News - Microsoft calls it a day for Windows Live OneCare

[aidanjt]

If you had an iPhone esque you buy all software via me. I'd be very worried.

Not all licenses require payment, even in the Windows world. Even just downloading simple utilities runs the risk of domain hijacking, or compromised servers having their software overwritten with something neferious, then you have to go running around the web looking for software that does a particular task, what competitors have the same type of software, which package do people prefer? And the same when looking for updates, either that, or put up with buggy, insecure self-updating applications, and constant wheel reinventation, plus there is absolutely zero assurance that what you download is what the developer build, tested, and intended with self-installers.

But the notion that 'downloader beware' is i think still an important rule, having package management dosen't mitigate this risk one ioata

Wrong, package managers have prior public/private key signed relationships (or at the very least a competent checksum) acompaning the package metadata seperate from the package itself, changes to the package will result in a failed digest, and the package manager wont install it.

(and lets not pretend that even 90% of programmers are good enough to read through source code to assess a programs threat, hell i'd only give a cursory glance at the IAT which is easyer when compiled without IDE tools).

Compromised packages very rarely ever occur at the sourcecode level, for the simple reason that SCM servers in private organisations rarely, if ever, need to provide public access to that machine, and interorganalisation access can be provided over VPN or some such. Even in the opensource world, attempting to compromise a publically accessable SCM server is like running into a brick wall because of the security. No, it's far easier to compromise the http server storing the binary self-installer that's being offered to the public. By having the package metadata on a foreign machine with a signiture for that file mitigates that risk by a great large margin.

But my point still holds true that there are plenty of bad designs in other OS'es

Sure, but sometimes even a bad design is better than no design at all.

and if i was going to loose backwards compatability, linux certainly isn't worth it.

Wine and virtualisation method of your choice. Granted, you wont be able to play every game, but between both, you'll be able to do mostly everything on you could on your Windows installation and more. But that's an aside, the issue at hand is Windows needing a sane and unifed method of dealing with packages and updates.

I'd like a microkernel OS, with most hardware drivers in usermode.

I totally agree, that would be an absolutely ideal kernel architecture.

If i'm not going to be able to play any of my old games, or buy hardware without worrying about compatability, i'd like more than an easy application library.

That's understandable.

[OilSheikh]

I never used Onecare. Anyone did?

[aidanjt]

I never used Onecare. Anyone did?

I ran the trial for a bit sometime last year, and I can say that it did integrate with Windows *very* well (no surprise there really), the resource usage was well below the major competitors, but I didn't bother to try to intentionally infect myself, but I didn't get any false-positives that you'd get with braindead heuristic scanning with the likes of Norton & Co. But in the end I just stuck with ClamWin and manual scanning things I wasn't 100% sure I could trust.

[dangel]

And as has been announced were going back to Side-By-Side.... Oh dear.

I'm still waiting to see what the official line is on that - i actually liked SxS: for us it solved a lot of problems.

[Nailz]

I had Onecare as part of a software package freebie I got from Microsoft in TVP

It was "ok" on version 1.0 but when they did the 2.0 rollout it totally screwed my Vista install, increased boot time by 40/60 seconds and made the machine run like a dog. Nothing but a clean install of Vista could sort it out!

I made quite a few complaints on the community forums and loads of others were having the same issues. At the moment I'm running AVG8 and its fine.