Webmaster Forum Rules | Posting Guide | Contact Us | Testimonials | Contributing Geek Program | Advertise on Geek/Talk
Welcome to the GeekTalk Webmaster Discussion Forums from GeekVillage.com

Click Here To Register. It's Free!

Go Back   geek/talk: Web publishing business discussion > YOUR CREATION: Building & Maintaining A Web Site > Web Design and Webmaster Issues
User Name
Password
Register FAQ Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Search this Thread Display Modes
Old 12-17-2004, 07:53 AM   #1
Larwee

GeekGuide
 
Join Date: Nov 2004
Location: St. Louis, Missouri USA
Posts: 3,015
Default Microsoft may charge to fix Windows bugs

There are people who hate Microsoft and Microsoft can't figure out why.

Windows is crawling with bugs that make it possible for users to become victims to spyware and other threats.

Now Microsoft is thinking about offering tools to deal with the Windows security problems and charge consumers for the software to deal with the flaws.

Details are in the article below. What do you think about this possible move by Microsoft?
---------------------------------------------------

Microsoft may charge extra for security software


WASHINGTON (AP) -- Microsoft Corp. disclosed plans Thursday to offer frustrated users of its Windows software new tools within 30 days to remove spyware programs secretly running on computers. But it might cost extra in coming months.

In a shift from past practice, the world's largest software manufacturer said it may charge consumers for future versions of the new protective technology, which Microsoft acquired by buying a small New York software firm. Terms of the sale of Giant Company Software Inc. weren't disclosed.

Spyware is a category of irritating programs that secretly monitor the online activities of Internet users and can cause sluggish computer performance or popup ads.

Microsoft, whose Windows operating systems have often been criticized for lax security, traditionally has given consumers -- at no charge -- separate programs to improve security. It also has increasingly built other protective tools, such as firewall software, into Windows to repel hackers.

The company's upcoming tool, available for its Windows XP and Windows 2000 software, will sweep for spyware and offer to remove suspicious programs. It also will continuously protect a computer against new spyware threats, said Mike Nash, vice president of Microsoft's security business unit. Rival anti-spyware tools, such as Lavasoft Inc.'s popular "Ad-Aware" product, offer similar functions and many are free.

Microsoft's tool, expected to be available within 30 days, initially will be free but the company isn't ruling out charging for future versions. "We're going to be working through the issue of pricing and licensing," Nash said. "We'll come up with a plan and roll that out."

The security efforts, which cost hundreds of millions of dollars, are aimed at promoting consumer confidence in its flagship Windows products -- which generated nearly $3 billion in revenues this year. They also help attract new customers worried about growing threats from viruses, hacker attacks, spam e-mails and spyware.

"Because Microsoft has a near monopoly, they don't have anybody to compete against. Giving away free stuff is a side effect of being a monopoly, whether they like it or not," said Daniel E. Geer, a prominent security expert and one of the company's most vocal critics.

Microsoft's disclosure that it may eventually charge extra for Windows protection reflects a recognition inside the company that it could collect significant profits by helping to protect its customers.

Some experts blame Microsoft for Windows vulnerabilities that help spread spyware. Microsoft and some others, meanwhile, said blame should be directed instead at spyware manufacturers.

"Spyware usually gets on your computer through human error," said Marc Maiffret of eEye Digital Security Inc., which regularly discovers serious Windows flaws.

Alan Paller, research director for the SANS Institute in Bethesda, Maryland, a computer-security organization, compared Microsoft's new anti-spyware tool to sophisticated products sold to help manage computer networks. "It's not just a clean-up-our-mess tool," said Paller.
Larwee is offline   Reply With Quote
Old 12-17-2004, 08:18 AM   #2
Eriky
I am a Contributing Geek. Are You?
 
Join Date: Mar 2001
Posts: 309
Default

You're talking about flaws, but most spyware is installed because either:

- the user has not updated his OS
- the user installed it by him- or herself (most people don't read and click like a maniac..)

Ok, I admit the ads for free smileys and screensavers are very misleading most of the times.. but it that microsofts fault? I don't think so. Any OS can have these problems if it has a large enough userbase.

[edit] Another addition: I noticed a few adware's lately which can be uninstalled from the windows control panel which makes it less painful to sometimes have those smiley ads on my own sites now and then. Please don't get me wrong, I still hate adware but that's greatly due to the lack of ethics from their side.

Last edited by Eriky; 12-18-2004 at 06:43 AM.
Eriky is offline   Reply With Quote
Old 12-18-2004, 06:39 AM   #3
Arie
Registered User
 
Join Date: Nov 1999
Location: Malta, Europe
Posts: 292
Default

As Eriky noted, this has NOTHING to do with fixing bugs in Windows.

