Microsoft is leaving its options open on charging for full versions of anti-spyware and virus disinfection tools. Speaking in London yesterday, Detlef Eckert, chief security adviser for Microsoft EMEA, revealed there will be a second beta of Microsoft Windows AntiSpyware application. However, the company remains unsure how the product will evolve from then on.
I’m not saying this is the option that Microsoft will choose, but it seems to me that there is only one ethical option for Microsoft’s security software: Free Download.
If they package it with Windows, then you’ll hear anti-trust cries from other spyware and antivirus companies. And rightfully so.
If they charge for it, you’ll hear cries from consumers about the inherent conflict of interest of a company selling both an insecure operating system with near-monopoly status as well as additional products to make it work properly. And rightfully so.
In my mind, if Microsoft sells antivirus and antispyware software, it amounts to extortion and racketeering. It’s not too far different from neighborhood guys selling “protection” services to local businesses, and if you refuse, they trash your shop and say, “well, if you had paid us, you would have been protected.” Sure, MS isn’t doing the “trashing” themselves, but they’re leaving the doors wide open.
So, if they can’t sell it, and they can’t bundle it, the only option I see is a free download. Of course, the third option would be to fix the security holes in Windows that make these products necessary in the first place, but what are the chances of that?
You just don’t have problems like this with Linux for PPC running on my Dual 2.5GHz G5 with 512mb DDR400 memory and 160 gig HDD…
Platform with barely any precompiled binaries available for it doesn’t have a spyware problem, News at 11.
You just don’t have problems like this with Linux for PPC running on my Dual 2.5GHz G5 with 512mb DDR400 memory and 160 gig HDD
What does the fact that it’s a dual 2.5Ghz G5 with 512mb DDR400 memory and 160 gig HDD have to do with getting infected with spyware? May I venture to guess that if you were running a single 1.6 G5 with 1 GB of RAM and an 80 GB drive, you would be no more or less likely to be infected?
” It’s not too far different from neighborhood guys selling “protection” services to local businesses, and if you refuse, they trash your shop and say, “well, if you had paid us, you would have been protected.”
I see your point, but in this case MS isnt the only company to offer anti spyware programs. No one is forcing you to purchase the program from MS.
I guess I do see MS in a bit of a dillema. Offering it for free would be cries from everyone about how they are trying to force others out of the market by offering a free program. On the other hand people (probably the same group who would complain about it being free) will bitch at them for charging for such a program. I dont really care if they charge. There are still some good free anti spyware programs out there anyways.
“What does the fact that it’s a dual 2.5Ghz G5 with 512mb DDR400 memory and 160 gig HDD have to do with getting infected with spyware?”
Faster scanning and detection heuristics, obviously…
“What does the fact that it’s a dual 2.5Ghz G5 with 512mb DDR400 memory and 160 gig HDD have to do with getting infected with spyware? May I venture to guess that if you were running a single 1.6 G5 with 1 GB of RAM and an 80 GB drive, you would be no more or less likely to be infected?”
Obviously, you know very little about computers. Everybody in the industry knows that dual 2.5Ghz systems are EXTREMELY unlikely to get infected, as opposed to single 1.6Ghz systems.
Well, as someone with a 1.5Ghz/100gig/2gig 17″ Powerbook and an Alienware 51m that I just upgraded with an ATI X800, I can attest to the substantial disparity between the spyware problem on the two mainstream operating systems. I use my Apple mostly for music video production so I admit I’m not online as much, but I’ve never had so much as a pop-up window using Safari, let alone the virulent malwares that plague Windows and to a lesser extent, Linux. As usual, a closed source but non-juggernaut product such as OS X reigns supreme in this area.
To all you trolls and flamers responding to #1, don’t be bitter that better hardware and better software costs a good deal amount of money. TNSTAAFL, people, AFAIK.
If they package it with Windows, then you’ll hear anti-trust cries from other spyware and antivirus companies. And rightfully so.
I don’t see why competitors could rightfully complain, as this would be MS trying to address security problems in their own operating system. Hell, if MS were to actually fix all the security problems with a new service pack, I guess the anti-spyware makers would go apeshit
And no, I don’t imagine MS would ever fix everything with a service pack, but in theory, it’s not really any different than them bundling anti-spyware tools.
