Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Microsoft Operating Systems Security Software Windows

Microsoft May Charge for Security Tools 642

rscrawford writes "CNN reports that Microsoft may charge extra for security software. So first they edge their competition out of the browser market, then they tie IE into the OS so tightly that a crash in IE can crash the computer, and then they make IE so vulnerable that just using it is hazardous to the typical computer's health, and now they want to CHARGE users to fix it?"
This discussion has been archived. No new comments can be posted.

Microsoft May Charge for Security Tools

Comments Filter:
  • oblig... (Score:5, Funny)

    by Mad_Rain ( 674268 ) on Friday December 17, 2004 @06:14PM (#11120983) Journal
    So THAT'S what Step two is. =P
  • by Anonymous Coward on Friday December 17, 2004 @06:15PM (#11120997)
    If Microsoft were to hire on the Verizon Wireless guy, they could have him walking across the country asking "Can I screw you now?"
    • In other news, Microsoft hires Ron Jeremy in new ad campaign ...
  • by IO ERROR ( 128968 ) * <error.ioerror@us> on Friday December 17, 2004 @06:16PM (#11121001) Homepage Journal
    Some experts blame Microsoft for Windows vulnerabilities that help spread spyware. Microsoft and some others, meanwhile, said blame should be directed instead at spyware manufacturers.

    "Spyware usually gets on your computer through human error," said Marc Maiffret of eEye Digital Security Inc., which regularly discovers serious Windows flaws.

    Yeah, sure, if starting the computer is human error. It takes what, five minutes or less, for an XP box to get riddled with viruses, Trojans, etc.? The error is Microsoft didn't ship an operating system that could remotely be considered secure. You can't connect to the network to download SP2 without risking the computer. Where's the sense in this? Where's the user error?

    • by yelvington ( 8169 ) on Friday December 17, 2004 @06:23PM (#11121068) Homepage
      When Microsoft activates Skynet, the error-prone users will no longer be an issue.
    • by Anonymous Coward on Friday December 17, 2004 @06:25PM (#11121092)
      You can't connect to the network to download SP2 without
      risking the computer. Where's the sense in this? Where's the user error?


      This is how people think after so much time with viruses. They are used to performing workarounds for Windows that lead to acceptance of viruses (just buy an antivirus) that lead to acceptance of spyware (just buy an antispyware) and that lead to acceptance of systems so bogged down by combinations of the above (just reinstall every 6 months).

      It's a bit like living in a really bad neighbourhood and denying it's a problem. "Oh we're OK, we live in a safe area. As long as you put bars on all your windows, don't leave the house when it's dark, put up bullet proof windows, and don't make eye contact with the neighbours you're perfectly safe"

      Apart from how it's broken, it works perfectly.

      MS is fucked, but they don't mind. The consumer state of society today means MS can just tell people they need to buy something, and people will do what they're told to.
      • by Jace of Fuse! ( 72042 ) on Friday December 17, 2004 @06:57PM (#11121357) Homepage
        They are used to performing workarounds for Windows that lead to acceptance of viruses (just buy an antivirus) that lead to acceptance of spyware (just buy an antispyware) and that lead to acceptance of systems so bogged down by combinations of the above (just reinstall every 6 months).

        There are small, efficient, safe, and free programs that perform these tasks without bogging the system down.

        But your points do to some degree stand. Though even if the virus/worm/spyware problem weren't as bad today as it is, I probably would STILL run a software firewall and a good antivirus just as a matter of precaution. I also have all of my systems behind the network firewall but not everyone has that option.

        The point is, that just because things are worse now on Windows than they have ever been, doesn't mean that good precautions wouldn't be paying off.

        It's only a matter of time before MacOS X gains enough popularity that it's own security holes (though admittingly less serious than many of those in Windows) are mass exploited causing many Mac users some grief.

        As it stands right now MOST Linux users can fend for themselves. How true do you think that would be if there was a huge wave of new Linux users converting from Windows? The clueless masses would show people that even a Linux box in the wrong hands can exploited, and I would dare say that an arm compromised *nix boxes is a far greater threat to the internet as a whole than the army of zombie Dialup AOL connected budget PCs running XP home that we currently have to dela with.

        Security IS a problem right now, but Windows is only PART of the problem. The clueless human side of the equation isn't going to go away no matter how many people ditch Windows.
        • by Moofie ( 22272 ) <.moc.nrutasfognir. .ta. .eel.> on Friday December 17, 2004 @07:55PM (#11121832) Homepage
          "It's only a matter of time before MacOS X gains enough popularity that it's own security holes (though admittingly less serious than many of those in Windows) are mass exploited causing many Mac users some grief."

