Article is about various enterprise security features - not about getting security fixes to your operating system. These are more about logging, analytics over the logs and more control on the workstation configuration and different security policies.
These are tools that can increase security for an organization that has resources to properly deploy, manage and monitor them. IMHO they don't do much unless you have people who can dedicate time to dig into them.
Providing the storage and processing capacity on the cloud costs money, so it is difficult to bundle them with reasonably priced perpetual operating system license. There's also a lot of competition on this space.
Many many millions for a chatbot that slurps your emails or an integrated web browser that reports to the mothership, but no room in the budget for proper EDR because cloud storage. I just don't buy this argument at all.
Security costs money to constantly keep up, requires teams to be allocated 24/7 to test for vulnerabilities, keep track of malware out in the open, etc.
It costs money to make things secure, moreover its one of the major features which enterprise is actually willing to pay good money for, or else they’ll go for lower tier.
I get how it sucks that not everyone gets great quality security for no or low cost.
But this is a world where most people do not respect software developers work, where most b2c consumers are happy to pay $10+ per DAY on a cup of coffee but not willing to spend $10 on a software PER MONTH, that they use everyday that improves their life and work.
Idk, it takes effort for people to keep apps uptodate with OS upgrades, maintain libraries, fix bugs, fix security issues, keep battery usage low, improve performance, support a 110 different screen sizes with different android and ios version, desktop apps, web browser, whatnot.
Yes you need to pay for work, if it was cheap to have great security, some other software would have already started winning all enterprise deals.
It takes money to keep software running, microsoft would have been happy to get the PR boost from offering great security for free for everyone, they must have figured people wont upgrade to higher offerings if they do that. They already give a lot of great tools away for free.
Someone needs to pay for the work, its not like the software is that expensive, its nominal in most cases, especially if you look for good deals.
Im saying it as someone who hates microsoft uses linux and stays away from any major microsoft product except github.
You're arguing that security shouldn't be free, while the article is arguing that security shouldn't be a paid add-on to a service for which you already pay a lot of money.
> where most b2c consumers are happy to pay $10+ per DAY on a cup of coffee but not willing to spend $10 on a software PER MONTH
You can see where the money goes for the first, planting and farming, physically transporting beans across the world, processing them, physically making and handing you the coffee.
Bits in a screen that someone just comfortably typed and then pressed a button to ship is not as valuable. On the other hand, even if you can charge much less for it, you can charge it to everyone in the world for pretty much zero additional cost. So I wouldn't complain with the tradeoff.
Security vulnerabilities are faults in the software product, in no other industry do we accept selling a faulty product, and then being forced to buy a subscription to have those faults fix.
Would we accept that a car that explodes if someone whistles a certain tune near it as "just a bug"? And also accept paying to patch that bug?
I'd say that we're duty-bound, not to knowingly release insecure software, or at least, put big red "cigarette warning" labels on the packages.
If the only way we can make cheap software, is to make insecure software, then maybe we shouldn't be selling cheap software.
It's a conundrum. If we don't sell cheap stuff, someone else will, and eat our lunch.
That's one reason that a regulated industry is sometimes the only solution (an unpopular stance -as evidenced by the almost instantaneous reaction to this comment).
Pretty much this. If you don't want to pay Microsoft a subscription for extra security, your are free to build you infra from scratch using a 100% FOSS stack and do your own security over it including hiring dedicated security experts to keep on it 24/7. See how much that will cost you.
The biggest problem with Microsoft's products is that they are insecure by default. Once you got that, You see it every where.
Opening attachments in MS Office is insecure, because macros can access all files on the system and execute code willy nilly. Yes there is a button asking if you want to enable macros in the document. If a single user presses that button your org gets owned.
Yes, you can secure everything but 90% of admins don't do anything about it. They sprinkle anti-virus on top and call it a day. If it blows up then they couldn't do anything about it. Microsoft knows this.
While that suggestion is music to my ears (I've been using Linux/BSD on my private machines for over 20 years), for the overwhelming majority of users, that is not an option. Tons of applications are available only on Windows, and sometimes on macOS. I second-hand observed one case of a company trying to migrate from MS Office to LibreOffice only to realize that they were using add-ins for Office (something SAP-related, IIRC) that were/are not available for anything but MS Office.
Unless Microsoft themselves push for a (yet another) "year of the Linux desktop", I don't see it happening on a large scale. The other option would be for customers (large companies, government agencies) to demand for a change en masse and invest the money needed to make it happen, which I don't see happening in at least the next decade either, as much as I would love to see that.
