's happening. That being said, the problem with windows (asides those I've mentioned which are valid security holes), lies not in the admin account being insecure but rather the fact that everyone and their uncle is an admin the entire time they're running.
You complain that MS is insecure, then complain when they make attempts to become secure. I agree with the above poster that it should be toggleable. MS doesn't cater well to people who are tech savvy enough to handle this stuff themselves. However, which is it? Complain about MS's insecurity or security? As far as I see it, basing a business model around an OS's insecurity in the long run is a game of diminishing rewards year after year.
Likewise, Symantec specifically hasn't done much of late in the way of protecting home users anyway. Half the time I view their A/V as "a cure worse than the disease", especially since its mostly ineffective anyway against modern worms/viruses. Their corporate edition is the only thing they sell worth a damn as far as A/V & Security goes.
Anyone want to place bets on how long it'll take them to sue?
Flash is not the end all and be all of web application creation. First of all, Flash runs client-side. Which means if you have a lot of things happening on the backend, you need a well interfaced method of handling commands in a pseudo stateless manner running on the server via web services or some other method. Additionally you will probably have to shift things onto the server anyway, since Flash's execution is so bloated that it will cripple low end machines.
Using Flash for a web application, even with Flex, is a stretch/hack of what Flash is built to do. Flash is a media client and thats how it performs best. Is it possible that it could change in the future? Sure. But at least at the moment, you'd be dumping a lot of development money into what is right now the wrong tool to do that sort of thing.
Slashdot Mirror
I don't get the first line of your post. Are you suggesting SSL doesn't encrypt?
SSL is a handshake and crypto protocol. Data is encrypted, both ways. GETs, POSTs, the whole nine yards. That's sorta the point. SSL version 2 didn't protect the handshake from man in the middle attacks, so it was deemed insecure. Supposedly version 3 is stronger.
You're right about Kerberos. Typical modern day kerberos implementations use AES. Therefore its reasonable to assume a "kerberos based telnet daemon" would also use AES, if its using Kerberos 5.
You're one of those funny Slashdot people who thinks its incredibly hard to explain to people what DRM is, aren't you?
Even if someone doesn't know the details behind the acronym its not exactly difficult to explain. Everyone whom I've explained DRM to has come back with, 'Really? They do that? That's crap.', or some derivative thereof.
Regarding Apple's iTunes...not all DRM's are created equal. The concept behind DRM, however (namely, that your right to a piece of content does not extend to changing its medium, amongst other details), is still something that if you asked people about they more than likely wouldn't like the idea of. Any bare minimum news article about DRM with a cursory explanation would get the point across sufficiently.
I'm sorry to hear you have no professional ethics.
I wasn't aware that getting paid for a skilled service was greed.
And to think, all these years I've been paying rent and putting a roof over my head and food in my stomach has been so selfish of me.
Its ridiculous to compare governments with software. Home users of software and companies need software to perform a purpose. The idealogical aspect of it is a far second to that. Communism is not comparable to open source and people need to not associate the two. Open source is about service based business models and removing 'lock-ins'. Its not about giving away stuff for free.
I'm also not knocking Wikipedia, my point is that we need to stop the philosophy of "so what if its bad, its open source!". If the product needs to be improved, then it should be improved. Philosophy is not an excuse for failure. I'm not declaring Wikipedia a failure, either, but it has flaws which I'm hopeful that this new site will address. Competition only increases quality.
Heh. Myself and many programmers I know don't even watch TV. What's a commercial?
I agree with most of what you say though. I don't want the designers on my staff to turn things over to me.
I was referring primarily to the person I replied to's assertion that "quality be damned, its about furthering open source". Open source, in and of itself, is only as good as the quality of products it produces.
Wikipedia is 'Ok', but it is not accurate enough to use outside of leisure/hobbies.
In a nutshell, Linux is a fantastic operating system for people who are 'computer people'. They get screwed when it comes to codecs, hardware drivers and etc. Additionally, just due to the culture being what it is, we tend to LIKE doing things in text mode. I, for one, would rather have a simple text command to do what I want to do. Even in Windows, to kill a service I'll use 'sc queryex "service"' 'taskkill pid'. It just comes from old school development, wherein, clicking through screens is a lot harder to tell someone how to do remotely than emailing them a script to run.
Then again, I don't try to force Linux down anyone's throat, because I've learned the hard way its something I like that many other people don't. Also, however, I can use rdesktop and other tools to connect to other servers to do my windows/mac chores, so I'm not as limited as a single PC home user with little-to-know in depth computer knowlegdge.
Either way, if Linux goes 'mainstream', it'll be on select distros and not be 'the norm'. Since...really...its by design that it isn't like Windows. We're, by the nature of our culture, minimalists.
If I go to the local CD store, I'm getting a hard copy which I can use as a backup, easily use in other devices, rip out on my own at higher quality, AND I'm paying for the cd itself, the coverart/slip, the shipping and the guy to sell it to me. ITunes is paying for bandwidth...and they're charging me the exact same price. What kind of dummy would I have to be to buy it through them if I can get the CD at the same price?