          It's a matter of proper security design that those exploits will be limited in scope and number.

          Windows doesn't get exploited just because it's popular. It gets exploited because it was designed wrong.
          • by thogard ( 43403 ) on Friday December 17, 2004 @11:01PM (#11122718) Homepage
            Once OSx gets hacked in a big way, I expect that Apple will get sued for engineering negligence. I've made it clear to Microsoft that the next time their buggy software nails my server (which runs freebsd), they will have to answer in court. The last time they managed to pay off my hosting provider after their tech support people tried to talk me into installing anti virus software on the server. It wasn't a virus on the server, it was millions of machines trying to talk to my news server. That was Sep of 2003 and the thing is still going wild.

            If you sell a modern operating system and the install disks aren't safe to use (meaning no innocent third party suffers damage) then the product must be recalled. I've had enough of this crud that the next time I'm in the cross hairs, I'm going after whoever dropped the ball and I don't care if its MS, Apple or Sun. There is no excuse for not recalling a CD since its small and cost so little. In past court cases involving cars, that has made a huge difference in payouts. If sun is shipping hackable software with their cheapest v100 which cost $1000 and the fix of sending everyone a new CD which cost $3 or .3% of the product cost, there isn't a judge in the US that won't give the damaged party most of what they are asking for.

            The same goes for Apple. They have teamed up with an Antivirus software company with imac when they could have just included that feature in the OS. I have recently found a copy of an old check from an anti-virus company to a student which proves that the student was paid to write viruses to help improve the bottom line. Thats racketeering and the resulting class action suit could kill a company.
    • I've loaded Windows (various versions) onto machines, then downloaded service packs, with no firewall, MANY times, and never gotten a single trojan or spyware.

      Perhaps the 20 minute figure that people like to bandy about has more to do with common user behaviors -- namely, the fact that most people don't even know what a service pack IS?

      I imagine the average user's behavior to be something like this:

      1. Turn on computer.
      2. Install AOL.
      3. Check email. Oh look, there's an email from Aunt Marge! And it has
      • You're lucky.

        I've had an image of XP SP2 from the MSDN CD installed on a machine, browsed to a couple of pages to find a driver and *without doing anything* got a trojan on the machine.

        In under 10 minutes.

        Users have no chance, really.
        • I hope you informed the site of their security breach. I have yet to encounter a trojan from any legitimate site.
          • What are you talking about? Just because rackhamh referred to a trojan in an e-mail attachement doesn't mean that there are no completely automatic ways to catch a worm with an _unpatched_ Windows system without a firewall.

            There was at least some RPC issue that worms used to spread completely automatically. The topic never was about a legitimate site spreading trojans.
        • Luck 10 minutes! (Score:3, Interesting)

          by gnuman99 ( 746007 )
          In under 10 minutes.

          You are lucky. I connected on *dial-up* with Windows to just DL one form from a gov't website and got infected in under 10 seconds. Before I could actually type the URL into Mozilla, the box was already infected.

          I'd say your 10 minutes is pretty good :P

      • Thank God somebody recognizes the problem. I would add one additional caveat, however. I believe the 20 minute figure was arrived at by hooking up a fresh copy of XP (with no service packs that you can't even buy anymore)to an unprotected broadband network and then surfing the net without downloading any security updates. No Linux user in their right mind would do this, I don't know why they would expect otherwise from an informed Windows user. Now that the firewall is turned on by default, MS has corre
      • by Anonymous Coward on Friday December 17, 2004 @07:23PM (#11121591)
        I work at an educational institute. Connect a Windows machine to our network and you WILL get Welchia in under a minute (assuming you aren't patched). I have done this several times.

        The scenario you describe -- plugging into the internet without getting a worm -- is only the case because the chances are lower that you will get a worm. Basically, you are defending Microsoft on the grounds that the chances are not good that you will get a worm. But decrease the number of computers to that of a medium-sized college campus, and suddenly the chances become very good indeed. Your argument is not particularly good.

        And this is not user error, unless you count not enabling a firewall before you plug into the network as a user error. But then, how do you enable a firewall on a built-in wireles card as you are installing Windows?

