Security as a Profit Center? 479
Harry Erwin writes "This article seems to suggest Microsoft is now considering charging for security. I don't mind vendors like Counterpane Internet Security selling security services, but I would prefer operating system vendors to treat security as part of the core functionality of their products, if only because effective security has to be designed into the operating system from the start. This proposal would create a two-tier Internet and probably make things worse rather than better. Security is like public health and education--if you think it's expensive, consider the alternative."
What next? (Score:2, Funny)
Re:What next? (Score:5, Funny)
Re:Maybe they should be held liable? (Score:5, Interesting)
Liability concerns have forced far more worthy companies out of this particular market (aircraft subcontractors). Why should Microsoft expect special treatment?
I don't understand... (Score:5, Funny)
Re:I don't understand... (Score:3, Funny)
Yes, but Microsoft didn't get any share of that.
Re:I don't understand... (Score:4, Insightful)
You don't understand... (Score:2)
Of course once M$ has a biz plan where customers pay extra for security the incentive to no fix (or even leave in) security bugs will be tempting ...
Re:I don't understand... (Score:2)
And what disturbs me about the story submitter is he says, "Security is like public health and education--if you think it's expensive, consider the alternative." That's much more a defense of charging for security than it is a defense of security by default. "Hey, if you think spending $500 for a secure OS that used to be $100 butinsecure, imagine what you'll spend if you are subject to a massive failure from insecurity." That's bad thinking and flawed logic.
Then the Ford dealer asks (Score:5, Funny)
Re:Then the Ford dealer asks (Score:2, Insightful)
Again, back in 1976 I was working on minicomputers. Very reliable, very secure, very expensive. Now I work on PCs and related servers: kinda reliable, not very secure, quite cheap. The market spoke and vendors listened. You want a PC with the reliability of a mini and real security but you won't pay US$20,000 for it. Don't feel bad, most people would rather have their own PC, warts and all, than go back to the bad old days of having to beg for timesharing on a big, expensive, secure beast and having to explain to the high priest himself that arrays and pointers are, in fact, recognized computing practices so please can I run my program now...
Re:Then the Ford dealer asks (Score:5, Funny)
*smacks himself*
And here was I, thinking that inflation was the cause!
Funniest misinterperetation thread ever... (Score:3, Informative)
Guys... they meant proper tire inflation. If you are not a citizen of the USA, then you are of course pardoned. If you are a US citizen, I can assure you that where you live the news usually comes on at 5, 6, and probably also 9, 10, and 11.
SO HERE'S a little history.
The real reason why everyone else modded this joke up was that at the a certain point in the debauchery that caused so many Expedition/BIG Ford SUV deaths, both Ford and Firestone tried to shift the blame on the consumer stating that most of these roll over deaths could have been prevented by the driver having proper tire inflation.
This, in a sense is the equivalent of saying that if a consumer does something so benign as not change their VCR remote batteries on a regular basis, then they deserve to be electrocuted the moment they try to turn the TV off manually.
Re:Then the Ford dealer asks (Score:5, Insightful)
I suspect that inflation has more to do with the issue. Given inflation since 1976 [orst.edu] (PDF, sorry. You'll get similar numbers from other sources [google.com]) cars are now proportionally cheaper. Assuming car prices moved exactly with inflation, your $10,000 car would now run $31,600. Naturally this cost saving is due to other reasons (more efficient manufacturing processes, cheaper foreign labor, newer and cheaper materials). Sure, adding safety features did increase the cost, but not by a huge margin.
Re:Then the Ford dealer asks (Score:4, Insightful)
Ahh, but if you started working in 1976 for $20,000/year you would now be earning $60,000 or your raises did not keep up with inflation. Starting slaraies are not generally $60,000 so car prices now cost more relative to real earning power. Oh dear, the golden calf costs way too much.
As for M$, if their software had kept up with hardware developments it would have four virtual desktops, be able to support four concurent users on four different machines, be able to play and edit movies with ease and do other neat tricks right out of the box. Instead, the capabilities right out of the box are about the same as Win3.1, but it does not last as long. Oh dear, the M$ tax has grown but the software has failed to keep up with what's available that's free.