It's hardly Microsoft's fault that people get their PCs infected with all kind of junk when installing pests like Kazaa & the like!
Arie is offline   Reply With Quote
Old 12-18-2004, 08:14 AM   #4
Jan

Administrator
 
Join Date: May 2001
Location: Beautiful Darwin
Posts: 4,753
Default

Whoa guys! You can get this stuff on your computer without clicking anything, believe it or not, there are bad people/advertisers out there who want to gain from installing this stuff on your computers without yourknowledge.

The only way I would pay MS is if they prevented it ever happening again and if they prosecuted the the evil intruders!

Last edited by Jan; 12-18-2004 at 08:16 AM.
Jan is offline   Reply With Quote
Old 12-18-2004, 08:25 AM   #5
Eriky
I am a Contributing Geek. Are You?
 
Join Date: Mar 2001
Posts: 309
Default

Jan, only when you are vulnerable as far as I know. Meaning you didn't update your software which can happen with any os.
Eriky is offline   Reply With Quote
Old 12-18-2004, 08:32 AM   #6
Arie
Registered User
 
Join Date: Nov 1999
Location: Malta, Europe
Posts: 292
Default

So how come in over 10 years on the Internet I never got infected?

As Eriky noted, keeping your OS up-to-date with patches is an important 1st step. Common sense also helps a lot
Arie is offline   Reply With Quote
Old 12-18-2004, 01:55 PM   #7
Larwee

GeekGuide
 
Join Date: Nov 2004
Location: St. Louis, Missouri USA
Posts: 3,015
Default

There is nothing like heated debate on a cold day.

Below is an article from a few months ago related to the U.S. government's Computer Emergency Readiness Team.

Their position was that people should stop using Microsoft's Internet Explorer because of the Internet Explorer flaws. Only a few things have changed since then.
--------------------------------------------------

US-CERT: Beware of IE
By Ryan Naraine
June 29, 2004

The U.S. government's Computer Emergency Readiness Team (US-CERT) is warning Web surfers to stop using Microsoft's Internet Explorer (IE) browser.

On the heels of last week's sophisticated malware attack that targeted a known IE flaw, US-CERT updated an earlier advisory to recommend the use of alternative browsers because of "significant vulnerabilities" in technologies embedded in IE.

"There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, the DHTML object model, MIME-type determination, and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different Web browser, especially when browsing untrusted sites," US-CERT noted in a vulnerability note.

The latest US-CERT position comes at a crucial time for Microsoft , which has invested heavily to add secure browsing technologies in the coming Windows XP Service Pack 2. The software giant has spent the last few months talking up the coming IE security improvements but the slow response to patching well-known -- and sometimes "critical" -- browser holes isn't sitting well with security experts.

On discussion lists and message boards, security researchers have spent a lot of time beating the "Dump IE" drum, and the US-CERT notice is sure to lend credibility to the movement away from the world's most popular browser.

US-CERT is a non-profit partnership between the Department of Homeland Security (DHS) and the public and private sectors. It was established in September 2003 to improve computer security preparedness and response to cyber attacks in the United States.

It has been more than two weeks since Microsoft confirmed the existence on an "extremely critical" IE bug, which was being used to load adware/spyware and malware on PCs without user intervention but, even though the company hinted it would go outside its monthly security update cycle to issue a fix, the flaw remains unpatched.

US-CERT researchers say the IE browser does not adequately validate the security context of a frame that has been redirected by a Web server. It opens the door for an attacker to exploit the flaw by executing script in different security domains.

"By causing script to be evaluated in the Local Machine Zone, the attacker could execute arbitrary code with the privileges of the user running IE," according to the advisory.

"Functional exploit code is publicly available, and there are reports of incidents involving this vulnerability."

To protect against the flaw, IE users are urged to disable Active scripting and ActiveX controls in the Internet Zone (or any zone used by an attacker). Other temporary workarounds include the application of the Outlook e-mail security update; the use of plain-text e-mails and the use of anti-virus software.

Surfers must also get into the habit of not clicking on unsolicited URLs from e-mail, instant messages, Web forums or internet relay chat (IRC) sessions.

http://www.internetnews.com/security...le.php/3374931
Larwee is offline   Reply With Quote
Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Microsoft ending support of old Windows versions Larwee Web Design and Webmaster Issues 0 07-02-2006 05:11 PM
Windows worm knocking out computers Larwee Web Design and Webmaster Issues 0 08-16-2005 07:23 PM
[Alert!] Infected FastClick Pop-Behind Mbarb Making Money with CPC and/or CPM Programs 28 12-30-2001 11:34 PM
Microsoft Windows XP - Piracy measures ? singloon geek/yak 1 02-26-2001 08:52 PM

Please support our advertisers. They ensure our survival.

All times are GMT -5. The time now is 09:30 PM.


GeekVillage.com is copyright © 1998-2015 Curiosity Cave - Science gifts for clever kids. All rights reserved.
Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.