        (Note that there are solutions around this problem -- and I use a few of them. I'm just pointing out that the argument, "I don't immediately get a worm on an unpatched Windows machine, so no one does," doesn't hold any water.)
        • Then your admins need to sort their shit out. The company I work for has over 40,000 XP workstations and I can't remember the last time we had any internal infections - it may have been ILOVEYOU. Sure Windows has it's problems, but it is perfectly possible to secure an XP network if you know what you're doing.
      • Perhaps the 20 minute figure that people like to bandy about has more to do with common user behaviors -- namely, the fact that most people don't even know what a service pack IS?

        I've personally had an XP pro machine infected by a worm wirelessly over a GPRS connection. I wanted to test the claims.

        It took about 4 hours of total online time, I didn't download any software or email.

        For most of those 4 hours, the built in firewall was on. But I turned it off for about 10 minutes and the machine was infect
    • by DownloadTHIS ( 794378 ) on Friday December 17, 2004 @09:25PM (#11122254)
      I actually agree with Microsoft here. These problems are caused by human error. Running Windows definitely falls under that catagory.
  • ack! (Score:5, Insightful)

    by nizo ( 81281 ) * on Friday December 17, 2004 @06:16PM (#11121003) Homepage Journal
    Microsoft's disclosure that it may eventually charge extra for Windows protection reflects a recognition inside the company that it could collect significant profits by helping to protect its customers.

    And they don't see a conflict of interest here? Exactly what incentive would they have to fix security holes which are allowing malware into the machine in the first place if they are selling other products to "block" these kinds of attacks, or are they planning on charging for patches?

    • Re:ack! (Score:2, Insightful)

      by moexu ( 555075 )
      "[H]elping to protect its customers" seems awfully euphemistic to me. Wouldn't it help their customers more to release software without the security holes that allow malware in the first place?
      • Re: thpt! (Score:4, Funny)

        by Tackhead ( 54550 ) on Friday December 17, 2004 @06:30PM (#11121125)
        > "[H]elping to protect its customers" seems awfully euphemistic to me. Wouldn't it help their customers more to release software without the security holes that allow malware in the first place?

        Not at all. The word "help" is used in the sense of "Hi. We're from Microsoft and we're here to help... ourselves."

    • by Anonymous Coward
      really this is ingenius.

      monopoly
      +
      user-idiocy
      +
      shitty software
      =
      self-re-enforcing money machine.

      really a brilliantly simple plan if ya think about it from a monopoly business's p.o.v.

      no surprise to anyone familiar with thier previously demonstrated propensity for... ahem... evil?
    • Re:ack! (Score:3, Interesting)

      Reminds me of the spammers who send out spam for spam blockers.

  • by bigberk ( 547360 ) <bigberk@users.pc9.org> on Friday December 17, 2004 @06:16PM (#11121006)
    I mean, they were buying up security competitors as recently as Wednesday! Wouldn't that be a bit too blatant? Are they really trying to monopolize the desktop security market, or are they just trying to help cover costs in what is going to prove to be a very, very expensive area (once they start getting sued for having such a shoddy, insecure product)
  • by sgant ( 178166 ) on Friday December 17, 2004 @06:16PM (#11121008) Homepage Journal
    What balls!

    What a huge, big, heavy set of balls this company has.

    Hey, let's kick them!
  • That's the plan.... what's the problem? :^)
  • If they can make a shitload of money out of any marketting strategy, Microsoft will do anything in their power to sell the most of anything and make profit.

    Yes it is stupid. Users/companies pay for licenses of Windows which is somewhat costly when you compare what other solutions can do for a fraction of a price (Linux?!) and on top of that, they want to potentially sell you crap so their crap can be more secure using the previous crap. What a load of crap.
    • Users/companies pay for licenses of Windows which is somewhat costly when you compare what other solutions can do for a fraction of a price (Linux?!) and on top of that, they want to potentially sell you crap so their crap can be more secure using the previous crap.

      Think of the invoice.

      MS Windows 500 seats $100/seat $50,000
      MS Office 500 seats $100/seat $50,000
      MS anti-virus 500 seats $10/seat $5,000
      MS anti-spyware 500 seats $10/seat $5,000

      Secret leaked internal memo:
      Re:

  • by Ogrez ( 546269 ) on Friday December 17, 2004 @06:17PM (#11121016)
    The only thing in this world I have found to be sleazier than lawyers are software salesmen. This isnt isnt a new idea from Microsoft... IBM did it for years with mainframe releases. You have to have a service contract to get the updates to fix the bugs.

