Linked by Thom Holwerda on Sun 25th Sep 2005 12:22 UTC, submitted by Andrew Bragdon
Privacy, Security, Encryption To respond to the somewhat alarmingly real threat of spyware, malware, and to a lesser extent viruses on the Windows platform, Microsoft used its recently-acquired security technology combined with its own in-house work to build Windows OneCare Live (codenamed Atlanta). Read here for a preview. Please note that the 'next' button is placed underneath the Google ads, almost invisible.
Order by: Score:
Selling the problem and the solution?
by Anonymous on Sun 25th Sep 2005 14:22 UTC
Anonymous
Member since:
---

As an ex Windows XP user, I've never had any trouble with virii, malware or adware. I was a windows user for 10 years. This huge malware problem that apparently exists is mainly due to a lack of training for end users.
It amazes me that users will still open suspect attachments to emails and install applications from download.com
But I suppose C programmers are still not checking their buffers. So I guess nobody learns.
- Jesse McNelis

Reply Score: 0

kaiwai Member since:
2005-07-06

To a certain extent, regarding end users, you're correct, however, for many, it just appears on their computer - if they fail to update, its due to the bugginess of Microsofts updating software and browser that causes problems.

Take my Aunty, for example, I tried to update her computer, and everytime I tried to get to the Windows update site, the special applet required failed to download, and once downloaded, it tried to load, only resulting in the whole machine locking up. How can a user update when they can't even get the update site to work properly - just as a side issue, why does Microsoft FEEL the need to use a web based updater when an updater like Red Hat Network/Fedora would be alot better, and would require the installation of various applets and so forth, just to get things working properly?

Oh, and just as a side issue; why doesn't Microsoft re-write their whole HTML rendering engine in C# (plus various other parts of the browser), along with dropping ActiveX support in favour of something like ActiveX like technology using C# - alot of the problems would be solved, and IE would no longer be the axis of which virus come and go on the Windows system.

Reply Score: 1

sappyvcv Member since:
2005-07-06

Enable automatic updates and it doesn't use web-based.

Reply Score: 1

kaiwai Member since:
2005-07-06

Which doesn't allow one to pick and choose which updates one wishes to download and install NOR does it allow the end user to download feature updates like the latest version of Mediaplayer or non-critical updates that are unavailable via the auto-update system.

Reply Score: 1

CPUGuy Member since:
2005-07-06

Well, you can pick and choose, actually.

But you are right, no feature updates.

Reply Score: 1

kaiwai Member since:
2005-07-06

Which kinda goes back to; why have a netbased updating tool when something that is locally run would do alot better job? I admit that the RHN and what SUN provides may not be the best but quite frankly, its a darn site better than what Microsoft is expecting its user to use.

Windows Update can be confusing at times, even for the most experienced users; especially in the case of driver updates that bugger up the system rather than updating it - as with the case of my flatmates Radeon card and Windows Update inability of being able to work out that he has a new version of the driver than what is on offer on the Windows Update site.

Reply Score: 1

Anonymous Member since:
---

why doesn't Microsoft re-write their whole HTML rendering engine in C# (plus various other parts of the browser), along with dropping ActiveX support in favour of something like ActiveX like technology using C# - alot of the problems would be solved, and IE would no longer be the axis of which virus come and go on the Windows system.

A lot of the interoperability between different parts of MS Office rely on ActiveX, for example cutting and pasting an Excel table into a Word document so that you can edit the table in place inside Word. None of the core parts of MS Office are written in C#, nor are their any announced plans to port them.

Paul G

Reply Score: 0

kaiwai Member since:
2005-07-06

True, ActiveX is a good technology - don't get me wrong, but at the same time, there is a vulnerability lard enough to fly a 747 through; if they must, don't ALLOW ActiveX applets in the browser; relegate the technology to locally run applications OR some how find a way to sandbox the ActiveX technology so that if Mr Evil ActiveX applet rolls along, the worst it can do is produce an error message when it tries to step outside the sandbox.

Microsoft make great technology, too bad they never think about the design of the technology and the possible ways that the technology can be exploited for evil, if not properly bolted down and secured.

Reply Score: 1

CPUGuy Member since:
2005-07-06

IE7 is locked down in such a way that it does not have read/write access to anything other than history folder and temp inet files folder.

Of course, you still have to click yes to install an ActiveX control, and those can still work outside of IE. The thing is though, you literally have to click yes to install an ActiveX control (this is true in IE6 and lower as well). An ActiveX control can NOT be automatically loaded into your system, and as such, the biggest problem is user knowledge.

Though, it would be nice to limit the access rights of ActiveX controls so that the user doesn't have to worry about "Is this something bad or good?"

