Most things that were "once an accepted standard in IT" are horribly insecure. The end user wanting a system he/she controls is very much one of them.
Microsoft taking away control from users, especially when it came to forcing them to take updates, is probably the biggest change they could possibly have made to improve the overall security of the internet.
If you don't control something, you de facto don't own it. You're advocating for a future without personal property. If you doubt this, see John Deere.
> improve the overall security of the internet
When someone else has remote control over your system, your system is - by definition - insecure. The recent drama involving the FBI and an iphone is a perfect example: the phone is insecure if the OS can be forcibly updated by the manufacturer.
Remote control of the OS may improve the security of the internet, but it happens at the expense of user security.
> The end user wanting a system he/she controls [is insecure]
This attitude is incredibly insulting. Instead of providing more secure products that people cant successfully maintain, or spending the time and effort to properly educate users, you're claiming they cannot be trusted with complicated tools.
> taking away control
"Freedom" necessarily includes the freedom to make bad decisions. You want to take away that choice. You might want to consider the long-term effects of advocating against freedom.
I'm not advocating. I am pointing out that user control is fundamentally anti-security. Bad security may very well be worth the tradeoff if you value other things like freedom, fashion, backwards compatibility, fewer restarts, price, etc.
I'm not convinced that freedom and security are quite as opposed as some claim; centralized control has repeatedly been shown to create its own security problems.
But supposing and to the extent that they are, I'll bite that bullet. If I have to trade away security for freedom, then I'm willing to do exactly that.
I don't see how your argument works. You seem to be saying that user control automatically leads to less security which is obviously false. Maybe you are conflating groups with individuals. If an individual has control then by definition he can chose to be more secure or less secure by his actions e.g that individual may chose to perform updates asap and stay away from suspicious downloads. He can also chose to do the opposite of these things and be less secure but there is obviously no direct implication either way. But underlying this is a one-dimensional view of security, consider more complex scenarios where users are forced to use a single software to perform a task. If that software is insecure then 100% of users are vulnerable whereas if there are a diverse range of programs the users are more resilient to attacks.
>You seem to be saying that user control automatically leads to less security which is obviously false.
No.
> If an individual has control then by definition he can chose to be more secure or less secure by his actions
He can in theory, but he does not in reality.
>He can also chose to do the opposite of these things and be less secure but there is obviously no direct implication either way.
Again, reality shows us that the vast majority of users choose to be insecure.
>But underlying this is a one-dimensional view of security, consider more complex scenarios where users are forced to use a single software to perform a task. If that software is insecure then 100% of users are vulnerable whereas if there are a diverse range of programs the users are more resilient to attacks.
Correct, a diverse set of platforms would also be good for security. But that is a separate argument.
> the vast majority of users choose to be insecure.
This is incorrect. The vast majority of users choose to use the things they purchase for the intended features. They usually make no choice whatsoever about security. Your posts in this thread have been trying to blame users for poor product design; if something is badly insecure when used for the intended features, then it is defective.
This is where you probably want to assert that remote management is the solution, which takes control away from the user and allows defects to be fixed at a later time. You have asserted many times that allowing users to control their own devices is "less secure". This conclusion may be true in some cases, but it is simply incorrect most of the time.
When you take control away from the user and give it to the manufacturer (or other remote location), you are creating a backdoor that the user cannot override. Adding a remote backdoor is weakening security for the user. If you want to argue this, you're going to have to explain why both the FBI and Apple were wrong in their recent conflict about pushing a broken OS to a certain iphone.
Yes, users have very little knowledge about computer security. The solution to that is to educate them and make better products that don't need as much technical knowledge to use safely. Only then will security be improved. Your solution of handing over control to someone else is trying to keep users ignorant while lowering user security.
You seem more interested in putting words in my mouth than having a real discussion, so I will simply say that if you want to go with that metaphor, having a backdoor is preferable to having no walls.
User control is, by definition, security. The goal of security is to keep control in the hands of the owner. To remove control in the name of security is at best deceptive and self-defeating.
No. The user might use his control to make his computer less secure. Then it does't have security. And in real life, most user do exactly this when they have the option easily available. Most viruses spread through user control. Users choose to run programs which are viruses. Users choose to not upgrade their insecure software. Those are pretty much the main ways viruses spread.
You start off by saying "The user might use his control to make his computer less secure" which is true. But just two sentences later you claim "users choose to not upgrade their insecure software" which is obviously false. They might but the might not.
I could argue the same way and claim that removing user choice might make the computer less secure e.g. by forcing updates to an insecure version, installing backdoors etc. In the real world, this is exactly what happens. Therefore removing user control makes computers less secure. Now do you agree or do you think that my argument is deeply flawed?
"Freedom" necessarily includes the freedom to make bad decisions. You want to take away that choice.
Very well said. There's this relevant Gandhi quote:
"Freedom is not worth having if it does not include the freedom to make mistakes."
The whole approach to computer security seems to be based on an argument along the lines of "let's just throw everyone in jail and treat them guilty by default because they might possibly do something we don't like", which (fortunately, at this present time) seems preposterous in the real world, and yet that's what people are silently accepting --- or even strongly advocating --- with respect to online matters and their computing devices.