Give some respect to “dongs” for having a dual 2.5Ghz G5. That didnt cost small change. He must be more successfull, and in fact richer and more beautiful than you are. Do I sense a bit of true geek penis envy here? He simply pointed out that such a powerful system, coupled with Mac OS X is basically immune from viruses and all other forms of spy/malware. People, get your priorities straight! If you want to join the big dogs, pony up the cash.
Indeed, My ultra-l33t 3.2GHz swanky VAIO Laptop that cost me enough to buy a third world country is totally invunerable to viruses due to the power of extreme off-topic ignorance! [/sarcasm]
P.C. = “Personal Computer”. Unless Macs make toast, I’d call that a “Personal Computer”, wouldn’t you?
Microsoft appear to be heading the way of the RIAA, in that they’re becoming so vision impared they seem to be able to miss the plot time and time again.
That said, if Microsoft can get this out for free, their distribution capabilities (the software could even be placed as optional extra on windows update) then this will help clean up a lot of computers, which as a PC engineer, that’s a damned good thing. If however it is subscription / licensed, then it’s pretty much bound to go the way of Norton AV, bloatware edition 2005 with added “incapability to fix anything” capabilities.
As a sly move, they may even push this “Beta” to large audiences via the windows website to get an early start. This is definitely a very marketable product, and follows suit with MS’s new goal to never ever fix the problem at the root.
You just don’t have problems like this with Linux for PPC running on my Dual 2.5GHz G5 with 512mb DDR400 memory and 160 gig HDD…
Nor do i have problems like this with HP-UX for PA-RISC running on my 400Mhz PA8500, With 1.2GB SDRAM memory and 18GB U160 HDD or even with Solaris 9 for Sparc running on my Dual 300Mhz UE2 with 1.5GB Memory and dual 9.1GB Ultra 3 SCSI HDD or even with my OSX for PPC running on my single 550Mhz G4 with 1GB of SODIMM memory and 60GB drive…I love pointless posts.
1. make vulnerable OS & sell for top dollar
2. make remedy for vulnerabilities for even more money
3.???
4. profit_$$$
I see your point, but in this case MS isnt the only company to offer anti spyware programs. No one is forcing you to purchase the program from MS.
True, but MS is practically forcing you into buying some sort of product in a market in which they are bound to be big players. The alone would be ethically problematic, but add to that the fact that the product they’re forcing you to buy only fixes their other product. It doesn’t add functionality, it just patches security holes and keeps Windows from doing things it shouldn’t be doing anyway.
So, at the very least, this is a conflict of interest. If the OS division does too good a job of making their product secure, the security divisions will be put out of business. There will be no incentive for MS to get things right in the first place. In fact, give it a couple years, and I’d expect to hear about leaked memos where executives are directing the OS people NOT to fix things, because their security software will fix it.
You might just claim that this is how business works, but given the power that Microsoft weilds, I’d say it’s grounds for serious concern.
I guess I do see MS in a bit of a dillema…
I agree. For this reason, if I were MS, I think I would have stayed out of it– maybe partnering with several security companies, but not producing my own security software. The put themselves in this dilemma.
Offering it for free would be cries from everyone about how they are trying to force others out of the market by offering a free program. On the other hand people (probably the same group who would complain about it being free) will bitch at them for charging for such a program. I dont really care if they charge.
It’s true that people will complain about MS no matter what. However, look at the prior complaints about Microsoft’s other software. Look at what happened with IE, Messenger, and now Windows Media Player. The complaints didn’t come from Microsoft offering these products, nor did they come from Microsoft offering these products for free. The complaints came when Microsoft *bundled* the software with their OS, or even more to the point, when Microsoft made it *impossible* to install the OS without installing the software, and offered no approved means for *removing* said software.
For that reason, I believe MS should not bundle their security software and they should provide the ability to uninstall it. That will quiet many complaints. But it should also be offered for free.
