Whistler MAY Refuse To Run All Unsigned Code UPDATED 437
Carnage4Life writes: "This ZDNet article describes how Microsoft's next generation consumer OS, condenamed Whistler, will begin a tradition started by Windows 2000 where programs that have not been digitally signed by Microsoft certified signature are flagged. Currently Windows 2000 merely issues a warning when an uncertified/unsigned device driver is used, the Microsoft vision is to expand this to include all executable programs.
On the surface, this may seem like a good idea until one realizes that this means that it is conceivable that all executables that expect to run on Windows will have to be Microsoft certified or risk being flagged or even worse refused to run on future Microsoft OSes. As the ZDNet article speculates, this will put even more power over Windows software developers in the hands of Microsoft. " This story has been turning up a bit over the last few days - while I'm not one to buy into conspiracy theories, this whole thing seems like a plan that originally had good intentions, but the potentials for foul play are pretty easy to think up.Well, I've finally got X running again and can update this story - I should have been more clear that this is /not/ set in stone, but a potential path.
Re:but ... (Score:2)
> Macromedia or Microsoft, I feel safe in running
> it, because I know that neither one of these
> companies is likely to insert malicious
> code into their systems.
So you never download shareware or code written by anyone but a huge company and run it?
Now... signing JUST means that the person who wrote it has access to a key that was given to them (or rather signed) by verisign.
If you have it check for signatures...does it stop before EVERY peice of code and tell you who signed it and ask "do you trust them?"
My understanding was that if code is signed, it is executed with no question, regardless of who signed it (as long as the key has a valid verigign signature)
So anyone who is capable of getting a key with a valid verisign signature can have code executed.
That makes it kind of pointless I think. Unless of course it is really hard and only biog companies can get them...in that case maybe it has a point.
Of course...since I don't usually run much software thats written by big companies...I don't know.
-Steve
-Steve
What about 3rd party certificates? (Score:2)
What I told them as I'll tell you now, is nothing stops a third party from becoming their own certificate authority and signing their own applications. Signed apps are nothing new - ever right-click on the
What this means for the office that develops their own in-house software is they can sign their own apps if they have OpenSSL or another SSL toolkit to make the CA cert. No doubt the tools for signing Win32 apps come with the latest Platform SDK. You don't need to pay Veri$ign or anyone else, but having your cert signed by a well known CA helps.
What this means for software houses like Corel is they can sign their own apps with their own cert, and their users can choose to trust them (or not) by importing their CA Cert into their system. Even Open Source houses can maintain their own certs and perhaps use a central CA operated by, say, Souce Forge. Again, having your cert signed by a well known CA helps but isn't necessary.
Re:Wooaahhhh!!! Relax (Score:4)
And this is where Microsoft's concept falls on it's face -- because there is no self-signing or apparent way for a System Admin to indicate that an app is trusted. Outside of the political issues surrounding signed code, talking the SA's rignt to blow his leg off makes for a very inflexible system.
I already have this problem with a USB printer driver that won't load for unprivliged users because it's not signed. But I know it's an authentic driver right from Lexmark, just not one that has had MS's unholy certification pee sprinked on it.
You also see this move with the System File Protection feature, which is neat, but can't be disabled per-file by the admin. So, now it's impossible to remove Notepad.exe or the Comic Sans font without jumping through hoops.
--
Another example of insecure security for Redmond (Score:4)
Why useless? Well I admit that in principal it would be great to stop people running only "authorised" programs on any of the PCs I maintain , the problem is with the definition of authorised. Many of the programs we use are written "in-house" and are not going to get authorised, we teach programming so the students code is not going to get authorised, we knock together small scripts to help us automate a task which we may do once or twice and are not going to get authorised.
All this authorisation will cost money - so if I want to use any of my own tools, or anything useful that somebody else has written that hasn't been authorised I've got to switch the setting off. And of course it's a global setting so that's it off for all programs. The result is a security feature that adds to the illusion of security without adding to the substance.