    This problem of releasing buggy software and charging for fixes is inherent in the software world.
  • by Anonymous Coward
    Security fixes are going to be free.

    The question is whether or not the AV and/or AS tools are going to be free.

    Think of it as a choice - you can put them in the OS (so they'll be "free") at the cost of adding more bloatware (important bloatware, but bloatware) to the OS.

    Or they can fix the @#$@#$ security holes that the spyware vendors are using to install their software and sell anti-spyware software to the dumb users who are stupid enough to download kazaa.

    It's not like giant's antispyware software wa
  • by gmuslera ( 3436 ) on Friday December 17, 2004 @06:19PM (#11121029) Homepage Journal
    as all problems are user generated, then is coherent that users must pay for solutions. After all, who click on attachments? (well, when the mail reader dont load the attachments by itself) Who not install firewalls when connecting to internet? who chooses to use a faulty browser?

    See? is end-user fault all those security problems, they must pay!

  • by rjch ( 544288 ) on Friday December 17, 2004 @06:20PM (#11121038) Homepage
    and now they want to CHARGE users to fix it?
    I don't know why this surprises anyone. Micro$oft is a company like any other who for all intents and purposes has a monopoly.
    It's no different to the toll road operator where I live that puts their tolls up by the maximum permitted year after year without any explanation at all - the same one who quite frequently refuses to explain their actions for unusual lane closures (usually during rush hour) with no readily apparent reason, who only pays refunds for their mistakes when the media gets hold of the story. Quite simply, if you want to get through my city quickly and easily, you have no choice.
    (free "well done" to whomever identifies the city I live in and the toll operator I'm referring to)
    • I don't know why this surprises anyone.

      It actually is not surprising that MS will seek a new revenue stream. What may be, well rather sad, is that so many people will pay for it.

      Somebody at MS has to realize this will strengthen OSS alternatives even more.

      Next week, we'll have a statement released that this fee won't really increase the TCO of MS based systems.
  • Or.... (Score:2, Informative)

    You can continue to use free [safer-networking.org] applications [lavasoftusa.com] to do the work for you.
  • by C. Mattix ( 32747 ) <cmattix.gmail@com> on Friday December 17, 2004 @06:21PM (#11121047) Homepage
    Look at it this way. They bought an adware company because the see that this is a problem. If they suddenly "bundled" an adware solution, the zealots would say they are trying to drive adaware and spybot out of the market. But since they are selling the solution and hence giving the customers choice, they are trying to screw the customers. No matter how secure they make the OS, there WILL be people who will run as admins and click "yes" to everything. These are the solutions that they are going to sell.

    It isn't the first time they've had security software either. Anyone remember MSAV.exe?
    • No matter how secure they make the OS, there WILL be people who will run as admins and click "yes" to everything. These are the solutions that they are going to sell.

      In this case I am thinking their solution will be a 2x4 labelled "Clue-by-four" with a little attached sheet that says, 'If you always run everything as admin and/or click YES on dialog boxes without thinking, hit yourself in the head with the Clue-by-four. Repeat as needed'. Cost: $380 plus shipping.

  • User error, eh? (Score:5, Interesting)

    by kryptkpr ( 180196 ) on Friday December 17, 2004 @06:21PM (#11121053) Homepage
    Something from the article rubbed me the wrong way:

    "Spyware usually gets on your computer through human error," said Marc Maiffret of eEye Digital Security Inc., which regularly discovers serious Windows flaws.

    First.. a confession: My name is kRYPT, and I used to use Internet Explorer. I used to keep it patched, and updated. I browsed on High Security. I ran Spybot S&D and Adaware regularly, and TeaTimer always.

    Spyware STILL got in. Every Spybot scan would regularly reveal something nasty (normally DSO or other IE Exploits).

    Perhaps it's true that most Spyware is the result of user action (such as installing shady "free" smiley-enhancing software), but _lots_ of the Spyware out there is simply a direct result of using IE.

    PS: I see the spyware people are trying to attack Firefox too.. see cracks.am for an example. However, in Firefox, a nice dialog pops up, makes it perfectly clear the code that's being requested to run is unsigned and unvalidated, and makes you wait for 2 seconds before you have the chance to accept or deny installing it.
    • Where do you get your spyware from anyway? I've never had a piece of spyware I wasn't responsible for, read AIM and it's back end game thing that watches you. I've been running IE for 4+ years and nothing that was IEs fault.
    • by rackhamh ( 217889 ) on Friday December 17, 2004 @06:38PM (#11121200)
      Spyware STILL got in. Every Spybot scan would regularly reveal something nasty (normally DSO or other IE Exploits).

