If this is true (and frankly I know for a fact it is, as I just downloaded the linked file containing Disable_Windowsupdate.exe, which is signed by Samsung Electronics CO and downloaded from Samsung's own servers) then Microsoft should pick up the phone and threaten the heck out of Samsung, Microsoft while somewhat neutered by anti-trust still has a great deal of power over OEMs and stuff like this is a perfect time to [ab]use it.
Honestly, as a Linux user this kind of makes me chuckle.
Microsoft has spent so much time abusing their market dominance, trying to cripple linux on the desktop that it's kind of funny for once to see a company which they can't strong-arm doing the same thing back to them.
Let the past be the past. The new MS is making some good moves. However, this is not MS's fault. When you operate in an OEM type environment, you will run into situations like this.
For example, if OSX was an OEM offering, companies would disable services and make unsavory modifications.
The reality, is like Lenovo, we have a bad vendor here and probably think twice before buying PCs from Samsung.
I'm aware that Microsoft is a giant corporation and there are many different people employed. The amount of people who support Open Source most likely increased in the last years. But as long as they're doing the public "we love Linux and Open Source" and try to lobby Open Source away in the background, I have no reason to trust them.
Well really it's not much different from saying you will move out of your representative's district, move out of your state, or move out of the country if a law you don't like gets passed. Is it blackmail for a person to leave Indiana because of their pro-discrimination bill that recently passed? Was it blackmail for Salesforce to say that they wouldn't be doing business in Indiana? It's the same thing here. They're voting with their wallet just like everyone does.
However, it says in the article: A Microsoft spokesperson said: “We have looked into the nearly decade-old matter and we don’t recognise these claims. Fundamentally, it is not how we operate as a business. We have an honest and open engagement with the government and this is how we will continue to work with it.”
I do not like microsoft because I think it has slow down the progress of computer science (MHO). In this case microsoft has done nothing wrong. It has given Samsung the right to sign executable because people would hate if microsoft was the only one able to sign executables. In his case, samsung is the only culprit.
I think microsoft has make many good moves recently because the public interest and its business interest are converging. Microsoft is in a hard fight to avoid becoming irrelevant. It has to lobby governments for commercial interests and at the same time, it has to seduce developpers by open sourcing (and leading technical innovation).
Yes, I agree that this isn't related to Microsoft at all. I was merely responding to the aspect of "hey guys, look, Microsoft got better".
> It has to lobby governments for commercial interests and at the same time, it has to seduce developpers by open sourcing (and leading technical innovation).
Well, that's the very problem for me. As long as it is only PR to catch devs, I don't care. Opening .NET was great, but honestly I'm accustomed to open languages (or open compilers), such as Go, Rust and C (including the whole GObject ecosystem). It didn't make .NET better, it made it equal to things I'm used to. And in contrast to .NET, these languages are truly governed / developed by a multitude of developers.
To me it's more important to stop ambushing Open Source / Free Software (like the blackmailing I linked above). If Microsoft's products are better, they won't have to fear Open Source at all. Fair play is all I want.
I do not think open sourcing is only PR. It is a different model that should increase quality of software and less deception. I think there is a financial interest in open sourcing and listening to a community. The financial benefits of being "fair play" is not so clear.
Their recent "good moves" (open sourcing .NET, etc.) are simply an attempt to maintain relevance in the face of declining market share. If it results in regained market-share, they will likely bait and switch, and of course, they might as well get some good PR out of it.
First, why would you expect Microsoft to not lobby against laws that prevent it from effectively competing?
Second, Why is Microsoft lobbying for non-restrictive purchasing standards bad?
It's very clear to me that this has little to do with weather the competition is FOSS - and more to do if the competition can only be indian made software. Buy $country First laws have long been recognized as anti-competitive, protectionist and generally a cause of increasing acquisition costs.
FOSS of more often then not superior on its merits alone, why does it need a protectionist anti-competitive law to help it compete?
>FOSS of more often then not superior on its merits alone, why does it need a protectionist anti-competitive law to help it compete?
If proprietary software is more often then not superior on its merits alone, why does it need a protectionist anti-competitive law (Intellectual property, reverse engineering forbidden by EULAs) to help it compete?
>First, why would you expect Microsoft to not lobby against laws that prevent it from effectively competing?
I wouldn't expect Microsoft to not lobby because I don't believe their PR that says that they've "changed" and are now "pro open source".
>It's very clear to me that this has little to do with weather the competition is FOSS
So which part of the Indian policy that (briefly) favored open source was not about favoring open source software?
>FOSS of more often then not superior on its merits alone, why does it need a protectionist anti-competitive law to help it compete?
This should be made policy because this is a long-term strategy to prevent lock in, and because it's much harder to bribe a high level official than it is a low level official.
It doesn't seem fair to say that Microsoft is attacking open-source software here. They're just asking not to be shut out. I think any of us would be asking the same if someone were trying to categorically exclude something we'd made.