If only MS had put just a little bit more thought into it and made it on a per program basis and allowed the sysadmin/root to "authorise" programs for their machines it would have been *very* useful. Of course the cynic in me says that that way they wouldn't have as much control....
TTFN
Faye
Re:Wait a minute... (Score:2)
Thanks, Cunt!
Re:Relaxation would indeed be good (Score:2)
I'm sure VA / Andover won't let a proper story get in the way of a good sensationalistic piece now. You can bet that the slashbots are well brow-beaten into believing that too.
--
excellent idea (Score:2)
Attachments don't kill people, people kill people.
Re:but ... (Score:2)
But don't let me stop you from drawing ridiculous analogies to prove a stupid point.
Armadillos in a thunderstorm (Score:2)
social engineering (Score:2)
of code in windows which was used to create the public impression that DR-DOS (or any non MS-DOS) was defective.
By using signing and making this the default behavior, MS can accomplish much the same goal without having the same legal risks. The
question then is what impression does it create
in the public's mind when they are told everything they might run which hasn't been "approved" must
be considered suspect and automatically excluded
by default.
If a user can sign for and self "certify" applications at thier own discretion when encountering unsigned images, it it not
nessisarly a bad feature. But if it pops up with a highly negative warning and refuses to run, then
I think it's a brilliant piece of propoganda and
social engineering, and one that could have very
negative consequences for the marketplace for
third party (non MS certified) software, and a
wonderful oppertunity for certificate authorities, or even better yet (from MS point of view), if
one must get a certificate from microsoft itself
before one can sign apps. Certainly it's a ca's wet dream come true.
Useful, surely? (Score:2)
I can envisage wanting to create a self-signed root CA certificate for myself, and signing anything I compile, such that nobody can sneak in with a trojan and replace my lovingly created binaries.
Freeware distributors could equally sign their binaries with certificates from their own Certificate Authority to reassure users that the version they have is kosher.
--
This isn't what I submitted (Score:5)
Hemos took a lot of liberty with my submission including changing the title as well as cutting of some technical analysis at the end of my submission.
Basically the gist of my submission was that Microsoft is taking a heavyhanded and incorrect approach to attempting to solve the problems with Outlook viruses and the like. Specifically, instead of coming up with some Draconian all-or-nothing security policy why not introduce more granular access levels to Whistler?
For example, I currently run ZoneAlarm [zonelabs.com] and it prompts whenever a program I haven't given permission tries to access the Internet (in fact I found a Trojan this way). ZoneAlarm has three permission settings Always Deny, Always Allow, and Always Ask. I wouldn't mind seeing such functionality moved to the OS and made even more granular so that programs have very explicit permissions as to what they can do (similar to java.policy [vuw.ac.nz] files [fh-schmalkalden.de]). Outlook should not be able to tweak the registry nor delete files (via the ILOVEYOU virus [symantec.com]) regardless of whether it is signed by Microsoft or not.
Basically I am proposing something similar to Access Control Lists for executables on the OS, after all, there already is a central repository of information (the registry) so adding that data shouldn't be too hard.
Second Law of Blissful Ignorance
but ... (Score:4)
Re:You miss the point.... (Score:2)
Well, it's no wonder because everyone's been conditioned to think of Windows error messages as something only a senior Windows programmer working at MS would understand, and no one ever found useful. I can't count the number of times I've seen "Error in FOOBAR.DLL at 0E132:12592" or the like, or called Microsoft (back when they actually pretended to support their products) and told them the exact error message ony to be told "reboot the system, it'll go away".
With Windows error messages, the faster you can dismiss them, the faster you can reboot the farging machine and get back to work. These messages have been so very useless for so very long that no one ever believes that they could offer any useful information anymore.
Crazy (Score:2)
I doubt Microsoft does the signing (Score:2)
At least this is how Windows logo certification is handled. Microsoft determined the criteria that had to be satisfied in order to obtain the logo certification and it is managed by an external company. Microsoft products have to work just as hard and comply just as much as any other ones in order to obtain certification.
I seriously doubt this will be any different.