      Moral of the story: pick your porn sites wisely.
    • The DSO thing is a bug in spybot not an IE exploit.

      It *always* says there are DSO exploits found and deletes them. Just ignore them.
    • by Hamster Lover ( 558288 ) * on Friday December 17, 2004 @06:51PM (#11121316) Journal
      I am in much the same situation as yourself, fully patched, running Ad Aware and Spybot regularly with Javascript OFF.

      I was researching information on the Roman Empire and was directed by Google to a great web site. About five minutes in I notice a small pop up window that when maximized displayed a blank window. The router, modem and network lights start to blink and the hard drive begins to churn. Ugh, I realize I am the victim of drive by spyware installation on of all things a web site on Ancient Rome. If I can't protect myself given all the above safeguards, how the hell is the average person going to?

      It took an hour or two of work with Ad Aware, Spybot and Hijackthis to remove the five or six pieces of spyware shit that installed from an innocuous web site. I am well and truly tired of this bullshit, Firefox here I come...
  • by KneepadsOfAllure ( 805661 ) on Friday December 17, 2004 @06:22PM (#11121056)

    There are already good anti-spyware solutions available for home-users (ie Ad-aware, etc.), and I can't imagine home users shelling out a lot of money when they can get a personal version of Ad-aware for free. I suppose Microsoft is going to be targetting corporate users, but if their solutions aren't much better than companies like Ad-Aware (hopefully) corporations will go with competitors. But then again, they might just choose Microsoft because it seems like the "right thing to do" (that is, MS makes the OS, so OBVIOUSLY they should go with MS because it'll "work better" together).

    Then again, if the MS anti-spyware is moderately priced and a lot of home-users do buy it, it may serve to drive the gap between richer vs poorer computer users (home users who shell out big bucks for a loaded Windows box vs users who pay a couple hundred for one of those Linux PCs that Walmart and others are selling).

  • The Push to Linux (Score:3, Insightful)

    by Nom du Keyboard ( 633989 ) on Friday December 17, 2004 @06:23PM (#11121067)
    now they want to CHARGE users to fix it

    More than anyone or anything else, Microsoft will become the major force pushing users to Linux.

    • I always wondered if maybe they see the writing on the wall, and they are planning on milking their cash cow for all its worth while they can, even if blood starts coming out instead of milk. Eww I think I just grossed myself out.
  • Short answer (Score:2, Insightful)

    by Phibrizo ( 798302 )
    So first they edge their competition out of the browser market, then they tie IE into the OS so tightly that a crash in IE can crash the computer, and then they make IE so vulnerable that just using it is hazardous to the typical computer's health, and now they want to CHARGE users to fix it?
    Yes.
    • Should a browser or any function ever be tied so tightly into the OS? They made a strategic design decision in hopes of extending their monopoly, and the results are an unintended consequence. The wonderful thing about monopolies, as well as monolithic political systems, is that the decision making is often what brings them down. The shear inability to extend every decision to its logical conclusion is an advantage to adaptive systems.

      Careful, you might get what you wished for!
  • This is why commercial software companies need to have their taint wiped from the earth. Software is just too important to pay for.

    Microsoft's message is clear -- buy our software, and we'll hold you hostage with it. Thank god for Gnu, Linux, and BSD.

  • Well... (Score:5, Insightful)

    by rewt66 ( 738525 ) on Friday December 17, 2004 @06:28PM (#11121109)
    As an employee of a security company, I don't have a problem with this. I would have more of a problem with Microsoft giving it away for free. (And, I hope, the toothless antitrust enforcement might have a problem with it, too, but I wouldn't bet on it.)

    But really, we cry "unfair" over what they did to Netscape. Rightly so; it was unfair. If they had sold IE as a separate product, it wouldn't have been unfair. So now they sell this stuff as a separate product. They're not bundling. So what's the problem?

    And there's another way this is good: TCO studies. The more extra charges you have to have from Microsoft to have a working product, the better TCO Linux has by comparison. (That is, if it's an honest comparison. But instead, what we'll probably see is bogus TCO "studies" where Microsoft looks good, but it omits the security stuff. Then when you go to actually buy it, there's these extra costs, like the auto dealers do with "dealer prep".)

