Windows OneCare Live: Has the world gone mad?

[Moby-Dick]

Life is rarely fair - is it right that you should supply somoene with "free" software , then charge them to install and support it ?

Is it right to charge someone for a website , and then charge them (*shock horror* ) again to add content to it , I mean after all , you've paid for a website ?

[aidanjt]

is it right that you should supply somoene with "free" software , then charge them to install and support it ?

Install and support the software yourself. It's not rocket science, at least the software itself is supplied for free.

Is it right to charge someone for a website , and then charge them (*shock horror* ) again to add content to it , I mean after all , you've paid for a website ?

Would you pay a webhost that only stays up 60% of the time?.. would you pay the same webhost extra money if they promised to improve the uptime by an extra 35%?.. that would be a more apropiate annaology.

My gripe isn't paying, my gripe is having to pay for defective goods with poor support and having to pay more to mask the defects of the product i purchased.

[ikonia]

Lets discuss - I've only responded to the points I disagree on.

I'm more than aware of this as well, however my point is that Microsoft charging users to sheild the holes that their software contains adds insult to injury.

ok - the same way redhat and suse charge for updates to the open source products they use ?
While I agree that the open source approach in general does not charge, to make these product ready for comercial use and comercial support for businesses/the average user has a price and that price is support. To get comercial support for virus scanners for mail servers running linux for example will cost you to get a good one as the open source alternatives are not really acceptable for business use.

in response to my kernel high profile exploit

Note your use of 'picked up after release' and 'quickly fixed'. I'm not claiming every release of opensource software is perfect beyond reckoning, I havn't done so. However as soon as bad code is detected it has a patch submitted nearly the same time as the announcement.

In the same way microsoft detect things post release and apply a patch ASAP.

in response to my constant improvment secuirty wise of the kernel

I would be deeply concerned if there wasn't. Linux developers take a pro-active aproach (auditing code, testing, correcting, deploying patches) to kernel security, I don't see how this is in any way negitive

The same way some of microsofts patches are proactive improvments not resposes to holes.

If I was discussing distributions in general I would use the term GNU/Linux to describe the kernel and it's supporting software to form a fully blown Operating System.
However you are incorrect in quoting 'Distribution' security announcments, distros only pull in source code from other projects to form an operating system, the issues are relivent to that particular project, the same version will have the same holes regardless of distribution. I never claimed opensource software to be flawless, but the turn around for security flaws is typically between minutes to a few days. Not months or years.

ok, this is where its going to get messy,

Different distros use different version combinations of packages and kernels and headers, which open up different security bugs. Its all a bit intertwined. To give an easy example zlib had a secuuirty hole in it (I'm going to exagerate here to be clear about what I'm describing) the problem is a secuirty hole. Zlib fixes the problem, however some systems will still be insecure due to the version of the product utilising zlib would still make an insecure call to it, the bug wasn't with zlib at that point but how an neighbouring application called it. Also distro patch their source code (redhat being an easy example) to make changes for their own distro and their own way of working, so while the kernel may not have a bug in its raw form, using the patched applications or even patched kerenl by a distro could cause a security hole. I do believe its relevant how distros build and package up their products. Thats why some distros report security bugs A - C - D while others report B - C - E - - F even if they are based around the same source versions. it could even be down to compiler used to build them (as an extreme and rare example)

And rightly so, a basic LFS consists of nearly a hundred seperate projects, each having their loyal, dedicated developers, all of which are putting in millions of man hours improving the software they love, and not asking you for a dime.

this is a tough one, as some do ask for money, some ask for "support" and some get money in other ways a price of some sort to the user, but your very correct in that none of them demand money upfront.



in response to my "linux is as insecure as windows"

Sorry, I plain disagree with you there. The architecture itself as a whole is systematically more secure. Linux was written from the ground up as a multi-user kernel, as goes the rest of its userspace components. Windows, and all its accompanying software started out life as a single-user enviroment. Something which is still very evident today.

well, you'd be surprised at how many linux boxes got exploited on the internet. The ammount of server that get exploited on the internet are mostly linux based because they are setup wrong and using bad versions of products. The MS ones would probably close behind if they where as popular on the internet as linux, I assume the same is true at why most MS workstations get exploited because their mass in numbers on the desktop compared to linux is off the scale.

Windows 2003 is multi user, and if you don't install products like office, and just concenrate on network/security exploits I think its a viable option to linux, it just doesn't has a strong tool set for itnernet use.

I'm well aware that 'Linux' is just the kernel, I never made any kind of use of language that suggested otherwise. Recall my assistance with your linux issues. I'm not a Linux newbie jumping on the bandwagon against Microsoft, this has nothing to do with Linux, I mearly brought it up as an example. I could have brought up Solaris, BSD, OSX or any number of operating systems as an example, however I know Linux best so I opted to use it as an example.

ok, so why reference "security hole in windows" in your origional post. When was the last time the Windows kernel was updated for security, its normally 3rd party applications that are classed as "windows" because of how its packages such as IE, Office, Media Player, IIS etc etc if you want to compare "windows" on a kernel level I'll bet its patched about the same ammount as the linux kernel, on a "package" level then take into account bugs for kde (or a main desktop) gif lib, libjpeg, openssl, etc etc things that are needed to make up a linux machine that classed as "windows" on an windows box.