Re:Wooaahhhh!!! Relax (Score:3)
________________________________________
I hope this is true (Score:4)
Re:Digital signatures cost a fat wad of bills. (Score:2)
Having said that, you could be correct. It's entirely possible that MS is creating a scenario where EVERY developer has to have their own signature. However, this isn't any more relevant to the free software community than it is to the closed-source community. To compile *anything*, closed or open, you'd have to have a signature.
Re:Will never be mandatory (Score:2)
Re:Remember the history...correctly (Score:2)
MS-DOS 1.0 was licensed from SCP and was out long before CP/M-86
I don't believe I (or anyone else) has claimed that MS-DOS 1.0 (or PC-DOS 1.0) was copied from CP/M-86 or any version of CP/M intended for processors made by Intel. The matter that was litigated (and settled by Microsoft in DRI's favor) was whether earlier versions of CP/M were used in developing that version which was licensed from SCP.
The case was settled when it became clear that Microsoft had the evidence which could have either cleared them of this charge or proved they did it. Since it became clear to the judge they were not going to allow that evidence to be seen by the court or its representatives under circumstances designed to protect their proprietary interests, he had ordered they reveal what they had described as their "crown jewels" to the court. Then they told him they couldn't find those "crown jewels." When it became clear they had lost credibility with the court (first claiming the source code to PC-DOS 1.0 was very valuable, then claiming they lost it), they decided to settle.
I apologize to anyone who objects to my conclusion from this evidence that MS probably stole the CP/M code. But my point was not that they did so, rather that they didn't do so until they had tried to help DRI get a good contract first.
I was trying to point out that the history of Microsoft shows that, even when they seem to be operating honorably in the beginning, their ethics have been known to slip. Thus, IT managers who wish to assume their eventual use of a given technology will be honest simply because they are currently not doing anything unethical with it may find themselves being hurt by that assumption.
AC is welcome to make that assumption, ignore the history, and take "The Road Ahead" to the Microsoft-prescribed future.
Word for Windows, Word for OS/2, WordPerfect for Windows and WordPerfect for OS/2 were all out years before Windows 95. (Microsoft and IBM split in the Windows 3.0 timeframe - five years before Win95)
The accusations of a head-fake by MS with some of the developers with whom they had long partnerships were made roughly one or two years after the release of OS2. Microsoft encouraged their partners to support OS2 while they were planning their own response to it.
Obviously, they could not maintain this dishonesty once they had announced Win95 (which happened long before its release). Traditionally, those who have defended Microsoft on this issue have argued not that it didn't happen, but that the owners of WordPerfect were naive in believing them. In other words, that MS's tactics were simply tough tactics which should be expected in the rough-and-tumble world of business. I've never heard anyone argue it didn't happen. (Or, stranger still, that it didn't happen when it did.)
Once again, I'm merely trying to point out that the relationship between MS and the developers with which it eventually began competing unfairly was entirely ethical and honest for a long time before anyone started claiming dishonest tactics. Indeed, I would argue the fundamental honesty of that set of relationships was largely responsible for the PC boom and the innovation of that period. I would also argue that the destruction of that fundamental honesty is responsible for the lack of innovation since the Internet browser was introduced (the last killer app, in my opinion).
About the only reality in the Netscape story is that there was a company called Netscape.
And that minor inconvenience of an anti-trust consent agreement and a subsequent anti-trust decision, not to mention Bill's testimony in court which serves as a virtual signed admission of guilt.
But don't let any of those facts get in the way of your decision to trust Microsoft. Trust them. Embrace them. Those of us who pay attention to the history know who will be screwed next.
And it's not gonna be us.
Re:but ... (Score:2)
However you make a good argument about signing. Will Windows simply run an application with *any* signature. If so, how is that useful?
I see it as being more useful than the situation we have right now. If someone wants to get a signature from VeriSign, they need to submit contact information and (I'm not sure about this) probably a marginal fee. Now, this signature requirement doesn't stop malicious code from being executed on anyone's system, but it does add some accountability.
