While we’re on the subject of so-called value-added services, Microsoft just announced that they will be offering a subscription-based service called Windows OneCare Live. Quoth the Chicago Sun-Times:
Um. Wait. Wait, wait, wait. Am I reading this correctly? Microsoft, the folks whose security holes are the stuff of infamy and constant patches and service packs, have the juevos grande to try and sell to us, apparently the unabashedly credulous public, a security solution?! At $50 a year? To compete with security experts like Symantec and McAffee?
For fuck’s sakes, “Microsoft Security” is the new “Military Inteligence!” Two words that beat the everliving shit out of each other when you put them together. I mean, I dig WinXP and all, but I gotta keep it real: it’s about as secure as an open vault in an deserted bank. Now they expect me to consider their “security” package as a suitable alternative to existing, trusted, well-established products?
Jesus fucking Christmas, Steve. You either leave a pair of rounded grooves between your footprints wherever you walk or you’re just clinically retarded.
There are plenty of things which piss users off other than just worms and viruses.
Think of popup ads for example. Some of us are aware that if you download one of the popular “anti ad” hosts files which are on the net, all your pop up problems go away for ever. Without the need for spyware or anti-ad software. New entries have to be added all the time to your “hosts” file of course.
Those sorts of tricks are probably what you’d be paying for I imagine.
And though funny it is just as inaccurate. While Windows is probably not the best thing to ever happen to computers it does what it is supposed to as well as could reasonably be expected from such a complex program. I would bet that if Linux were as popular as windows you would see the same number of security issues with it. But since it is such a small share of the overall market it is not worth it for hackers to find these holes to exploit.
I absolutely disagree that Windows isn’t the best thing ever to happen to the computer. Without Windows, the computer would likely still be used by only administrators and powersusers, developers in large companies. Windblows took it out of the industrial environment, and into the consumer realm.
Without that, hardware would still be ultra-expensive, the internet would still be in its infancy.
THat’s not to say that Windows in the end-all, be all of the computer world. And that’s also not to say that at times, Windows hasn’t been less than reliable and less secure than it should be. Given a large enough audience, the weaknesses of any OS can be found out and exploited.
Microsoft is diversifying-they already own most of the markets they’ve entered and they’ll be looking to slowly but surely acquire more market-share of more sectors within the tech and business world. And they’ll do it, and do it in big fashion and succeed at the same time, too.
Windows was one in a series of “killer apps”[sup]1[/sup] that led to computers being as ubiquitous as they are, but it was certainly not the only one.
My problem with this is not that I assume they’ll do a poor job, but just the logic of it all. If Microsoft identifies vulnerabilities in Windows, has can they justify withholding the fixes from their Windows customers who don’t want to subscribe to this new service?
And Microsoft has made a practice of adding capabilities to Windows that used to be separate apps, like a browser or a media player, and claiming that they were integral to the operating system. Now they’ve got something that really should be part of the OS and they’re going to charge me more for it.
Although it’s an operating system (yeah, I know) and not an application, I’m using this in the figurative sense of those milestones that establish new, obviously useful capabilities for computers.
Let’s look at the features they offer, then:
[ul][li]Antivirus and firewall. Not traditionally a built-in part of the OS. Nonetheless, MS now provide you with a free, basic firewall in the new built-in security center, and regularly prompt you to install an anti-virus program (which up until now meant their competitors’ products) if you had not already done so. Note that they are not going to stop doing either of these things once OneCare is launched.[/li][li]Backup and restore. Again, not a traditional out-of-the-box function. Again, basic restore functionality is already present in Windows, and is not getting taken out.[/li][li]Tune-up. Defragging, superfluous file removal, backup monitoring, etc. Only one of these could really be considered a core OS function, and that’s defragging. Again, it’s already there, and again, it’s not going away; they’re just including it in one nice easy place.[/ul][/li]I don’t know; none of this really scandalises me. It has been perfectly possible for quite some years now to run a secure, stable Windows PC - I can count the number of crashes I’ve had since about 2001 on the fingers of my head. It does require a small amount of care and knowhow, and it seems that what Microsoft is trying to do here is provide an all-in-one security service for people who don’t want to bother themselves with tinkering. I don’t see why this is evil, and I don’t see why it should be provided free of charge when all the basic essentials for security are already provided, and have been for some time.
And finally, no; they are not even remotely talking about withholding security updates from non-OneCare customers. This is about providing a one-stop shop for people who don’t want to spend time maintaining their PC themselves.
I suspect this is more fallout from the federal anti-trust case. Can you imagine what Norton, McAfee, et al, would say if all these applications were rolled into Windows?
That’s bullshit. Windows servers running IIS get hacked way more often than Linux servers running Apache, despite Apache owning 70% of the webserver market.
While I am sure that some of the perception that Windows is insecure is due to it being the market-leading OS and therefore the prime target of hackers, I don’t buy that it’s the only reason. Some of the more serious exploits – buffer overflows in the parsing of certan image formats, for example – are just bad coding. The recent Windows Metafile exploit? I’d award it a Darwin if such applied to programming “genius.” The vast number of holes in the Windows TCP/IP stack over the years? Sure, most of them have been patched up by now. The problem is that even with XP, it is still, at its core, old technology, and much of the time the exploits we are seeing now stem from problems that were never fixed (and in some cases possibly weren’t even known) in previous versions.
