I think it’s interesting how long it took for the industry to accept that it’s really the OS’s responsibility to protect against malware and viruses.
It's not about "acceptance", unless it's about the increasing acceptance of authoritarianism --- because after all, it's really about control of the platform. They realised they could start calling everything they don't like "malware", that doing so would convince many if not all users, and thus found another way towards becoming the eventual arbiters of truth. Don't like something that your competitor does? Implement restrictions in the OS, and then when your competitor finds a way around that, start calling it "malware" and detecting and deleting it. We've already gotten disturbingly close to that reality:
Those of us who have been in this for a while may remember a time when a lot of Windows AVs would classify binaries compiled with GCC as suspicious or even quarantine/delete them, while those compiled with MSVC from the exact same source code were fine.
We know what things like this can and will be used for. AVs were in bed with antipiracy groups and Big Tech before it was even called Big Tech. We've seen past abuses of centralised power, and know that this is not going to end well.
You know “my platform, my rules” wouldn’t bother me so much if we didn’t go to a freemium model. Freemium is just usually to worst combination of commerce/ads there is. So suddenly I am no longer the client they are serving.
Macs are explicitly the opposite of a freemium model, though. The business model is such that the software is just a supporting element of the explicitly premium hardware.
That's right, and with the remote attestation capabilities of Secure Boot implementations, governments will finally be able to demand that every device sold has to be running an up-to-date version of an "approved" OS in order for ISPs to allow the device to access the internet.
The only limit is how incrementally they can introduce these rules so that the frog doesn't jump out of the boiling water. For example, the rules wouldn't initially apply to businesses, and maybe hobbyists would be allowed to use a special ISP that provides a custom CA certificate to do TLS interception.
I predict that within 5 years, a G7/EU/FVEY country will have passed a law that at least starts this process of making it illegal to run programs (or have VPN connections) that are blacklisted by the government. A major cyberattack (especially a false flag) will only speed up that timeline.
I think it was inevetiable, because the OS features needed to implement virus scanning are indistinguishable from the features needed to hook malware into the OS (and apart from those technical details, most 3rd party antivirus solutions became actual malware over time, or at least actually increased the attack surface because of the shady shit they're doing).
What's funny though is that I always thought that Apple/macOS is doing things differently because they are a decade ahead of Microsoft when it comes to securing their OS, but it turns out that Apple is actually a decade behind (also see the Windows Vista style confirmation popups on recent macOS versions).
I'll add to this that as a long time Windows user, and occasional Mac OS (work related), I'd say Windows is a decade behind gnome.
How Windows still doesn't have good ways to record or capture the screen, of moving and resizing windows is still requires focus and skill, is beyond me. Also, different UIs from different generations, with partially overlapping features. Not to mention internal key value store that makes it impressive that it doesn't stop working suddenly more often than it does.
^ I thought this made it clear I was referring to Windows?
I honestly do not care about anything related to flame wars. Just that whenever I use Windows and want to do OS related things, it all feels clunky and annoying. It's not consistent. It's slow at start for no good reason (likely due to telemetry, or other online stuff). Updates are annoying and I'm glad I don't have do do anything professional on Windows. The windows api is ugly. The only saving grace it has for technical productivity is WSL2. But, at that point, there is zero incentive to use something so clunky, when you can use linux/gnome and have a much, much, more enjoyable experience.
Again, everyone to each theirs. Ship buoyancy and all that.
edit:
Ah, I think I understand my misunderstanding. I wasn't commenting so much on the previous post about Windows vs MacOS. But adding that if something is a decade old compared to Windows, I consider windows to not have had any consistent improvements since Windows XP. Everything after that has been a mess. Some things better, but with a mix of old. "Need to fix something os-related", looks through new control panel. nope. looks through old control panel nope. Maybe it was in computer management?
I see. No worries :) My comment was intended as being somewhat relevant to, but not directly, to yours. The same way you related your windows vs mac experience, I related my gnome to windows.
> What's funny ... it turns out that Apple is actually a decade behind.
This is completely false.
A year before Microsoft released Defender in 2006, Apple had already packaged AV scanning in Mac OS X Tiger Server[1] in 2005. ClamAV[2] is OSS, and easily installed on the client OS, and many did so and had been since its first release in 2002.
The thing was, practically, there were no viruses on Mac OS X. The only reason Apple included ClamAV on the server was for scanning mail, because Mac OS X Server's mail server obviously also served Windows mail clients. IOW, Apple was fixing Microsoft's broken crap before Microsoft's own attempt to fix their broken crap.[3]
The very first Mac OS X virus appeared in 2006, called Leap-A. That was one in 2006, when Microsoft Windows already had tens of thousands in the wild. Following Leap-A were a few proofs of concept, and it seemed like every year, there would be one new virus, worm or Trojan horse identified on Mac. But infection was exceedingly rare, compared to Windows that would ensure a new installation to be infected within 10 minutes of being connected to the Internet.
