Yeah, but he had a cute cat. Maybe the backers just wanted to make sure it remained fed for the forseeable future...
Your analogy can be taken one step further, too... Bulletproof vests do sod all to protect you from knife attacks, either. Similarly, AV is competent (at best) in protecting you from some kinds of threats, but useless in protecting you from others. In fact, it could be argued that it's worse than useless, as it gives the user a false sense of security.
OK, so we should use the word "malware" instead. Just remind me again how many outside the IT industry use that word, though. To nearly all users, virus is not a subset of malware, it is a synonym.
Bulls#1t!!! Whitelisting may deal with 0-day viruses, but 0-day exploits in legitimate apps is a whole different proposition.
Except that saying that in an open system it's the user's responsibility to stay safe would need to include some form of sanctions for those situations where the user is putting not just themselves, but others, at risk. Sure, the malware may only INFECT their machine, but many malware variants can AFFECT other machines too. Take, for example, CryptoLocker and its variants. An infected machine can encrypt any documents it can see, not just those stored locally. If you're on one of your proposed "safe" systems, but you access the same file-shares that an "unsafe" machine uses, just because you are safe from being INFECTED, doesn't mean you aren't AFFECTED when the user on the unsafe machine gets hit by a CL variant and encrypts your whole document store.
That WAS his point! He was saying that your censorship analogy is on a par with money you can have a little, or a lot, of either. Both are situations where you have it. Whitelisting is a binary situation where it's either on or off.
I would, however, counter this with the situations where you say whitelisting only applies to those applications that are installed in the user's profile. In such a scenario, you could say users cannot install apps anywhere other than in their profile without privilege escalation, then apply whitelisting to the profile's apps, whilst still allowing sanctioned apps, I.e. those installed outside the profile, to be run. Technically, this would still be whitelisting, with sanctioned apps dynamically included in the whitelist by virtue of their installed location, but many would argue that this is not true whitelisting. Perhaps this would qualify as the greylisting option you were looking for? (Already possible under MS Windows, by the way).
Actually, there is more to it than just market share. It's a combination of market share, proportion of that market share that is logged into via interactive sessions and the perception of a predominant lack of technical abilities (OK, not just abilities... A suitably sceptical/paranoid attitude also falls within this category).
Simply put, it's easier to write malware to do things when a user runs it than it is to get the malware in through an exploit and get it to run itself. You therefore target not the platforms with the most installs, but the platforms with the most interactive sessions. To target more specifically within this group, you then consider which platform's users are more likely to be susceptible to social engineering.
This is likely to be the main reason that Windows is the preferred target platform for most malware. Arguments about the sheer volume of Linux servers on the net are somewhat moot when you consider the rarity with which a "typical user" logs into them interactively.
Truth is, without users, PCs are largely useless. As such, the most effective form of malware prevention (removing the user) is impractical. Moving to a different platform will only work until the tipping point is reached and your new choice of platform has an equal or higher proportion of less-technically-able users in interactive sessions than the one you moved from. As such, the only long-term solution is to upgrade your users. Best of luck in achieving that!
They put about as much consideration into it as you put into paying for your tripod hosting!
I would think that the server-side perl bit was probably to detect/analyse the content of the referring page so that the ad presented was, at least tangentially, related to the page that "launched" it. Otherwise, the ad would have had to be specifically selected by the code inserted into each launching page (a heck of a lot of work). Other alternatives would have been to either use the same, static page for all, or randomly select the target ad, both of which are likely to eliminate any chance of the ad being even remotely related to the content of the launching page.
That all being said, although I work with some very smart coders, I am not well versed in programming. As such, the assumptions on which the above is based could well be far off the mark!
In other words, this was a giant leap in the direction of those who would previously have been considered as their customers (those publishing sites via the "free" hosting) essentially being transformed even further into the product to be sold to their real customers (the advertisers). Sure, banner ads meant that this was already the case, but it's hard to argue that this didn't make matters worse.
