Windows security probs? You WILL have to pay to fix 'em!

[Bob Crabtree]

Microsoft Announces Pricing and Licensing Details for Windows OneCare Live

Promotional price offered to early testers of all-in-one PC care service slated for June 2006 release

REDMOND, Wash. — Feb. 7, 2006 — Microsoft Corp. today announced final licensing and pricing information for its soon-to-be-released Windows OneCare Live, the all-in-one, automatic and self-updating PC care service aimed at helping consumers more easily protect and maintain their PCs to keep them running well. Now available free to new beta testers in the United States, at http://ideas.live.com, Microsoft Windows OneCare Live will be available in June from retailers and via the Web for an annual subscription of $49.95 MSRP for up to three personal computers. To thank its valuable beta customers and offer an easy transition to the paid service, Microsoft also announced today a promotional deal offering the first year of Windows OneCare Live service for $19.95 to beta customers who become subscribers between April 1 and April 30, 2006.

“Consumers have made it clear they need more assistance than what’s offered today, and we are excited to deliver the value of improved protection and maintenance in one comprehensive solution,” said Ryan Hamlin, general manager of the Technology Care and Safety Group at Microsoft. “Windows OneCare Live eases the frustration of protecting your PC and gives consumers greater peace of mind so they can spend less time worrying and more time doing the things they enjoy.”

Okay, we know there was NEVER any real chance that Microsoft would permanently include proper anti-virus/anti-malware protection in Windows for free but now we know for sure.

Presumably, the company can argue that it had no choice - what with anti-competition problems it's faced worldwide over the stuff it's already included as standard in Windows - but the very idea that it can sell a service that, in many ways, is only required because of problems with Windows itself might leave some people muttering and shaking their heads.

As my old mum used to say, "They've got more front than Sainsbury's".

Let MS look you in the eye (without blinking) by checking out its release about OneCare Live, then let us have your thoughts about caring, sharing Microsoft.

[kalniel]

A clever step around the anti-competition problems of the past, but as soon as the OneCare Live is required to fix problems caused by another MS product then they'll get in even more trouble.

[Moby-Dick]

Bob - nice article but your 48 hours past it.

http://forums.hexus.net/showthread.php?t=67419

Windows updates remain free - so you WONT pay to fix them. You are free to choose your own AV and firewall products and pay as much or as little as you like. In the same way that people still steal cars , but people dont mind paying for aftermarket car alarms ?

[Bob Crabtree]

Bob - nice article but your 48 hours past it.

http://forums.hexus.net/showthread.php?t=67419

Windows updates remain free - so you WONT pay to fix them. You are free to choose your own AV and firewall products and pay as much or as little as you like. In the same way that people still steal cars , but people dont mind paying for aftermarket car alarms ?

M-D,

Thanks for the thread link!


I hope people will visit and join in the discussion over there - there's some good debate going on.

I'll leave this thread in place, though, so people get directed over there.

As for 48 hours late - indeed. But I've been head down doing other stuff and the MS release only came on my radar this morning.

When I saw it, I was so MAD ...



...that I had to do something immediately to stop the bile rising ever higher.

Bob

[Moby-Dick]

I think its misdirected bile though Bob - You are not being charged for security fixes - AV software has been a seperate product since windows has been around - why get upset because Microsoft have released ( at response to demand ) their own version ?

[Bob Crabtree]

I think its misdirected bile though Bob - You are not being charged for security fixes - AV software has been a seperate product since windows has been around - why get upset because Microsoft have released ( at response to demand ) their own version ?

I haven't time right now to reply to this in the detail that this whole issue obviously deserves but will try to do so soon - and, in doing so, attempt to pull together my thoughts about what's also been said over in the thread you pointed to.

Cheers


Bob

[Dav0s]

i think their version will actually be pretty good, i was pleasently surprised at their anti-spyware

[Synergy6]

Windows updates remain free - so you WONT pay to fix them. You are free to choose your own AV and firewall products and pay as much or as little as you like. In the same way that people still steal cars , but people dont mind paying for aftermarket car alarms ?