EDIT: One more option I could think of would be for online security to become such a nightmare large corporations see their profits dwindle, both tech companies and "old school" companies who have become accustomed to using the Internet for their business. Imagine a world where you need to do a clean install each time you connected to the Internet to ensure no sensitive information is leaked and no malware infests your machine. A world where opening an email has become so risky people prefer going back to snail mail and fax. And so forth. I don't really see that happen either, but it seems slightly less unrealistic than the above scenarios.
I've been using KDE Neon on my secondary box for years now, and overall it's been great, except for two points which still means it's a no-go for my primary desktop. With gaming on Linux now being in a great position, it's one down two to go.
First, and by far the most important, no RDP alternative with similar performance and functionality.
Second, I'm really fond of the full-disk backup I have running. I has saved my ass several times, allowing me to be back in action in less than an hour with minimal data loss, by simply swapping out the disk and restore.
I know there are some good backup options for user data, but I'd still need to reinstall all the data and re-tweak all the various configuration options etc which makes much more of a hassle to restore.
MDE plan 2 is no assurance of security. There was an incident where Microsoft, in their infinite wisdom, pushed out definitions that caused the removal of many valid app shortcuts freaking users out that all of their apps were deleted. This is not an isolated incident. MDE makes sweeping changes to millions of machines that Microsoft appears to barely test at all.
Security features should be free or a lot cheaper. But compliance? Heck no. Customers with compliance requirements are the ones with some group demanding they prove that they're adhering to numerous (sometimes contradictory) policies. If they can afford to create all that red tape, they can afford to pay to comply with it.
Microsoft should have a variety of hardened images included on every Windows installation media.
After a hardened OS image is installed, it should not be left to the administrative user to figure out how to make one of the 100 most common Windows apps work with it. Instead, Windows should allow novice administrative users to say "allow Office 365 to install and run," or "allow Adobe Photoshop to install and run."
Then there should be a matrix where the administrative user can grant or deny permissions to each app. Do we give permission to Adobe Photoshop to phone home or not? I should be able to examine every packet and know exactly what is going on.
We need a law similar to the GDPR for local programs that forces software makers to annotate all network traffic traffic, and that always allows the user to disable security-weakening features.
Until we know exactly what our PCs are doing on the Internet, we have zero chance in the Information Security War.
Before someone says "that would help software pirates," know that it would be perfectly OK for a company to send a large encrypted block labelled "request for license authentication" and receive back another large encrypted block labeled "license activation."
Just using the virtualizing features Windows already has (and has had for years now) to provide application sandboxing in an accessible manner (think QubesOS) would go a long way. I'm not saying it's easy, but it's possible, and Microsoft certainly has the resources to pull it off. I cannot believe nobody at MS has thought of this yet.
(This could also be used to make backward compatibility less painful, which no doubt many MS programmers would appreciate deeply.)
[+] [-] jpalomaki|1 year ago|reply
These are tools that can increase security for an organization that has resources to properly deploy, manage and monitor them. IMHO they don't do much unless you have people who can dedicate time to dig into them.
Providing the storage and processing capacity on the cloud costs money, so it is difficult to bundle them with reasonably priced perpetual operating system license. There's also a lot of competition on this space.
[+] [-] dwaites|1 year ago|reply
[+] [-] gofreddygo|1 year ago|reply
that's the whole point.
[+] [-] teitoklien|1 year ago|reply
It costs money to make things secure, moreover its one of the major features which enterprise is actually willing to pay good money for, or else they’ll go for lower tier.
I get how it sucks that not everyone gets great quality security for no or low cost.
But this is a world where most people do not respect software developers work, where most b2c consumers are happy to pay $10+ per DAY on a cup of coffee but not willing to spend $10 on a software PER MONTH, that they use everyday that improves their life and work.
Idk, it takes effort for people to keep apps uptodate with OS upgrades, maintain libraries, fix bugs, fix security issues, keep battery usage low, improve performance, support a 110 different screen sizes with different android and ios version, desktop apps, web browser, whatnot.
Yes you need to pay for work, if it was cheap to have great security, some other software would have already started winning all enterprise deals.
It takes money to keep software running, microsoft would have been happy to get the PR boost from offering great security for free for everyone, they must have figured people wont upgrade to higher offerings if they do that. They already give a lot of great tools away for free.