Along with everything else, MS antivirus and antispyware software probably won’t take over the market very quickly, since techies don’t trust MS when it comes to security. For example, who here really trusts the Windows XP SP2 firewall? Not me.
There are still some good free anti spyware programs out there anyways.
True, that there are many good free antispyware tools. But the problem is, you have to *install* many to get a solution, by which I mean, no single free program handles it all. The market is ripe for some company, maybe MS, maybe Symantec or McAfee, or some new player, to step up and offer a single comprehensive solution. And I have to tell you, Giant was looking pretty good to me before MS bought it out. Right now, I use Spybot, Adaware, SpywareBlaster, HijackThis, and SpywareGuard– all of them at once to secure a machine. Microsoft’s new software, if free, should be able to handle most of this by itself, with automated scanning and updates.
Hey what are you talking about, I’ve never got a single piece of spyware on my Commodore 64 running contiki.
Being free of spyware is about knowing enough about computers, not how powerful your machine is. And we should also avoid going right off topic by mentioning Linux or even OSX – this is about MS releasing anti-spyware and the implications of doing it for free or charging and it’s role to play in the <stress>windows</stress> world. Seriously, that whole Big Spec List = Security was total BS.
Funny, my Athlon XP 2800+ box (a middleweight PC at best) hasn’t had any spyware/trojans for years, running XP Home and Internet Explorer. ‘Course, I faithfully run/update AdAware, Spybot, Sygate PFP and AVG Antivirus.
Biggest problem: uneducated users. Microsoft, IMO, has FAILED MISERABLY in informing the “Best Buy” crowd that clicking on every damn thing that you see on your screen is a bad idea.
The principle applies to *any* OS you may use. MS blew it, and it’s up to seasoned WinTel users to help by installing Firefox, Spybot, AdAware, etc., and showing folks how to use them.
Windows IS spyware. It’s spyware remover does NOT remove it’s own spyware. It is no accident it has security problems, it is by design.
MS has already been found to be working with the NSA to provide integrated back doors to it’s OS. What else do you need to be informed of?
Reguardless of what MS does, they should be sued under RICO, period.
At the very least they should be abandoned from here on out by all consumers.
If they package it with Windows, then you’ll hear anti-trust cries from other spyware and antivirus companies. And rightfully so.
Merely including an app with Windows isn’t the real problem. After all, we don’t hear Solitaire game developers bitching. It’s when Microsoft includes an app with Windows for the purpose of transferring their dominance in the OS market to another market (like browsers or media players). It’s proprietary formats and standards that Microsoft ought to stay away from. Anti-spyware tools (and solitaire games) don’t count.
[quote]
He simply pointed out that such a powerful system, coupled with Mac OS X is basically immune from viruses and all other forms of spy/malware. People, get your priorities straight! If you want to join the big dogs, pony up the cash.
[/quote]
Seriously? It could be simply said that I don’t have any problems with my PPC running Linux….the pissing contest begins with calling out “32.32 GhZ (overclocked), 56 GB Ram, 10000000 Terabyte hard drive”.
Obvious Troll bait and silly. I have the same security on my budget 1 GhZ iBook with 512 RAM and 30 GB HD…..I guess I just got lucky…..or is it something other than the specs??????? *cough*
Get a life, get outta your basement and PLEASE OH PLEASE stop infering that the size of your genitals are proportional to the speed of the machine mommy (or Santa???) bought for you.
//MS has already been found to be working with the NSA to provide integrated back doors to it’s OS.//
The NSA key has long been debunked as complete bullshit:
http://www.schneier.com/crypto-gram-9909.html#NSAKeyinMicrosoftCryp…
But, you can choose to believe whatever you want.
re:’Course, I faithfully run/update AdAware, Spybot, Sygate PFP and AVG Antivirus. ‘
Dude your already infected. All of the above consumes resources and slows down your computer.
Viscious cycle…Buy stuff to consume resources and slow down computer to protect you from stuff that consumes resources and slow down your computer.
To all of your people that are up in arms about my Dual 2.5GHz G5 with 512 megs of DDR400 and a 160GB HDD, would you be complaining so loudly if my specs were inferior to yours? I don’t think so.