By the mid-2010s there were dozens of identified malware on Mac, but infection was still a very rare exception. Meanwhile, Windows had hundreds of thousands of malware by then, and it was nearly impossible to prevent infection even with vigilant virus scanning; malware got through ordinarily.
To this day, malware on macOS is pretty much a nonissue, and AV on Mac is only there primarily to prevent Windows machines on the same local network from being infected via Mac proxy. There has never been a widespread malware infection on Mac since Apple modernized their OS to BSD. Similarly, you never hear about malware on NetBSD, FreeBSD, or OpenBSD. There is good reason: unlike Windows, BSD is not fundamentally insecure. Malware developers go after the low hanging fruit, which is always pretty much only Microsoft Windows, and malware has plagued Microsoft's NT-based OS since inception.
[3] Had Microsoft Windows not been so dysfunctional, with Microsoft prone to actively breaking useful functionality in enterprise, Linux would never have become so popular. Linux's first best reason for existing was that Linux devs would quickly restore Windows' functionality within short order of Microsoft's removal of that functionality, within days or weeks. For years it was a cat and mouse game, with Linux's cat quickly catching Microsoft's mouse. This is how Linux got a foothold in the server room, which, as we know, exploded between 2011 and 2013 when Linux finally took over the datacenter.
Spybot has also been subsumed into some bloated "security center" type software. As far as I know there's nothing out there that does as efficient a job at hosts-level blocking as Spybot did back in the day.
I remember having to run a tool that deleted then replaced the winsock registry entries on the machine with the default ones from XP to fix infections. Even if you got the binary files with spybot you’d still have a broken winsock half the time.
Those were the days of the amazing Royale theme for XP… awesome theme.
I wonder how many learned how to remove malware and/or reinstall Windows too, thus gaining quite useful practical skills and becoming more comfortable with tinkering with the OS. I've read plenty of stories about kids accidentally doing so on their parents' computer, then while desperately attempting to fix their mistake, learned about such things as the registry (in particular, the location of autorun keys...), batch files, the command prompt, etc.
That's what I did, now shy of 20yrs later, I'm thankful for it as it was a great door to an ending era of computer fluency and troubleshooting/learning.
Nowadays, it's different. Less poking and proding in an OS and that is sad.
Yep. About once a month after I broke something badly or got malware for the millionth time. Shoutout to my friend's dad who worked in IT and gave me their WinXP corporate serial number so I could reinstall without having to phone Microsoft! Still have it memorized to this day.
Is it? If this could be disabled, the performance would be so much better, it can be truly called Windows 12. But now M$ forbids user to do that without probably jumping through big hoops.
The industry is still pretending that it's actually app store platforms' responsibilities to protect against malware and viruses, as opposed to the operating system's responsibility.
The core function of trusted computing was to lockout malware, so it does make sense that this needs to be handled by the OS.
That said, and as many others have pointed out: with great power comes great responsibility.
There are definitely two-sides to this. If we look at the iOS platform we have many developers who complain about the approval process, but we also have the platform with the least amount of malware by a significant margin despite the large/valuable install base.(1)
It’s also why I find it a bit crazy that the new EU rules will crack open a lot of that protection. They should have mandated for 3rd party approvals, not for a weaker anything-goes security model.
Installing apps from another AppStore on android is a somewhat more advanced concept. Enough that most people who think that computers are magic I know only use the official play store. To enable third party stores you have to explicitly enable it, and if you’re doing that you probably know what you’re doing.
Why can’t it be the same on iOS?
All I really need on the iPhone is something like newpipe and I’d be happy.
Apps can be side-loaded directly from websites. One doesn’t need another app store - the reason why competitor app stores fail is because they’re untrustworthy and crap. There isn’t a need for another app store if what one wants is already on the play store. The only secondary model that makes sense is direct downloads from websites, which unfortunately is also malware territory.
This is why the EU rules fall on their face: it’s all the security holes with none of the perceived advantages, only a few big names will make bank because they’re big and trusted enough to advertise directly to consumers.
As i said before, the EU should have just mandated that approvals are spun off to a 3rd party entity. That way it would solve the usual line of attack “apple didn’t approve my crashy spyware calculator app because they want to get rich on their own free calculator.”
Apple preventing “side-loading” is an essential part of controlling the platform, and it’s making them tons of money. Apple wont let go of that, at least not willingly.
I remember it being such a ^%#*show on Windows until I think it was called Microsoft Security Essentials? And then that got folded into Windows?
I recall as a teen how hard it was to recommend antivirus because so many of them were garbage. And then MSE made it effortless.