By John C. Dvorak
10.10.05
SourceDoes Microsoft think it is going to get away with charging real money for any sort of add-on, service, or new product that protects clients against flaws in its own operating system? Does the existence of this not constitute an incredible conflict of interest? Why improve the base code when you can sell "protection"? Is Frank Nitti the new CEO?
So what is actually going on here? I think there were some bottom-line questions that must have been brought up internally. Obviously someone at Microsoft looked at the expense of "patch Tuesday" and asked, "Is there any way we can make some money with all these patches?" The answer was "Yeah, let's stop doing them and sell 'protection' instead." Bravo! And now the company has a new revenue stream.
Microsoft has stayed away from the antivirus, antispyware game for a long time because it knew that there was this inherent conflict of interest unless it gave away such software for free. After all, the exploits utilized by malware are possible because of flaws within the Microsoft code base. There is no incentive to fix the code base if it can make additional money selling "protection."
It was also obvious that Microsoft was so far behind the curve with antivirus software that it would embarrass itself if it entered that game, although it did quietly come up to speed over the years. But that still begs the question: Why protect the users when you can fix the code?—Continued...
Therein lies the rub. Microsoft cannot fix the code—that's the point. It apparently cannot be done. Get over it. And when the spyware epidemic appeared, the company had to throw in the towel. Spyware exploits the basic architecture of the operating system, and no amount of patches will change that. A barrier has to be erected that changes the way the computer works, by monitoring things more aggressively.
I use a utility called Prevx [link: www.prevx.com], a host-intrusion protection system, as well as one or two other antispyware packages to keep the stuff at bay. And it still sneaks in once in a while. Most recently, I forgot to turn off my CUTEftp client and left it running all night. In the morning some system had loaded some weird software called "active skin," and I had to use SpySubtract to remove 26 Registry entries. Exactly how anything manages to worm in through the open port and place items in the Registry is beyond me, but it happens all the time.
Not to change the subject, but isn't it about time we junked the entire concept of a "registry?" This concept has been the bane of Windows since its invention. It prevents easy program migration. It creates conflicts. It invites tampering. It's exploited by viruses and spyware. Why does Microsoft insist on continuing its use? There has to be a better way.
Now if all this new protection software is Microsoft's way of throwing in the towel and admitting that it has failed to secure the OS and cannot guarantee that it will ever secure the OS, then why isn't it simply included with the Windows XP package in the first place? Seriously, I do not get this.
Microsoft talks about how when it releases Vista, there will be various versions such as Home, Small Business, Enterprise, and so on. Why doesn't the company just bite the bullet and bring out various exploitable versions? Here are some suggestions:
Vista – Won't Boot Edition… $29.95
Vista – Preloaded with Viruses and Spyware Edition… $39.95
Vista – Initially Clean but Use at Your Own Risk Edition… $49.95
Vista – Clean with Firewall and Weekly Protection Update Edition… $200
You get the idea. How about this for a concept: One Version that Works Edition.