I think the primary difference is that a car is a single object that you buy. After it has been released, thieves will figure out how to break in, then can break into any of them with the right technique. You can't (unless at horrible cost), "update" a car, for example by replacing the locks on 100k+ items. So, when it's know that a car can be broken into, there's little the consumer can do, other than buy an aftermarket system or pay the manufacturer to do similar. Also, every car has to be legally insured, so when it gets stolen, while obviously hugely annoying, it shouldn't (in theory anyway) present a major financial cost.

However, an operating system is not a single object that sits in your garage. Even during installation you are configuring and changing it's operation. If Microsoft had their way, it would be automatically updated with whatever they wanted, whenever they wanted. Distribution systems are already in place to "put out" corrections to the software when viruses occur due to problems in the Windows code. Therefore, some viruses are already protected against by Microsoft, and this makes sense as part of the price you paid for Windows.

I'm not saying that Microsoft should be forced to protect against every virus, but it does seem rather uncaring towards customers when they don't bother (or at least hide the existence of for months before belatedly) offering a fix, when the problem is caused by problems in the Windows code itself. If I bought a car, and I found out it was stolen due to a faulty lock that let anyone in, I would possibly sue the manufacturer for shoddy goods. When the same thing happen in Windows, that shoddy code allows in every hacker and quite possibly his dog, the best I can expect is some simpering press release and maybe (if I'm lucky) a fix months down the line.

In essence, it does seem a bit tart (see dictionary for meaning #2) of Microsoft to charge people for the ability to patch over the problems which they have created. Perhaps this will cover the income they're losing out on from the governmental bodies which seem to be increasingly switching their lucrative contracts to Linux-based providers. Especially considering the range of anti-virus products availble "gratis", ie. both free and not spy/adware ridden, I see no reason to pay anything for "Livecare", other than technical ignorance.

Synergy6

[Moby-Dick]

- Firstly I've edited out your childish use of "M$"...it really isn't big or clever. Please dont use it again.

-Will those government contracts be paying for their RHEL updates ? I'm sure they will be. If you read the other thread, its nothing to do with a windows vs linux debate.

- Accepting that no software is perfect is an important thing - There are bugs in everything. The key thing is how you handle it. The reason patches take a far ammount of time is due to the testing cycle. Its hard to imagine the number of combinations of system that are tested on ( eg. just for a single application . say SQL 2005 , there are 100's of version of the product itself ) and they ALL have to be tested to make sure that any low level fixes do not affect them.

I prsume you have written the perfect OS already , hence allowing you to call other peoples work "Shoddy" , without any actual knowledge of how it was written , features that have had to be kept in / incorporated for backwards compatability. If you havn't then I dont really think you have a leg to stand on ?

I'm sure *you* dont need to pay for everything , but you are not the vast majority of windows users , who are most likely not as technically astute as you ( they may well have other skills you probably dont have ). It is those people that buy windows , and its those people who will benefit from a nice streamlined security system that is easy to use & deploy.

[Synergy6]

I'm sorry, I was under the mindless impression than there was some degree of free speech around here, and I could refer to "Microsoft Inc" in whatever way I so chose. Worry not, this myth has been quashed.

Nice point, so basically as I haven't created the perfect anything, I can't call anything shoddy. My gas fire broke down after 3 months installed last year, but I can't call it shoddy because I've never created the perfect gas fire.

I think which of the two posts is "childish" is rather debateable. I was unaware that there was such a thing as a "Microsoft fanboy", but, yet again, thank you for educating me.

Synergy6

P.S.

No insults

[Moby-Dick]

so instead of actually challenging anything you are going to sulk ?

QED.

[Synergy6]

M$ - Discussed before.
Linux - Was one point in the closing paragraph of my post. I wasn't trying to start a Windows vs Linux debatae in any way whatsoever.
Patches - I didn't say that any software was perfect. I did say that Windows do seem to have a rather poor record of fixing the problems in its software, especially when it comes to hiding the problems so the "discovery to fixing" times seem better.
OS - Discussed before as a pointless analogy. My leg, if you want to call it that, is my opinion, which rests well, thank you for asking.
Pay - Yes, *I* don't need to pay for everything. Neither does anybody else. Eg. getting AVG Free and installing is most likely easier, quicker, and most importantly cheaper than Windows One Care. (Their "other skills" do seem a trifle OT.) I don't agree that One Care will be any easier to deploy than other currently available free AVs.
Also, that paragraph does rather seem like an admission that Microsoft (see? no $) is out to profit from the ignorance of its users that better products are available for less money. I see a continuation of the EU lawsuits down the road.