Wrong and wrong again. (Score:2)
Second, Microsoft can't use inflation to explain their ever increasing prices. Except for the cost of ever more programmers to create ever bigger bloatware (but nobody to check those buffer overflows or fix those bugs^H^H^H^Hfeatures), they don't have an explanation for their pricing. Except of course for the real reason: Monopoly.
Re: (Score:3, Insightful)
Re:Then the Ford dealer asks (Score:2)
Of course, they're vastly superior, and it's hard to compare like with like (I doubt most mid-70s model cards could even get on the road today, which brings us back to the poster's point).
Re:Then the Ford dealer asks (Score:3, Insightful)
Seattle doesn't have "real winter weather", yet every fourth car here is an SUV. Odd.
I grew up in central Illinois, where we did have some bad winters. Somehow, my family always survived with just a normal sedan. Sure, my dad had big pickup trucks (hey, he's a farmer, they're actually used as workhorses like they were designed), but only in the very worst of winters did we ever need to break one of them out instead of the car. So while I'll give credence to the argument that an SUV is nice to have where weather is bad, I will disagree that it's a necessity as some people will try to tell you. (If so, why would they continue to drive the SUV in nice weather? And that says nothing about the 2-wheel drive SUVs ...)
Re:Then the Ford dealer asks (Score:2)
Re:Then the Ford dealer asks (Score:4, Insightful)
No need. I already have a fully-functional brain.
Microsoft selling security? (Score:5, Funny)
Yea, right..... (Score:5, Interesting)
Honestly, what schmuck would pay Microsoft for security??
Re:Yea, right..... (Score:2, Insightful)
Re:Yea, right..... (Score:2, Funny)
In case you haven't noticed, a good many people pay Microsoft for lots of things. Despite what you'd like to believe, this is not due to extortion. Many people actually choose to do business with Microsoft.
But what you said reminds me a lot of an episode of Charles in Charge, where Buddy and I were in the pizza parlor when some shady looking guys showed up to ask for "protection money" from the owner. We thought for sure it was mobsters, and we couldn't figure out why the owner was paying them. After arguing with the owner about doing the right thing (and the argument was filled with misunderstandings and double entendres: "If you give them money for protection, they'll just come back again for more!" "I'd rather pay him now than have my roof cave in!"), Buddy and I went to the police about it, and the police ended up busting the termite exterminator!
It really makes me wish I was still working.
Re:Yea, right..... (Score:3, Insightful)
Except for the clued-in few, most people consider doing business with Microsoft about as optional as obeying the law of gravity. That's the funny thing about monopolies.
Go for it Microsoft! (Score:3, Offtopic)
Well... (Score:5, Interesting)
This is not unlike the anti-virus companies who charge us for new virus definitions. Except that here, the mistakes they made shouldn't have been in there to begin with.
Unless they give us *some* kind of extra service beyond the patches, I can only see this developing into a *very* strong reason to use OSS instead of MS whenever security is important to what you're doing (essentially, always).
They're asking for it. (Score:5, Insightful)
Face it, Microsoft; people resent a monopolist. You can't continue to browbeat your customer base forever, and the more you do, the more will abandon you in the end.
Re:They're asking for it. (Score:3, Interesting)
We have some products that are out of support that are non microsoft and getting the skill set in employment to support them gets harder as time goes on, especially on in house developement packages. NT4 to Windows 2000 and XP is a big deal because of the EULA and the fact that NT4 is working. Also when the support goes so usually does the patches which would be fatal with the current virus outbreaks. I don't think these considerations for companies to upgrade are en-vogue or hip it is crucial to either update or as the below example, move on.
here is an example
http://www.managementconsultancy.co.uk/N
There are more but this is 30k machines on order because of the end of support on NT4.
Re:They're asking for it. (Score:2, Insightful)
Anyone that wants to use USB with Windows NT. It was coming with SP 6, then it was dropped because Windows 2000 was coming.
Energy Management was coming with NT 4, then it was dropped and put in Windows 2000.
Another big migrator is 3rd party software. Say HR is tied into some package and then the vendor says "Oh, those problems that have been making your life hell...those are fixed in the new upgrade that will only work with Windows 2000."
