Why I think AV software should be free
-
While I agree that today's Windows (v7 and later) is on par with Linux from a security POV, I'd ask who you believe is responsible for fixing the critical OpenSSL bug you referenced? The Linux distro? A 3rd party? Or nobody - let the end-user suffer?
Contrary to popular belief, nobody owes you anything.
Mike Mullikin wrote:
The Linux distro? A 3rd party? Or nobody - let the end-user suffer?
Don't know, but that was not my point anyway. My point is that "use Linux" as a single solution to all security problems with modern operating systems is silly and dangerous.
-
Fine! Fire and burglar alarms should be free.
Mladen Janković wrote:
Fire and burglar alarms should be free.
No, because it's not an intrinsic problem with your house. :) And granted, I'm arguing more for the sake of the argument than any real reason. ;) Marc
Imperative to Functional Programming Succinctly Contributors Wanted for Higher Order Programming Project!
-
Mladen Janković wrote:
Fire and burglar alarms should be free.
No, because it's not an intrinsic problem with your house. :) And granted, I'm arguing more for the sake of the argument than any real reason. ;) Marc
Imperative to Functional Programming Succinctly Contributors Wanted for Higher Order Programming Project!
Marc Clifton wrote:
And granted, I'm arguing more for the sake of the argument than any real reason.
Fair representation of lounge[^], as usual.
-
Albert Holguin wrote:
Use Linux then...
Because they never get pwned? Thing is, all systems have exploits, but I have to wonder if Linux may not actually be at a disadvantage here, given that (AFAIK) there's no reputable anti-virus for Linux you can rely on. Which means you totally rely on the end user.
ClamAV[^] officially runs on Windows, Mac, Linux, and BSD; and can be built for a variety of other platforms. The True64/Alpha box running an embedded system in the lab where I'm spending most of my time runs a copy our admin (who's not a dev and mostly a windows dude at that) was able to get to build with a bit of fiddling.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies. -- Sarah Hoyt
-
Mike Mullikin wrote:
The Linux distro? A 3rd party? Or nobody - let the end-user suffer?
Don't know, but that was not my point anyway. My point is that "use Linux" as a single solution to all security problems with modern operating systems is silly and dangerous.
Nobody said it was a fix all. It's ultimately up to the user to be safe.
-
Albert Holguin wrote:
Go write some code
Maybe I should write some that will stop hackers from pwning Linux servers on regular basis. The only reason why desktop Linux is not targeted by 'commercial' virus creators in such rate is because it has so little market share fragmented in so many distros and mostly used by tech savvy people so it's not worth the effort. Suggesting that is the reason why Linux is more secure the Windows is what's called security through obscurity. On the other hand if you're target of government surveillance, well look for yourself how secure you are by using Linux[^]. Also things like heartbleed. Critical OpenSSL bug allows attackers to impersonate any trusted server[^]. Will you look at that! Just while I was typing this message to you, perfect time to illustrate my point.
Mladen Janković wrote:
mostly used by tech savvy people so it's not worth the effort.
Imagine that...
-
Mladen Janković wrote:
mostly used by tech savvy people so it's not worth the effort.
Imagine that...
Albert Holguin wrote:
Imagine that...
Imagine what? That something complicated will be used mostly by professionals?
GeoGame for Windows Phone | The Longue Explained In 5 Minutes
-
Nobody said it was a fix all. It's ultimately up to the user to be safe.
So your answer to road safety would be drive a truck?
GeoGame for Windows Phone | The Longue Explained In 5 Minutes
-
Mladen Janković wrote:
Fire and burglar alarms should be free.
No, because it's not an intrinsic problem with your house. :) And granted, I'm arguing more for the sake of the argument than any real reason. ;) Marc
Imperative to Functional Programming Succinctly Contributors Wanted for Higher Order Programming Project!
Marc Clifton wrote:
No, because it's not an intrinsic problem with your house. :)
Yes it is. It's perfectly possible to build a house that is made entirely of fireproof material and with enough security measures to deter even the most enthusiastic thief. The reason we don't is simple - it would take years to build and there's only about three people in the world who could afford it! The exact same is true of an OS. If every OS had to be perfect before release then ... actually Godel's Incompleteness Theory makes that an impossibility so ... if every OS had to be as near perfect as possible before release then we'd still be waiting for Windows 1 and if it was ever let loose on the world it would require terabytes of disc space and a stonking great bank balance to be installed. A builder provides you with the best possible house that is practical and affordable. He expects you to be responsible in using it to the extent of buying insurance (which may also require additional costs for better locks or alarms) and not living in a manner which would make its destruction inevitable (indoor barbecues, keeping a rhinoceros in the kitchen, that sort of thing). The OS deal is no different.
