Microsoft may charge extra for security software

http://www.cnn.com/2004/TECH/internet/12/16/microsoft.spyware.ap/index.html

Microsoft Corp. disclosed plans Thursday to offer frustrated users of its Windows software new tools within 30 days to remove spyware programs secretly running on computers. But it might cost extra in coming months.

In a shift from past practice, the world’s largest software manufacturer said it may charge consumers for future versions of the new protective technology, which Microsoft acquired by buying a small New York software firm. Terms of the sale of Giant Company Software Inc. weren’t disclosed.

Spyware is a category of irritating programs that secretly monitor the online activities of Internet users and can cause sluggish computer performance or popup ads.

Microsoft, whose Windows operating systems have often been criticized for lax security, traditionally has given consumers – at no charge – separate programs to improve security. It also has increasingly built other protective tools, such as firewall software, into Windows to repel hackers.

Damn, that’s hilarious on so many levels!

Microsoft’s tool, expected to be available within 30 days, initially will be free but the company isn’t ruling out charging for future versions. “We’re going to be working through the issue of pricing and licensing,” Nash said. “We’ll come up with a plan and roll that out.”

They’re probably talking about support licenses for huge business customers, not charging Joe Blow $20/year for spyware scanning updates.

Well , yeh you’d hope so. However, knowing MS I’d hardly find it suprising if they were targeting home users.

Seeing how they’ve never done anything like that ever before?

I guess there’s no incentive to fix OS issues if you can charge people extra for bandaids.

From a commie who works there: trust me, that’s not how it works.

Spyware is good at tricking even the most savvy computer users, but even the most robust OS won’t protect you from yourself. I’m convinced 90% of security is educating people how to use their computers safely.

IE is the major issue. It’s like Swiss cheese.

So first you create a problem - IE with holes.
Then you charge Microsoft-addicts to fix it!

sweet - if it was legal.

Yes - hard to prove - but wount some try it in court anyway?

If you think MS is the leader in security problem, I suggest subscribing to bugtraq. It’s easily half or more OSS.

I think MS is the leader in security problems in that a flaw in MS software has a lot more magnitude than a flaw in Solaris or MacOS or Linux. Since MS makes a hojillion times more money than anyone else on their O/S, I don’t think it’s unreasonable to hold it a higher level of security than Bob’s Clone X Chat Program For Linux.

If XP was 25% as secure as Bob’s Clone X Chat Program For Linux that would be a great improvement.

You’re comparing one company to an entire industry. You know this, yeah?

I’m not a MS fan, but all software has holes. The irritating thing about MS is that many of the holes were designed in as features (activex in browsers, Outlook & scripting, etcetera). It is reasonable to hope they become more careful.

That said, I wouldn’t touch IE. Penn State recently suggested its students refrain from using it. The meme is spreading.

You’re comparing one company to an entire industry. You know this, yeah?[/quote]

When the company makes up the entire industry…

Any other company in MS’s position would have made the exact same 1990s mistakes on features vs. security, I think. If the Netscape/Java thin client model had won we’d all be bitching about java sandbox exploits.

You’re comparing one company to an entire industry. You know this, yeah?[/quote]
When the company makes up the entire industry…

Any other company in MS’s position would have made the exact same 1990s mistakes on features vs. security, I think. If the Netscape/Java thin client model had won we’d all be bitching about java sandbox exploits.[/quote]
You never cease to amaze me.

I mostly sympathize with the security problems MS has, but I agree that Jason’s suggestion that Java sandboxes would have the same issues given similar market success is incorrect. Those sandboxes were designed from the ground up to avoid the very security ‘features’ that has given most MS products a bad rep now.

However, there’s a case to be made that these security features in Java, which necessarily limited functionality and/or ease of use are part of the reason that Java did not (and will never, imo) achieve significant market success.

Microsoft did not place a high value on security until the past couple of years when it started to hit them in the pocketbook. A great example is ActiveX. ActiveX is inherently unsecure as it just runs as code on your local PC. However, Microsoft has this to say in their ActiveX FAQ:

[i]How Does ActiveX Handle Internet Security?

To address security concerns posed by anonymously authored executable code distributed over the Internet, Microsoft is working with a number of ISVs on a code signing standard, which provides the same level of accountability to end users of Internet software as buying a shrink-wrapped product in a store.[/i]

So if Gator hosed you, you could just go after Gator. Right? Right? Right?

[i]Is signed code really secure?

Yes. The security methods used to support this proposal are not new; they rely on tried and proven technology. The specifications on which the technology is based have been used successfully in the industry for some time. These include PKCS #7 (encrypted key specification), PKCS #10 (electronic request forms), X.509 (certificate specification), and SHA and MD5 hash algorithms.
[/i]

Giving the appearance of security but glossing over the ability for the code to do whatever the hell it wants.