C
cquirke (MVP Windows shell/user)
On Sun, 19 Jun 2005 22:59:02 -0700, Jim Clark <Jim
Violation? "Mercy is for the weak, Todd!"
When XP's firewall first came out, I wasn't surprised that MS looked
at only traditional incoming traffic risks, and ignored outgoing
traffic - the idea being that a firewall keeps network things out, and
an antivirus keeps code things out, and because these always work,
there's no need to worry about anything already "in".
The reason is that watching outgoing traffic, especially if
"editorializing" on the nature of that traffic, would require MS to
watch and develop for particular malware on an ongoing basis. That's
an open-ended committment poorly suited to "one off payment, free
support" and better suited to the av industry's "subscription" model.
And the LAST thing I want to see is permanent software being "sold"
via rental slavery, where you have to keep paying for the same old
product if you don't want to upgrade, or cannot do so because you're
using a perfectly good but increasingly "ancient" computer.
Since that time, MS has embraced the challenge of keeping up with the
bad guys, what with the acquisition or RAV, the mutation of Giant into
MSAS Beta, and subsequent initiatives.
Against that background, I'd expect to see egress awareness, and
perhaps even whitelisting for local code as well. I'd like to see
egress minitoring that's smart enough to stab wolves through the usual
BHO, SVCHost and RunDLL sheepskins, too.
Actually, there's a lot I'd like to see, but my hopes are not high.
better one at http://topicdrift.blogspot.com instead!
Violation? "Mercy is for the weak, Todd!"
When XP's firewall first came out, I wasn't surprised that MS looked
at only traditional incoming traffic risks, and ignored outgoing
traffic - the idea being that a firewall keeps network things out, and
an antivirus keeps code things out, and because these always work,
there's no need to worry about anything already "in".
The reason is that watching outgoing traffic, especially if
"editorializing" on the nature of that traffic, would require MS to
watch and develop for particular malware on an ongoing basis. That's
an open-ended committment poorly suited to "one off payment, free
support" and better suited to the av industry's "subscription" model.
And the LAST thing I want to see is permanent software being "sold"
via rental slavery, where you have to keep paying for the same old
product if you don't want to upgrade, or cannot do so because you're
using a perfectly good but increasingly "ancient" computer.
Since that time, MS has embraced the challenge of keeping up with the
bad guys, what with the acquisition or RAV, the mutation of Giant into
MSAS Beta, and subsequent initiatives.
Against that background, I'd expect to see egress awareness, and
perhaps even whitelisting for local code as well. I'd like to see
egress minitoring that's smart enough to stab wolves through the usual
BHO, SVCHost and RunDLL sheepskins, too.
Actually, there's a lot I'd like to see, but my hopes are not high.
Forget http://cquirke.blogspot.com and check out a
better one at http://topicdrift.blogspot.com instead!