Alot of things once were on the todo list for NT4 and Service Packs that got moved to Win 2000 and thus people that to upgrade.
And don't forget the OEMs that Microsoft forced to bundle the OS of the week. My workplace wanted to standardize on Win2000 for laptops but MS forced the OEMs to WinXP, and some of the laptops get really bothersome when Win2000 is placed on them.
Re:They're asking for it. (Score:3, Informative)
Once you've upgraded some systems in the office to the next most recent systems because you can't buy NT4, then put on a newer version of Office with incompatible file formats, you'll find it to hard to leave everyone else behind.
Too many people pontificate on the topic of leaving the old stuff in place without having a fucking clue what the real world implications of this are.
Sounds like consulting (Score:4, Insightful)
But the idea that Microsoft can parlay their usless reputation in security into profit is laughable.
-Peter
It has worse implications... (Score:2)
More than likely they are talking about custom security systems or services. as in a service to offer to customers and clients.
It's like redhat charging for the RH update.. they will shoot themselves in the foot if they charge for updates.. in order for your OS to be percieved as secure and safe to use you HAVE to give away free fixes patches and security updates... and make them as easy as possible to install if not automatic.
A lot of nerve (Score:3, Insightful)
MS has a lot of nerve charging for security when they already charge and arm and a leg for their OS and it is an unsecure piece of garbage! Beyond that it takes them six months to get a security update released, if they even acknowledge the "security hole" as an actual issue!
Why the heck should I pay extra for MS "security"!?!
What a joke!!!
-AAll joking aside (Score:5, Insightful)
Re:All joking aside (Score:3, Insightful)
The problem seems to be as much cultural as it is technical. It seems that the business demands are "Get it done now! We'll sweat the details later!" Indeed, most of the consumer market seems to be driven by the idea that "convenience sells". How many times have you heard "I just want it to work"?
Excellence seems to be left by the wayside as the lemmings jump over the cliff of expediency. Too bad there's big rocks at the bottom of that cliff...
I can't count how many days I've wasted my breath trying to convey the difference between an app and an OS, let alone a secure one. After all, "That's just details, I just want it to work, we can fine-tune it later..."
Re:All joking aside (Score:2)
Do power users want tons of options to pick and choose software packages from multiple vendors? Hell yeah, that'd be fucking wonderful, but it won't happen. There's no reason Microsoft (or even Apple) would ever do or allow that.
I specifically mention those software pieces as things that would be logical extensions by the company into markets where they could make money. The article doesn't say a damned thing except a small portion about insurance for what can only be guessed to be contractual guarantees that the reporter almost certainly knows nothing about.
good (Score:5, Interesting)
If Microsoft can manage to alienate the game playing crowd enough, more and more developers will transition to Linux development, and I can switch too. They are, quite charitably, squashing the chicken/egg problem in PC gaming.
"core functionality"? (Score:5, Insightful)
Neither Windows, Linux, Mac OS X, Solaris state "security" as a "core functionality". Yes, all are securable, but on any OS it needs a certain amount of work (yes, even OpenBSD...you need to apply the patches!) This needs maintenance, and on "homebrew servers" (read: glorified desktops) security is unfortunately just a second thought. I do realise that a well administered server will probably be secured, but that is due to a competent admin, not due to "security as a core functionality".
I don't say that "security out of the box", should not be a worthy goal, I just think that it is a utopian dream.
Re:"core functionality"? (Score:5, Insightful)
Well, there are two types of security we could talk about here: one is the sort that you need to do to set up a box securely with any OS. That includes configuring ports to be shut down and starting only the services/daemons that you want running, implementing firewall rules, setting up intrusion detection, etc. OpenBSD doesn't really do so much of that either from what I know (probably more than most any other OS I guess...), but they don't start anything up out of the box if I recall correctly, so there is a basic level of configuration-dependent security.
However, it seems like Microsoft has a lot of security problems that are based around poor coding practices. This is definitely something the OpenBSD folks try to mitigate, with their constant code auditing. But MS doesn't seem to care if they toss out a product with numerous buffer overflow vulnerabilities, permission violations, etc. And these are the sorts of problems they are always releasing patches for.