The old New MSFT made some good moves too. Then they went back to being the Bad MSFT. I hope that the company has figured out how to break the cycle of abuse, but I'm not going to be holding my breath.
or have they just let the open source folks continue to talk and talk about "YEAR OF THE LINUX DESKTOP" while releasing software that is different combinations of buggy, ugly, or a terrible UX.
linux on the desktop failed for the same basic reasons many startups fail. They didn't listen to their users or focus on making a product that their users wanted.
By users I mean the core market of Windows - the business desktop. How often did linux outreach staff come to a large business and listen to the concerns of the customers? Never (in my experience). How often did Microsoft do this? Often (again in my experience).
It's confusing when you address Linux this way. Most Linux distributions are not for-profit, so they're going to have any staff going to businesses. Plus, even if they did, they'd have to offer support, which they aren't able to.
The only distributions that can do that are the enterprise paid ones, and those are mostly meant for the server side. AFAIK there isn't really an enterprise desktop distribution of Linux really intended for that kind of use. Linux on the desktop is what it is -- it's an option for those who want it. Market share is not a big consideration at all.
Another element is that anything above the kernel is subject to change at whim of some primadonna developer.
MS has in the past bent over backward to maintain binary compatibility.
Some of the same attitude is present in the kernel mantra of not breaking userspace, but userspace devs seems all to happy to break stuff at the drop of a hat.
Yet, Microsoft is responsible for allowing such software to run in the background with no notification or authorization by the user or means to disable it.
It's really hard to find the correct middle-ground. Would you prefer if Windows worked like iOS where there are serious limitations on what apps can do in the background and where every application has to go through a central authority for vetting?
Or do you propose a solution that gives both freedom to the user while also not allowing something like this to happen?
Yes, there are whitelisting solutions (built into the OS by MS, btw), but they are a real pain in the ass to use - there's just too much stuff running on your machine at any given time.
In the early days of multi-user OS security, applications were trusted because they were installed by the admin and users were untrusted.
Today, we have systems which are mostly single-user, but where the applications are incredibly untrustworthy. Hence the popularity of jails and app-store systems. You can't easily retrofit this on Windows because there is very little security between windows running on the same desktop, but what I think we'll end up with is each application having its own SID and a default-restricted view of the user profile.
But in this case it's a hostile OEM, and there really isn't much that can be done in software against that.
> Would you prefer if Windows worked like iOS where there are serious limitations on what apps can do in the background and where every application has to go through a central authority for vetting?
I've thought about this for a while, and honestly, for desktops/notebooks/tablets? Yes. Maybe not just one App Store like iOS, but at least sandbox all possible non-os code similarly to ChromeOS, in a way that's on by default and requires a boot-time flag to disable (and users should be allowed to do this, but OEMs shouldn't.)
Recently my dad bought a new $300 toshiba laptop because his old machine was just "slow", as in he had so much spyware on his computer that it was easier to just buy a new one than going through the hassle of cleaning up his old one. Even though his old laptop was perfectly good and of a recent hardware generation.
I'm 100% positive he's going to have the same issues on his new laptop, and his response was that he uses his iPad so much that it doesn't matter anyway.
The role of the modern day OS has changed immensely over the years. Nowadays there's simply no reason for legitimate applications to have the level of access to the underlying system that they used to have. Apps really don't need arbitrary filesystem access. They don't need to be able to overwrite core system files. They should be run in a sandbox or a container with as restricted of a set of permissions as possible.
For servers and development workstations the story is a little bit different, but those are exceptions to the rule, and with the proper release hatches like boot-time enabling of un-sandboxed code it's a good tradeoff IMO.
Right, so because Windows has been historically shitty creating this problem in the first place, we now willingly want Trusted Computing and thus losing control and ownership of our own devices, with the grandma reason given as rationale. Well, when this relationship with the likes of Apple and Microsoft goes toxic, and it's only a matter of time, I'll be one of those that will enjoy it, as I'll consider it a sort of social justice, as a lot of people told you so and you wouldn't listen.
Instead of this sanctimonious sermon, we would be better served attempting to solve the problem that locked-down platforms do, but in a more open way.
Because the fact remains - computers have been a difficult thing for many people to use and maintain reliably. The "Windows has been historically shitty" point might be a reason this problem has been worse than it needed to, but it's hardly a compelling excuse.
When people—and not just Grandma—point out that their iPads don't have the same problem, then we should take that on board, rather than telling them that they're stupid for not listening.
So I'm all for solving current problems, however if I'm sure of anything, I'm sure that companies like Microsoft or Apple won't deliver a solution that solves these problems without locking-in users into a trap which is worse than the problem that it's solving.
And on Windows, this is the oldest trick in the book - in order to sell something people don't want, you first need to create the demand for it.
