Hacker Newsnew | comments | show | ask | jobs | submit | login

I don't think it is selfish at all. You put in the work to learn something and you are giving it away for free. People who are earnestly searching for information will find it one way or another.

I'd consider selfish to be learning something and keeping it all to oneself.


It's for that crisp piece of paper that said you did it.


Maybe its a PR move for Microsoft more than anything. "Windows 8 has a built-in anti-virus and is more secure than ever!"

I feel like Windows gets targeted the most because there are just so many computers running it. If 80% of computers out there ran OSX I wonder if anyone would give a shit about the next vulnerability in Windows.


Ideally no operating system should dominate the market as Windows does. A monoculture is a problem by itself: http://en.wikipedia.org/wiki/Monoculture

However, speaking about Windows, historically has been pretty insecure by default. Microsoft started giving a shit only recently, after the failure that was Windows Vista and the bad press associated with it.


Huh? Security was a focus of Vista, not a reaction to Vista. (It was a reaction to Blaster and other widespread infections from the early XP era)


Pff, if that annoying and totally ineffective UAC dialog is the best they could do in more than 5 years of development, I shudder to think what happens when increased security is not the goal of a release.

And btw, I don't know what you mean by the early XP era, but you're probably referring to a timespan of at least 20 years.


Yeah, I was being sloppy. There was and is malware on Windows for a long time but it only became a widely recognized "epidemic" in the late 90s - early 2000s.

as for Vista ... http://en.wikipedia.org/wiki/Security_and_safety_features_ne...

but the real point is that it's just nonsensical to say that Microsoft has been more focused on security as a reaction to bad press of Vista - whether you like or hate Microsoft or Windows or Vista, there's just no interpretation of the timeline under which that makes any sense.


Anti-viruses will always be necessary. There is money to be made in sending spam, running bot nets, and mining data. Regardless of what operating system you are running I'm sure there is someone out there who could find a vulnerability if he or she was motivated enough. Is this more of a PR move? Whenever you talk to Mac users they seem to flaunt the fact that they are virus free or is it that no one bothers since so few people have macs compared to pcs?


Anti-virus software is not necessary. It's a side effect of poor system configuration, slow release cycles for patched software and to a lesser extent, poorly designed software.

If a severe vulnerability is discovered, open source communities race to distribute a new version of the software (faster than anti-virus vendors can respond). Package management allows patches for _all_ software to be rolled out quickly and securely. A turnaround time exceeding 2 hours from knowledge of a critical vulnerability to patched software being distributed to 1,000,000's of computers would be considered slow. The concept of executing files downloaded from Internet sites, provided on removable media or sent via email is completely foreign.

Proprietary vendors tend to follow the processes defined in their ISO 9001 compliant Quality Management System. They wait for the next weekly "Urgent" Security Working Group Meeting so that a proposal to develop a Software Change Request can be agreed upon. ... blah blah... 2 months later you _may_ have updated software that users won't know about because they don't check the sites of the 100's of applications on their computers on a daily schedule.

Microsoft _could_ do more, particularly with respect to system-wide package management. However, _proprietary software vendors_ are the primary culprits. Microsoft can't help Windows users if software vendors refuse to respond to security vulnerabilities quickly or fail to design their software with consideration towards security.

I wish I saved the reference, but I read an interview recently where the founder/CEO of a prominent anti-virus vendor stated bluntly that the only reason the business exists is because of a failure to address {a list of well known and ignored problems including some I mentioned above}. Marcus Ranum ("inventor of the firewall")[1], Linus Torvalds[2] and many other well known and greatly respected researchers/practitioners have views on the computer security industry that may appear surprising. These people have significant influence, decades of experience and the respect to back it up. The comments they have towards the industry, including anti-virus vendors, are often quite negative (while remaining constructive). There is a reason founders of anti-virus companies can make discouraging remarks about the need for their company to exist -- they know from vast experience that software vendors won't be listening.

[1] http://www.ranum.com/security/computer_security/ [2] http://article.gmane.org/gmane.linux.kernel/706950


> It's a side effect of poor system configuration, slow release cycles for patched software and to a lesser extent, poorly designed software.

Don't forget stupid and naïve users - those who know that the dodgy crack / serial website is going to have infected files, or those who don't realise that cute cursors come with malware.

And, to be fair, it's not just MS that has these problems. BSD makes things a bit less scary for Mac users, but there's still the problem of people running as a high level user and entering their password whenever they're asked, without necessarily thinking about it.


Guidelines | FAQ | Support | API | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact