Microsoft Can't Figure Out How To Stop Spyware Itself, Needs To Buy Help
from the somewhat-telling... dept
Considering that many people blame Microsoft’s inability to design their operating system and browser properly for the rise in spyware, it’s interesting that Microsoft felt the need to go out and acquire an anti-spyware company. This makes it sound more like they’re trying to patch up some holes by applying this spyware technology on top, rather than looking at the underlying code to figure out ways to prevent the type of security breaches that lead to the spyware in the first place.
Comments on “Microsoft Can't Figure Out How To Stop Spyware Itself, Needs To Buy Help”
Security breach?
The security breach is giving users the power to do anything on their own computers. The spyware guys ASK if it’s ok to install their software, and even say what the software is going to do, and the users just click past it to get to their shiny new ‘free’ game.
The only thing I can think of that would work would be to have some sort of certifying authority that signs software that users can trust – a chain of trust much like what SSL has for the browser.
Have some company set up shop to test and certify software that’s “spyware free”. Have ISVs like Dell ship their systems configured such that only software that’s signed by these guys can be installed. Let the user turn it off, but at the risk of “voiding the warranty”.
Dell would have to pay the certifying guys, but I think in the end they’d save the money on support calls.
Re: Security breach?
That’s not all that bad of an idea. Many people would like to see Government step in and regulate this mess, but if you look at successful regulation, it is often done by private industry.
I have a relative that works in an elected board position at NSF international (not the national science foundation). If you haven’t heard of them, the next time you go to any restaraunt look at any of the machines that provide food/drinks, any of the containers used to store the food or any of the products used to handle the food. You’ll see an NSF certified sticker on them. It’s not recognized by the consumers, but it is recognized by the food services industry.
Take a look at any consumer electronics product and you’re bound to see a UL Listed stamp on it (because many consumer electronics retailers won’t bother to stock a product that doesn’t meet UL’s requirements).
In computers, digital signatures could be easily used to certify something as spyware free. Initially many users would not have a clue and would probably click-through something that wasn’t “certified”, but as the industry and the users adapt, the problem will go away. And instead of some law that has huge barriers written in 3000 pages of legal-ease and causing programmers to worry about breaking the law in order to produce something of merit…not to mention treaties between countries required to make the law cross borders…a private certification group could adapt quickly to changes in technology and be able to address new threats and eliminate “loopholes” discovered in previous policies quickly.
Some of the biggest problems the software industry faces is existing government regulation (such as the patent and copyright system). It seems obvious to those of us who work within the industry that these “systems” are horribly broken, but getting elected officials to recognize them as broken is a terribly daunting task…and realistically it won’t happen until someone abuses the system so badly that 3/4 of the economy is affected.
Having a nimble, private sector group regulate the industry seems a good long-term solution. They’re going to go where the profit is…and profit is never going to be buried in idiotic bureaucracy with antequated rules written when the telephone was a new invention.
I’m not saying it doesn’t have its weakness… but as long as Moore’s law is still a “rule”, is it realistic to have government regulation step in and “correct” the problem with a law that can’t adapt to an ever changing industry?
Microsoft & GIANT
This is security theatre. As with their purchase of an AV company last year, they didn’t go after a brand or thought leader, they bought a no-name non-player in the space as a feint towards a better OS (but without the work required for an overhaul).