In any case, the *REAL* issue at hand is Microsoft’s new “anti-spyware” beta software. I suspect that this is merely Microsoft’s way of getting a “foot-in-the-door” in the world of subscription services. $10 per month for a comprehensive spyware solution? It’s almost worth it, considering all the posts I’ve read about people having to use 5 (or more) different pieces of software to catch all the spyware on their system. Once you get used to the idea of paying a subscription for functionality, they can suddenly start charging for patches of their operating system (bandwidth ain’t free, right?). In the end, this is just a slippery slope leading down the road to Microsoft’s fantast business model: monthly fees for the privelege of using its OS.
should read “MS mulls pissing off 50% of their customers”.
Let’s please not put too fine a point on it.
Microsoft’s way of dealing with the flagrant and innumerable problems in it’s software is by turning it into a revenue stream.
That’s like a doctor who first give you the flu and then sells you the anti-dote.
Isn’t this just a teensy bit scary?
Spybot and AdAware consume *zero* resources, unless you’re running them. They’re not services.
Antivirus does consume resources. But luckily I’m not running a Pentium 233 Mhz PC, so my box can handle it, no sweat.
People keep referring to spyware as a security hole being taken advantage of in the OS.
In reality it is just an application that gets bundled with something that YOU installed, perhaps not intentionally, but you did install it. This app may not tell you that it is installing or, or maybe it does tell you in the 50 page EULA, but in the end, you still allowed it to get onto your system.
This is not a security hole that can be plugged. It is just a piece of software that gets installed that monitors what you do and phones home. You want to plug this ‘hole’? Ok then, I guess you have to disable all outgoing traffic from you computer.
Spyware can happen on any platform, it’s just a matter of the user who is installing stuff, and the companies that distribute this crap. If you want to plug this ‘hole’ then you need to stop using the products of companies who sell out to spyware makers.
… it should be a free download, as at least one other poster has suggested. Packaging it with the OS raises all sorts of antitrust issues.
Besides, it’s a great opportunity for M$. Run ads promoting the free download and Microsoft’s “new commitment” to more secure computing, and point the whole campaign at the promise of Longhorn.
“would you be complaining so loudly if my specs were inferior to yours? I don’t think so.”
Wrong, pointless bragging of any specs using a totally off-topic concept that power = security is what we’re complaining at. Why is it you felt the need to just ream off a totally precise and comprehensice spec list for the sake of it, when it’s not needed – at all. I call that bragging, pathetically. And your specs don’t impress me, linux can’t run Photoshop, MacflashMX, or even FinalCut or any commercial software that can make use of that speed. I assume you’re dual booting into OSX, in which case that would make some sense.
In reality it is just an application that gets bundled with something that YOU installed, perhaps not intentionally, but you did install it. This app may not tell you that it is installing or, or maybe it does tell you in the 50 page EULA, but in the end, you still allowed it to get onto your system.
Viruses and worms (which the story also references the upcoming Microsoft antivirus software) are very often an issue of security holes. As far as spyware, it is sometimes installed through activeX controls in IE, which is an issue of poor security design by MS.
Further, the fact that some Windows apps (including, at times, MS apps) won’t work properly unless running as Administrator, well, that doesn’t help the spyware situation. It forces users to run as admin, which, again, is an issue of poor security design. Further, spyware programs take advantage of the fact that Windows will allow processes that can’t be killed, registry entries that can’t be removed, and files that can’t be deleted, even by the administrator. They make themselves, at times, utterly impossible to remove, regardless of what antispyware tools are available. To me, this is another indication of poor security design.
So I’m not denying that users often create their own spyware problems, or at least contribute to them. However, the root of the problem most certainly resides in Microsoft’s design choices.
What a dork, ok I can see not having a problem with spyware if you have a Mac but what the hell does your “oh your so cool” hardware have to do with it?
Oh I have a 300 gig hard drive and I have sex with a girl so I am cooler than you
With ActiveX controls, you still have a thing that comes up and asks you if you want to install it.
Also IE6 w/ SP2 makes it very easy do disable activeX controls.