-
It's interesting that almost everyone asked why I think it should be free, so here's my thinking: Why do viruses exist? Because of bugs in the operating systems and applications that we do pay for. So, in effect, when I spend money on AV software, I'm paying someone else to "fix" the problems created by someone else. That's fine, but then it makes more sense to me that the companies who write the buggy OS's, browser, etc. should pay the AV software companies, not the end user. Now sure, if there's some advanced features that you might need, then I can see paying for that. But the basic "keep me protected from the bad guys and the buggy OS's" functionality, seems to me like that should be something free. Of course, with my thinking, companies like Microsoft would simply hide an "AV tax" to their software, haha. Or I could just use Microsoft Security Essentials, but I went down that route once and had some unpleasant experiences, don't recall exactly what. Might try it again on my laptop. Marc
Imperative to Functional Programming Succinctly Contributors Wanted for Higher Order Programming Project!
As you mentioned, MSE is free. Don't like it? Join the club. But AV software choices are like banks - you will find that every one of them has a hate-club. And it's hardly fair to expect AV companies that are independent of OS companies to give away their software based on your logic. Using that same logic, your home security should be free, right? Because the people that built your home should be 100% responsible for it's security? Even if you leave your doors unlocked? And your car? Is the manufacturer responsible if it's stolen or items are stolen from inside? They took the time to build an electronic key much harder to bypass than the old metal keys, but then you left the doors/windows open or left your keys with a "trusted" valet... is that the manufacturer's fault? Clearly there are instances where the manufacturer has to accept some level of responsibility - like a lock that fails to work, or the case of the Ford van keys that weren't unique allowing van owners to start other people's vans. And OS providers clearly have had bugs that leave us vulnerable. And they fix the ones that are reported (though some faster than others). But I don't see how they can be responsible for every stupid action that someone takes. You open an unknown attachment from an unknown sender, get infected and that's the manufacturer's fault? Is it their fault when you contact that guy in Nigeria to split the millions that he's safely siphoned and trying to move to a US bank? What about when you turn off your firewall? We each have our own responsibilities - the manufacturers have to accept theirs and we have to accept ours. On a similar note - all security comes at the cost of convenience. MS could block you from opening or running your email attachments that it "thinks" are bad, but then you will lose the convenience of opening attachments that are actually safe but detected as being potentially harmful. Some thing with every website you go to (with all of the script that runs on it), every application you launch, and everything you do on your system. Seems to me that MS tried to do that with Vista and the backlash was horrendous. It's a no-win situation - the extra security comes at a cost and convenience/access comes at a cost. Ever hear of the Patriot Act ;) That's my two cents anyway!
-
It's interesting that almost everyone asked why I think it should be free, so here's my thinking: Why do viruses exist? Because of bugs in the operating systems and applications that we do pay for. So, in effect, when I spend money on AV software, I'm paying someone else to "fix" the problems created by someone else. That's fine, but then it makes more sense to me that the companies who write the buggy OS's, browser, etc. should pay the AV software companies, not the end user. Now sure, if there's some advanced features that you might need, then I can see paying for that. But the basic "keep me protected from the bad guys and the buggy OS's" functionality, seems to me like that should be something free. Of course, with my thinking, companies like Microsoft would simply hide an "AV tax" to their software, haha. Or I could just use Microsoft Security Essentials, but I went down that route once and had some unpleasant experiences, don't recall exactly what. Might try it again on my laptop. Marc
Imperative to Functional Programming Succinctly Contributors Wanted for Higher Order Programming Project!
Two reasons this would never happen, both related to profits: 1. The virus makers wouldn't make any moneys from selling their AV software. 2. The software makers would have to make programs without bugs - which in turn means their users wouldn't have any incentives to buy next year's "new and improved" upgrade. Sorry, that's very tongue in cheek, but I've been having this feeling for at least the last 10 years.
-
It's interesting that almost everyone asked why I think it should be free, so here's my thinking: Why do viruses exist? Because of bugs in the operating systems and applications that we do pay for. So, in effect, when I spend money on AV software, I'm paying someone else to "fix" the problems created by someone else. That's fine, but then it makes more sense to me that the companies who write the buggy OS's, browser, etc. should pay the AV software companies, not the end user. Now sure, if there's some advanced features that you might need, then I can see paying for that. But the basic "keep me protected from the bad guys and the buggy OS's" functionality, seems to me like that should be something free. Of course, with my thinking, companies like Microsoft would simply hide an "AV tax" to their software, haha. Or I could just use Microsoft Security Essentials, but I went down that route once and had some unpleasant experiences, don't recall exactly what. Might try it again on my laptop. Marc
Imperative to Functional Programming Succinctly Contributors Wanted for Higher Order Programming Project!