    • But really, we cry "unfair" over what they did to Netscape. Rightly so; it was unfair.

      In other words, Microsoft abused their monopoly position and freely gave away their browser, and this somehow competed unfairly with Netscape's plan to freely give away its browser?

  • Even a longtime MS user like myself...

    I've been an advocate for MS software and OS's for some time now, but the prospect of charging to fix something that is a result of many of the flaws in their software just pisses me off!
    It's really unfortunate that Linux isn't viable on the desktop yet because this would likely be the straw that breaks this camel's back.

    Unfortunately, Linux is not ready for the desktop yet, and please, save your fingers from typing because I have been evaluating distros for the
  • by Killer Eye ( 3711 ) on Friday December 17, 2004 @06:31PM (#11121131)
    Let's not call this "security software", Microsoft; remember, software should simply be secure. If you have to add a qualifier like this, guess what: you're saying most of your software has nothing to do with security, and this special extra software, for extra charge, provides the security "feature".

    These terminology differences really point to a philosophical difference at Microsoft, which is the root of all their problems. They really don't understand. Why should we think they ever will, at any price?
  • So let's see (Score:5, Insightful)

    by YrWrstNtmr ( 564987 ) on Friday December 17, 2004 @06:33PM (#11121156)
    MS includes a necessary tool for free: "Unfair bundling! They're just trying to muscle everyone else out of the market"

    MS charges a fee for a necessary tool: "Charging for this? What a ripoff!" (even though their major competitors charge a fee for similar tools)

    Yes, that money may have been better spent in actually fixing the items that need these security tools, but it seems like they can't win either way.

    • Re:So let's see (Score:3, Insightful)

      by RealAlaskan ( 576404 )
      MS includes a necessary tool for free: "Unfair bundling!

      MS charges a fee for a necessary tool: "Charging for this? What a ripoff!"

      How about:

      MS includes a necessary tool free, using the profits from their OS monopoly to destroy a competitor: ``Unfair bundling!''

      MS charges a fee for a tool which is only necessary because of their mal- or non-feasance: ``Charging for this? What a ripoff!''

      No inconsistancy here.

    • Re:So let's see (Score:3, Interesting)

      by ChuckleBug ( 5201 ) *
      Yes, that money may have been better spent in actually fixing the items that need these security tools, but it seems like they can't win either way.

      Since they haven't fixed those items, they don't deserve to "win" either way.

      I keep seeing the analogy with people's complaints about IE. Not the same. With IE, MS undercut the competition with a tool for using the computer, not for fixing problems of its own making. The WWW isn't a Microsoft bug.

      MS is caught in a Catch-22 of its own making. My heart bleeds.
  • by kahei ( 466208 ) on Friday December 17, 2004 @06:33PM (#11121158) Homepage
    ...slashdotters baffled.

  • by DrugCheese ( 266151 ) on Friday December 17, 2004 @06:34PM (#11121165)

    And for only $59.99 we'll show you how serious we are.
  • Apple did this a lot in the '80s so they wouldn't tick off ISVs. They even went so far as to cripple their hard-disk formatting utility to only work with their drives, so utility vendors could make a living.

    Maybe Microsoft doesn't want to tick off the commercial anti-spyware tool vendors.

    Maybe, just maybe, they want to leave the door open for zero-cost or donation-supported anti-spyware vendors like Spybot Search & Destroy [spybot.info]. Nahh, Balmer & Co. aren't that altruistic.
  • Ignorant remarks (Score:2, Informative)

    by ad0gg ( 594412 )
    " then they tie IE into the OS so tightly that a crash in IE can crash the computer"

    Yawn something called protected memory and considering IE runs in seperate process called IExplorer.exe, how is IE going to crash windows? I just love ignorant remarks.

  • They are NOT suggesting that they will sell patches to the OS or anything of the sort. They are merely saying that they *may* sell a utility that uninstalls scumware. That's all. MS is talking about selling an app to remove all the crud that people install without thinking. Spyware is NOT a result of buggy, insecure code. It's a result of users that click on anything that promises to "enhance" their user experience.
  • I'm no Microsoft fan, but I don't understand what the problem is. There are plenty of good, alternatives to buying MS Software for spyware (and the best ones are free). Spyware is a huge problem for most users. I can't tell you how many computers I've cleaned with Adaware, Spybot and CWshredder over the last few years (I just did one today with over 1000 files). I see this as a step in the right direction.

    Many of the vunerabilities are MS's fault, but there are plenty of user errors too.

