Windows OneCare Live

Year of 8 February, 2006

Microsoft's new security product goes on sale in June.

Microsoft plan to ship a new security product in June, charging $49.95 a year to shield up to three PCs against viruses, spyware and other cyberthreats, the company said on Tuesday.

Windows OneCare Live combines antivirus, anti-spyware and firewall software with backup features and several tune-up tools for Windows PCs. The product will be sold online and in stores, Microsoft said.

As per usual, Windows OneCare Live is a Microsoft type of 'de novo innovation' or 'in house product': it's code the Redmond company got when it bought Romanian GeCad Software in June 2003.

Why are Microsoft doing this? It can't be because the market lacks adequate tools of this type. The market is full of them. There can be only one reason: $$$. Bill Gates wants the money he's heretofore left to his cottage industries. Times are not great for Microsoft; they're not making money like they used to; maybe it's their new plan to put people like McAfee and Symantec out of business.

Fifty dollars per annum. The ordinary PC lasts three years. Tops. By then both the hardware and the software are obsolete.

The copy of Windows on the new box is worth about $150. Add the subscription fee for Windows OneCare Live and it's double that.

Apple's OS X lasts as long as you want, and so does the hardware. And you don't need any antivirus or anti-spyware stuff. And your firewall's already built in. You get two actually, and can choose between them.

Computer users are going to see more clearly than ever that Wintel's a losing bet.

Why is it that OS X - and Linux and all those variants of Unix - are so secure that they don't need any antivirus or anti-spyware software whatsoever? None at all? Why indeed?

And why then do Windows users need it?

Viruses attach themselves either to a boot sector or to an executable. To get at a boot sector the attacking code has to be able to access the hardware and modify sensitive disk areas. To get at an executable the virus has to be able to access it with write privileges.

Sensitive areas on a Unix system, like the computer hardware itself, are protected. And it's not token protection either. The bad stuff simply can't get at it.

And when Microsoft mark a file with 'system hidden read-only', their highest level of protection, that's not enough of a speed bump to thwart a black hat beginner for five full minutes. There's no authentication needed to remove those attributes. Maybe users don't know how to do it, but the hackers do. It's a single line of code.

SetFileAttributes(path, 0);

The normal way is to get the attributes and file times, save their values, then remove all existing attributes, then do what you want, then restore the originals. It will look like no one's touched the file - especially if you reset the time stamps too.

FILETIME ctime, atime, mtime;
DWORD oldAttributes = GetFileAttributes(path);

GetFileTime(hFile, &ctime, &atime, &mtime);
SetFileAttributes(path, 0); // remove all attributes to allow full access
//
// Plant the virus
//
SetFileAttributes(path, oldAttributes);
SetFileTime(hFile, &ctime, &atime, &mtime); // Wipe our tracks
// We're outta here

Microsoft files don't have ownership - not unless you graduate to NTFS and most Windows boxes still run FAT32. Even with NTFS the security administration is so unwieldy most won't bother with it. Most Windows systems are wide open.

On a Unix system these files are protected and their ownership means only their owner can change their attributes. And ordinary processes - viruses inadvertently downloaded, for example - can't get access without further tricks.

There are no viruses for OS X or any flavour of Unix. It's no coincidence.

The difference between viruses and spyware in this regard is not important: the same rules apply, and the bad stuff can go anywhere and do anything on a Windows machine but will be quarantined and stuck in Userland on a Unix machine.

Unix users - those with Apple's OS X or the Linux kernel with either GNOME or KDE as a desktop from vendors such as Novell and Red Hat - have no additional costs to consider once they get their computers home. The products as bought are adequate.

Windows has never been adequate. That's hardly a secret. A lot of increasingly frustrated Windows users wonder why they've had to pay for OS updates just to get rid of the bugs that shouldn't have been there in the first place. Imagine how they're going react to Windows OneCare Live.

For the price of Windows just doubled. Were Windows OneCare Live available for any other platform, one might say 'OK, let them try to sell it' and forget the whole thing. For it wouldn't be a necessity - it wouldn't be something one's already paid for.

Windows users never get what they pay for. They didn't want the viruses and spyware, they didn't want their files destroyed and their lives ruined, they didn't want these perennial panics as yet another worm destroys the infrastructure of the planet, they didn't want any more of Bill Gates' empty promises or Steve Ballmer's dance steps - they just wanted an OS that could do its job.

They never got it.

Now they'll be paying twice as much and they still won't get it.

For do not think for one moment that the company who gave you the worst operating system in the history of the planet are suddenly going to be able to come out with a good product - even if said product is basically just 'bought' from another firm. Microsoft always have a way of taking good code and ruining it.

And the issue's not with the Windows OneCare Live product anyway: it's with the OS. No OS should let these kinds of things happen. Windows is 'standalone'. It's not meant for connected activity - for the Internet. It's a TOY. A standalone toy. It is not, repeat NOT, suitable for use on the Internet. And it never will be. And this is by DESIGN.

There should be no need to protect oneself with special software against things like viruses and trojans. In the world of Unix no one does. With any good system it's just not going to happen. If Microsoft hadn't been shafting you all these years, you wouldn't have ever seen a single virus or spyware issue. Not one.

Now Microsoft buy a product. From Romania of all places. They don't have to work too much on it; they'll devote enough time so they ruin it and then will let it be.

What they should have been doing is figuring out how to make their OS secure. They still haven't figured it out and the clock is ticking. Their Vista is not a step in the right direction. They still have no idea how to address their most basic security issue, and Windows OneCare Live is proof of that.

If Microsoft could stop the Fall of Windows, they wouldn't need it. They bought GeCad three years ago and three years later are still behind the idea. Three long years when they could have worked to figure out how to finally make their OS secure in the connected world.

News flash: they didn't figure it out. They never will. It can't be done and they know it.