> Nowadays there's simply no reason for legitimate applications to have the level of access to the underlying system that they used to have
I'm hearing this argument from time to time. But I'd like to know what exactly changed. I can think of a dozen use-cases for which a shared, system-wide filesystem would be absolutely necessary (yes, especially with computer-illiterate friends and relatives, as "files" is pretty much the only abstraction besides "web" that is widely understood even outside of "geek"/"power user" circles).
So, what exactly has changed between then and now that made those use-cases legitimate in the bast but not anymore now?
Any application running under the user id has full access to his private data.
Add the capability to do network communication and suddenly the all wolrd has access to $ HOME.
This is why in the container model of mobile OS and Windows/Mac OS X sandboxes, applications only get to see file handles to files choosen by the user.
> he had so much spyware on his computer that it was easier
> to just buy a new one than going through the hassle of
> cleaning up his old one...
I don't understand. Why not just reinstall the operating system from blank media? If you get a new machine, you'll have to reinstall your user-applications and data anyway?
It's not something most people know how to do, and you have to pay for a blank media set. There is usually a "recovery partition" instead, but how well do those work?
You can download windows install files from Microsoft nowadays. There's a downloader that also includes functionality to burn a DVD image or create a bootable USB stick.
As for the "it's not something most people know how to do": Buying a new computer also requires you to transfer files from the old to the new computer. And requires you to install your software. I'd say that both tasks aren't significantly harder to perform than clicking "next" on the Windows install dvd.
There are two problems: how on earth samsung may have the idea to produce this kind of software and who is signing software without giving a look at what he is signing. A problem of software development mentality (on windows) and a problem of responsability.
> who is signing software without giving a look at what he is signing.
Versign would by proxy, as one example. A certificate authorized to sign code was purchased from them. Samsung would directly, to prove that this shit software came from them.
Just like SSL/TLS. I could set up an SSL website that performs drive-by attacks, would Verisign sign that? Yes, yes they would.
Vericode isn't an gate keeper like Macs certificates are. It's designed to improve security: if I download a Samsung installer Windows will tell me that it is indeed from Samsung (during the UAC elevation) because the signature checks out. This means that I can be certain that unbeknownst malware won't be installed on my PC alongside the Samsung malware.
The story is different with WHDL (drivers), those are signed by Microsoft (in addition to yourself, I think).
when you are asking for companies to verify all the software that is signed by their certs, im quite certain you are not at all considering the consequences.
Or you know, place the ability to disable Windows Update behind policy restrictions and UAC rather than being openly editable in the registry? With policy restrictions, corporate installations could deny all attempts to disable the service. In non-corporate environments, this should at least require a UAC prompt. While too many users would likely click through without understanding, at least knowledgeable users would understand and be able to deny the change.
Windows Update is a serious security requirement for any Windows install. Disabling it should clearly require explicit consent from the user.
Changing the windows update policy requires admin rights and UAC prompting. The Samsung installer would also run as admin (either started from a service running as admin and deployed by the samsung initial image, or by the user allowing UAC when launching the samsung installer), so it can change the registry.
True. To be more specific: while UAC is great for requiring admin privileges, it would be nice if UAC prompts would enumerate the permissions being asked for. The prompt should be asking you if you wish to allow the program to disable Windows Update as opposed to "admin privileges to do anything whatsoever with your operating system".
That said, it's a difficult system to implement properly. Android went that route, and it almost works - almost. Android's available permissions are too plentiful, and yet certain permissions are too broad in scope. I wouldn't want a desktop application to have to ask for separate privileges for every little piece of functionality, but for certain critical actions it would be nice to have some clue as to what is going on.
Perhaps in another 20 years someone will finally invent a privilege escalation system that somehow manages to be both very specific and yet not time consuming for the customer to manage. What a dream. :)
This omits "Scheduled Tasks" (cron jobs) which can be set to execute on user logon. This is the single one that Microsoft still need to address.
Does whichever operating system you are comparing to Windows have a one-top-shop for the vast majority of startup configuration? Of the "big 4" (Mac, Linux, BSD, Windows) as far as I know this is a unique feature.
Proof-of-point: I have a copy of Linux, without telling you what the distro is, tell me how to disable the firewall (just an example of background software on most Linux distros).
> no notification or authorization
Does that operating system of yours do this? Which of the "big 4" do? I know that Linux and BSD don't.
> Microsoft is responsible for allowing such software to run in the background
So Microsoft is responsible for everything every Microsoft-stack developer on earth does? Does that mean that RMS is responsible for closed source software because some of it is made with GCC?
> Proof-of-point: I have a copy of Linux, without telling you what the distro is, tell me how to disable the firewall (just an example of background software on most Linux distros).
This isn't comparing operating systems to operating systems. "Linux" could refer to a number of operating systems, such as Yellow Dog, Ubuntu and Fire OS. The Microsoft version of this question would be more like: "I have a copy of a Microsoft OS. Without telling you what version it is, tell me how to disable the firewall."