    "That looks
  • Am I psychic, or what??

    http://it.slashdot.org/comments.pl?sid=133058&ci d= 11112095
  • by G4from128k ( 686170 ) on Friday December 17, 2004 @06:41PM (#11121231)
    This sounds like a classic protection racket. They create a defective product and then extort the customer. "Pay us or bad things happen to your computer." I wonder if a nice RICO suit will change their mind about this.
  • Let me preface this with the statement that the lax security in pre-SP2 IE is shameful. But MS has realized it's faults, and they are quickly securing their products. You can ascribe whatever evil motivation you like to the security push.

    While there have been a few viruses in the past that legitimately exploited vulnerabilities (like buffer overflows and such), all of the spyware in the post SP2 world requires (a) user intervention (pressing yes at a prompt) and (b) running as admin.

    Make your grandma a li
    • Microsoft intends to provide the software free of charge. The article says they are considering providing it for a fee in the future. While that would be a dumb move, for the forseeable future it will be free.

      I wonder, if that boneheaded PM hadn't mentioned their considering a pricing model for the software, would the headline on slashdot have read 'Microsoft will provide free spyware remover, how nice of them!!'. Hmm... maybe not. :)
  • by WasterDave ( 20047 ) <davep@noSPAm.zedkep.com> on Friday December 17, 2004 @06:43PM (#11121246)
    See, there's been a bit of a noise around the web about this whole thing over the last day or so and I really can't see the problem with it.

    Microsoft charge for software. Charge. Money. Whether you pay it, or you pay it when you buy your box, or your suppliers pay it and pass the cost on, or your customers pay it and have less money left over to pay it for you, or your government taxes you then uses that to pay it the basic equation is still there. Micosoft charges money for software. Get over it.

    They also charge money for shit software, in case you hadn't noticed. Then they charge more money for shit-software-server, then more again for a CAL onto shit-software-server, then some more for shit-CMS and so on and so forth. So, on the rare occasion that Microsoft buys someone that makes good software and badge engineers it, why is everyone suddenly up in arms?

    It's not like this is the first time that Microsoft has used a flaw in one product to sell another.

    Dave
  • Makes you wonder how long the MSFT sheepies are going to keep taking it up the pooper?
  • by wikinerd ( 809585 ) on Friday December 17, 2004 @07:07PM (#11121452) Journal
    1. Start a software company and fill up a new market with buggy software
    2. Charge for bugfixes
    3. Profit!!!
  • by FreeLinux ( 555387 ) on Friday December 17, 2004 @07:38PM (#11121700)
    This is something that has been bothering me lately. How long will it be before Microsoft starts charging for Service Packs and Hot Fixes? So far, they haven't done it but, it occurs to me that it is only a matter of time.

    But, the worst part of the idea is that Open Source vendors are opening the door for Microsoft and blazing a trail toward exactly that. Open Source vendors such as Red Hat and Novell/SuSE are selling "cheap" software, built by the Open Source community, and charging a premium for patches. It is a "new business model".

    The base software is sold cheap or given away and they make their real money from "support services". However, close inspection of the "support services" show that they offer very little in the way of technical support. They do however offer password protected access to the sites used to download the patches and security fixes for the free/cheap software.

    All this isn't going un-noticed by Microsoft, who has toyed with the idea of charging for Service Packs before. In the past however, customers told them in no uncertain terms that they would not pay for bug fixes to software that those customers had already paid a premium for.

    Microsoft then developed the "Software Assurance" subscription model, where customers pay a subscription fee that entitles them to future version upgrades. But, Microsoft is still spending money and effort to provide free patches and they don't like doing it as they perceive it as lost revenue.

    But, with the "new business model" that Open Source vendors are acclimating their customers to is likely to open up that revenue stream for Microsoft. Just as all the other software vendors were able to leverage the subscription model after Microsoft had acclimatized the customers, it is entirley likely that customers who are accustomed to the the Open Source method of paying for patches will not balk at paying Microsoft for their patches too.

    It's a dark and pessimistic vision of the future, I know. But, can you imagine Microsoft actually passing up a new revenue stream from the same old product? That doesn't seem likely to me.
  • by NullProg ( 70833 ) on Friday December 17, 2004 @08:33PM (#11122046) Homepage Journal
    has come to this.

    The personal computer (Apple/Commadore/Tandy/IBM/Atari/Amiga) was supposed to release the creative gene in all of us. At first it did (1978 - 1995), Viri at most were limited boot sector infestations and nothing more.

