Microsoft VP Suggests 'Net Tax To Clean Computers 577
Ian Lamont writes "Microsoft's Vice President for Trustworthy Computing, Scott Charney, speaking at the RSA conference in San Francisco, has floated an interesting proposal to deal with infected computers: Approach the problem of dealing with malware infections like the healthcare industry, and consider using 'general taxation' to pay for inspection and quarantine. Using taxes to deal with online criminal activity is not a new idea, as demonstrated by last year's Louisiana House vote to levy a monthly surcharge on Internet access to deal with online baddies."
Shove it. (Score:3, Informative)
Re:I totally agree (Score:0, Informative)
Re:I'm paying for WHAT? (Score:3, Informative)
Paying for someone else's fuck up. A lot of that going around these days.
Re:I totally agree (Score:1, Informative)
Just pointing out the parent said *unhackable,* not "uninfectable," or "invulnerable to social engineering," etc. And there's a solid point there, since the latest version of an OS is often difficult to compromise without user complicity, even if it's unknowing complicity.
Re:Tax Credit? (Score:2, Informative)
Compare that to a Windows machine connected to the Internet without some sort of protection--it can become infected without the user doing anything at all.
These problems do in fact happen. They use third party issues like the Flash bug patched only a month and a half ago ( http://apple.slashdot.org/story/10/01/20/217257/Apple-Patches-Massive-Holes-In-OS-X?art_pos=6 [slashdot.org] ) where all you had to do was surf onto the infected site. This is an issue since all Mac's are pre-installed with Flash, and the patch had been available for weeks on the official Flash site before Apple bothered to include it into an 'official' patch. The typical end user doesn't want to have to look for fixes beyond the update program. And as long as things like this happen, they will have issues and problems of their own.
Re:Free anti-virus with Internet service purchase! (Score:4, Informative)
I've been virus free for decades now, following these basic rules, and without running A/V save a monthly offline Clam scan to make sure I haven't caught a case of the stupids when I wasn't looking.
I'd rather see ISPs voluntarily cracking down on spam-generating machines than be forced to pay a tax in an attempt to make up for my neighbor*'s ignorance.
*For extremely large values of "neighbor".
Re:Free anti-virus with Internet service purchase! (Score:5, Informative)
I've been using Avast for the last few years. Free for home use and a damn good product.
A) Sure it updates almost every day - but it has almost no impact on my network (and I'm from Oz where "Broadband" means a bit faster than dial up).
B) Its impact when scanning is not noticable. It scans the file you modify or try to open.
C) WTF? What defaults? The "I can download and run viruses by default" defaults?
D) Avast 99% of the time is a pair of icons in your system tray. If the look and feel of your virus scanner is one of you concerns then your worried about the wrong thing...
E) Avast doesn't constantly use CPU time. A decent virus scanner of any kind would us OS Hooks to identify when it needs to look at files/processes. It won't need to be doing anything unless you are and then it only needs a quick look at the file/process to see if it recognises it.
F) Avasts free license expires every 12 months. It takes around a minute to renew. Big deal.
G) *sigh* Seriously. There are millions of gamers around the world that have virus scanners installed. There's also quite a number of game developers with virus scanners installed. When was the last time that you read that your virus scanner should be disabled before playing game ? Sure the downloads of updates can cause a few moments of lag - but big deal.
H) I'm sorry but WTF? Sure Sony's rootkit can be considered a threat. But REAL threats are actually more things like Confiker, Trojans etc. Viruses etc. that (a) might destroy your PC, (b) be used as part of a botnet, (c) steal your personal data etc.
You're worried about how you virus scanner looks, and a slight interruption to your gaming, but not about the impact of having a virus. The fact that that virus may wipe your machine, cause your machine to be responsible for attacking other machines, or cause masses of SPAM e-mail to be sent out doesn't concern you? I take it then that your ISP doesn't care that you might be responsible for infecting other machines, sending SPAM etc.
Take your tinfoil hat off and go out and get some sunshine.
Comment removed (Score:5, Informative)
Re:But I already paid the tax... (Score:1, Informative)
You don't think that Macs and Linux machines are unhackable, do you? It's just that XP was so easy to hack, and had such a huge market share, that you'd be foolish to hack other systems.