Reply Score: 1

kaiwai Member since:
2005-07-06

Of course, you still have to click yes to install an ActiveX control, and those can still work outside of IE. The thing is though, you literally have to click yes to install an ActiveX control (this is true in IE6 and lower as well). An ActiveX control can NOT be automatically loaded into your system, and as such, the biggest problem is user knowledge.

True, but at the same time, I'm sure you've seen deceitful sites claiming to be legitimate suppliers of software; for internet savvy people like us, we can easily dismiss these things knowing they're hogwash, but for a first time, inexperienced net user, they have the same naivity of a child, assuming that everyone on the internet is nice and honest - which as we know, isn't true.

Though, it would be nice to limit the access rights of ActiveX controls so that the user doesn't have to worry about "Is this something bad or good?"

Yeap; if the user is forced to download the software then forced to navigate the file system to launch the file, then atleast it would force a user to jump through a few hoops, so if they have clicked something by accident, the worse that can happen is to have an unwanted download sitting on their harddisk.

Reply Score: 1

sappyvcv Member since:
2005-07-06

Vista+IE7 is supposed to fix this, but who knows. I do think MS is taking security more seriously, but we know they won't take ActiveX out, so we just gotta hope they do it right this time.

Reply Score: 1

Anonymous Member since:
---

You should check your Aunty's computer for what is called 'spyware' and 'malware.'

The story you tell while may be real, but is definitely not common.

Reply Score: 0

v pretty good idea but
by Anonymous on Sun 25th Sep 2005 14:38 UTC
RE: pretty good idea but
by Anonymous on Sun 25th Sep 2005 16:22 UTC in reply to "pretty good idea but"
Anonymous Member since:
---

well, you're ideal solution would be to have a thin client (harddriveless, maybe running on a compact flash card)and have your personal data on a USB key drive.

The price of new computers is so low now that no one really uses a setup like this, but if I was a school administrator, this is how I'd do it--Thin clients for the kids, with a powerful server running all the programs, and 256mb USB drives for all the teachers.

think of it, unless something physically bad happens to each thin client, THERE IS NO NEED FOR SERVICE, you only have to service the server.

I'd love to see a K12LTSP system running, I think it's an unbelievably great idea.

Reply Score: 0

RE[2]: pretty good idea but
by Anonymous on Sun 25th Sep 2005 16:43 UTC in reply to "RE: pretty good idea but"
Anonymous Member since:
---

I wouldn't be surprised if that's why Google hired Mark Lucowsky (sp?). Eric Schmidt pulled out a hard drive from a PC bay during the interview, tossed it on the desk, and said, "look Mark, that should be a cache and nothing else."

Paul G

Reply Score: 0

RE[2]: pretty good idea but
by Anonymous on Sun 25th Sep 2005 17:03 UTC in reply to "RE: pretty good idea but"
Anonymous Member since:
---

> well, you're ideal solution would be to have a thin
> client (harddriveless, maybe running on a compact flash
> card)and have your personal data on a USB key drive.

I think it would be even better to have the data stored encrypted on the server, with only the decryption key stored on a USB memory stick. The decryption key would be incomplete and need a password to be complete. USB sticks can get lost, and this way you only have to back up the stored key once, and it would be useless without the password.

- Morin

Reply Score: 0

RE[3]: pretty good idea but
by jaboua on Sun 25th Sep 2005 17:09 UTC in reply to "RE: pretty good idea but"
jaboua Member since:
2005-09-08

No way I would trust having all my data kept on a remote server controlled by a big corporation! The only place I would do something like that is the terminalserver at school, but I wan't to keep all my personal data for myself. Besides, I wan't my own system, not a remote system to control everything.

Reply Score: 1

Hm
by Buck on Sun 25th Sep 2005 14:53 UTC
Buck
Member since:
2005-06-29

I guess they think it's a price you should pay for convenince. Or something.

Reply Score: 1

v extorsion?
by Anonymous on Sun 25th Sep 2005 16:25 UTC
Bad review
by Anonymous on Sun 25th Sep 2005 23:04 UTC
Anonymous
Member since:
---

I swear to god.. whoever wrote that article is an idiot.

For all the Microsoft beta testers out there, everyone knows that OneCare Beta Live hasn't integrated Spyware detection features yet.

Reply Score: 0

RE: Bad review
by CPUGuy on Sun 25th Sep 2005 23:14 UTC in reply to "Bad review"
CPUGuy Member since:
2005-07-06

Ummm... yes it has.

I tested it... it found something that MS Antispyware didn't find, ripped it out... of course, after it did this it would boot up, I'd log in, and then it would just sit there with a blank desktop for about 30 seconds, and then finally start loading up.

Reported the bug, it was, apparently, already submitte dby someone else.

Reply Score: 1