Marc, I will respond with why I gladly pay for AV software: 1) Those companies, in order to do a decent job need to pay their developers 2) I want something that works, and actually finds viruses, prevents me from accidentally downloading the wrong thing (about 2 times per year, in the old days, the "download" on SourceForge was an Ad, and I clicked on it) 3) I want it up to date 4) I want it to protect my network from the other users who are not nearly as paranoid as I am. It is not a bug that Chrome lets you download and run an install, answering yes to all of the prompts. It is not a bug in the OS, and not a bug in Chrome. It is misguided of the user to trust something that has not been scanned. So, I choose to have it scanned automatically. And I gladly write a TINY Check, every year or two for the ease. In perspective. My time is worth $150/hr to me. If I spend $50/year/pc (and I have 6, including some VMs I protect) then that is 2hrs/year of my time. Which is WAY less than the time spent dealing with a single mistake. I wish we did not have to have them running. I wish people didn't write viruses. But wishing and hoping aint getting the job done! Finally, I think if you disconnected from the internet, turned off the networking, and carefully monitored the software you did install. You would NOT need AV software. And you would probably not do too much with the computer either.
-
It's interesting that almost everyone asked why I think it should be free, so here's my thinking: Why do viruses exist? Because of bugs in the operating systems and applications that we do pay for. So, in effect, when I spend money on AV software, I'm paying someone else to "fix" the problems created by someone else. That's fine, but then it makes more sense to me that the companies who write the buggy OS's, browser, etc. should pay the AV software companies, not the end user. Now sure, if there's some advanced features that you might need, then I can see paying for that. But the basic "keep me protected from the bad guys and the buggy OS's" functionality, seems to me like that should be something free. Of course, with my thinking, companies like Microsoft would simply hide an "AV tax" to their software, haha. Or I could just use Microsoft Security Essentials, but I went down that route once and had some unpleasant experiences, don't recall exactly what. Might try it again on my laptop. Marc
Imperative to Functional Programming Succinctly Contributors Wanted for Higher Order Programming Project!
Unfortunately, there is no such thing as bug-free software unless the application is quite small, which for most developers will rarely be available in any of our toolsets. An operating system, no matter which one you target will always have bugs in it. They are software applications that are built by "committee". Except for the original DOS, which Microsoft purchased, no popular, successful OS has ever been developed by a single individual. As a result, though the attempts made to reduce and\or eliminate defects will be profound, no such effort will ever be entirely free of them. AV software, which is also complex by its nature, attempts to rectify this short-coming in the way OS's are developed. Most do an admirable job of it. And right now they are a needed factor to protect our machinery. When robots create our OS software, maybe then we may not need such protections but even so, maybe their AI will be faulty. It would have after all been developed by Humans. At least initially... To address the idea of free software as many seem to propose, there is a terrible downside to such a prospect and its consequences can be seen reverberating throughout the IT profession. "Free Software" is only as good as the incentive to build it and there are few such products that are well-developed merely as "labors of love". We all have to eat and put dinner on the table for our families, amongst other things in current Capitalistic societies. If all software were actually free, than the underpinnings of our profession would collapse. People write software not only out of a creative spark but also because they want to build something that works and can provide them with a career outside the confines of corporate employment. Such a desire is quite critical (and would be eliminated if there was no way to monetize it) to many of us and it is doubtful that few who do really want to create their own works want to simply give it away if they are functioning adults on their own and have little interest in working with a group that only charges for software maintenance; something that individual developers who want to have their own business are not in a position to do. So the next time someone proposes that software should be free, maybe you should suggest that they "live on love" and see how they like paying the bills with it...
Steve Naidamast Sr. Software Engineer Black Falcon Software, Inc. blackfalconsoftware@outlook.com
-
It's interesting that almost everyone asked why I think it should be free, so here's my thinking: Why do viruses exist? Because of bugs in the operating systems and applications that we do pay for. So, in effect, when I spend money on AV software, I'm paying someone else to "fix" the problems created by someone else. That's fine, but then it makes more sense to me that the companies who write the buggy OS's, browser, etc. should pay the AV software companies, not the end user. Now sure, if there's some advanced features that you might need, then I can see paying for that. But the basic "keep me protected from the bad guys and the buggy OS's" functionality, seems to me like that should be something free. Of course, with my thinking, companies like Microsoft would simply hide an "AV tax" to their software, haha. Or I could just use Microsoft Security Essentials, but I went down that route once and had some unpleasant experiences, don't recall exactly what. Might try it again on my laptop. Marc
Imperative to Functional Programming Succinctly Contributors Wanted for Higher Order Programming Project!