How many trojan-authors are willing to pay a fee to sign their apps? It's possible that they can do it, but they'll have to be willing to have their trojan discovered and their signature black-listed. And if their payment required some form of ID (even a credit-card), it would be much easier to trace the author.
I'm not saying it's a great solution. It's not a great solution. But it's better than nothing, which is what we have now. Besides, if you don't like it, you can just shut it off.
Drivers already support Signing - it's a failure (Score:2)
Win2000 supports signed drivers, guess what? Have I ever see a signed driver from anyone besides Microsoft?
As far as I can remember... Nope!
So everytime I install a driver I get a nasty warning of unknown danger from Microsoft. Make that warning an error/abort, and then you have Whistler.
Would hardware people take all this more seriously if they HAD to have their drivers signed? Nahhh, they will just tell you to turn the requires signing feature off!
Re:A few points on cost, practical application. (Score:2)
Your "malicious" DLL would have to be signed too, in order to be run under this scheme. The certification is in no way meant as an indicator of a program's relative maliciousness. It's just a method of verifying who authored it, for accountability purposes.
It is workable. Not everyone will want to keep this feature enabled, but I can think of tons of companies who will eat it up.
Re: (Score:2)
Re:Crazy (Score:3)
Microsoft is ass-covering, not controlling (Score:2)
But when a virus spreads through millions of Whistler machines, Microsoft can just blame the users for letting their machines run unsigned code.
--
Re:Relaxation would indeed be good (Score:4)
I did the same thing yesterday, with similar results. I was surprised when it finally made it to the front page today. I figured someone had already posted it before me. My title was "Whistler may block unsigned code."
--
Rotten Apple (Score:2)
Linux zealots spread anti-MS FUD shock horror (Score:2)
Then it becomes a case of who do YOU, the user trust - just because code is signed, doesn't mean it won't do anything naughty (like trash your disk). It just means you're trusting someone not to.
Unix could benifit from this - when you 'su -' to do that 'make install' how many of you read the Makefile to see what it's gonna do first?
Re:but ... (Score:2)
Re:Will never be mandatory (Score:2)
Re:Digital signatures cost a fat wad of bills. (Score:2)
Or Joe Free Software Hacker could opt to release the software unsigned, and then the IT department at said company could sign it themselves, authorizing it for use in the department. It's not complicated, it's just less anonymous than the process is now. Besides, it's not like there's never been a platform that you've had to pay to develop on before. Think consoles, anyway.
Re:Old Hardware/Software/Drivers (Score:2)
Re:That means... (Score:4)
"They" don't get a say in what is and is not a valid application. It doesn't work that way. A developer gets a signature and it is cryptographically written to their executables. It's just a simple method of authenticating *who* wrote/distributed the application. The process has nothing to do with whether the application is "ok" in anyone's view.
Re:Anti-MS FUD (Score:2)
Slashdot is an openly 'nix and open source biased site, most people here simply don't like Micro$oft for personal and/or ethical reasons.
Remember the opinions on
From an IT point of view: (Score:4)
For those who work in IT (networks and delivery, not coding) think about the mindset of your average boss:
What I'm trying to point out is that MS is catering to business again. IT people loved the dumb-terminal days because user control was real easy. Now they have to worry about staff trashing their PCs with software they got from friends and losing their productivity while the helpdesk reimages their PC.
The circle is closing for MS with regards to enterprise computing. Not only do they have people convinced that Windows is the only OS available, now they are designing the product to give them even more control. Scary.
Microsoft shoots its own foot? (Score:2)
What of the even greater paradox that Whistler will probably crash, so wouldn't be certified, so you couldn't even run Whistler in the first place?
However, somehow I doubt Microsoft would take it to that meaningful level. Instead, it will be a way for them to get more revenue, assert control, and get a listing of all Windows developers.
MPAA/RIAA/DVDCCA will love this! (Score:3)
Say goodbye to taking future-proof backups of proprietary-format data.
Please (Score:4)
This already exists - in a fashion. (Score:2)
The plans for whistler appear to be to extend this further.
