Monday, February 14, 2005


Politeness, n. The most acceptable hypocrisy

I installed MSFT's AntiSpyware Beta on the High Altar to check it out, as I'd heard good things about its immediate predecessor, Giant AntiSpyware. First impression isn't bad, although it generates a false positive with RealVNC (a petty annoyance). Usability is fine for the PEBKAC crowd, and the auto-scan and updates are nice. I don't particularly appreciate the conniptions MSFT makes you go through to get the thing, as in order to validate that your OS installation you have to download an ActiveX control, which is part of the problem in the first place. And of course, you have to provide the product key, or tell them what kind of machine it is and where you bought the box if said key isn't available (as I did).

One annoying bug (but minor enough to dismiss since it's a beta) is that AntiSpyware insists on you closing your browser to close out your scan. I tried setting it to Always Ignore RealVNC (since I'm typing this missive during the scan) but since I'm taking no action other than to ignore a legitimately installed utility it's a bit annoying to drop what I'm doing just because everything MSFT seems to require a shutdown of various degrees.

Look, I'm all for intellectual property owners to be paid for legitimate fair use of their product. There is no discussion on the matter. However, in this case, said intellectual property has caused direct or indirect injury to thousands if not millions of end-users by facilitating the installation of malware and viruses, all in the name of protecting their intellectual property by security through obscurity. Ever wonder why most encryption algorithm details are public (but of course, obviously not the keys)? Peer review. The algorithms get dissected in detail and potential flaws are examined with the result of the algorithm being either adopted or deprecated. MSFT doesn't believe in the concept of peer review, it believes in security through obscurity. Of course, there's a huge community out there that does peer review (mostly unsanctioned of course) of various MSFT issues, and that is a good thing for the end user community.

And just for the icing on the cake, this eWeek article shows not only that MSFT is aware of the problem (pas de merde!) but may actually be soliciting advice from professional peers (heaven forfend!) on how to deal with the issue. Here's a clue - decouple the browser from the OS please.


<< Home

This page is powered by Blogger. Isn't yours?

Technorati search