It can be argued that they did this as the only way to keep their service "free", but it could equally be argued that making funding through advertising so much easier has eliminated the incentive for the industry to think outside the box to find a better way. Are we really expected to believe that, without pop-up advertising to promote psychological separation between the advert and the page, all the advertisers would have fled the industry and free hosting would have simply ceased? I may be overly idealistic, but I prefer to believe that, if advertising revenue had dropped to near zero, the industry would have found another way to achieve it.
By just having a TV tuner in your household you need to pay the license. Regardless of whether you use it or not. So unless you run an Xbox through an HDMI monitor and don't own a single TV then yes, the license fee dwarfs the cost of the tuner.
From the above link:
The law states that you need to be covered by a TV Licence if you watch or record television programmes, on any device, as they're being shown on TV. This includes TVs, computers, mobile phones, games consoles, digital boxes and Blu-ray/DVD/VHS recorders.
You don't need a licence if you don't use any of these devices to watch or record television programmes as they're being shown on TV - for example, if you use your TV only to watch DVDs or play video games, or you only watch ‘catch up’ services like BBC iPlayer or 4oD.
In other words, even if you have a tuner, as long as it is not used, you DO NOT need a TV license to cover it. Should you, however, watch any content online at the same time as it is being broadcast, you DO need a license, even if you do not own a single piece of kit with a tuner in it.
It should be noted that when you buy any equipment with a tuner in it (TV / STB / PCTV device / whatever) the retailer will normally take your name and address (I believe this is by law) and this information is communicated to the TV Licensing bureau. If, when they receive this notification, they do not have on record any current valid TV license for that property, they will send out a letter asking you to either provide evidence that you have a license, buy one, or make a declaration that neither you, nor anyone in the property, watch or record TV as it is being broadcast, regardless of whether it is via the equipment you bought or some other method (e.g. online). As we keep our license up-to-date (My wife's daughter lives with us. It would seem that not having the capability to watch the latest reality-TV/whatever-other-crap-is-on is almost considered cruelty by many these days!), I have no idea what happens if you fail to respond to such a letter (I only received one of these letters because we bought a new TV the day we moved, and my change of address notification and their letter crossed in the mail).
Except that in the UK we have a piece of legislation called the Data Protection Act, which I believe is our ratification of a piece of EU legislation (the name of which I don't have time to look up. Ironically, Google may be of assistance here), so it is relevant to the discussion at hand. It places restrictions on what data processors are permitted to do with so-called PII (Personally Identifiable Information), particularly where it involves sharing with other corporate entities, and places certain responsibilities upon the processor with regards to the safekeeping of that data. IANAL, but I think it could be argued that this legislation may make it an offence to disclose to the publisher that a takedown request has been made. At the very least, it is likely to limit how much Google et al can disclose about the request. It may also be something of a grey area in cases where the mere existence of a takedown request would be enough to identify the requestor.
Simply put, there are so many pieces of legislation that have the potential to be, perhaps unintentionally, interrelated that they form a very tangled web (no pun intended) and, as such, complying with one may put you at risk of breaching another unless you are very careful about exactly how you comply.
Signboards are there for everyone to see, whether they are searching for you or not. Search results do, at least, require that a search parameter is entered. No one is suggesting that Google is spamming their advertising feeds with links to articles covered by this.
Your post does, however, raise another important question... Does this legislation require that Google filter paid adverts where the link points to articles that would be covered by this, and if so, are they required to reimburse those who paid for the adverts?
Privatising the judiciary? Now THAT's a scary thought! Especially when you consider a lot of the discussions in these forums complaining about "evil" corporations.
Are you suggesting that Google include the full search results, but when you click on one that is covered by this they send you to a different address to the real result (I.e. one showing the "blocked" message), or are you suggesting that they send you to the right address, but somehow dynamically "hack" the target server and replace the legitimate content with the "blocked" message? (In other words, did you forget that, unlike when discussing YT, Google is not the content's host in these situations?)