It will never work (Score:2)
If you simply add a signing capability to the compiler or IDE, and it signs the executable automatically when you hit RUN, what's the point? The signature is meaningless, it doesn't signify squat regarding the safety of the code. If, on the other hand, the signature has to be applied by QA after at least some testing, they'll get sick really quickly of signing every little piece of shit code churned out by anybody--they simply won't have time to do it, and/or the developers will eventually quit in disgust.
A few points on cost, practical application. (Score:2)
So, far too much to certify. Without charging, anyway.
So, only allow executables to run if they've been certified AND the author has paid for that certification? Doesn't sound likely! Even if there WAS a paid scheme, there would be far too many executables for MS to certify on its own. It would have to outsource the certification to an external company.
So, what happens when this company certifies code which turns out to crash in an interesting way causing huge damage to someone? Someone's very very liable, because MS even said that it'd work safely. I don't see themselves setting up a legal tripfall like that.
And what about what is classed as an executable? Just EXE and COM files? Just Win32 EXE files? What happens, say, if someone certifies winword.exe as safe, and then I come along and insert some malicious DLL file which is then loaded (uncertified, but with full "privileges")? Oh, so they'll have to certify those too.
I'm sorry, but in the 2 minutes in which I've brainstormed (incompletely) I think I've noticed something.
It's completely unworkable. What a surprise.
--Remove SPAM from my address to mail me
Re:Wooaahhhh!!! Relax (Score:3)
I remember a long wait for Win2000 SoundBlaster Live! drivers... not because further development was necessary, but because Creative had, for the first time, bothered to submit their drivers to Microsoft for a thorough inspection and 'certification', so that a certain warning wouldn't pop up during the install.
And while Creative was waiting for the MS guys to send the drivers back with a 'stamp of approval', the PR guys had no way to answer the 'when will we have working drivers' question other than 'any day now'. Definitely not what any customer wants to hear.
---
Leaked notes from MS Committee for Win Future Dev (Score:5)
[bill] :: The Win2K launch has been a raging success. What items do we have to discuss for future development.
[steve] :: Well, we've had very strong feedback regarding the unsigned driver warning in 2K. We'd like to expand that for Whistler.
[bill] :: Tell me more.
[steve] :: We'd like to require that all apps be signed and certified by a special team of Application SSigning Speciallists, or ASSes before they are permitted to run on Whister.
[bill] :: What's the up side for us?
[steve] :: Through effective marketing to the open source community we can get them to submit their code for certification. This will undoubtedly provide us insights into how to fix things in our own system. Additionally we can charge for this service and eliminate the drain from our evil tactics fund.
[bill] :: I think we should run this by legal. Jim, what's legal's take on this.
[jim] :: We're on board for now. Now that things in Florida are starting to look like Dubya will win we can divert some of our team from the anti-trust case to preparing the spin for this. We should be able to cut our potential detractors off at the knees.
[bill] :: Great! To prepare for this, we need to send all of our coders through that advanced firearms training course. We don't want anybody to miss their foot when release time comes.
Code commentary is like sex.
If it's good, it's VERY good.
How will it be implemented? (Score:2)
A few questions (Score:2)
If I create an installer for common Internet applications for the faculty/staff/students at my University, do I have to send it to M$ for approval?
If I update that installer each semester, do I have to send it back to M$ for approval?What is M$ going to charge me to approve my app?
How can they actually audit my app without me sending them my actual code, part of my IP?
Can I make them sign an NDA so that my code and I are protected from M$ stealing ideas and code?
Am I forced to sign a M$ NDA that says they can do whatever they want with my code?
Re:Wait a minute... (Score:2)
So it will be turned on in corporate environments. And there, you could only run software signed by Microsoft.
I find this scary as hell. It won't be anymore secure (because you won't have all the scripts, excel macros, etc, etc, signed). But it will be more difficult to run free softweare.