Now, there are certainly plenty of patches going around for other products and certainly open source ones, but I don't think that anybody thinks that a patch due to poor programming should be something the user has to deal with. There are best practices involved with coding things securely, and they aren't necessarily things that you have to do that are outside of what it means to code something well.
So what I want to know is if they are going to be charging for these sorts of 'programmer error' fixes, or what? Are they going to start selling their OS in a 'non-sloppily' programmed version?
I find it pretty offensive that they would charge for patches to software that wasn't written well in the first place.
Re:"core functionality"? (Score:2)
EROS! OpenBSD is just a good start (Score:2)
EROS [eros-os.org], the Extremely Reliable Operating System, by Jonathan Shapiro et al., is a capability-based operating system, inspired by KeyKOS and other academic systems from a decade or so ago. A capability is similar to an object handle - you can only access an object (file, process, etc.) if you have a capa that gives you the kinds of permissions you need for the action you want to take. Lots more information at www.eros-os.org.
(Note: that's eros-os.org, not eros.org, which is something entirely different :-)
Lots of OSs were B-rated by NCSC (Score:4, Interesting)
Now, if only... (Score:3, Funny)
A new hit MS ad in a magazine (Score:5, Funny)
He needed a webserver--he had heard about Microsoft's new version of Windows (XP), and that it was built on NT technology. "That means," his friends said, "your IIS webserver is stable, reliable, and easy to configure the way you want it." After a few weeks of uptime, John noticed few crashes, but due to the nature of his website, found many so-called 'l337' hackers taking his services down.
"It was getting bad. I called Microsoft's online tech-support, and they were friendly and helpful. We worked out a licensing plan for them to secure my webserver, and within a week they had a qualified MCSE at my server working hard."
"It was definately a good decision. Microsoft help my business expand and grow, in spite of being involved with many criminals and hackers. Best of all: it was easy and affordable."
You want security, right-? (Score:5, Funny)
is there going to be any posts on this topic (Score:4, Insightful)
While not a microsoft fan by any stretch, I don't think this is necessarily a bad idea because of this: Now, when a hacker/virus/trojan attacks, maybe Microsoft will have to accept some accountability, after all I am paying for the security. As it is now, we get hit by nimda, microsoft is not really liable for any damages. If I am paying for security, maybe they would be liable. Just a thought.
Re:is there going to be any posts on this topic (Score:2)
Come on. When you purchase something you buy it with certain ideas. When I buy ( which I don't ) MSSQL then I expect nobody to get my data. When I buy ( another one I don't use ) Exchange I expect nobody else but me and the user to be able to read emails.
You don't buy a product with the expectation of it being crippled ( DRM aside ) and thus you ARE paying for security. I'm not a MS Fan, I'm not a MS Critic ( although lately I seem to be ) I just get pissed when I see a company charging for something that is presumed and expected to be included with the product.
Re:is there going to be any posts on this topic (Score:3, Insightful)
I can't think of a better way for them to put a target on the back of the first client that bites, or themselves, for that matter.
Re:is there going to be any posts on this topic (Score:2, Informative)
Some MS EULA's give purchase price or $5.00 limitations on damages (whichever is greater) as their limit on liability.
Finally, here's a great excerpt from the MS Messenger license:
It speaks volumes about what MS thinks of their own work. MS Word has a disclaimer that states the product you licensed isn't a word processor: the product has no warranty for "fitness for a particular purpose".Yes, that even includes "word processor." So does that mean it's unfit for any purpose?
go to jail - dont pass go... (Score:2)
but seriously. who is to say that they arent going to engineer security holes into their systems that only they know about - then come forward and say that they have the fix - but since its such a "complex" issue - the only option to fix it is to have their value added security consulting force come in and "secure" your systems.
no thanks Microsoft. I am not happy with you in general - why would i trust your lackeys to secure my systems. An MCSE is one thing - but a Microsoft employed security consultant is a whole 'nother beast.
Reminds me of that simpsons episode when Billy G want to buy out Homer's ISP - and he "writes a check" for the ISP through his thugs smashing the place up.
