|
|
|
|
|
|
by mikeash
4782 days ago
|
|
|
They could distribute a list of malicious URLs to the clients and do the checking locally. They could ensure that clicking a link doesn't compromise your system. There is no inherent conflict between privacy and security here, not like you're making it out to be. |
|
|
A list of essentially every known malicious link on the entire Internet? I speculate that would be quite a few gigabytes in size, and would only get larger if they wanted to store the links in some data structure that could be scanned in a practical amount of time. And said list wouldn't be complete, either- it would only cover known links that Microsoft had seen before, and would only record their malicious state at the time of the last scan, not now.
> They could ensure that clicking a link doesn't compromise your system.
These sorts of vulnerabilities often come from obscure and surprising places (e.g., their TrueType font parsing code), from blocks of code that have been around for a decade or two without the vulnerability being noticed. Identifying security vulnerabilities is notoriously hard, even when you're not contending with the complexity and scale of Windows and all its associated applications.
There's an argument to be had about the acceptability of the privacy/security tradeoff Microsoft could provide by eavesdropping on your conversations, but your implication that such a tradeoff is mostly or entirely avoidable is untrue.