Microsoft Realizes No One Wants To Pay Microsoft To Fix Its Own Security Flaws

from the that's-how-it-works dept

Back in 2005, when Microsoft was first mulling the idea of offering security software, we noted that the company was between something of a rock and a hard place. If it decided to charge for the software, people would accuse the company of trying to get people to pay to protect themselves from the security vulnerabilities in Microsoft's own software. Yet, if they went free, then they would face screams about antitrust violations for undercutting competitors in the security software market. We also suggested a third option: design better software that doesn't need security software. But, failing that, Microsoft chose what I think was the worst of the three options: selling security software. Perhaps not too surprisingly, not too many people took Microsoft up on the offer. It could be a combination of reasons why. First, Microsoft just doesn't have a good reputation when it comes to security. Second, that whole issue of paying the same company that created the security holes in the first place. Finally, it might just be inertia. People buy from McAfee or Symantec because they're two names that have been around forever and are recognized (and, most importantly, bundled on many brand-name computers).

So, after a couple years of failing to make much of a dent in the market, Microsoft has abruptly shifted to option number two. It will no longer be selling its OneCare security software and, instead, will be offering a free security suite for users, though with fewer features than the old OneCare offering. The various security software companies put out statements saying, of course, that this is no big deal, but you have to believe they're now doing whatever possible to stir up some complaints out of the Justice Department that this is an antitrust violation. Maybe a few years down the road Microsoft will simply move on to option three, and make software that doesn't require separate security software.

43 Comments | Leave a Comment..

(Mis)Uses of Technology

by Mike Masnick

Tue, Apr 29th 2008 8:16pm

How Do You Enforce An EULA On Malware?

from the honor-among-thieves? dept

We've written about all sorts of crazy things that software companies do in their EULAs (End User License Agreement), but it really says something about how ingrained the concept of an EULA has become that malware companies are starting to offer such draconian EULAs on their products (found via Ars Technica). Among the more amusing features of the EULA is a guarantee to buy any future upgrades. How's that for lock-in? Of course, EULAs are barely enforceable as is, and when you're selling to scammers and crooks they become even less so. Most EULAs are backed up via the power of copyright law, but that obviously doesn't work in this case. So how are the malware authors enforcing it? In typical organized crime fashion: with threats to destroy everything else you've got. Specifically, if it catches anyone violating the terms, it promises to send their botnet code to various antispyware companies -- effectively handing over the location of their secret hideout to the malware police. Who knew that honor among thieves now has taken on an EULA angle? Of course, we already know that almost no one reads normal software EULAs, so I somehow doubt that the online scammers using this software are bothering with the fine print either.

8 Comments | Leave a Comment..

(Mis)Uses of Technology

by Dennis Yang

Mon, Sep 24th 2007 3:34pm

Symantec Cries Wolf About ThreatCon 4: Imminent Global Internet Failure

from the aesop's-modern-fables dept

Symantec's DeepSight threat warning system sent out an erroneous "ThreatCon 4" warning on Friday caused by an errant product test. ThreatCon 4 is the highest level of warning that can be issued by the DeepSight system, and is supposed to indicate times where "extreme global network incident activity is in progress." The level 4 warning has never been issued; the last time level 3 was reached was back in 2004. Symantec issued a retraction of the false alarm approximately an hour after it was issued, and so far, no reports of harm from the false alarm are apparent. Actually, it doesn't even seem like anyone took this warning that seriously at all, considering the lack of any sort of response. And without any sort of response, doesn't that make the early warning system, well, not that useful? After an hour without much of a response, they should have just said: "This was a test of the DeepSite early warning system. Had this been a real warning..."

5 Comments | Leave a Comment..

Search Techdirt

And now, a word from our Sponsors..

15% off discount for Techdirt Readers

Popular Posts

Poll

Add Techdirt RSS To Your Reader

Subscribe to Techdirt's Daily Email Newsletter

Older Stuff

Monday
3:49pm:	Heads Of Major Movies Studios Claiming They Just Want To Help Poor Indie Films Harmed By Piracy (47)
2:38pm:	USPTO Convinced By Amazon That Online Gift Giving Patent Is Legit (19)
1:31pm:	Tiburon Approves Recording Every Car That Enters/Leaves... Despite More Evidence Of Traffic Camera Abuse In UK (78)
12:18pm:	Label Exec Arrested For Not Using Twitter To Disperse Crowd At Mall To See Singer (53)
11:01am:	Spanish Court Dismisses Complaint From Nintendo Against Counterfiet DS Cartridges, Since They Add Functionality (12)
9:55am:	Dear PR People: If Your Exec Has A Comment, Our Comments Are Open (25)
8:44am:	What Kind Of Mickey Mouse (And Donald Duck) Lawsuits Are These? (23)
7:30am:	Prosecutors Ending Lawsuit Against Lori Drew (13)
6:06am:	Dear Rupert: You Don't Succeed By Making Life More Difficult For Users (70)
4:20am:	ESPN Writer Suspended From Twitter (59)
2:10am:	School Can't Handle Critical Community Message Board; Sends Legal Nastygram (21)
Friday
7:39pm:	Liberian Laws Are A Secret Due To Copyright; Even The Gov't Doesn't Have Them (43)
6:56pm:	Lily Allen: It's Ok To Sell My Counterfeit CDs, Just Don't Give My Music For Free (97)
6:10pm:	EFF Looks To Bust Bogus Podcasting Patent; Needs Prior Art (34)
5:28pm:	Google Blocking Set Top Boxes From Showing YouTube Unless They Pay Up? (64)
4:44pm:	Entertainment Industry: Yes, Please Keep Negotiating Secret Copyright Treaty To Save Our Asses (43)
4:02pm:	If Google's Book Scanning Violates Copyright Law, What About The AP's Book Scanning? (21)
3:05pm:	iPhone App Developer Backlash Growing (49)
2:14pm:	Norwegian Band Told It Can't Post Its Own Music To The Pirate Bay, Even Though It Wants To (24)
1:08pm:	If You Only Share A Tiny Bit Of A File Via BitTorrent, Is It Still Copyright Infringement? (79)
12:00pm:	UK Digital Economy Bill As Bad As Expected; Digital Britain Minister Flat Out Lies About ISP Support (25)
10:57am:	NPR's Daniel Schorr Blames The Internet For Ft. Hood Shootings (37)
9:49am:	No, ACTA Secrecy Is Not 'Normal' -- Nor Is It A 'Distraction' (28)
8:33am:	Murdoch's The Times Accused Of Blatant Copying, Just As It Tells The World You Should Pay For News (28)
7:15am:	Copyright Extension Moves To Japan (24)
5:46am:	Canadian Ebook Store Offers 'Free' Public Domain Ebooks -- Claims Copyright Says You Can Only Make 1 Copy (27)
4:01am:	There Are Lots Of Ways To Fund Journalism (14)
1:49am:	Winner Takes All, Long Tails And The Fractilization Of Culture (10)
Thursday
10:37pm:	The Lobbyists' Ability To Control The Message (29)
8:11pm:	In Going Free, London Evening Standard Doubles Circulation While Slashing Costs (27)

Quick Links

Current Insight Community Cases

Microsoft Realizes No One Wants To Pay Microsoft To Fix Its Own Security Flaws

from the that's-how-it-works dept

How Do You Enforce An EULA On Malware?

from the honor-among-thieves? dept

Symantec Cries Wolf About ThreatCon 4: Imminent Global Internet Failure

from the aesop's-modern-fables dept

Which Internet Concern Worries You The Most?

Techdirt's Daily Email Newsletter

Monday

Friday

Thursday

More