Microsoft Proves my point (Score:2, Insightful)
Chicken and egg problem? (Score:5, Insightful)
It seems to me that if Microsoft didn't have the reputation that they have with regard to security and reliability, the insurance policy wouldn't cost 'em so much. Kinda like auto insurance -- those that prove they can drive responsibly for a period of time pay far less than somebody who crashes 3 times in a week.
I'll wait, and see (Score:5, Insightful)
And starting to charge for hotfixes, and obvious security holes in the OS would be an act of complete idiocy.
I have a feeling that whatever security initiatives MS is working on, certainly aren't aimed at hte average home user. There's no money in it. MS makes it's wad off corporate licensing. Where they don't have to worry about retailers, or packages, etc. The home user is an important market to them. But it's not what put Bill on top of the Forbes 400.
Re:I'll wait, and see (Score:2)
That's how I thoght when MS started charging more that $100 for office and guess what? Idiots will pay.
This is not a flame it was practically given away. WP would sell for over $150 (I can't recall the exact price but it was at least that).
SH!T i'm old....
Re:I'll wait, and see (Score:2)
The real problem is WHAT they're good at...
I want a company that is good at engineering computing systems, not good at blackmailing customers (MITS,IBM) or commiting fraud (IBM).
Priorities (Score:5, Insightful)
Says the story write-up:
Internet Explorer is a fundamental, inseparable part of the operating system; but security is an add-on product. I love it.
What he really means.. (Score:2)
"Because customers wouldn't pay for it until recently."
I interpet this as:
People ASSUMED they were getting something secure. When they realized they were not they went elsewhere to find something that was. Microsoft ironically wants to be the elsewhere too. They can get there two ways. Make the product more secure the first time, or continue as normal and sell yet something else on top of or next to the other product. A tier level of security I guess. Seems like a very odd way to operate..
Re:What he really means.. (Score:2)
It's 10 years ago. We're all enjoying Doom on our 486-DX2's, and drooling over the latest Pentium preview (coming soon... MMX!). Someone comes up to us, and tells us that those fun USENET and NEWSGROUP things we keep playing around in may hold evil hax0rs, who can hack our boxes and steal our.... Doom savegames. "Egads!", we exclaim, "whatever can we do?". "Well, " says Mr. Someone, "we can make it nice and secure, but it's likely that Memphis, Chicago, and especially Cairo will cost more. So, do you want us to protect your savegames?"
Now, lets be honest. 10 years ago (hell, 5 years ago, for most people), we didn't have much on our PC's worth protecting with security, firewalls, etc... at least those of us on WinTel. Come on, how many people had a firewall on their 19.2 baud modem? Did you worry about hax0rs when you upgraded to 28.8? 33.6? The magical 56k? (complete with the X2 wars). Would you have paid extra back then, so that MS could spend millions (stop laughing, they really do) working on security n' chit? Now that hackers (black, grey white and blue) are in the mainstream, broadband is common, and people actually put a monetary value on the data in their computer, security is important to consumers, and they're willing to pay a little extra. It doesn't seem so evil to me...
If you read the article.. (Score:2, Insightful)
This is not a troll.
Flippant? (Score:2, Interesting)
I wouldn't say that was a flippant question. Obvious yes, and valid to be sure. But how is that question supposed to be 'flippant'? Why has it taken 25 years for you to take security seriously? Nevermind that you're asking me to *pay* for something that should have been an intrinsic part of the product from the start. Seems like a good question to me.
Is there something in the Micros~1 corporate culture that breeds contempt for anyone that dares to ask an valid, though perhaps embarrassing question?
In other news, restaurants nationwide... (Score:5, Funny)
...now promise E coli-free food for an extra fee. A spokesperson for McDonalds said, "Our revenue model doesn't normally lend itself to our being held responsible for the hygenic quality of our food; however, for a fee as disclosed in our End Eater License Agreement, we will make sure your burgers don't carry a horrid, filthy plague."
MS Security and government services? (Score:2)
Isn't MS's security already at least as good the quality of teaching in our government schools [textbookleague.org]?
Model (Score:2)
2. Form Securtiy Consulting Arm
3.