If they weren't so hard-set on 900% profit margins, they'd probably sell more, but as it stands they make tons of money so its not like they should care.
Oddly enough, if you have a *gasp* job, paying $100 for Windows is a lot less of a risk than using a copy gotten over P2P. Are you seriously suggesting that pirated cracks, CD-Keygens and software don't contain viruses and spyware?
Then again, it never ceases to amaze me how many people blame Microsoft for non-working pirated copies they obtain. Geez, don't you hate it when someone rips an ISO from a scratched Dvd?
I don't know. I'm not afraid of Microsoft, but similiarly I don't expect them to hire 50,000 programmers and not want to get paid for their products. If you think MS is expensive, go out and pick up an Solaris/ORACLE box.
Yeah, no kidding. "MacGeekery"? Give me a break. Since when is it news that *gasp* administrators can *add users*? The fact that they call this a hack makes people who understand what a hack is cringe.
Linux and the various open source BSD's are quality products of their own right, which are capable of doing a lot. They can use some work in some areas (not all of which is their fault, IE, they need to find a way to strongarm hardware providers), but they do a job and they do it well.
Wikipedia is not terrible, but it puts itself out there as a source of information. Except, a lot of that information is false. How many Wikipedia articles are outright advertisements engineered by the subject of the topic? There's a lot of obvious bias and inaccuracies.
I don't believe in the "open source movement" if it produces tripe. There's no progress by producing lower quality goods, whether they're free or not. And if you think that the aim of open source is to produce lower quality goods, you're missing the point.
I should note that there's also Americans like me, who, while appreciating the notion of the US becoming 'noble', realize that singing kumbaya as hard as your lungs will allow at gun-toting sociopathes isn't going to solve the world's problems.
Neither is throwing money at people who will use it to buy bigger palaces while their military kills their own people. If there's a 'sure way' to end the problems of the developing world, I'm pretty sure no one would actually want to carry it out, given that it won't be 'cute' or 'warm and fuzzy'. I'm open to suggestions, but 'throw more money at it' just comes across as naive to me.
Not really.
If they wanted to knock out Tor, all they'd have to do is DDOS the system. Its not like your typical government doesn't have the resources to pull off something simple as that.
Its by sheer grace that it hasn't been done already. I wouldn't count on it lasting forever though. They'll probably DDOS the system from a slew of gov owned zombie machines and try to blame it on hackers.
Re: MS Office 0-day exploit...were we talking about Office? I didn't think we were. I thought we were talking about the OS itself. Should I post about a Firefox 0-day exploit to prove Linux security is terrible? You're talking apples and oranges.
A locked down Window box is unusable? Geez, I wonder how I've done it all these years then. Guess I just have magical powers.
As far as home users mod'ing their systems...I'm guessing you've never dealt with the lion's share of home users. I'm happy if I walk into a company and their exec's know how to set up their own email accounts. Its a rarity.
As far as the registry...since when do you need to use it? My software doesn't. You don't have to, unless you're modifying MS software's behavior.
I don't really care about Vista. I deal with server systems, what desktop users are using...bleh, don't really care.
.Net. PHP is better than original ASP though (VBScript is terrible). Just my 2 cents.
That being said :
1) You cannot judge a software's performance by betas.
2) Windows has always been large, but honestly I can't say that my typical Linux desktop that I actually *use* winds up being any smaller. My working Windows machines typically wind up being about as big as my working Linux machines. Windows has never been about customizability, its about working for people who are complete idiots.
3) The admin user should be able to disable that UAC garbage. Frankly, I've never had a problem with Windows security, because I use things like permissions and limited user accounts on my home computers as well as in the office. If you're handing out admin privileges to everyone that touches your box, you're doing something wrong from the get-go. You wouldn't do that on Linux and you shouldn't do it on Windows either, even though Windows makes it easier. Microsoft defaults to that on XP Home edition and such because its too confusing for your "average" user otherwise. For those people, disabling UAC may as well be "constructing a rocket to fly to space".
I'm not sure I agree with you about Windows security system. It isn't bad...it should just have different distros for different users. You'd be surprised how many people don't want to mess with security at all. On the other hand, for those users who want a secure box, they should have that option more readily available and with less configuration. Additionally, the real problem with Windows isn't even Windows, its the software developers that use registry & system folders for everything and don't follow good software design principles. Applications should be capable of running once you copy the folders...unfortunately, few in the Windows world are that simple to deploy.
Re: ASP vs PHP. PHP is garbage compared to ASP
The idea of patenting a formula/hardware piece/algorithm is intrinsically easier to understand and makes more sense than viewing something like "using a database to access data". The problem is that techniques in computer science are abstracted into ideas that are represented in an object structure which is easy to confuse people. If you understand, for instance, what MVC is you'd understand its not something that should be patentable. A judge however doesn't understand that a model-view-controller approach is somewhat common sense and that model/view/controller aren't literal objects that are composed of proprietary algorithms but rather organization of common concepts (accessing, manipulating and displaying data). As far as patents in general, I don't see pharmaceutical companies profitting as a bad thing. Its what drives research. My only problem with it is when some countries (typically the US) pay MORE than other countries do to those countries putting price caps on drugs. Now, I'm not going to get into that whole thing, as its entirely political and off-topic, but I don't think removing all patents is the answer.