A world of perfect security and perfect safety, where no one can make mistakes, where no "bad things" can happen to anyone, and in which everything is controlled by some authority would be immensely boring, dystopian, inhuman, and quite frankly not worth living in.
Choosing to have less security because you value freedom more is totally fine. What I object to is choosing to have less security because you value freedom so much you pretend that less security is actually more. And especially when people are making that choice because those of us who are more informed than they are lied to them in order to manipulate them into doing so.
Full disclosure: I work at Microsoft but outside of Windows.
> poor upgrade/reinstall behavior resulting in lost licenses
I have never experienced this. If you bought Windows 10 straight up (or your computer came with one) then you have a product key you can use, just like before. If you upgraded from 7/8 or are in the Insider Program, then you get a digital entitlement to your Microsoft account which gets restored automatically when you next sign on. http://windows.microsoft.com/en-us/windows-10/activation-in-...
> overly complicated licensing structure
There are two editions for consumers: Home, and Pro. With the differentiator being fairly clear from the name alone (home is for home users, pro gives you things you aren't going to ever use at home but might at work, like AD join). There are other editions like Enterprise and Education, but an end user will never even see them.
> forced integration of unrelated products
Cortana is a part of Windows. It started as a Windows Phone feature, and got brought over to desktop. There's nothing unrelated about it. Bing is integrated to Cortana because that's the backend powering it. It's like how Ok Google uses Google on Android. Using a third party provider would not give nearly the amount of insight it currently has, since the two teams can work together to improve results and the overall experience.
> integration of advertising into the OS (lockscreen and wallpapers)
Spotlight has shown one ad that I am aware of (Tomb Raider). Otherwise, it gives you curated images rotated every so often. Your wallpaper does not change, that is not a feature of Spotlight. It's also completely disableable; you just set your own image.
I upgraded three computers to Windows 10 a few months ago. One each from Vista, 7, and 8. All three had showstopper problems. One would never again resume from sleep and had to be downgraded (HP laptop). One encountered a permanent boot error on the second boot into 10, and had to be completely wiped to make it work (Lenovo desktop, only a year old). And the third required purchase of a new graphics card, because acceleration which worked in Win7 does not work in Win10 if you have older Intel integrated graphics.
These free upgrades cost me about 15 hours of lost time, $80 in hardware, and a lot of goodwill. Or I guess I should say, two upgrades, since one had to be undone.
Can we please just give you money and have a edition of Windows 10 LTSB for consumers where you don't have to wrestle with all this crap?
Also will this "surprise motherfucker" style of updates continue when the free update period runs out in July 2016 and MS starts charging money? Because if it won't, get prepared for some heavy legal action.
I believe Windows 8 introduced the group policy to set a default lock screen image (https://technet.microsoft.com/en-us/itpro/windows/whats-new/...). Since Enterprise is the only LTSB SKU, I would assume some sort of group policy is also being deployed. Wouldn't be too hard to set that policy up, which disables Spotlight automatically.
I am not. I am under the impression that some people believe "I control my own machine" is a point in favor of security. And that those people are wrong. Perhaps not for themselves specifically, but in turning that philosophy into a general rule to apply to consumer products.
> Microsoft taking away control from users, especially when it came to forcing them to take updates, is probably the biggest change they could possibly have made to improve the overall security of the internet.
Shouldn't the end user get to decide for themselves whether Microsoft can control the computer the user paid for, that sits in their home or office, and that contains their private and otherwise confidential information?
Disclaimer: MSFT employee here. My previous company was acquired by MSFT.
> Shouldn't the end user get to decide for themselves.
Not for the typical user who is not working in IT. None of my friends or relatives want to decide themselves about how their computer works. They just want their system to work and let them do their daily activities. Most of them use phones and tablets for much of their online stuff and they want the system to take care of itself.
Personally, I want to have full control of my system. But as the default sysadmin for my family and extended family, I dont have the time to maintain all those PCs, phones and tablets.
Not being confounded by choices they dont understand or care is also what they want.
Chrome and Firefox auto updating without user intervention by default is a good thing. If Chrome were to ask permission before downloading updates, many of them will just cancel it and get on with whatever they wanted to browse. If the system is compromised by malware because of an unpatched security issue, it is the vendor who takes the blame.
Chrome is a browser, not an OS. I don't run my software under Chrome, so I'm not as affected if it had issues with auto-updating (there rarely was anything, which is another point).
If Google were playing beta testers with Chromebooks and messing around like MS does, you'd think there would be anything positive written about them ?
Sure it is. So what? Are you going to pretend that they are the only ones affected? It hurts the rest of the internet when their machine is then used by hackers to attack others. It hurts the banking system and indirectly, small vendors when these people's credit card information is stolen and used to make fraudulent purchases.
Taking away the right of individuals to make bad decisions that harm others is the entire point of society.
Microsoft taking away control from users, especially when it came to forcing them to take updates, is probably the biggest change they could possibly have made to improve the overall security of the internet.