4. Profit!!
in this case - the
Does charging imply liability? (Score:3, Interesting)
On the other hand, if a third-party adds security features, that company can claim that they have found ways to secure Windows, which Microsoft was not able to do.
I'm not a lawyer, but it seems that charging for security enhancement would be like charging extra for a car with a working airbag, instead of a cheaper model that works maybe 80% of the time.
How would this compare to a warranty on consumer products? It seems like a warranty is just like insurance, because you get cheaper repairs in case something goes wrong. Is this applicable to software?
BTW, I'm asking a legal question, not a ethical business question.
Blah, blah and triblah! (Score:2)
I understand that a system needs patches, but is it really so hard to make an operating system whose maximum uptime is limited to 2-3 days because of the stupid required reboots. I know a couple of such operating systems.
I am sorry, but you will need to rewrite the whole damn thing.
Quote from the Story (Score:2)
There's a joke in there somewhere, but I'm having trouble finding it. Discuss.
RP
Re:Quote from the Story (Score:3, Funny)
Each new release is the last version with an exponentially increasing "fudge factor", a data file of randomized pRon collected by a web spider. This makes it look like they are actually doing work in Redmond instead of playing CounterStrike 24/7.
All Windows development ("cat Windows2000 pRon.dat > WindowsXP") occurs on a single IBM XT running Minix.
so sue 'em (Score:3, Interesting)
Buffer Overflow (Score:5, Interesting)
Yep. All those string buffer overflows are obviously caused by the ram. And those virii that use Outlook automation obviously use the fact that Windows has to account for various pieces of hardware too.
Pricing Security (Score:3, Interesting)
Security in DOS was practically non-existant, because frankly, you couldn't do much on it. The worst you could do was write data to COM1, and native DOS wouldn't do anything with it. Then came Win2 and they introduced the OLE concept, where a person could control application A through application B. Security req: still marginally zero, because of the single-user environment. Win311 brought us the Network Neighborhood, and now you could control application A over a network to control application B. Because of MS's DLL approach, the operating system now must track login names, and validate IDs, and coordinate data flows. Now we have XP, with automated updates, drivers for everything, protected modes, lots of complexity that MUST be secured by the operating system.
Brief Analogy: I build you a house, and I install a cardboard front door, then to protect this cardboard door I want to sell you the steel door as a security "upgrade". In a perfect world without crimes, we wouldn't need any doors, but that's not the way things work...
In short, Microsoft measured their rope, and now they're trying to avoid the gallows. They built an operating system that's practically transparent to the network, then they're horrified that someone other than MS might exploit this transparency. If they aren't willing to protect the public from their own products, then someone needs to inform the public that there are better products in existance...
Government contracts? (Score:3, Insightful)
And are an US taxpayers interested in suing both parties when it happens?
Major conflict of interest (Score:2, Interesting)
We all know how secure MS products are. By having MS consult in areas of security, there would be no motivation for MS to make their products more secure. Also, what stops MS from deliberately leaving holes in it's software to have its security consultants patch them up later?
If they don't disclaim liability, this is fine (Score:2, Interesting)
In other news... (Score:2)
Some things money can't buy (Score:5, Funny)
Microsoft Office XP: $300/license.
Paying extra for security: Thousands of dollars per site.
Realizing there's a free, secure alternative: Priceless.
Some things money can't buy. For everything else, there's Microsoft.
Mr. Gates, hire me! (Score:3, Funny)
1. Well, you can charge people less for running at lower resolutions like 640x480. See? It even sounds better than saying 'our higher res clientele will have to pay more'
2. You can also charge extra licensing fees for users that think they might need a mouse. Heck, Linux does it... yes linux does too, since the mouse functionality costs nothing, which is precisely as expensive as the whole OS...
3. You might as well begin to start charging admission fees to all buildings that contain a machine with windows on it. KA-CHING!
That's it. 3 ideas are all you get. Now will you hire me?
Sorry, but I disagree.. (Score:2)
I find this comment a little short sighted: The problem is that security has an inverse relationship to features/usability. The reason that a virus can do damage on a Windows system isn't a flaw in the OS (though I suppose the OS could be patched to fix it), but rather because a program like Outlook Express has a feature that somebody learned to exploit. That feature was put in for other reasons, mainly to make OE more usable, but it also provided an outlet for mischief.