Cheers,
--fred
Re:This isn't what I submitted (Score:5)
[posted by Carnage4Life, author of article submission:]
Hemos took a lot of liberty with my submission including changing the title as well as cutting of some technical analysis at the end of my submission.
Then I feel doubly sorry for you, as you're pretty clearly approaching this issue from a rational standpoint. I thought that this might be the case, and thus was careful to avoid pointing fingers at you the author, but rather at the /. editorial staff.
Having said that, a granular permissions model would be a decidedly better approach to this kind of problem than the all-or-nothing model Whistler will evidently implement. Sadly, this message was nowhere to be found in what finally got posted under your name. I'd be raising holy hell if I were you.
Knowing that this wasn't your intent in the first place makes me feel even angrier at /. than I did before. It's one thing to post zealous articles by zealous authors; it's another thing entirely to edit zealotry into them. Absolutely shameful.
$ man reality
Re:Wooaahhhh!!! Relax (Score:2)
Okay... I'll do the stupid things first, then you shy people follow.
Re:So who get's to sign apps and how much $$$? (Score:2)
Tracing back to the developer. See this [microsoft.com] article for details on how this technology is going to work in the Windows Scripting Host.
Re:Possibly sane (Score:2)
Hmmm. I'm not so sure that this is going to help sys-admins. I agree that people installing random, unapproved stuff on their PC's can be a problem, but how do you define unapproved. There are several commercial packages that, when installed on certain PC's in our environment, will cause problems. These packages will undoubtably be digitally signed in the future (if they aren't already). This "feature" of Whistler won't stop people from installing those packages. It also won't stop people from installing commercial software that they brought from home. It will, however, stop people from installing most free/shareware. Whether or not this is a good thing is up to you to decide. I don't think it is.
I am not a sys-admin, so please have patience. Aren't there already MS-approved ways of controlling software installation?
One final point, what happens when someone wants to run some older (legacy) software which isn't certified? Is it going to be handled the same way, or is there going to be a "backdoor" for currently existing software or some kind of "opt-out" list?
Re:Possibly sane (Score:2)
--
You think being a MIB is all voodoo mind control? You should see the paperwork!
Even so, this could be a problem (Score:2)
If MS decides that code signing will be on by default, and that to disable it you have to go through a convoluted series of clicks and/or registry hacks, there may be a problem. We could find that suddenly "unsigned" applications will cause scary looking error messages to be popped up on, say, your grandmother's screen. What will most people think when an error dialog pops up warning them that this application may be a virus and could damage the computer? 90% of home users will instead look for apps that don't display any error messages on install.
This could be a situation similar to the "Designed for Windows 95/98/2000" logo process, which Microsoft uses to gain leverage over software developers. The logo program has had a lot of success among users who might otherwise mistakenly buy a Playstation CD or Nintendo cartridge for their PC (that's most users folks). Except that now it's not just a graphic on your packaging.
My bet is that code signing will be necessary to get the "Designed for Windows 200x" logo, and that developers who don't follow the party line will be at a serious disadvantage in the marketplace. MS may be moving towards a console-esque software scheme (xbox, anyone?), where they get money for every "certified" application sold. And even if some hacker found some way around the signing process, a legitimate software company probably couldn't use it due to DMCA "anticircumvention".
So the question is not whether it will be optional, but will it be on by default, and who gets to sign the code?
Useless even when turned on... (Score:2)
Unless turning on this option also disabled the WSH, all macro capabilities in all programming languages and certain other options (such as being able to call RUNDLL), turning on this option will NOT prevent the next Melissa and will NOT increase your systems security.
© Copyright 2000 Kristian Köhntopp [slashdot.org]
Re:Wooaahhhh!!! Relax (Score:2)
I'm not saying that there is or is not merit to such a claim, but doesn't it create the possibility of such an end-user mind share?
Greg
Remember the history... (Score:3)
First, they compete honestly. Then, when they lose that fight, they cheat.
They didn't start out to steal CPM from DRI. First, they recommended IBM buy the operating system from DRI. Then, when they saw their language-compiler deal with Big Blue going up in smoke, they stole the OS, repackaged it, and sold it to IBM.
