Why I think AV software should be free
-
Kevin Marois wrote:
it essentially was 3 pages of VB code that deleted whatever it could from the Windows folder and all subfolders under it.
Kevin Marois wrote:
No 'bug' allowed that.
You don't think an OS should protect against uninitiated code execution and file deletion?
Contrary to popular belief, nobody owes you anything.
Mike Mullikin wrote:
You don't think an OS should protect against uninitiated code execution and file deletion?
No! No, I don't. Unless you know how to implement mind reading capabilities and embed it into OS, anything you do regarding this 'issue' will be more of an annoyance then actual solution.
-
Use Linux then... I use both, but definitely pay for AV on my Windows machines.
Albert Holguin wrote:
Use Linux then...
Are you implying that Linux is bug/virus free? :laugh:
-
And someone better will defeat it... But that's your fault, right? By your logic, YOU should have put more time and expense into defeating all viruses that might attach your software. If we as developers tried that, the cost of our apps would skyrocket and the app side would be exponentially huge, and it would never be done.
If it's not broken, fix it until it is
Kevin Marois wrote:
By your logic, YOU should have put more time and expense into defeating all viruses that might attach your software
The answer to that is obviously no, but as a developer, I don't think it's unreasonable to be expected to at least try to mitigate potential issues when you design your apps. That's why, after all, threat modeling tools exist. They're not just for OS designers. It starts with not requiring the user to run as an admin, not saving passwords in plaintext--those sorts of things. You're not entirely absolved from any responsibility just because there's an anti-virus running that's trying to protect the user from himself.
-
This is the reason it's unreasonable to try to code around it. Who decides who can and cannot delete files?
If it's not broken, fix it until it is
-
It's interesting that almost everyone asked why I think it should be free, so here's my thinking: Why do viruses exist? Because of bugs in the operating systems and applications that we do pay for. So, in effect, when I spend money on AV software, I'm paying someone else to "fix" the problems created by someone else. That's fine, but then it makes more sense to me that the companies who write the buggy OS's, browser, etc. should pay the AV software companies, not the end user. Now sure, if there's some advanced features that you might need, then I can see paying for that. But the basic "keep me protected from the bad guys and the buggy OS's" functionality, seems to me like that should be something free. Of course, with my thinking, companies like Microsoft would simply hide an "AV tax" to their software, haha. Or I could just use Microsoft Security Essentials, but I went down that route once and had some unpleasant experiences, don't recall exactly what. Might try it again on my laptop. Marc
Imperative to Functional Programming Succinctly Contributors Wanted for Higher Order Programming Project!
Do you also expect fire or health insurance to be free?
-
Mike Mullikin wrote:
You don't think an OS should protect against uninitiated code execution and file deletion?
No! No, I don't. Unless you know how to implement mind reading capabilities and embed it into OS, anything you do regarding this 'issue' will be more of an annoyance then actual solution.
Mladen Janković wrote:
No! No, I don't.
:wtf: You would prefer that an e-mail attachment or some script in a web page could (without your permission or knowledge) modify / delete files on your computer?
Contrary to popular belief, nobody owes you anything.
-
Do you also expect fire or health insurance to be free?
Mladen Janković wrote:
Do you also expect fire or health insurance to be free?
Of course not, but keep in mind that the word "insurance" is misleading. It doesn't ensure that your house won't burn down or that you won't die. It is more of an "assurance", that you can replace damaged property or your spouse won't be financially crippled by your death. AV software isn't "insurance" or even "assurance." It's preventing (in a condom sort of way) problems with something that's originally flawed. Marc
Imperative to Functional Programming Succinctly Contributors Wanted for Higher Order Programming Project!
-
Marc Clifton wrote:
Why do viruses exist? Because of bugs in the operating systems and applications that we do pay for
Sometimes. Years ago I got ahold of the source code for a virus called the I Love You Virus[^] Aside from the silly email stuff, it essentially was 3 pages of VB code that deleted whatever it could from the Windows folder and all subfolders under it. No 'bug' allowed that. Some deviant came up with this and wrote it.
If it's not broken, fix it until it is
Kevin Marois wrote:
No 'bug' allowed that. Some deviant came up with this and wrote it.
:thumbsup: That's a very good example and creates a strong point toward the debate. Wow, that sounds sarcastic when I typed it, but I really mean it.
-
Mladen Janković wrote:
Do you also expect fire or health insurance to be free?