Frankly, I'd rather a company make money by being more secure. It gives them a good solid reason to not only add features, but test them against potential exploits. Money is a much better motivator than a good mission statement. When MS thinks it can make money at something, it usually excels at it. If MS thinks people will pay more for 'security', then let them have a go at it
The worst that can happen is that MS actually loses money for failing to meet that promise. Yeah, I'm sure the Slashdot floor would be wet with tears of that happened. But the best that could happen is that MS combines a good user experience with security, a product we could all benefit from.
Re:Sorry, but I disagree.. (Score:3, Interesting)
"Why is it always assumed that security must come at the expense of usability."
Why? Because the greater number of features, the greater the likelihood of mischief. Remember Melissa? I'll use a non computery example: Universal remotes. Now you can buy a remote that'll operate nearly any TV. Result? I'm wearing a watch right now with a built in universal remote. I've been quite obnoxious at places like Applebee's because their TV's don't have an authentication system with regard to their remote control. If they were to implement one, then their TV's would only work with the permitted remotes, which would become a rather huge hassle if the remote needed to be replaced.
Not the strongest example, but hopefully you get my idea. Buffer overruns can be predictably fixed, unexpected mischevious results from added features cannot.
"As for the comment that MS excels at things it thinks it can make money from WinME anyone???"?
My mistake. As your 1 (one) example clearly shows (I'll just have to take your word for it that MS didn't make money on it, heh.), I am 100% completely wrong. Microsoft has never ever made money on anything it has ever been intersted in. I'll have to agree with you there!
Don't you need... (Score:2)
Aim at foot, pull trigger (Score:5, Insightful)
At what point does the consumer stop doing business with a company that admits that everything they sold you in the past is a POS in order to get you to buy yet another upgrade? At what point do corporations decide it might be a bad idea to single source all its software from a company that considers security to be optional?
Wonder if this will increase their liability (Score:2, Insightful)
IANAL, but it seems reasonable to me that if you use a product as it is intended to be used, and it wrecks unexpected havoc on your system, you should be entitled to redress.
If Microsoft now starts charging for extra security and other such 'features,' I'd think that would increase their liability if something does go wrong. I can't believer their EULAs are that iron-clad
Call a spade a spade... (Score:3, Interesting)
Asked why it has taken Microsoft 25 years to get trustworthy computing into the forefront of its efforts, he said: "Because customers wouldn't pay for it until recently." Admitting this was a flippant answer to a flippant question, Mundie said that chief information officers had only recently begun to demand security, and it is only in the last ten years that Microsoft has attempted to play in the security-requiring worlds of banking payroll and networked systems.
The reality is that M$ sold products that were expected to perform to a base level in terms of quality and security. Because users can't look under the hood so to speak, the quality and security issues didn't emerge until it was too late. Now the customer is screaming for relief and MS is there with its hand out.
Also does it sound like the lines between security and DRM are being intentionally blurred here?
What's "security"? (Score:2)
Will MS be selling firewall and antivirus software? Or do they mean they'll sell a more secure version of Windows?
Of *course* they're charging! (Score:3, Funny)
180 (Score:2)
Now they turn around and say "oh, actually, we *can* do that... but it'll cost ya." Real cute, folks.
Quality, not security (Score:5, Insightful)
Microsofts products are not crappy because they are insecure. They are insecure because they are crappy.
If you take the article in question and substitute the word "Quality" for "Security," it becomes a much more truthful statement of what's really going on. Microsoft never cared about quality because they had a monopoly. Their overriding concern has never been quality, it's been in maintenance of their monopoly position. So they've shoehorned in any new feature that has shown any promise of being a technology that they can monopolize down the road or that can comoditize the work of a competitor and thus help drive them out of business.
Re:Quality, not security (Score:5, Insightful)
A few years ago, Microsoft didn't have a monopoly at all. But the competition couldn't really compete on quality (or security, for that matter). The UNIX camp had it's internal conflicts, IBM marketed OS/2 as a Windows emulator (and got cautious when it was too successful in Germany), and MacOS required a brainwash to view its qualitiy (and most of it's security was the result of a single-user system).
