To respond to the somewhat alarmingly real threat of spyware, malware, and to a lesser extent viruses on the Windows platform, Microsoft used its recently-acquired security technology combined with its own in-house work to build Windows OneCare Live (codenamed Atlanta). Read here for a preview. Please note that the ‘next’ button is placed underneath the Google ads, almost invisible.
As an ex Windows XP user, I’ve never had any trouble with virii, malware or adware. I was a windows user for 10 years. This huge malware problem that apparently exists is mainly due to a lack of training for end users.
It amazes me that users will still open suspect attachments to emails and install applications from download.com
But I suppose C programmers are still not checking their buffers. So I guess nobody learns.
– Jesse McNelis
To a certain extent, regarding end users, you’re correct, however, for many, it just appears on their computer – if they fail to update, its due to the bugginess of Microsofts updating software and browser that causes problems.
Take my Aunty, for example, I tried to update her computer, and everytime I tried to get to the Windows update site, the special applet required failed to download, and once downloaded, it tried to load, only resulting in the whole machine locking up. How can a user update when they can’t even get the update site to work properly – just as a side issue, why does Microsoft FEEL the need to use a web based updater when an updater like Red Hat Network/Fedora would be alot better, and would require the installation of various applets and so forth, just to get things working properly?
Oh, and just as a side issue; why doesn’t Microsoft re-write their whole HTML rendering engine in C# (plus various other parts of the browser), along with dropping ActiveX support in favour of something like ActiveX like technology using C# – alot of the problems would be solved, and IE would no longer be the axis of which virus come and go on the Windows system.
Enable automatic updates and it doesn’t use web-based.
Which doesn’t allow one to pick and choose which updates one wishes to download and install NOR does it allow the end user to download feature updates like the latest version of Mediaplayer or non-critical updates that are unavailable via the auto-update system.
Well, you can pick and choose, actually.
But you are right, no feature updates.
Which kinda goes back to; why have a netbased updating tool when something that is locally run would do alot better job? I admit that the RHN and what SUN provides may not be the best but quite frankly, its a darn site better than what Microsoft is expecting its user to use.
Windows Update can be confusing at times, even for the most experienced users; especially in the case of driver updates that bugger up the system rather than updating it – as with the case of my flatmates Radeon card and Windows Update inability of being able to work out that he has a new version of the driver than what is on offer on the Windows Update site.
why doesn’t Microsoft re-write their whole HTML rendering engine in C# (plus various other parts of the browser), along with dropping ActiveX support in favour of something like ActiveX like technology using C# – alot of the problems would be solved, and IE would no longer be the axis of which virus come and go on the Windows system.
A lot of the interoperability between different parts of MS Office rely on ActiveX, for example cutting and pasting an Excel table into a Word document so that you can edit the table in place inside Word. None of the core parts of MS Office are written in C#, nor are their any announced plans to port them.
Paul G
True, ActiveX is a good technology – don’t get me wrong, but at the same time, there is a vulnerability lard enough to fly a 747 through; if they must, don’t ALLOW ActiveX applets in the browser; relegate the technology to locally run applications OR some how find a way to sandbox the ActiveX technology so that if Mr Evil ActiveX applet rolls along, the worst it can do is produce an error message when it tries to step outside the sandbox.
Microsoft make great technology, too bad they never think about the design of the technology and the possible ways that the technology can be exploited for evil, if not properly bolted down and secured.
IE7 is locked down in such a way that it does not have read/write access to anything other than history folder and temp inet files folder.
Of course, you still have to click yes to install an ActiveX control, and those can still work outside of IE. The thing is though, you literally have to click yes to install an ActiveX control (this is true in IE6 and lower as well). An ActiveX control can NOT be automatically loaded into your system, and as such, the biggest problem is user knowledge.
Though, it would be nice to limit the access rights of ActiveX controls so that the user doesn’t have to worry about “Is this something bad or good?”
Of course, you still have to click yes to install an ActiveX control, and those can still work outside of IE. The thing is though, you literally have to click yes to install an ActiveX control (this is true in IE6 and lower as well). An ActiveX control can NOT be automatically loaded into your system, and as such, the biggest problem is user knowledge.
True, but at the same time, I’m sure you’ve seen deceitful sites claiming to be legitimate suppliers of software; for internet savvy people like us, we can easily dismiss these things knowing they’re hogwash, but for a first time, inexperienced net user, they have the same naivity of a child, assuming that everyone on the internet is nice and honest – which as we know, isn’t true.
Though, it would be nice to limit the access rights of ActiveX controls so that the user doesn’t have to worry about “Is this something bad or good?”
Yeap; if the user is forced to download the software then forced to navigate the file system to launch the file, then atleast it would force a user to jump through a few hoops, so if they have clicked something by accident, the worse that can happen is to have an unwanted download sitting on their harddisk.
Vista+IE7 is supposed to fix this, but who knows. I do think MS is taking security more seriously, but we know they won’t take ActiveX out, so we just gotta hope they do it right this time.
You should check your Aunty’s computer for what is called ‘spyware’ and ‘malware.’
The story you tell while may be real, but is definitely not common.
I’m worried about these desktop products from MS and Google blurring of privacy boundaries between my hard disk and the servers of a giant corporation which mines and sells consumer data for marketing and product development purposes (and also, perhaps at the request of Federal agencies or the courts). Corporate desktops have already moved in this direction, where you have to assume that everything you type is monitored by the bit police.
You start to wonder whether it makes sense to have a hard disk at all, except maybe as a cache that can be discarded after each logon sessions.
Paul G
well, you’re ideal solution would be to have a thin client (harddriveless, maybe running on a compact flash card)and have your personal data on a USB key drive.
The price of new computers is so low now that no one really uses a setup like this, but if I was a school administrator, this is how I’d do it–Thin clients for the kids, with a powerful server running all the programs, and 256mb USB drives for all the teachers.
think of it, unless something physically bad happens to each thin client, THERE IS NO NEED FOR SERVICE, you only have to service the server.
I’d love to see a K12LTSP system running, I think it’s an unbelievably great idea.
I wouldn’t be surprised if that’s why Google hired Mark Lucowsky (sp?). Eric Schmidt pulled out a hard drive from a PC bay during the interview, tossed it on the desk, and said, “look Mark, that should be a cache and nothing else.”
Paul G
> well, you’re ideal solution would be to have a thin
> client (harddriveless, maybe running on a compact flash
> card)and have your personal data on a USB key drive.
I think it would be even better to have the data stored encrypted on the server, with only the decryption key stored on a USB memory stick. The decryption key would be incomplete and need a password to be complete. USB sticks can get lost, and this way you only have to back up the stored key once, and it would be useless without the password.
– Morin
No way I would trust having all my data kept on a remote server controlled by a big corporation! The only place I would do something like that is the terminalserver at school, but I wan’t to keep all my personal data for myself. Besides, I wan’t my own system, not a remote system to control everything.
I guess they think it’s a price you should pay for convenince. Or something.
Why would I need to pay to get relief from a faulty and insecure product that I have bought? That sounds somewhat more like an extorsion scheme than good business practice.
I swear to god.. whoever wrote that article is an idiot.
For all the Microsoft beta testers out there, everyone knows that OneCare Beta Live hasn’t integrated Spyware detection features yet.
Ummm… yes it has.
I tested it… it found something that MS Antispyware didn’t find, ripped it out… of course, after it did this it would boot up, I’d log in, and then it would just sit there with a blank desktop for about 30 seconds, and then finally start loading up.
Reported the bug, it was, apparently, already submitte dby someone else.