OSNews

Hehe, thanks, got a good laugh at that one.

That's what I thought the article was going to be about when I read the title. OpenBSD is the best.

I wouldn't go to the point of using the word "illegal", but it is pretty shady. Imagine if Ford had reacted to the Firestone debacle by offering upgrade tires that weren't prone to separation of the tread. Or if it had offered, as optional equipment, a gas-tank that wasn't prone to exploding on the Pinto.

OneCare doesn't add any security to the OS you can't get without it. You can script or use Task Scheduler for automating backup and defrag, and the OS already includes a firewall. Egress filtering firewalls and automatic AV monitoring are available for free from other vendors (and in certain cases from MS). OneCare just packages these things together.

The Firestone debacle was actually Ford's fault. They didn't follow Firestone's guidelines and underinflated the tires.

hmmm, yes but people have a choice not to purchase Windows.

"hmmm, yes but people have a choice not to purchase Windows."

Sort of..... The fact is many people are probably unaware that they have this option. If you go in to any mainstream store that sells computers in this country (the UK) the options will be to include Windows. In some cases they may have the option to buy a more expensive Mac. Nowhere offers any of the free OS's on an entry level priced PC.

Where is the incentive to improve the security of the OS if instead you can make money afterwards by selling the add-on.

People buying the OS is incentive to improve it. OneCare is a simplified, automated package for home users. MS still has corporate and government customers (the bulk of their customers) that can't use OneCare in their environments, and most of them actually know how to secure the OS without packages like OneCare anyway..

That is why you sell them the updated and improved corporate edition while leaving the home user to purchase the un-updated edition along with OneCare. How about that conspiracy theory?

That is why you sell them the updated and improved corporate edition while leaving the home user to purchase the un-updated edition along with OneCare. How about that conspiracy theory?

If they did create a corporate edition, that doesn't mean they'd stop updating the home edition. As it is, the home edition would need to be updated anyway as Vista's included functionality is greater than the current OneCare (sans AV). If a corporate edition existed, it'd likely just provide an easier way of setting enterprise policy, implementing best practices, and would bind technologies most enterprises are already using into a unified dashboard. Technically SCOM (pka MOM) and Forefront already do this, and that's basically what OneCare does for home users.

Since corporate users are already covered, a business branded OneCare would probably be targeted at Small Businesses and maybe corporations that want MS to provide hosting, but that OneCare would necessarily have little resemblance to the current OneCare.

Edited 2006-08-30 07:09

People buying *other* OSes is incentive to improve it, you mean.

Look what happened to IE before and after the "Firefox surge".

Re: the down-modding: This is turning into a Microsoft-uber-troll site. I thought OSnews policy was "not to tolerate abuse"?

Edited 2006-08-30 15:37

Silly isn't it. I just try to ignore it anymore. Honestly, what was in your or my post to deserve a mod down? Well, maybe your post! J/K

Maybe they should only consider mod-up points only, or something? Less mod points? More mod points for those who use them appropriately? Heck, I am clueless...

Maybe they should only consider mod-up points only, or something? Less mod points? More mod points for those who use them appropriately?

Yeah...personally I hardly ever mod anyone down...because it's much more fun writing a paragraph or two telling them how full of s**t they are! ;-)

EXACTLY! Hey wait a minute - was that you telling me how full of stuff I was in that last thread. be prepared for a mod down from me. ARGH!!!

I wish I could figure out how to edit my posts! Anyway, I found your post to be 'spot on' and therefore you have received one of my precious points.

Thanks, nice of you!

All of those things except automatic AV monitoring do exist in the current OS. You don't need OneCare to secure Windows. OneCare doesn't address deficiencies in the OS as much as it does deficiencies in the security habits/knowledge of some of its users.

Well the one care sight seems to state that is what they are providing....

As Windows was a pre-internet designed OS, security being an afterthought, it created the big OS-security market (and its revenues) that could not have existed in an (imaginary) world dominated by OSX, *BSD or Linux.

