Then what are their customers paying for? You are aware that paying for something is a contract, presumably for a product or service of value. So effectively you consider the malware a value to the customer ? . You think ignoring security is acceptable?
An EULA is displayed the first time you turn your PC on (or during the Windows setup), if you had read it you would probably know what are you paying for.
Anyway, I suggest you to read the Open Source licenses before hating on Windows about malware, all of them basically say: "If you break your computer it's not our fault", like the following excerpt from the GPL:
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
I don't condone malware, but it is pretty obvious that the most popular platform will be the most targeted by malware authors. Too many people fall for the "I don't need AV, I don't use Windows" fallacy, but every software is vulnerable.
The best advice I can give you is the following one: Don't run untrusted code.
So because FOSS has bugs it's OK for a multi-billion dollar corporation to have wanton disregard for quality?
It's "pretty obvious to me" that the biggest software vendor on earth would be aware that their product would be targeted as you say and provide adequate or even reasonable protection for their customers. Not hide behind their EULA as their product was being used in organized crime. This is the "unforgivable offense" I mentioned.
Have you ever heard of "Windows Defender"? They got more than 96.2% of detection rate according to AV Comparatives in September 2016[1].
Have you ever heard of "Windows 10"? They got less CVE vulnerabilities reported in 2016 than Android, Debian, Ubuntu, Flash Player, Adobe Reader, Mac OS X, The Linux Kernel, iOS, even Chrome and Firefox[2].
If these are not examples of "adequate or even reasonable protection", then you got really unrealistic expectations or you're simply hating Microsoft for the sake of hating them.
As I said, it is not possible to deliver bug-free code, and you learn to live with it or you die hating every software vendor in the world.
Just remember, falling in the "I don't need AV, I don't use Windows" fallacy will bite you, and will bite you hard[3].
Have you heard of System Restore? You know, the utility that was supposed to put things back the way they were should the system ever get messed up? Oh but it doesn't work against malware.
Security is more than being impervious to every conceivable attack. Just being able to restore an infected system would have made their platform "reasonable". But they didn't.
Also, windows defender was YEARS too late. Which was why I specified the 10 year window.
> So because FOSS has bugs it's OK for a multi-billion dollar corporation to have wanton disregard for quality?
That's not what he said. You said you hated Windows because of its vulnerabilities, and he was asking you if you apply that same standard to FOSS, and if not, why not.
I don't think it's healthy to hate Windows or Microsoft, but every reasonable person should at least dislike them with passion for antifeatures, dark patterns and their other stunts, as well as for their lack of respect to customers. Few years ago I had to call Microsoft as a business customer and it was one of the worst companies I ever dealt with. I would never run Windows or Micrapsoft anything in any business setting, even for non critical stuff.
I have a different perspective on this: much of malware these days is state-sponsored. Would you blame the architect who built your house if it fell over in a bombing raid? So why blame the people who built your OS if it falls over due to a discharge of cyberwar materiel? An insurance company wouldn't find the OS-maker at fault, any more than they'd find the architect at fault. (The legal term here is https://en.wikipedia.org/wiki/Force_majeure .)
My original comment specified a roughly 10-year period, from about '02-'12. Most of the malware then was not state sponsored. And I'm not blaming MS for having a few vulnerabilities. But literally hundreds, perhaps more. Patch Tuesday ? Really ? Their product was so bad they had to dedicate a day of each calendar month to addressing vulnerabilities.
But what's worse, was the response. They had time to patch all these holes, but not to write code that fixed users' systems from the damage that the exploits did. Or to address the underlying vulnerable model that lets these exploits happen. They just played "poke-a-hole/plug-a-hole" for most of a decade. Someone brought up Windows Defender, wasn't released till October 06, and it didnt' work. Everytime I removed spyware from someones machine I used free tools such as MBAM made by third parties who weren't even being paid by MS! Even with all these vulnerabilities, it would have been better if System Restore actually did just that. They should have architected a system that, in the worst case, could restore you back, _including virus removal_. Thats how you take responsibility in that situation.
Instead, they used the situation to further profit, by releasing more versions of windows. Thats a weaker version of racketeering: "oh, version XP has major security bugs...better pay us to upgrade to Vista!... then to 7...then to 8".
If this were any non-software product, there would have been massive class action lawsuits and recalls. And that would send a message to the whole community that you can't harm people and leave them high and dry
