Comments on: Microsoft’s secret security plan? http://www.edbott.com/weblog/?p=349 Helping PC users make sense of Microsoft software since 1991 Fri, 20 Nov 2009 18:54:09 -0700 http://wordpress.org/?v=2.8.6 hourly 1 By: Ken http://www.edbott.com/weblog/?p=349&cpage=1#comment-603 Ken Wed, 31 Dec 1969 17:00:00 +0000 http://www.edbott.com/wordpress/?p=349#comment-603 Ed, I'm not sure I totally agree with you here, although I do agree in part. If, in fact, Microsoft is providing adequate basic security for free and seeking to charge extra only for bells and whistles (which not everyone may need or want -- see below), I have no problem with that, pretty much for the same reason that I have no problem with Microsoft's decision to provide only a basic defragmenter tool, or a basic disk cleanup tool, or a basic registry editor tool, or a basic backup tool, or (because we are talking here about security) a basic firewall. I think you have a much stronger case if, in fact, the core product is actually unsafe and Microsoft is charging extra to secure it. Now THAT, I agree, would be a conflict of interest. I am most sympathetic to your point about third party vendors (and, for that matter, various computer magazines) overhyping security threats in order to sell their anti-spyware products. But these vendors are no different from the other quacks of cyberspace who are hawking all kinds of software (or registry tweaks) to deal with all types of mostly non-existent problems (e.g. memory management software, registry tweaking software, cookie crumblers (some people think cookies are spyware(!)), ad nauseum). The real problem here is (1) some people don't regularly update their core Windows software (especially SP2) and (2) they don't educate themselves on how to avoid getting the crud on their machine in the first place. An ounce of prevention is worth a pound of cure -- or dozens or hundreds of dollars in anti-spyware software that themselves often cause more problems than they solve. I regularly do these two things, and I don't use anti-spyware software on my machine except for what comes with Trend Micro 2005 -- but I never get spyware. The only product I have ever used or needed to check for or remove spyware is Ad-Aware -- and it is free. And when I do, I never find any on my machine. Ed, I’m not sure I totally agree with you here, although I do agree in part. If, in fact, Microsoft is providing adequate basic security for free and seeking to charge extra only for bells and whistles (which not everyone may need or want — see below), I have no problem with that, pretty much for the same reason that I have no problem with Microsoft’s decision to provide only a basic defragmenter tool, or a basic disk cleanup tool, or a basic registry editor tool, or a basic backup tool, or (because we are talking here about security) a basic firewall. I think you have a much stronger case if, in fact, the core product is actually unsafe and Microsoft is charging extra to secure it. Now THAT, I agree, would be a conflict of interest.

I am most sympathetic to your point about third party vendors (and, for that matter, various computer magazines) overhyping security threats in order to sell their anti-spyware products. But these vendors are no different from the other quacks of cyberspace who are hawking all kinds of software (or registry tweaks) to deal with all types of mostly non-existent problems (e.g. memory management software, registry tweaking software, cookie crumblers (some people think cookies are spyware(!)), ad nauseum).

The real problem here is (1) some people don’t regularly update their core Windows software (especially SP2) and (2) they don’t educate themselves on how to avoid getting the crud on their machine in the first place. An ounce of prevention is worth a pound of cure — or dozens or hundreds of dollars in anti-spyware software that themselves often cause more problems than they solve. I regularly do these two things, and I don’t use anti-spyware software on my machine except for what comes with Trend Micro 2005 — but I never get spyware. The only product I have ever used or needed to check for or remove spyware is Ad-Aware — and it is free. And when I do, I never find any on my machine.

]]> By: Zaine Ridling http://www.edbott.com/weblog/?p=349&cpage=1#comment-604 Zaine Ridling Wed, 31 Dec 1969 17:00:00 +0000 http://www.edbott.com/wordpress/?p=349#comment-604 Ken, let me disagree with you by saying that’s not a fair comparison; that is, comparing system utilities such as defrag or backup is not in the same category as security. Selling insecure software is like selling a car with a design flaw — people and property get injured and in the end, everyone pays. Customers trust the seller is offering a product that won’t blow up in their face, in this case with regard to the known weaknesses of Windows and IE.