As far as the admin thing goes, if an app has a problem with non-admin users, then the application was poorly designed, not Windows. The security levels are there, and have been there for NT forever. Problem is, people are still designing applications like they were for Win9x, which had no such thing.
The only files that can’t be deleted are files that are still running, and the only processes that can’t be killed are system processes which are required to run Windows (something only MS has access to), and even some of those processes can be killed.
I’ve never personally seen an undeleteable registry entry, perhaps you could point me to an example, I can’t see how it would be possible though.
Basically, what I’m saying is, the design is there, just that not everyone (very few) use the design, and instead just allow admin only access to thier apps.
With ActiveX controls, you still have a thing that comes up and asks you if you want to install it.
Now you do. As in WinXP SP2 seems to ask you if you want to install things. Older versions? Not so much.
As far as the admin thing goes, if an app has a problem with non-admin users, then the application was poorly designed, not Windows.
Ok, then even software that Microsoft distributes through their Windows Update has this problem. Yeah, maybe things like “journal viewer” aren’t properly called “part of the OS”, but still.
(I once had a case where a user who had admin rights to his machine had been keeping up to date with Windows update, and had installed the “journal viewer” even though he didn’t need it. Every time he tried to launch an Adobe or MS application, it would try to start the journal viewer and give an error message, unless you were an administrator. I suppose I could have tracked down what files were denying users access, but I just uninstalled the journal viewer instead.)
I’ve also had problems getting other major apps from Adobe and MS, including MS Office, to start and run properly under standard user accounts. It seems the most recent versions are ok, but it’s taken them a long time to get it “ok”.
Problem is, people are still designing applications like they were for Win9x, which had no such thing.
Yeah, and MS keeps calling these software designers “partners” and handing out “designed for Windows XP” logos. Technically, MS doesn’t force you to run as admin, but they’ve done little to curb the poor practices of developers, and they ship their OS running as admin by default because they *know* too many Windows apps won’t run in anything but admin, and they don’t want to find a better solution.
The only files that can’t be deleted are files that are still running, and the only processes that can’t be killed are system processes which are required to run Windows (something only MS has access to), and even some of those processes can be killed.
I’m glad *you* say so, because that will really make the spyware stop. Next time I run into a spyware process that won’t kill, I’ll just tell it *you* said I’d be able to kill it, and then it will behave, right?
I’ve never personally seen an undeleteable registry entry, perhaps you could point me to an example, I can’t see how it would be possible though.
There aren’t any that are supposed to be “undeleteable”. But get infected with the right spyware, and then try to delete the registry entries associated with it, and you’ll see it. I’m not sure what the spyware does, maybe it corrupts the registry somehow, but the point is, you’ll see a key, and Windows will recognize the key well enough to try to run some exe file, but when you try to delete the key, you get an error message that the key doesn’t exist.
Basically, what I’m saying is, the design is there, just that not everyone (very few) use the design, and instead just allow admin only access to thier apps.
And what I’m saying is, not even Microsoft follows the design properly. It’s a result of a long-standing Microsoft design philosophy that wants to leave all doors open, by default, just in case a legitimate user wants access. The fact that the security is “turned off” by default doesn’t do much to encourage developers to follow proper security guidelines.
They put hooks from every MS program to every MS program, just to keep the monopoly going (ever seen IE ask you to insert the MS Office disk to install additional components because you’ve visited the wrong web-page? I have).
Microsoft certainly has its virtues, but security isn’t one of them.
ActiveX has always had to have the user say yes to install an application, unless there was some hole being exploited to force the install (of which, I don’t know any).
It is asking your for an Office CD because it’s trying to use a component of Office that you had set on install-on-demand, rather than install now (during Office install), though Office2k was really a PITA about installing stuff.
For MS to sell anti-spyware for more than the cost to develop/ship (i.e. if they want to make money from it) is a conflict of interest. MS should be (and appear to be) heading towards managed isolated application execution, and with some effort they should be able to eliminate most spyware just by changing how software is installed and executed.