Oh, and just btw, I'm a premier sulker. Could do it all day really.

Synergy6

P.S. Saying something in Latin ...(bombshell) *doesn't* actually make it more likely to be true.

P.S.S. Feel free to point out the part of the Guidelines which mention against being "childish", and mention that I must be "big" and "clever" at all times. I wasn't aware this forum had an IQ requirement for posting.

[chriswyatt]

My friend got Mcaffee VirusScan and it's really only after you've bought it you realise that you can only get new virus definitions for a year and you have to pay for the rest, personally I think Mcaffee are as bad as the virus writers, I actually think virus writers who reveal potential flaws and don't do any damage are quite good people really.

I use Avast! Home Edition, which is free and regularly updated with new virus definitions. You have to register for a free license, which lasts for a year I think. Reassuringly it's just a slightly stripped down version of the Professional Edition which can be employed across networks, without a few features I would probably never use anyway.

[Synergy6]

Avast! is as good as free AVs get IMO, but I use NOD32 personally, great stuff.

[Paul Adams]

A clever step around the anti-competition problems of the past, but as soon as the OneCare Live is required to fix problems caused by another MS product then they'll get in even more trouble.

Viruses aren't MS products, and they don't generally exploit vulnerabilities in the operating system.
As has been hinted at, we cannot bundle such security offerings with the OS due to anti-trust laws - we have to compete on an even field with the other vendors.

A vulnerability discovered in the OS would result in a patch, free for download by anyone - it wouldn't result in an extension to a separate tool designed for other purposes and there is no "edge" to be had over vendors of equivalent products.

Microsoft have responded to customer requests in producing this software - this is important to be aware of.

As for the need for such products, the OS can only take governing the users' activity so far - do we check what every single batch file, VBScript or executable tries to do and prevent it "if it looks suspicious"?
Who determines "suspicious"?
Hypothetically I could write a batch file which would recurse through a hard drive and delete all .DOC files it found, or swap any 2 files' names around for the hell of it - if the user has permission to do that then should the OS be responsible for preventing it?

We can provide the security model in the OS, but it is ultimately down to the user, or a product they trust, to employ a decision-making practice on what is allowed to do what - otherwise P2P software, for example, could be determined to exhibit classic trojan and worm symptoms and be killed on sight.

The LUA concept in Windows Vista takes a step towards attempting to protect the users from themselves by confirming what appears to be an administrative action - but you can guarantee people will complain about it and want to know how to turn it off, because it is in their nature (look at all those who want the security of a personal firewall, but don't want the administrative overhead of actually configuring it).


So OneCare isn't to address shortcomings of the OS, it is a product with a subscription service in its own right designed to give users choice and as a response to many, many requests for it.

[Bob Crabtree]

Paul,

Thanks for the comments - straight from the horse's mouth, as it were.

My initial reaction is that there is more to Windows than the OS.

There are many apps that Windows comes with or that MS offers to us free - either anew or as updates.

Because of the way we gain access to those apps, I personally regard them as part of the OS. Here I would include Outlook Express, Windows Media Player, Internet Explorer and a bunch of others.

When I look back at the many tens of fixes that I have applied to my work PC via Windows Update, I see that some address the core OS but may others address these apps - and, yes, I am pleased to see MS using Windows Update to try to keep on top of the threats posed to our systems.

Those updates, though, include responses to many different types of malicious threat - including some that, I believe I'm right in saying, might be trapped by OneCare Live.

Or is it the case that OCL will address only viruses and not any of the malicious threats?

One could get the impression from your opening sentence that OCL only addresses viruses but I'm not sure that is true:

Viruses aren't MS products, and they don't generally exploit vulnerabilities in the operating system.

I guess you can imagine where I'm going here.

I'm wondering whether, in fact, the people who pay MS for OCL will be getting better protection and earlier protection from threats to MS-supplied free apps (that I see as core to the OS), than those who rely on Windows Update?

If OCL subscribers do have that advantage, then, surely, it can be argued that Microsoft will be charging people for the privilege of better protection against flaws in its OS? Or at very least, for that privilege as it relates to flaws in MS's non-chargeable apps?