Equally, I am sure that if the market share belonged to Linux we would see a greater number of exploits there, too – but I’d wager my last buck they wouldn’t number anywhere near what we see in Windows, nor would they be as severe. Linux has always been built around a heirarchial user security system long before Windows was ever a wet spot on Bill’s trousers. It has had a great deal longer to refine and improve its position as a secure, stable OS. Additionally, its position as a free, open-source OS has given it an immensely broad developer and tester network, and so more issues get fixed more quickly and with much better results.
Don’t get me wrong, I’m no Linux fanboy – I run XP. I like XP. Everything I want and like to do is available in vast quantity and variety on XP. I simply respect Linux for what it is, and recognize Microsoft’s shortcomings with respect to the whole concept of security. That’s why the very idea that Microsoft wants to publish a commercial “security” solution strikes me as absurdly funny.
As Buddy Hackett put it, “What’s the secret to great com–” “TIMING!!!”
If you subscribe to this service, you will probably get such fixes sooner, if not in real-time, which, btw, is exactly what you get when you buy the pay-to-play versions of AdAware and ScanBot. In order to make this more attractive, they will probably delay the publicly-available downloads for the unwashed masses who are willing to wait a few months for their bug fixes.
I was thinking about this yesterday. Consider this: Twenty years or so ago, if you wanted a good (not great, just good) stereo, you bought a good tape deck, and a good amp, and a good turntable, and good speakers, all from different manufacturers, because nobody did them all well. Nowadays, if you want a good stereo, you can get them all in one package. Software is following the same evolutionary process: in the past, if you wanted good protection, you bought an antivirus, a popup stopper, malware stopper, firewall… all frmo different vendors, because nobody di all of them well. Now, you can get packages which do them well.
On the other hand, if you want a great stereo, you still need to part it out, and if you want a great security suite for your pc, you still go with the individual vendors…
Quite; MS really can’t win. If they provide it free, it’s bundling, and if they don’t, it’s milking. People (rightly) harangued them when they didn’t give a shit about security, but now when they make big improvements, people still scream blue bloody murder every time a MS employee farts.
IIS is not Windows, and running a server is vastly different to maintaining a desktop system.
Cite (for the exploits, not the market share)? Since the demise of the various exploit archives around the web like attrition.org and alldas.de, there’s been a distinct dearth of figures regarding hacked servers. Going by CERT vulnerability advisories, there’s not much to choose between the two (I realise that Apache advisories suffer from multi-platform duplication sometimes, and thus get spuriously boosted, but still).
Considering that most servers get hacked through badly-configured software running on them, like bulletin boards and such, could you explain how we’re supposed to extrapolate directly from exploit instances to server software security?
Even assuming there weren’t, how would this possibly contradict the claim that it is Windows that has brought home computing to the truly mass market?
Is there any chance that this thread could be prevented from becoming a traditional “Windows sucks!”, “No, Macs suck!” shitfest, and instead concentrate on the topic at hand?
But don’t you see that laughing at MS for being insecure, and also laughing at their attempts to get better is fundamentally self-serving? Again; this product does not deliver “security” per se; the necessary products are already provided or available. It delivers convenience, for those who don’t want to bother with managing security themselves. I don’t see why this is a laughable offering.
It is the same kind of irony you get from the idea of ex-FEMA director Mike Brown stepping down amid the Katrina emergency response scandal to start – what? – his own disaster emergency preparedness firm.
It is simply the idea that Microsoft, considered no great genius when it comes to security, is suddenly trying to position itself as enough of a security expert to release a commercial subscription service to compete with companies who are already well-established, bona fide experts in security.
I’ll bet even Steve Gibson is snickering up his sleeve.
Cheap computers brought computing to the truly mass market. Microsoft just rode the wave. It took them until 1995 before they had an operating system that was actually significantly more useful than DOS.
Again, I’ve found my XP PC to be perfectly secure, by dint of better MS efforts and my own informed maintenance. Microsoft is recognising that the majority of PC users aren’t going to make that sort of in-depth effort, and are providing a service to take care of it for them. You are making the presumption that MS can never get better at security, when they plainly already have. Plus, surely if you don’t like MS’ security service, you should be happy that they’re not providing it free; this way, you still have the opportunity to choose their competitors. This is what bugs me: Microsoft are simultaneously being harrassed for:
[ul][li]Being shit at security[/li][li]Making attempts to improve security[/li][li]Bundling products[/li][li]Offering products for money[/ul][/li]You’ve got to admit that this makes it slightly difficult for them to please everyone.
Yeah, but that’s because he’s been licking the resin from capacitors again, and is on another massive high. Heh, nano-probes.
Rode the wave by recognising and encouraging the commoditisation of PC hardware, and providing an OS that people could use on said wide variety of hardware. I don’t really care what you think of MS, and I don’t care what you think of Macs (which I like very much); but to deny that MS played the major part in bringing computing to the masses is like denying the nose on your face.
Please tell me you don’t have some sort of terrible skin-melting condition.
Skin-melting condition, i.e. one which would make my “nose-denying” comparison look rather foolish. Meant to type “face-melting”. It’s late on a Friday and I’m going home to drink more beer than is good for me. :smack:
A combination of the fact that other vendors besides IBM were allowed to make computers that DOS (and then Windows) would run on, while the Mac OS really only runs on Macs, and that there were many more people in the early 80’s using PCs at work than Macs, so that when they bought a computer for home use, most of them bought a PC because it was what they knew. Microsoft just rode the wave, as pointed out above.