Now if they want to make a profit from anti-spyware then that conflicts with the ideal of eliminating spyware. If they don’t want to make a profit but jsut cover costs, well how expensive could it be anyway? $8/copy to cover costs? If so, why not just make a marketing campaign out of it. MS has a poor image when it comes to “security” so why not tell the public that they have a short term and a longer term solution – the short term is free.
Now you do. As in WinXP SP2 seems to ask you if you want to install things. Older versions? Not so much.
Please check your facts.
Create the vulnerabilitys and then sell the product to stop them. You got to hand it to MS, they know how to make money.
On that note I looked up the price of XP-Professional = $300 in the U.S. at Best Buy. I love Linux.
I wonder if the Microsoft anti-spyware and anti-virus software will install on a pirated copy of Windows XP? A recent article on OSNews stated that they are about to start requiring that you verify your Windows installation as legitimate before allowing you to download patches and security fixes. It seems to me that they should allow this, as pirated XP often ends up on “Grandma’s” computer thanks to shady PC shops.
For that matter, will the new software install on Windows 2000? I’m contracted as a sysadmin to a sheriff’s office that uses Windows 2000 exclusively on over 50 Dell boxes, and I would love to be able to use these new programs to help maintain their security.
Forget the fact that they will (and already do) benefit
from leaving Windows unsecure…
Why the hell would anyone in the right mind purchase
a program which seeks to make your system safer,
if they couldn’t get it right the first time with
the OS?
Microsoft Photo Story 3
http://www.microsoft.com/windowsxp/using/digitalphotography/photost…
Requires Windows Genuine Advantage validation. According to Microsofts Web Site. It will not install unless XP is activated.
Read more about it here.
http://www.microsoft.com/genuine/downloads/whyvalidate.aspx
If they had that as a requirement for their spyware tool, then some people would just use the alternate products or none at all, and the problem would still linger over Windows as being the Spyware OS which is what Microsoft wants/needs to correct.
Personally I think Microsoft is dammed if they do and dammed if they don’t charge for this software. A better solution would be to patch all the holes in the OS, that allow for spyware infections to occur.
Thank you for the great example. I’m sure we can expect the same validation procedure for the anti-spyware and -virus software as well, unfortunately.
As a side note, when I do run Windows 2000 I use Picasa 2 from Google, and it is simply amazing! Between that and OpenOffice Impress, I would have no need for Photo Story at all.
This is so annoying, I for one believe that anti-spyware and anti-virus should be part of the operating system, and if people want the choice then they can use other software. Look at Firefox, I know alot of people who prefer to use it now, and I think it will get more and more popular. Having Internet Explorer installed is convenient however, as is having Windows Media Player.
If the other companies are so bothered about Microsoft having a monopoly, then they should make there software better and cheaper. At the end of the day, All I want is for my computer to be secure, and I don’t want to have to purchase additional crap to do it. I just want it work out the box. Microsoft will probably have to charge for it because all the other crappy companies will complain!
I mean, have a look at Windows XP Starter Edition, What a total pile of crap!, all because someone thinks its unfair that Windows has a media player and a web browser.
Why aren’t Apple getting sued for bundling Quicktime and iTunes with Mac OS X. After all, how many people now own an iPod which will only work with iTunes. Than in itself is a monolopy, but I don’t hear people complaining about it. I know Apple don’t have a huge marketshare, but it’s no different from what Microsoft are doing??
1) write a crappy insecure os
2) write bubblegum-fix for real problems by releasing antispyware app
3) charge users for it
4) profit !!!
(no ??? part this time)
I swear, why does everything revert to some platform flame-fest? Cant’ we just talk about the topic?
They are not intelligent enough to do so.
Microsoft should do what everybody else in the market does with spyware apps. Specifically adaware! Have two version, one version that is scaled down but does what it needs to do to remove the spyware and offer that as a free download. Then have a “professional” version of the app that does realtime scanning, and add features and charge that.
It’s a very simple solution, not really sure how Microsoft can make something that should be simple, so complicated.
More people will switch.
People have unrealistic goals for Microsoft on Spyware, honestly, and set Linux, OS X, etc. up on a pedastal that they really don’t deserve to be on in this regard.
Let me give an example here, so you’ll understand the problem.