This is about the software. The fact that they don't even look at Palm's software products makes me think the publisher of the article has an axe to grind.
Here's a hint, if I write an email program for you and store your password in plaintext, there's *NOTHING* Windows can do to stop me.
The fact of the matter is that sadly, a huge amount of software has security flaws in it, which is why most of us real developers aren't so quick to whip out the "MS is the only software company that makes insecure software" card at the drop of a hat.
Corporate phones with customized features that suit the corporation, things of that nature.
I think if you're considering it for "Your average Joe", you're missing the point. Its for both Linux/mobile buzz and IMHO, where it will shine is for large corporations.
Patents make sense in a lot of markets. They make sense in hardware engineering, metallurgy, pharmaceuticals, etc.
They make no sense whatsoever in software engineering.
Frankly, the problem is that lawyers and to some extent business people don't understand how programming works. Most of the "nature" of a program is a matter of organization, *not* research. There are very few things I could see as patentable in software engineering. Namely maybe Google's search algorithm, or some program that makes scientific predictions based on an algorithm, things like that. The problem is that judges and business people can't make that distinction because they are too far removed from how computer programming is done.
So you have what we have today. People are trying to patent even the most fundamental aspects of software design. All it does is completely clutter the industry with bs lawsuitery and legal nonsense. It staggers progress and increases cost of development due to patents which should never have been granted due to their vagueness.
Honestly, I'd rather see people ripping off Google's algorithms than what occurs now, this is a serious case of the cure being worse than the disease.
This I tend to agree with but I don't view it so much as a "security software shortcoming" as a "convenience against security tradeoff" in their business model. I classify it as a separate thing because that isn't a "hole", its very much "by design" in order to cater to people who know jack all about computers.
And its not a matter of being insecure at the software level, its a matter of bad practices implemented to make things convenient for "low knowledge users" in home environments.
While I get what you're saying, I separate the two issues, because you're fundamentally talking about two separate things. If every UNIX engineer wrote software the way they write it for Windows, you'd have an equal amount of UNIX issues. But either way, its more of a procedural practice thing than it is a "bug" thing. When I'm talking about security holes I restrict it to things you can't prevent (remote exploits like buffer overruns) or things that shouldn't be happening (ie, elevated privileges).
No I didn't make that implication at all, you just misunderstood what I was saying. FYI, most open source is done in low level languages, which are a pain in the ass. Sometimes its more of a tradeoff than its worth and closed source is merely more efficient in many projects.
Viruses and you. In this case we're talking about locally executed binaries that are being run with root(admin) privileges.
I just felt it had to be said but : Since when can you not totally mess up a Linux system when you're running software as root?
I don't see local software running as root and therefore having root permissions as "a security hole". The only security holes I worry about is elevated permissions and unauthorized installs such as the 0-day IE exploit and buffer overruns.
While I'm glad MS is securing stuff, I'd rather they do it via preventing 0-day exploits/permission elevations and implementing "sudo/pass-request" sorts of requirements for installing software and accessing system internals in order to make the process more transparent and auditable.
Summarily, you should not be able to totally mess up the system with any piece of software you run in a standard Windows home installation. Force a root login for that sort of thing, at least that'd make it somewhat obvious what's happening. That being said, the problem with windows (asides those I've mentioned which are valid security holes), lies not in the admin account being insecure but rather the fact that everyone and their uncle is an admin the entire time they're running.
Not for nothing but you guys want it both ways.
You complain that MS is insecure, then complain when they make attempts to become secure. I agree with the above poster that it should be toggleable. MS doesn't cater well to people who are tech savvy enough to handle this stuff themselves. However, which is it? Complain about MS's insecurity or security? As far as I see it, basing a business model around an OS's insecurity in the long run is a game of diminishing rewards year after year.
Likewise, Symantec specifically hasn't done much of late in the way of protecting home users anyway. Half the time I view their A/V as "a cure worse than the disease", especially since its mostly ineffective anyway against modern worms/viruses. Their corporate edition is the only thing they sell worth a damn as far as A/V & Security goes.
Anyone want to place bets on how long it'll take them to sue?
Flash is not the end all and be all of web application creation. First of all, Flash runs client-side. Which means if you have a lot of things happening on the backend, you need a well interfaced method of handling commands in a pseudo stateless manner running on the server via web services or some other method. Additionally you will probably have to shift things onto the server anyway, since Flash's execution is so bloated that it will cripple low end machines.
Using Flash for a web application, even with Flex, is a stretch/hack of what Flash is built to do. Flash is a media client and thats how it performs best. Is it possible that it could change in the future? Sure. But at least at the moment, you'd be dumping a lot of development money into what is right now the wrong tool to do that sort of thing.