The market demanded only a very basic level of software quality, and Microsoft delivered software which matched the expectations of the market. What else could have made Microsoft such a huge company? Alien influence?
Apart from that, I believe that charging for critical security information is morally wrong (and not in the "proprietary software is bad" sense, but in the "not warning your neighbor when he's about to get hurt" sense). But who's seriously into (the very practical aspects of) computer security and does not sell e.g. early-access information?
Re:Quality, not security (Score:3, Informative)
This is particularly the case with buffer and stack overflows: if I can crash your FTP server by sending it a huge string of junk, that means that your FTP server is doing something invalid (such as smashing the stack) with that input. To crash a service entails getting it to execute nonsense code -- to crack it entails getting it to execute my code.
What does this mean for Microsoft's code -- or anyone else's? Well, any means to get a network-facing program to crash should really be considered a security vulnerability waiting to happen. Bug reports of the form "I can crash your program by sending it gubbish" should not be answered "Well, don't do that!" They should be treated almost as seriously as vulnerability reports themselves. While there are classes of remote crashes that don't lead to vulnerabilities, that's not the safe way to bet.
Before everyone flips out (Score:3, Interesting)
Well, does that not make sense? there is no business sense in spending the money to develop something if people are not willing to pay for it.
Trusted computing is not about security.. it's about accountability. It's about being able to have a proper audit trail for who did what when, no matter what. Your data can still be stolen, you just know who did it.
Microsoft is not talking about charging for security patches or updates. They are talking about complete trusted systems, something they don't have yet (though NT goes further in this regard than linux does, by quite a bit. Notice how if a user changes the permissions on a file so adminstrator can't read it, then Administrator can't read it until he a) takes ownership of it and b) changes the permissions. Admin still has the power to read anything, but not without leaving a mark that they did it.)
They are talking about having secure offerings for trusted computing.
An Interesting Conjecture (Score:3, Interesting)
Re:Slashdot's at it again (Score:2)
Since when? (Score:2, Flamebait)
Infinite support, for a flat fee? (Score:2)
If you want code that's open to updates forever, go with open source. No vendor in the commercial software markets will support products once they have reached "end of life" status.
5 years, is not a short life span at all (Score:5, Insightful)
And as the codebase moves forwards, eventually older versions of it are going to become sufficiently arcane that nobody continues to understand them, etc. It's just the nature of business, that they can't possibly support all products forever. Not even when it comes to vulnerabilities. I'm sure that you could dig up vulnerabilities in other 5 year old applications, and odds are, most/all of those vendors either aren't supporting the product anymore. Or they simply don't exist anymore at all.
Just ring up IBM, and ask them for bugfixes for SmarSuite 97. Good luck.
It's the nature of the beast, that eventually support WILL die off for old products. That's the case with almost any industry. And the computer industry prides itself in moving further, and faster than any other industry in history. Part of moving fast, is the danger of getting left behind.
That'ts the choice you make tho (Score:2)
As I said. ALL consumer products have a finite life span. Computer based products moreso than any other. And sooner or later, you have to either upgrade, or live with a static, unsupported product.
98se and ME had new FEATURES (Score:2, Insightful)
Win98 -> Win98SE -> WinME Sounds like they have been charging for patches all along
Windows 98 Service Pack 1 included all Win98se changes that weren't new features.
Re:Well, they charge for patches... (Score:2)
Maybe it isn't - both seem like MSFT is charging their locked-in users for fixing a defective product.
I guess it depends on what they've sold you - a license to use their intellectual property or the actual product that you expect to be fit to use.
Software companies in general and MSFT in particular want things both ways: they want you to be a loyal product buyer AND they want what you buy to be a license to use. I think that promoting things one way (Great Product! Easy to Use! The Useful Internet!) and then actually selling you the other (EULA!) is the commercial eqivalent of equivocation.
Re:MS security? (Score:3, Funny)
About the same time they started giving away something [microsoft.com] for which they should have charged.
My thoughts exactly (Score:4, Insightful)
Odd how "harsh technical realities" always seem to favor MS's bottom line.