Squid is an internet proxy. It opens a port, it listens for connections. Browsers are routed through Squid so that it can cache requests, graphics, etc. and you don’t have to go back over the network for pages that you’ve already seen.
Spyware 2000 is an internet proxy. It opens a port, it listens for connections. Browsers are routed through Spyware so that it can phone home the user’s passwords and account ID’s.
Let me give another example.
Norton anti-virus has a Winsock Layered Provider so that it can monitor internet connections and protect against known attacks.
Spyware 2000 installs a Winsock layered provider so it can see all internet traffic and phne user passwords and account id’s to their servers.
How does an OS tell if the program is benign or not? Ask the user? Do you really believe that a user is going to read the dialog box, and not just click OK?
Moreover, if I put up a RPM that claimed to be some hot program, and if it installed a replacement for libSockets that phoned home, how long would it take even an experienced Linux user to realize that I had done it? How many users actively monitor what changes RPM, DEB, etc. packages make to their systems?
At least in the eyes of most techie’s, anyhow. If they can’t stop the crud from infecting my computer at the OS level, what’s to make me think they’re going to give me something worth using, even if it is released at no additional charge?
Microsoft is the king of marketing this bullshit to the average joe. Who else could release something like this in the style of a service pack and consider it “free” when you pay an arm and a leg for the OS to begin with? It’s completely ridiculous.
If I were the average joe, I’d think twice before giving more of my money to Microsoft who already screwed me on the deal to begin with. I’d stick with McAfee or Norton’s to defend against viruses and buy a licensed copy of AdAware to guard against the rest.
I don’t use IE, becuase of ActiveX, so I don’t need AdAware and anybody not already running Anti-Virus on a Windows platform is asking for trouble.
A better solution would be to patch all the holes in the OS, that allow for spyware infections to occur.
Because it’s NOT a hole in the system (The bad registry keys ARE). As has been pointed out the user has actively taken part in installing this crap onto their computer. Things like Gator (This is damn annoying to remove) don’t appear on a machine by themselves, they’re a direct result of people automatically clicking Ok/Yes when a popup appears or running an installer. If you think that problem is going to disappear just because a casual user is continually faced with “Enter your root password” instead then you are living in dreamland.
There’s no way you can stop a desktop user screwing up their computer without denying them the right to install software completely. Since OS developers can’t do that spyware is here to stay.
How are they supposed to do this at an ‘OS level’?
These spyware apps are just apps. No different than any other application that you install.
THIS IS NOT A FUCKING HOLE IN THE OS!!!
Or does common sense escape everyone here?
“There’s no way you can stop a desktop user screwing up their computer without denying them the right to install software completely.”
Somehow Linux has the ability to stop that. Any user to migrate to Linux wont have any spyware or virus problems, no matter how uneducated of a user they are. Dont believe me? Ask any Linux zealot and they will back me up.
Are you joking, or what?
If not a joke, then I seriously suggest you come to real life, there is no difference between a regular application and spyware.
“Things like Gator (This is damn annoying to remove) don’t appear on a machine by themselves, they’re a direct result of people automatically clicking Ok/Yes when a popup appears or running an installer. There’s no way you can stop a desktop user screwing up their computer without denying them the right to install software completely.”
In the *nix world (Linux/OpenBSD/etc), users can login as a “user”. Users can even install there own software. Of course, when the software tries to update the rc/startup files, it will fail. For day to day use, it’s actually frowned upon in the Unix world to login as “root”, and this is exactly one reason why. They can still install games, and crap under _there_ username. Now, lets assume that they do screw up there entire login. That doesn’t affect the _entire_ system. My username will still login as normal.
“If you think that problem is going to disappear just because a casual user is continually faced with “Enter your root password” instead then you are living in dreamland”.
Hrmph. Depends. Does the user _need_ the root password? If I’m logged into my normal everyday account and I went to install “Asteroids” under my account and it asks for my “root” password, I’m going to stop and think.. “Hrmph – why does _this_ need my root password?”. Yes – some people might be stupid enough to not even think that far ahead (your example of of clicking “Okay” and not reading the EULA). However, if possible these people shouldn’t even have the “root” password in the first place. This comes down to a education issue.