But not including it for free with Windows, Microsoft is sending the message that “We could secure Windows, but we choose to soak the customer on this one.” Not a good PR move. Again, imagine the auto dealer telling you, “We could include a fuel pump that doesn’t catch fire, but we’d rather charge you extra after the sale for one that doesn’t.”

]]> By: Ken http://www.edbott.com/weblog/?p=349&cpage=1#comment-605 Ken Wed, 31 Dec 1969 17:00:00 +0000 http://www.edbott.com/wordpress/?p=349#comment-605 #2: I'm not sure we actually disagree. I'm trying to draw a distinction between safe and unsafe, on the one hand (where I agree with you and Ed), and safe and even safer with a few more bells and whistles on the other hand (where I don't have a problem with Microsoft charging for bells and whistles). #2: I’m not sure we actually disagree. I’m trying to draw a distinction between safe and unsafe, on the one hand (where I agree with you and Ed), and safe and even safer with a few more bells and whistles on the other hand (where I don’t have a problem with Microsoft charging for bells and whistles).

]]> By: Zaine Ridling http://www.edbott.com/weblog/?p=349&cpage=1#comment-606 Zaine Ridling Wed, 31 Dec 1969 17:00:00 +0000 http://www.edbott.com/wordpress/?p=349#comment-606 Yes, but when it comes to securing the OS against attack and malware, where would you draw the line between basic security and extras? I can see where MS would not offer (nor want to) an robust solution like Norton, but MS can alter the source code where no third-party ever could. Like you, Ken, I spend every other day cleaning my system since I surf and download a lot, and it gets old. Yes, but when it comes to securing the OS against attack and malware, where would you draw the line between basic security and extras? I can see where MS would not offer (nor want to) an robust solution like Norton, but MS can alter the source code where no third-party ever could.

Like you, Ken, I spend every other day cleaning my system since I surf and download a lot, and it gets old.

]]> By: Chris Walsh http://www.edbott.com/weblog/?p=349&cpage=1#comment-607 Chris Walsh Wed, 31 Dec 1969 17:00:00 +0000 http://www.edbott.com/wordpress/?p=349#comment-607 I think it is possible for an OS vendor to sell two different variants of an OS, with differing security levels. Sun, for example, did this with Trusted Solaris (vs plain ol' Solaris), and it was not considered unethical. Whether such a move by MS is in the same category, depends on just how they do it. I think it is possible for an OS vendor to sell two different variants of an OS, with differing security levels. Sun, for example, did this with Trusted Solaris (vs plain ol’ Solaris), and it was not considered unethical.

Whether such a move by MS is in the same category, depends on just how they do it.

]]> By: Doug Chase http://www.edbott.com/weblog/?p=349&cpage=1#comment-608 Doug Chase Wed, 31 Dec 1969 17:00:00 +0000 http://www.edbott.com/wordpress/?p=349#comment-608 "Like you, Ken, I spend every other day cleaning my system since I surf and download a lot, and it gets old." Then you're not surfing responsibly! Websites worth their silicon won't install anything on your machine. I haven't had any malware show up for a long time, and I certainly surf and download a lot - but I won't visit disreputable sites, and check into those I'm not sure about. I agree that MS are not responsible for protecting us from some scumbag's malfeasance. However, those of us who are responsible for keeping thousands of machines happy know better - SOMETHING needs to be in place to keep the less-savvy user from breaking his or her PC. I just don't know if it's something that should be down to Microsoft. “Like you, Ken, I spend every other day cleaning my system since I surf and download a lot, and it gets old.”

Then you’re not surfing responsibly! Websites worth their silicon won’t install anything on your machine. I haven’t had any malware show up for a long time, and I certainly surf and download a lot – but I won’t visit disreputable sites, and check into those I’m not sure about.

I agree that MS are not responsible for protecting us from some scumbag’s malfeasance. However, those of us who are responsible for keeping thousands of machines happy know better – SOMETHING needs to be in place to keep the less-savvy user from breaking his or her PC. I just don’t know if it’s something that should be down to Microsoft.

]]>