This has been a hot button topic in these forums at times, with one "hungry" individual in particular placing fault on MS' shoulders. Should MS take full, partial or no responsibility for a user's decision on what to install on their computers, including malicious files? My answer is Partial responsibility. Here is my idea of what they could do better: How about, stealing an idea from Linux, a Microsoft Approved Repository system? The way it might work is that any developer of software designed to run on Windows has the option, not forced upon them to submit their finalized product to MS, where it would be installed on a test platform, and put fully through the paces, ensuring it is malware-free, runs stable, does what it's supposed to do, and does not introduce unnecessary security risks in the O/S. Most importantly, it must be malware-free and stable (no BSOD's, crashing, etc). to meet a minimum acceptance criteria. If it passes, MS would issue a Digital certificate for the product, free of charge, and place it, with the consent of the developer, in their own secured repository, available to anyone who wishes to download from it. The developer could also link to this repository for those who want to trial the product. The product could be freeware or trial-ware, with payment to the developer made through the usual channels. Windows could use a digital inspection approach, much like UAC that shows the blue and gold shield for Windows digitally signed files for users installing software, that clearly displays to the user the software is MS approved and digitally signed. If it is not MS digitally signed from their approved repository, a bold and clear warning is displayed, although the user still has the option to continue installing as administrator, at their own risk! MS could make it very clear to users to make every effort to obtain their software from their repositories to ensure a malware-free experience, although downloading from other untrusted sources such as through torrents or product websites could still be an option, also at the user's own risk!. Now this isn't actually taking a form of responsibility, because nothing's forced on the developers or users, because I, for one, wouldn't want that, but it should theoretically at least significantly help reduce the risk of user's inadvertantly installing malicous files on their computers. It could be a great situation for developers, including the one man operations like Sandboxie, to have an MS-assigned digital certificate attached to their software, so users know it's not only malware-free, but that it's stable and effective.
As if the Windows Software Logo Program didn't exist. . . People should research better before "suggesting" things.
Oh and I present you this: http://www.microsoft.com/windows/compatibility/windows-7/en-us/default.aspx Your "idea" doesn't seem original. It's already implemented!
Yes. Read the FAQ: http://www.microsoft.com/windows/compatibility/windows-7/en-us/faq.aspx Also what a dev needs to do to get his software listed there: https://www.microsoft.com/windows/compatibility/windows-7/en-us/partner/submission.aspx http://www.microsoft.com/windows/compatibility/windows-7/en-us/partner/faq.aspx
Of course, Microsoft doesn't host the third-party software downloads, but they are checked nonetheless.
Impossible to force them: legal restrictions. Things like UAC and SmartScreen reputation filter are, however, incentives. Why? Because users begin to question why they are seeing all those warnings and the devs are consequently pressured. That's why major software companies tend to follow every step provided by Microsoft to get listed on that site and earn a Windows Software Logo.
But it does: Someone's gonna have to get paid to do this. And they'll always charge because that's how the cert system works. Of course I voted yes they're entirely responsible.
They aren't. No matter how you insist in this crap, they aren't. Read and accept their EULA or find an alternative.
I opted for no not at all. ford isnt held responsible for people who drive their cars when drunk so why should microsoft be held responsible when people decide to use their pc's when drunk?
Computers aren't cars. And car companies invest quite a lot into new technology to protect drivers. When you'r ein a car there isn't someone trying to make you crash so that they can profit... it's an entirely different game.
And so does Microsoft. Not true in all situations. Think about a crazy woman cracking her husband's car, wanting the money she would get after her husband's death/severe injuries on an accident - thanks to a Security Life Insurance, lol. If she succeeds, should we blame Ford for not making an uncrackable car?
You're comparing an incredibly uncommon circumstance to malware distribution, which is incredibly common. There's just no analogy that compares to computer security accurately.
There are not groups of people deploying malicious cars on the street to go crash into other cars so that they can steal your money. Anyways, I'd be willing ot say that it's both up to the devs and Microsoft to keep the user secure but I think it's much more important for MS and I don't think the user fits in at all in any decent security model.
No. The user takes responsibility for what he does (as already explained in detail on the EULA). Microsoft can't act as if it was a combination of every world's security government agency + having total jurisdiction and rights + having total success on everything. Stop dreaming. Microsoft is just a company that sells things, with all its businesses activities regulated by government agencies. How people use these things is totally upon themselves and their national governments'.
Let me be clear: If a piece of malware breaks someone's OS or whatever it is not up to MS to pay for it or whatever. But a user should never be part of a security model and MS is responsible for keeping the OS secure.
Obviously. Let's use the dictionary's meaning for resposibility, shall we? Officially, Microsoft is "responsible" for what it legally commits to. And that's always how things will work, unless Microsoft stops being a business company and begins to be what I already described (a combination of every world's security government agency + having total jurisdiction and rights + having total success on everything.)