They didn't start out to screw over developers for their OSes. First, they gave them free rein. Then, they competed outside a "Chinese wall." Then, when they were still losing, they told WordPerfect et al that they were committing to OS2 while secretly planning Win95, which was closely integrated with Office.
They didn't start out to squash Netscape. First, they helped them develop Navigator. Then, they decided to compete with them honestly with IE, promising not to breach their "Chinese wall." Then, when they failed to win with Explorer, they decided to cheat by bundling. Finally, when they were forced to stop bundling because it is illegal, they decided to cheat by calling it "integration."
So, don't be fooled because they seem to be implementing this in an entirely fair and honest fashion at first. They probably are being fair, and they probably intend to avoid cheating. But, when it looks like they may be in trouble with some competitor who is beating them in the future, do not be surprised if they panic and cheat.
They do it so consistently one could almost call it their business model. But that would probably be unfair to them because it implies intentionality from the start.
My prediction: They will be scrupulously honest about this in the beginning and maybe even offer their users some some modicum of security derived from it. Then some killer app will come along and be certified after the code is submitted to them. Then they will decide to compete directly in the space created by the new killer app all the while promising not to use any clues derived from the code they certified. Finally, when they fail to compete in the new market, they will leverage the code submitted to them for all manner of dirty tricks, from finding out about new features before release to stealing code and re-designing APIs to break their competitor's code.
Solution (not) (Score:2)
--
Wooaahhhh!!! Relax (Score:5)
Dear Microsoft (Score:2)
Now, we understand that a day is a long time in the age of the Internet, but we really think you would have remembered something as big as this. Therefore we are sending you this email to remind you of the legal ruling against you.
This action has been prompted by your blatently stupid plane to enforce a digital signiture on all software that wishes to run on your latest operating system version (Codenamed Whistler, we believe) This is clearly a move to block further compitition in the applications market, and will obviously allow you to extort money from hard working, but low income, shareware and freeware software authors. If you would like, we can take you to court again and prove it. We'd probably win you know.
We find this action perplexing in light of your confirmed monopolistic status. Therfore, we have acelerated plans to bust your ass down. Please be advised that as of 1st January 2001, Microsoft will be broken up into itty bitty little peices, and sold off to the lowest bidder. Mr William Henry Gates III will be required to attend a special three hour, live showing, of "The Jerry Springer" show, to publically apoligise for being such a pleb.
We look forward to your prompt response on this matter, and wish you a nice day.
Yours,
Department of Justice (US)
Re:Possibly sane (Score:2)
Wait a minute... (Score:3)
This has to be optional (Score:2)
And once the option's been turned off, you'll be able to run anything. I presume.
So it's got advantages for businesses, as they'll be able to ensure that their desktop machines don't get infected with screensavers, whilst home users will probably disable it at the first opportunity.
I hope...
--
Too stupid to live.
Re:Relaxation would indeed be good (Score:3)
Says it all, doesn't it?
An unfortunate truth: Even in the best of news media, sensationalism always wins out over objective, balanced, and reasonable reporting. Clue to MSNBC and other news networks: 'Too close to call' ain't exactly 'breaking news' any more!
---
Re:Possibly sane (Score:2)
For the sake of conspiration theories let's think of a different scnario : when the first virus/worm/trojan of Whistler will appear, a dialogue like this will take place:
User:"Help, help. This virus just f*ked up my data!"
M$oft: "oh, but you turned out this very important security feature!!!!! It is **your** fault, then !!!"
User:"But I just wanted to run FooSoft SuperBestSoftware 1.2"
M$soft:"Ah, but FooSoft does not comply with our security policy and it's not certified. Why don't you run M$oft UseOnlyMe application. It does the same thing, but better. And it's more secure. You'll have to pay every time you run it, but security has no price in this virus-ridden world."
How long 'till it gets hacked? (Score:2)
We know how long it took until DeCSS showed up, and the DVD security was broken. How long until signatures are broken?