Hmm... OK, fair enough. Then if I go eat bad food (the 'other' guys) and it makes me sick then I shouldn't have to pay my doctor, right? After all, it wasn't MY fault so I shouldn't take responsibility for having it fixed? That is, essentially, what you're saying here, isn't it? ;-)
-
It's interesting that almost everyone asked why I think it should be free, so here's my thinking: Why do viruses exist? Because of bugs in the operating systems and applications that we do pay for. So, in effect, when I spend money on AV software, I'm paying someone else to "fix" the problems created by someone else. That's fine, but then it makes more sense to me that the companies who write the buggy OS's, browser, etc. should pay the AV software companies, not the end user. Now sure, if there's some advanced features that you might need, then I can see paying for that. But the basic "keep me protected from the bad guys and the buggy OS's" functionality, seems to me like that should be something free. Of course, with my thinking, companies like Microsoft would simply hide an "AV tax" to their software, haha. Or I could just use Microsoft Security Essentials, but I went down that route once and had some unpleasant experiences, don't recall exactly what. Might try it again on my laptop. Marc
Imperative to Functional Programming Succinctly Contributors Wanted for Higher Order Programming Project!
Marc Clifton wrote:
Because of bugs in the operating systems and applications that we do pay for.
I need more qualification to agree to that. The ability to install software on a computer would seem pretty necessary. But when someone clicks on something that they shouldn't and it ends up installing something malicious it doesn't require any "bugs" to do it. Now when they do that inside a demilitarized zone and that software then uses a bug in some older software to spread itself in the network, even though the users of the internal network made an informed decision to not update the software because it was in a safe zone is that also due to a "bug"?
-
Albert Holguin wrote:
Use Linux then...
Because they never get pwned? Thing is, all systems have exploits, but I have to wonder if Linux may not actually be at a disadvantage here, given that (AFAIK) there's no reputable anti-virus for Linux you can rely on. Which means you totally rely on the end user.
Some false assumptions here: 1. There are indeed perfectly credible anti-virus solutions out there that run on Linux. ClamAV comes to mind first, and I know there are others out there 2. People with limited experience working with non-Windows and non-desktop operating systems seem to assume that anti-virus software is an essential, required security measure. In fact it is the LAST line of defence that should be relied upon and computer viruses as the general public have known them are a problem virtually exclusive to the Microsoft platform. EVERYTHING ELSE is more important than anti-virus, from keeping systems patched to perimeter security (properly configured routers, firewalls, etc), encryption (using robust VPNs for remote access, encrypted HTTP, SMTP, IMAP and POP by default, etc) and use of strong passwords and SSL keys. Anti-virus technology in general should be LEAST relied upon of all security practices regardless of the solution used. Linux is VERY RARELY compromised by a traditional computer virus--the vast majority of time it is a more sophisticated exploit of a kind that anti-virus would never stop, and the vast majority of time the exploit takes advantage of servers listening on ports in public addresses rather than running the wrong executable or opening the wrong attachment or visiting the wrong website. It doesn't NEED anti-virus to be secure, but like ALL networked computers of any kind all the other security measures are essential to remain secure. Windows (and MacOS too actually) have "desktop origins"--their ancestry lies in isolated, single-user PERSONAL computer use in a time when part-time dial-up modems and exchanging floppy disks were the only practical means of sharing data (and thus spreading malware). Both Windows and MacOS are completely different beasts nowadays having both swapped rickety old kernels for much more robust NT kernel (inspired by VMS) and a Mach microkernel (used in robust UNIX systems), however everything above the kernel has been some degree of evolution and struggling to shed the old standalone PC paradigms and deal with compatability with legacy crap users just won't let go of. MacOS has a very solid UNIX foundation but Apple's userland environment is all about "just works" and "beautiful", and as such it has a less perfect security record than it could have. Linux is unique from the other two in that it has "server origins" (as do the *BSD operating systems). There are very good Linux based desktop OSes out there but as others have pointed
-
It's interesting that almost everyone asked why I think it should be free, so here's my thinking: Why do viruses exist? Because of bugs in the operating systems and applications that we do pay for. So, in effect, when I spend money on AV software, I'm paying someone else to "fix" the problems created by someone else. That's fine, but then it makes more sense to me that the companies who write the buggy OS's, browser, etc. should pay the AV software companies, not the end user. Now sure, if there's some advanced features that you might need, then I can see paying for that. But the basic "keep me protected from the bad guys and the buggy OS's" functionality, seems to me like that should be something free. Of course, with my thinking, companies like Microsoft would simply hide an "AV tax" to their software, haha. Or I could just use Microsoft Security Essentials, but I went down that route once and had some unpleasant experiences, don't recall exactly what. Might try it again on my laptop. Marc
Imperative to Functional Programming Succinctly Contributors Wanted for Higher Order Programming Project!
Good luck creating all that free AV software mate. You're going to have a blast.