Sunday, 11. December 2005, 11:01:57
An article taken from a magazine. I'll reserve my comments.
Article written by Alex St. John
All Software Will Be "Spyware"
Some years ago [ Alex St. John ] predicted that there would be "updater" technology wars on the PC. Today that battle is in full swing. The reason for the prediction was that Windows is inherently insecure and requires constant patching to deal with an onslaught of security threats. This disaster provokes its source, Microsoft, to respond in two highly dangerous ways: first by scrambling to patch the security mess across millions of computers with constant security patches delivered via updater technology and second by reserving critical online features used by legitimate applications for its use alone. The result is that your Windows OS is constantly changing every time you connect to the Internet, consequently breaking your legitimate applications. The upshot of all this is that all legitimate software apps increasingly need to be "spyware" in order to continue to function.
When Microsoft released Windows XP Service Pack 2, it broke thousands of online applications (including all MS JVM applications, Flash, QuickTime, most multiplayer PC games, and many security applications) in a variety of ways with little or no warning to the developer community. This mass breaking of software naturally resulted in catastrophic consumer confusion and support costs. Software companies whose products could not automatically check for patches simply had to take the support calls or hope that troubled consumers found their way to the support site to manually download a patch. Microsoft followed up this maneuver with Microsoft AntiSpyware, a "spyware-blocking" application that also happens to prevent self-patching applications from running in the background or autolaunching without the baffled consumers' express permission.
If an application cannot run in the background to download patches automatically in wasted bandwidth (as Windows does), then the only solution is to force consumers to wait for a patch download at the moment they try to use their applications. To further confuse consumers, Windows may presume to pop up any number of random warning dialogs when a legitimate application attempts to communicate home to check for patches.
With widespread fear of spyware and confusion about what software consumers can trust comes a greater burden for installed applications to effectively communicate with users. Any software that exposes network functionality, such as Macromedia's Flash player, or real-time security software, such as Norton AntiVirus, has a critical need to be able to alert users in real time when a security patch is needed. These critical notification applications need to run persistently in order to check for updates even when the primary application isn't running. The common need for this capability results in an intrusive plethora of pop-up warning mechanisms from a variety of applications, all trying to notify the user of important updates. This need collides directly with adware-blocking apps and Windows AntiSpyware, which may react to these notifications by blocking them and popping up additional warnings of their own.
Almost 50% of the U.S. Internet population is still connecting via modems. This means that in order for updater technologies to work, software needs to make extremely efficient use of scarce bandwidth by using every spare kilobit per second available for patch delivery by communicating home to download only patches that are absolutely necessary. In other words, they have to be very sophisticated spyware applications that collect detailed information about your computer configuration and report it over the Internet in order to minimize patch downloads.
In a dramatic and humorous demonstration of how absurd the situation has become, Sony's new CD copy-protection scheme, which hides running processes from Windows (Trojan horse?) and debugging tools to prevent music piracy, has been hacked to enable World of Warcraft cheaters to foil WoW's Warden software (spyware?), which scans your computer for cheating software before you can play WoW. Sony of course made a patch available to fix the security hole, but how will you get it if Sony's invisible software can't self-patch? Why would WoW cheaters install it on purpose? Sony disputes that its Digital Rights software harms Windows security, but how can your antispyware products work on processes they can't see? At the same time, if antispyware products can remove digital rights management technology (which they can), how can online media work and be secure?
------------------------------------------------------------------
Alex St. John was one of the founding creators of Microsoft's DirectX technology. He is the subject of the book "Renegades Of The Empire" about the creation of DirectX and Chromeffects, an early effort by Microsoft to create a multimedia browser. Today Alex is President and CEO of WildTangent Inc., a technology company devoted to delivering CD-ROM quality entertainment content over the Web.
-------------------------------------------------------------------
).