Pre-NT, yes. NT, no. Many of Windows' current security problems come from users that don't know how to properly configure it, and from MS choosing to have users run as Administrator by default (and not enabling the firewall by default in XP RTM) so they'd have the least impact running applications not designed for NT and applications not designed with running as standard user in mind.

NT has had and does have equal/better security than the OSes mentioned above, it's just a matter of using what's already available and also protecting the user from themselves. In the beginning, they figured that just by the tools being available users could take care of themselves. This proved not to be the case.

*n*x vendors have always had their share of security products, consultants, and services as well. Many companies regularly pay Sun, IBM, et al., to handle their IT infrastructure for them.

If the price for security is similar to the price of the OS itself, instead of a fraction of it, something funny is going on.

There are hardware firewalls, network monitors, and other tools that cost more than many OSes. You're right that most people probably spend too much on security products, but this really depends on the knowledge of the customer and the type of solution they want.

I wonder which government will force Microsoft (following anti-monopoly laws) to produce an OS without their own spyware-killer, in order to give the competition a chance.

The US government won't as security was one of the exemptions in that case. I can see the EC or SK trying to at the urging of mostly American companies similar to the WMP and Messenger mess.

If MS ever produces an OS that is, like OpenBSD, secure by default, they might get sued.

They've been sued for less. However, look at all the FUD Symantec and other "security" companies are spreading about Vista. I can see a lawsuit from them (and counter by MS) because MS won't let them put rootkits in x64 XP and Vista.

Edited 2006-08-30 08:51

NT has had and does have equal/better security than the OSes mentioned above, [these OSes mentioned being BSD, OSX, Linux] it's just a matter of using what's already available and also protecting the user from themselves. In the beginning, they figured that just by the tools being available users could take care of themselves. This proved not to be the case.

XP (="NT 5.1") is based on the NT kernel. A fresh XP installation, unpatched, is compromised online within minutes. How can anyone claim that that system has "equal or better" security than a.o. openBSD or OSX? Isn't giving users admin. priviliges by default part of design or something?

This type of incorrect and unfair reasoning is what leads to the endless flaming that people are so tired of. I'm looking forward to hear of Windows' good sides as a Fedora/OSX user. I'll be the first to admit that Linux can be compromised. But let's stick to facts here, instead of fiction.

XP (="NT 5.1") is based on the NT kernel. A fresh XP installation, unpatched, is compromised online within minutes. How can anyone claim that that system has "equal or better" security than a.o. openBSD or OSX? Isn't giving users admin. priviliges by default part of design or something?

XP is only compromised if you don't enable the firewall or have a hardware firewall for your environment. The same could happen to older versions of *n*x with known vulnerabilities. Again, MS made the mistake of thinking that just providing the tools was enough. They've since learned that you can't trust the user to secure themselves, you have to provide the most secure environment by defaultm then also try to keep them from creating an insecere environment.

This type of incorrect and unfair reasoning is what leads to the endless flaming that people are so tired of. I'm looking forward to hear of Windows' good sides as a Fedora/OSX user. I'll be the first to admit that Linux can be compromised. But let's stick to facts here, instead of fiction.

There is no fiction in my assertions. The fiction is in believing that Windows can't be secure or that it had no security until XP/Vista. The tools were always there. They were more advanced than Unix when introduced. Businesses have used them for years. The problems came in MS expecting home users to be able to secure their systems like the businesses had bee doing.

What attacks are we protected against?
The biggest scandal to come out of the Sony rootkit debacle is that no security software stopped it. Most companies considered it to be a legitimate purpose. Will MS software protect the computer against such attacks? If not, then it appears that they do not truly work for their customers but for some other entity. If this is the case, who should be paying?

The fact is almost no OS prevents other software from hooking the kernel beyond the usual user privilege protections. Rootkits are available for almost all major platforms.

With x64 XP and Vista, MS required all such software to be signed by them. This irked companies like Symantec who currently hooks the kernel in x86 to counter detection of their products by malicious software. Their (and other "security" companies) argument is that their software helps the user so they should be allowed access. MS' position is that no software should ever hook the kernel because it almost always leads to instability and a performance hit, plus the software can hide from the OS and it potentially opens the user to exploitation.