    Leave it to Microsoft to add BSOD and AdWare, and Windows Virus to the english language (Whats it called in other languages)? Instead of removing IE from the core of the O/S they chose to patch the system by purchasing a supposed solution. Now they are going to charge money for a problem that they induced. I also see that Win98/ME is excluded from the list. If I sold buggy software and didn't update 40 percent of my clients, I would be sacked as a vendor.

    I'm sorry. Maybe I'm becoming too old, but Virus/Adware are/should not be the norm. When did it become mainstream to run all these utilities just to use your computer?

    Enjoy,
  • by NotQuiteReal ( 608241 ) on Friday December 17, 2004 @10:02PM (#11122418) Journal
    The relevant part is initially will be free but the company isn't ruling out charging for future versions. So maybe they will charge for something later.

    So, Microsoft has announced FREE software - rant about that. Later, IF they start charging for it, you can rant again about them charging for it.

    Two-rants-for-one special!

  • What's New (Score:3, Insightful)

    by thunderpaws ( 199100 ) on Friday December 17, 2004 @10:50PM (#11122669)
    The average Windows user will feel that MS is sooo wonderful for securing their computers against the wild and wooly internet. As the Windows machines again slow down and bcome even more clunky, the solution will be to buy a newer computer, and sales people will show the buyers how economical the new PC's are compared to those sooo expensive Mac's. Doesn't sound much different than the past 20 years, and people still put up with it.
  • by Gary Destruction ( 683101 ) * on Saturday December 18, 2004 @02:39AM (#11123401) Journal
    It's like the government scaring people into giving up their freedoms for security. Since most people are uneducated, they will fall for it. They don't know any better. And that plays into Microsoft's hands because A)people will think that Microsoft isn't at fault and B)Experts will appear descredited in the eyes of the consumer. And Eeye doesn't know what it's talking about. They've never heard of "Marked safe for scripting" ActiveX controls. You know, the kind that are *supposed* to be safe but have been modified to infect and/or damage computers. That's hardly a user error.
  • by HuguesT ( 84078 ) on Saturday December 18, 2004 @06:21AM (#11123836)
    Since about the days of NT4.0 many people in the IT business were saying something along the line: "MS got their act together, they have released a professional O/S with security built-in, a reasonable kernel, good performance, that runs on multiple platforms including commodity hardware. This is the end of UNIX, and not a moment too soon, we are tired of the expensive hardware and of the Unix wars".

    However MS has continually disappointed. Security ended up being very very bad, and becoming in fact worse with every new release (Microsoft still hasn't been able to break the old conflict between ease-of-use and security, unlike Apple).

    Since then we've had Linux and the BSDs maturing (including Darwin). MS security is in fact worse with XP than it ever was with NT4 and this is affecting mere users in a huge way. Spyware removal has moved from a little cottage industry to big multinational business. Running a simple PC with Windows is fast becoming harder and more labour intensive than simply installing Linux on it.

    My family members and friends are constantly asking me for advice. I'm always happy to help them with their Windows troubles (after all this keeps my skills up to date to a degree). I never mention the fact that they should try Linux or buy and Apple but when they ask me why I don't run Windows I simply say: "no spyware, no virus" and they start thinking about it. A few more years of Linux and OpenOffice maturing, and we'll see a shift of the order of the Firefox one.

    Unless Microsoft get their act together, fast. But they are not, witness the current decision.

    Microsoft is unable to make long term decisions that will affect their users positively. This is because they are driven by short-term profits. Even thought they have the resources 10 times over to make the right decisions, they are being trounced, little by little, by a band of volunteers.

    This is both heartening and disheartening.

    BTW I find all the replies to remarks along the line "but you can't even plug a windows machine in default mode to the Internet more than 10 minutes before becoming infected" absolutely hilarious.

    1- first find a secure machine
    2- download all the patches by hand
    3- burn to CD
    4- go to insecure machine.
    5- unplug from network
    6- install OS
    7- install patches
    8- boot
    9- make sure firewall is on
    10- plug network cable in. Browse to you heart's content!
    11- Oh, and make sure you don't run IE, and keep your machine up-to-date! and don't run as the admin! What? games don't run except as admin? don't play games!

    Easy! speaks for itself, doesn't it?

The 11 is for people with the pride of a 10 and the pocketbook of an 8. -- R.B. Greenberg [referring to PDPs?]

Working...