I never made this a Linux vs. Windows comaprision/rant, my issue was with Microsoft asking users for additional money to sheild out the holes that Microsoft put in their own software.

Thats true, however your post basiclly says, I can't believe windows are selling additaionl protection software to help protect their operating system, there are only 7 viruses in linux.

So you where comparing the whole of the windows application security holes virus/unvirsed whatever against the smallest possible threat on a linux box - which still needs the some of the same protection (firewall - software patched etc) as a linux box.

I felt a more balanced view of the secuirty you where slating was needed, and clarification of what was actually being protected (virus/firewall)
enjoyed your responses though.

[TheAnimus]

oh dear, oh dear.

Right first off, viruses targeted for windows, before we get into the loverly security arguments, talk to an anti-virus vendor (sophos are good and based in the UK) they will explain that 99% of viruses are badly written. They are often tests of the code, and its that persons next virus that will work. They aren't targeting a platform becuase of its security level, they are targeting it because of how many people are using it.

Most viruses don't use an exploit, they use the fact that users are stupid, now windows admin by default lends itself to this, there are distro's of linux that do this too (DSL for instance uses sudo).

As for kernel vrs platform debate, this is very stupid and futile.

As for windows not been a multi user OS, sir, you clearly wern't reading any of the stuff surronding OS2 and NT. Its clearly been designed to be multi user. Remeber that NT is a much more modern kernel than linux in most respects.

As for paying for onecare, Myself i think they should give it for free by default turned on. But they'd be in court. There are sugestions of anti-trust with service pack 2 XP (and SP1 2k3) but with so little precident, this is mostly speculation reserved for law students.

As for money based on defective goods, most viruses don't come out until a patch is. The standard XP sp2 + patch + daily update check, is to all intents and purposes secure. The only gripe could be the lack of admin only when needed ideal, but this is a different debate, security vrs functionality.

[kalniel]

The problem in my mind comes if we start to see OneCare Live addressing problems as a result of inside information that they obtain before it is made available to other competitors products. So while it gets around certain anti-competitive problems by not being free, they could still be in trouble if they use inside information to gain a competitive advantage over others.

[dangel]

Given some of the crap the AV vendors put out perhaps it's not so bad MS turn their hand to it? If there wasn't a market for it, MS wouldn't invest time and money in it.

[Moby-Dick]

The problem in my mind comes if we start to see OneCare Live addressing problems as a result of inside information that they obtain before it is made available to other competitors products. So while it gets around certain anti-competitive problems by not being free, they could still be in trouble if they use inside information to gain a competitive advantage over others.

so in the same way that if an AV vendor creates an AV signiature first , they tend to release it to their own users prior to sharing iwth othe Av vendors ?

[schmunk]

Possibly a poor analogy, and feel free to pick holes in it, but surely this is fairly similar to purchasing an extended warranty on a physical product?

If you don't want to purchase the expensive warranty from Currys (or the leaflet in the packaging), you can shop around to find an insurance company who will sell you a similar service for a lower price. Or, you can take a risk and not have any warranty.

Or buy a different product that comes with a longer standard warranty (going back to software - use Lindows etc, which presumably will still have free updates/patching).

[TheAnimus]

oh schmunk your still getting free updates + patching for 5 years, which is thought to be the useful life of the product. (you get a certain type of support for 10 years, but it becomes horrible).

One Care is about a firewall, which personally i think is a waste of time for 95% of the windows users browsing this forum, as you'll be running as administrator.

Anti-virus, which is very useful, and not something which it is thought to be the OS vendor's problem.

Worms are prolific on a lot of platforms, just look how many PHP ones there are that spread via an exploit that should of been patched months ago. Anti-virus is often considered safer to update than patch, as patching tends to involve down time (not if your running Vista of course).

A better analagy might be like buying BullBars for your jeep, because you think there is a change you might be drunk driving and acidently run over some children (be stupid enough to get a virus) and like a virus scanner, the bull bars prevent the child from making a mess on your windscreen.

[merlin2001]

to me, there is potentially a huge conflict of interest as highlighted by kalniel (now I admit my ethics training is in the field of finance, not technology, but i'm sure the basic ideals cross-over). If MS OneCare developers are able, through there association with windows, to provide a superior product than any of the direct competitors - then we have anti-competitive behaviour. now, given MS's history towards anti-competitive behaviour (i.e. go for it and make the court case drag on for years so that by time of verdict, it becomes irrelavent in the broader market), can see this happening...
P.S - last time i checked, wasn't MS supporting or taking over AVG? wonder if that has had any impact on the onecare division?

[Matt1eD]

I'd be happy to pay that, but frankly Avast Free Edition is a wonderful program that does everything and more (without getting in the way) that I need... so sorry MS!