It’s much more difficult to get “spyware” onto a Unix based system.
Users can even install there own software. Of course, when the software tries to update the rc/startup files, it will fail.
Why on earth would you need to alter rc/startup files for spyware?
A user can run applications and open ports to communicate to remote systems. That’s all spyware really needs. Remember that this is software the user has actually installed, even if inadvertently.
Does the user _need_ the root password?
Have you even used a desktop Linux system with a package manager?
On the default settings every package manager I’ve used requires you to either be root, or know the root password (Eg Running via sudo) to install packages. Those managers do NOT run as the user in default circumstances, they have access the entire filesystem because they NEED access to it when they update core system files.
It only took me 2 days before I changed sudo to not ask for a password. Is that secure? Hell no, but the damn thing was irritating me. I don’t run any network services and I know what’s installed, so I’m willing to take the risk. Don’t think others won’t too.
However, if possible these people shouldn’t even have the “root” password in the first place.
If it’s their desktop then who the hell are the distro manufacturers to deny them root access. If they’re on a corporate desktop then yes, but you aren’t going to allow them to install packages anyway. On a home desktop there’s just no way, and it’s the home desktops that are full of spyware (Don’t think that in the Windows world installing crap on a corporate desktop isn’t frowned upon too).
It’s much more difficult to get “spyware” onto a Unix based system.
I agree, but it’s because there are much saner defaults, not because the user has suddenly got smarter. Installing something via a web browser is not possible, but bolting on spyware to packages is very likely to happen should commercial packages ever appear.
If I’m logged into my normal everyday account and I went to install “Asteroids” under my account and it asks for my “root” password, I’m going to stop and think.. “Hrmph – why does _this_ need my root password?”
Maybe not the first time, maybe not the tenth, but after a few hundred times people just stop caring or reading the popup (There’s actual data on this somewhere I’m sure). The first few times people saw a Windows popup I’m sure they read the whole thing before hitting Ok/Cancel. As the old saying goes: Familiarity breeds contempt.
“Why aren’t Apple getting sued for bundling Quicktime and iTunes with Mac OS X. After all, how many people now own an iPod which will only work with iTunes. Than in itself is a monolopy, but I don’t hear people complaining about it. I know Apple don’t have a huge marketshare, but it’s no different from what Microsoft are doing??”
Because apple own the platform, they own the apple mac platform they designed it, its not a open platform in any way, IE means they can do with it what ever they want, as can microsoft with with the Xbox, but the pc is open platform orginaly desgined by IBM so its not ms’s platform, they just happen to be most popular.
well i’m glad MS is trying doing something about spyware, but i do think they should push the efforts into hardening IE further as that seems to be vector for a lot of spyware,
Somehow Linux has the ability to stop that. Any user to migrate to Linux wont have any spyware or virus problems, no matter how uneducated of a user they are. Dont believe me? Ask any Linux zealot and they will back me up.
*JUMPING UP & DOWN*
OH ME, pick ME! *clears throat* Uh yes, I’m what most people call a “Linux zealot” and it’s true, us Linux users don’t have to worry about spyware or viruses. Yes, I do check for viruses on my Linux system from time to time. However, I haven’t seen a virus since switching to Linux years ago. Spyware? Na, haven’t had any trouble there in that department either. =)
“Luke, I AM your Operating System.” – Darth Linux
One word: rootkit.
IE has been included since win98, which well isn’t right in everyones eyes. They can still use another browser, if they made IE the only browser that worked in windows then I would be mad. Include it free, antri-trust bitches, charge customers whine, people cry about they mighty MS empire, but what do they do to take it down & put another OS on the block? Nothing, make linux oss easier to use no, someone wants a easier to use linux, they are told to go back to windows by most linux users, & if I get the next version of windows I will not use the MS Anti-Spyware BS.
I’m a new user to Linux. I have a hard enough time trying to install the plethora of apps that need different packages / dependencies etc. How the hell am I going to install spyware?
Actually, IE has been included since the original release of Win95 (it came with IE2). Then OSR2 came with IE3, then OSR2.5 came with IE4.