Of course not, but keep in mind that the word "insurance" is misleading. It doesn't ensure that your house won't burn down or that you won't die. It is more of an "assurance", that you can replace damaged property or your spouse won't be financially crippled by your death. AV software isn't "insurance" or even "assurance." It's preventing (in a condom sort of way) problems with something that's originally flawed. Marc
Imperative to Functional Programming Succinctly Contributors Wanted for Higher Order Programming Project!
Fine! Fire and burglar alarms should be free.
-
Do you also expect fire or health insurance to be free?
No I expect fire hazards and health hazards to be illegal and impossible!! :D
-
Albert Holguin wrote:
Use Linux then...
Are you implying that Linux is bug/virus free? :laugh:
Way closer to that than Windows... that's for sure.
-
Way closer to that than Windows... that's for sure.
:laugh: You should do stand-up.
-
Albert Holguin wrote:
Use Linux then...
Because they never get pwned? Thing is, all systems have exploits, but I have to wonder if Linux may not actually be at a disadvantage here, given that (AFAIK) there's no reputable anti-virus for Linux you can rely on. Which means you totally rely on the end user.
It always comes down to the end user.... I mean, hell... Linux lets you delete system files, albeit you usually really have to try (sudo).
-
Mladen Janković wrote:
No! No, I don't.
:wtf: You would prefer that an e-mail attachment or some script in a web page could (without your permission or knowledge) modify / delete files on your computer?
Contrary to popular belief, nobody owes you anything.
If I clicked attachment it's damn job of a mail client to open it and not to nag me. It's my own fault if the attachment has malicious behavior. I have used clients that make you go through all kind of hoops just to open attachments, f*ck that!
-
:laugh: You should do stand-up.
You're amusing. Go write some code.
-
If I clicked attachment it's damn job of a mail client to open it and not to nag me. It's my own fault if the attachment has malicious behavior. I have used clients that make you go through all kind of hoops just to open attachments, f*ck that!
-
You're amusing. Go write some code.
Albert Holguin wrote:
Go write some code
Maybe I should write some that will stop hackers from pwning Linux servers on regular basis. The only reason why desktop Linux is not targeted by 'commercial' virus creators in such rate is because it has so little market share fragmented in so many distros and mostly used by tech savvy people so it's not worth the effort. Suggesting that is the reason why Linux is more secure the Windows is what's called security through obscurity. On the other hand if you're target of government surveillance, well look for yourself how secure you are by using Linux[^]. Also things like heartbleed. Critical OpenSSL bug allows attackers to impersonate any trusted server[^]. Will you look at that! Just while I was typing this message to you, perfect time to illustrate my point.
-
Albert Holguin wrote:
Go write some code
Maybe I should write some that will stop hackers from pwning Linux servers on regular basis. The only reason why desktop Linux is not targeted by 'commercial' virus creators in such rate is because it has so little market share fragmented in so many distros and mostly used by tech savvy people so it's not worth the effort. Suggesting that is the reason why Linux is more secure the Windows is what's called security through obscurity. On the other hand if you're target of government surveillance, well look for yourself how secure you are by using Linux[^]. Also things like heartbleed. Critical OpenSSL bug allows attackers to impersonate any trusted server[^]. Will you look at that! Just while I was typing this message to you, perfect time to illustrate my point.
While I agree that today's Windows (v7 and later) is on par with Linux from a security POV, I'd ask who you believe is responsible for fixing the critical OpenSSL bug you referenced? The Linux distro? A 3rd party? Or nobody - let the end-user suffer?
Contrary to popular belief, nobody owes you anything.
-
While I agree that today's Windows (v7 and later) is on par with Linux from a security POV, I'd ask who you believe is responsible for fixing the critical OpenSSL bug you referenced? The Linux distro? A 3rd party? Or nobody - let the end-user suffer?
Contrary to popular belief, nobody owes you anything.
Mike Mullikin wrote:
The Linux distro? A 3rd party? Or nobody - let the end-user suffer?
Don't know, but that was not my point anyway. My point is that "use Linux" as a single solution to all security problems with modern operating systems is silly and dangerous.
-
Fine! Fire and burglar alarms should be free.
Mladen Janković wrote:
Fire and burglar alarms should be free.
No, because it's not an intrinsic problem with your house. :) And granted, I'm arguing more for the sake of the argument than any real reason. ;) Marc
Imperative to Functional Programming Succinctly Contributors Wanted for Higher Order Programming Project!