Even when you do manage to find an unpatched vulnerability on a unix-like system that you can remotely exploit to run arbitrary code, you're still unable to access anything in the system outside of the security context of the software that you've exploited. So you can't access any users' personal files (unless that user was the one running the program you exploited, then you can access their stuff but nobody else's), you can't modify system files, or anything else since most people running those systems run their software under limited user accounts. When exploiting windows machines, it's pretty rare that the software you've exploited turns out to be running under a limited user account. In those situations you then need to find another vulnerability that you can exploit to escalate your privileges, and unfortunately those vulnerabilities are taken much more seriously on unix-like operating systems where they are patched as quickly as they are discovered. At least with a Windows box, if you do come into one of those rare situations where the user is security conscious, there are many more local privilege escalation vulnerabilities to choose from and they aren't patched very quickly to say the least.
So, yeah, one would be quite foolish to be targeting other systems while there are so many easy targets that, even when their owners attempt to secure them, are still trivial to compromise by comparison.
Re:Ah.. the registry. (Score:3, Informative)
I'm not sure where the redundancy idea comes from in your post. I've seen more than a few Windows systems fucked over by just one or two registry keys doing the wrong thing. The fact that the path to said registry keys is cryptic and over 100 characters long doesn't help.
Well the redundancy comes from the fact that the registry was backed up on every successful boot allowing you to restore it when things got fucked up. I don't see why its automatically "nonsense" because you had some problems that you fail to give specifics for.
http://en.wikipedia.org/wiki/Windows_Registry#Backups_and_recovery [wikipedia.org]
Also, Changing 'one or two' keys can and will fuck up Windows. Thats the point. Because it hosts critical OS settings, If you delete specific keys, say for e.g. If you disable a driver that is required for boot, you can hose your system.
But that would be the equivalent of deleting /etc/fstab , mtab or corrupting /boot/grub/grub.cfg.
Re:Free anti-virus with Internet service purchase! (Score:3, Informative)
But when you buy a Rolex from Cartier, you don't expect to get a cheap $5 knock off.
You also don't expect to get a Rolex from Cartier.
Re:Free anti-virus with Internet service purchase! (Score:2, Informative)
You would have to keep around last 3 snapshots just to be safe from a failed/bad update.
Yes you would. Sorry I left that out.
Using VMs means you can start with a bare windows install fully updated, and save a copy, or "snapshot" of that. Then you can add security layers on top and save a snapshop of that "snap that". A few at a time you can add your critical apps and make snaps until you have a lot of snapshot VMs that take a lot of space - but these days space is cheap. You can store 200 10GB Windows images on a 2TB external drive, and that's not a large external storage device today. Storing your basic images on an external drive also keeps your images safe from really clever malware that might evolve to corrupt even inactive OS VM images.
For the advanced class, you can mount a VM of OpenFiler with a reasonable disk pool, mount that iSCSI volume on your VM and install Windows onto it. Then you can take thin differential snapshots. If OpenFiler won't do what you need then HP's free Virtual SAN Appliance [hp.com] will, or there are other options. Me, I just reinstall the OS in a VM when I have to rebuild because it's a rare thing and dealing with that once a year or so is easier than setting up infrastructure that may change. But one day older versions of Windows will no longer install, so that bare image will have to do.
Re:Free anti-virus with Internet service purchase! (Score:3, Informative)
And, despite all their efforts, every month, every week, hell, almost every day another security exploit is discovered or released that shows just how broken previous versions of their platform is:
http://www.computerworld.com/s/article/9164038/Microsoft_Don_t_press_F1_key_in_Windows_XP [computerworld.com]
Of course, the biggest problem is that most users run Windows with Admin rights but M$ is to blame for making Windows too hard to run without full admin rights.
I would have had a lot more respect for them if they'd bought out a company like Avecto or BeyondTrust, and spun that kind of functionality into a Service Pack like they did with Security Center so that running with day-to-day with admin rights wouldn't be necessary.
No, UAC / RunAs isn't the same as Privilege Manager or Privilege Guard as it doesn't sufficiently modify the security context of a logged-in user