Someone needs to pay for the work, its not like the software is that expensive, its nominal in most cases, especially if you look for good deals.
Im saying it as someone who hates microsoft uses linux and stays away from any major microsoft product except github.
[+] [-] ChrisLTD|1 year ago|reply
[+] [-] vasco|1 year ago|reply
You can see where the money goes for the first, planting and farming, physically transporting beans across the world, processing them, physically making and handing you the coffee.
Bits in a screen that someone just comfortably typed and then pressed a button to ship is not as valuable. On the other hand, even if you can charge much less for it, you can charge it to everyone in the world for pretty much zero additional cost. So I wouldn't complain with the tradeoff.
[+] [-] RobotToaster|1 year ago|reply
Would we accept that a car that explodes if someone whistles a certain tune near it as "just a bug"? And also accept paying to patch that bug?
[+] [-] ChrisMarshallNY|1 year ago|reply
If the only way we can make cheap software, is to make insecure software, then maybe we shouldn't be selling cheap software.
It's a conundrum. If we don't sell cheap stuff, someone else will, and eat our lunch.
That's one reason that a regulated industry is sometimes the only solution (an unpopular stance -as evidenced by the almost instantaneous reaction to this comment).
[+] [-] Rinzler89|1 year ago|reply
[+] [-] nolist_policy|1 year ago|reply
Opening attachments in MS Office is insecure, because macros can access all files on the system and execute code willy nilly. Yes there is a button asking if you want to enable macros in the document. If a single user presses that button your org gets owned.
Yes, you can secure everything but 90% of admins don't do anything about it. They sprinkle anti-virus on top and call it a day. If it blows up then they couldn't do anything about it. Microsoft knows this.
[+] [-] germandiago|1 year ago|reply
[+] [-] krylon|1 year ago|reply
Unless Microsoft themselves push for a (yet another) "year of the Linux desktop", I don't see it happening on a large scale. The other option would be for customers (large companies, government agencies) to demand for a change en masse and invest the money needed to make it happen, which I don't see happening in at least the next decade either, as much as I would love to see that.
EDIT: One more option I could think of would be for online security to become such a nightmare large corporations see their profits dwindle, both tech companies and "old school" companies who have become accustomed to using the Internet for their business. Imagine a world where you need to do a clean install each time you connected to the Internet to ensure no sensitive information is leaked and no malware infests your machine. A world where opening an email has become so risky people prefer going back to snail mail and fax. And so forth. I don't really see that happen either, but it seems slightly less unrealistic than the above scenarios.
[+] [-] magicalhippo|1 year ago|reply
First, and by far the most important, no RDP alternative with similar performance and functionality.
Second, I'm really fond of the full-disk backup I have running. I has saved my ass several times, allowing me to be back in action in less than an hour with minimal data loss, by simply swapping out the disk and restore.
I know there are some good backup options for user data, but I'd still need to reinstall all the data and re-tweak all the various configuration options etc which makes much more of a hassle to restore.
[+] [-] 1letterunixname|1 year ago|reply
[+] [-] dmatech|1 year ago|reply
[+] [-] RecycledEle|1 year ago|reply
Microsoft should have a variety of hardened images included on every Windows installation media.
After a hardened OS image is installed, it should not be left to the administrative user to figure out how to make one of the 100 most common Windows apps work with it. Instead, Windows should allow novice administrative users to say "allow Office 365 to install and run," or "allow Adobe Photoshop to install and run."
Then there should be a matrix where the administrative user can grant or deny permissions to each app. Do we give permission to Adobe Photoshop to phone home or not? I should be able to examine every packet and know exactly what is going on.
We need a law similar to the GDPR for local programs that forces software makers to annotate all network traffic traffic, and that always allows the user to disable security-weakening features.
Until we know exactly what our PCs are doing on the Internet, we have zero chance in the Information Security War.
Before someone says "that would help software pirates," know that it would be perfectly OK for a company to send a large encrypted block labelled "request for license authentication" and receive back another large encrypted block labeled "license activation."
[+] [-] krylon|1 year ago|reply
(This could also be used to make backward compatibility less painful, which no doubt many MS programmers would appreciate deeply.)
[+] [-] k12sosse|1 year ago|reply
[+] [-] mrjin|1 year ago|reply
[+] [-] unknown|1 year ago|reply
[deleted]
[+] [-] omgCPhuture|1 year ago|reply
[deleted]