MS do not publish full system specs, and they use undocumented features themself.
Ok, say MS puplished their code tomorow, what do you think would happen? All the crackers and virus writers of the world would join hands and sing 'joy to the world' and forgive MS for their tresspasses? I suggest that many of these virus writers are not motivated by an elitist ideaology, but rather by financial gain, and the sense of empowerment borne of damaging a global system. I agree that MS, like many large companies, have not always behaved in an ethical manner, and have been driven largely by bottom line economics, but what is done is done, and that doesn't absolve virus and spyware writers of the damage they are doing to the internet community.
So, what other companies are doing? Yes, correct, they are experimenting, searching for the undocumented features. They found it, and no one can separate bugs and undocumented features. These are all results of MS approach _I am doing everything myself and do not want others to compete with me_. Ok, so please do not complain on those who uses your undocumented features, undocumented API (and ohh, it is not my API, it is a bug... as they are saying now). Are you sure that it is a bug, but not a backhole created by MS for themself? I am not.
So MS has undocumented 'features', so what? When you install their software you agree to a licence, and that you are using their software bound by their terms and conditions. Am I afraid big brother is watching, that MS is spying on me? Not really, nothing to see. Do I think that some of these practices are unethical? Yes, they probably are, but when I agreed to that licence I gave up my right to complain. Arguably, the internet would not be where it is today without MS, and that this design principle of automating as many processes as possible is what has made the internet a universally accessable medium, and that this automation creates security vulnerabilities is simply the trade off made for that accessability.
Or - after others found this backhole, they decided to seal it. You can not prove that it is a bug, as I can not prove that it was a feature.
Any undocumented API is not different from a bug - it is just something which is not documented but exists. Just as MS is working on new undocumented API's. Of course, they are - hackers, spyware designers and MS developers... I do not see a difference.
I see a very distinct difference, and that is that I have made a choice to use the MS product, that I have given my consent to them by way of a licence agreement, if they clearly abuse that trust, I will choose an alternative product, that is free enterprise in action. But I did not give the hacker and spyware writer permission to invade my privacy and damage my systems. Using MS products is not an open invitation to criminals to disrupt my networks, or absolution for criminal acts.
Please, specify a difference between 'flaw in the code' and 'backhole created for their own purposes'. If they claim 'our developers use only specified API' and 'we specify and document every system call and every function which can be used legally, from technical point of view', then I agree. But they never did and never would. if they do it, they lost their monopoly. Result - full zoo of pets, pests, and other animals in every home computer running Windoze.
May be, this particular feature was a bug, I can agree - but I do not see a difference (still).
MS has a monopoly, it's true, but the reason for that monopoly is not entirely because of unfair business practices, it also has a lot to do with their original design mission. That was and still is, to make their OS as easy to use as possible. You and I may know how to use linux, but up until a couple of years ago, this was just too complex an operating system for the average home user. That much of the MS code is undocumented, is probably a good thing, because it makes the virus writers work more difficult. Do I think that these undocumented features serve some devious purpose? If someone can come up with hard evidence of that, I will change operating systems.
Sorry, it was a _technical_ question - is MAC OS known as having pests and ad-ware in the comparable numbers (if any)?
This is spurious logic. You are suggesting that Mac is a more secure operating system, and I would suggest that it is probably far less secure, because it has not had to withstand years of unearthing vulnerabilities in the code. I have heard an OS compared to a sphere, the larger the sphere the more surface area: the larger the OS, the more area to protect. The last time I installed Red Hat, it weighed in at nearly 2 gigs, Mac around the same. Now, you can fit a 1000 page novel in a 3 meg file, so consider, there are millions of pages of code in an OS, and regardless of your operating system of choice, there are innumerable flaws that beg exploitation. The only reason MS is consistantly the subject of attack, and not Mac, is not because Mac is bullet proof, it is a tactical decision. Like it or not MS controls the market, and virus writers want to create exploits that will have the greatest impact. If MS were to dissapear tomorow, and Mac were to become king, it would only be a matter of weeks before virus writers ported their code to the Mac OS. Don't agree? Read 'Hacking Exposed Linux'. I used to think linux was secure, now I know better.
Hmm. Is it legal for MS developers (for example, office developers) to use undocumented APIs? What's a difference? What does it mean 'access' - you open my web page, and your IE download my GIF file - is it authorised (my GIF is installed into your computer)? You allow Active X to run, even if ActiveX can install software - it is enough to be authorised. These is common sense - if there is a road, it is authoruised to hike it (except if there is a closed gate or an angry dog on the way). At least, it is common sence on 90% of the world.
Again I think it comes down to choice. I have navigated to a website because I have made a choice to view its content and services, I did not however, choose to have spyware installed on my computer. By installing this software, they have violated my trust, they have installed invasive software without my consent. I realize that I may be vulnerable to viruses in using the internet, but that does not excuse the virus writer from creating software that impedes my use of this system, or removes my ability to choose the nature of my experience.
Of course, we can create many laws making common sense useless, but do not expect anyone outside to follow it. Internet is not located inside, so - you can make a conclusion. MS provoked people to search for undocumented things - it is common sense which say me that it results in my home computer making unpredicted actions - and I can not blame spyware writers, I should blame MS writers... (I do not like spywriters, anyway, but they are making their business..)
Of course, they are. MS is profited from undocumented API's, as well. Where is a difference?
Well it may seem that I am singing the praises of MS, but that is simply not the case. After years of being a systems admin, I came to really dislike MS, it was a lot of work keeping the systems clean and safe, but it's kind of like what Churchill said about democracy: 'Democracy is a bad form of government. Unfortunately all the others are so much worse..' MS makes a lousy OS, but for the home user, it's the best thing we've got. I think though, that there is a greater issue here, and that is what should be done about sites like 'cool web search'. Clearly they are causing damage to the internet community. Laws can not be relied upon to act on such trespasses, not in an international community. This places the onus of responsibility on the ISP leasing the addresses. This site has likely infected millions of computers, and I have no doubt their ISP is aware, but probably has a policy of non discrimination, or doesn't want to involve itself in legal entanglements. Do you de-peer them or filter their prefixes as someone suggested?. I think a lot of legitimate users would suffer as a result, so this is not a reasonable solution. But something does have to be done, when a website presents a clear and ongoing threat to the internet community, it has to be actionable. The problem then becomes, who defines what is a threat, and by what criteria do providers refuse service to the individual or each other? So do you create a charter of acceptable policies and practices among ISPs? Some collectively agreed upon statement of what constitutes acceptable practices as it pertains to this type of situation? I'm not sure it would work, but I am hard pressed for solutions. We all remember the promise ecommerce once held to our industry, and I believe it has fallen flat, largely due to the perceived danger of spyware and viruses. The danger of these attacks, and their scope and severity seem to grow each year, and I think the entire community is suffering as a result. So the question remains, what do we do about it?