Anti-MS FUD (Score:2)
I totally quit reading the Register. (Score:2)
There was a time when Slashdot used the Register as news a lot, like at least a story every week. I think the "editors" here finally wised up. Now to take ZDNet off should be our next task.
Re:Possibly sane, but scores points for other OS (Score:2)
Nearly a laughable concept from a company well known, by now, for the security gaps in their own applications which pose perhaps the single most damning threat to business and personal users.
--
Re:Possibly sane (Score:2)
Can someone sue MS for having lots of copies of unlicensed software then?
___
Isn't that ironic... (Score:2)
You know, Slashdot feels more and more like Windows 9x. I 'have' to use it (or find even less suitable alternatives) but it makes me feel angrier, dirtier, and less prodcutive the longer I use it.
Not only that, they're obviously a bunch of irresponsible. hypocrites. Talk about FUD FUD FUD FUD FUD FUD. Dear lord, someone hand these clowns a cluestick.
...and for my opinion on the signed apps: I've for it, as long as I can turn it off and have different restriction levels. It's an excellent way to protect against virii and trojans.
Re:but ... (Score:3)
Second: Given the same password, a brute-force cracking system would've been able to do the exact same thing under Linux, BSD, etc. It simply doesn't matter *how* the password is encrypted when you're dealing with brute force.
Now, on top of all of this, Microsoft doesn't write the software that signs applications. VeriSign does. It uses the same cryptographic principles that make SSH and SSL usable and secure.
Easy of Use vs Security (Score:2)
Re:Please (Score:2)
Re:From an IT point of view: (Score:2)
- Our line-of-business in-house apps aren't signed and won't run on this new OS.
ie, for most large companies, the most important apps are those that are designed in-house to meet specific business needs. These apps are usually the ones that run the company.
So, most companies use VBA, why can't MS just have VBA runtime signed and then all VBA apps will work. Well, then the whole system is useless, (see LOVE virus).
This move would do nothing but tighten MS' hold on the SOHO market, the one that Whistler is aimed at and the one that MS fears losing to Linux. The feature is not aimed at Enterprise class organizations. Win200 is reserved for that. Expect to see this implemented, and expect to see open-source take a punch in the nose because of it.
if you can (Score:2)
Re:but ... (Score:2)
Re:Break it before it breaks you (Score:2)
Relaxation would indeed be good (Score:5)
God, no kidding. What amazes me is that when this cropped up a couple weeks ago on The Register [theregister.co.uk], I submitted an article about this being an option... it was refused in the space of an hour.
Apparently refusing to read the entire article and making the headline as sensational as possible is a formula for success when you're looking to get a Slashdot headline.
Re:Possibly sane (Score:3)
No doubt the empire will encourage businesses that such a move will be a "good thing", and any competitor that effectively does not show their source code to microsoft will be shown the back door by corporations that have taken the bait. Sounds anti-competitive to me.
It's retarded BUT... (Score:2)
I saw it described on one of the beta newsgroups, but don't recall the exact sequence to do it. I think it's an incredibly stupid default.
--
Whose butt did they pull this story from? (Score:2)
If the digital signing process is carried over to applications, though, then it would mean the end of Win32 application development as we know it, which is why Microsoft will most likely never implement such a draconian system.
There, I said it; the article is all FUD spread around by the Linux zealots.
"Relax, this won't hurt a bit." (Score:2)
The easiest option to turn off is Windows.
Re:ok.. none of you have got it right yet (Score:2)
Actually a quick scan of eBay will show unsigned shorts going for much less than that.
I doubt even signed shorts would go that high! Maybe if they were signed and game-worn by Michael Jordan or someone like that. But 65535 sure seems high.
Re:Wooaahhhh!!! Relax (Score:3)
Re:I hope this is true (Score:3)
>I suspect they won't take it any further than flagging unsigned code as potentially dangerous
Considering the amount of bugs in common bloatware like Office, I don't think signed code will be less dangerous. Except if they don't sign their own products.
Oh, dangerousness refer to viral risks, not bugs ? Well, I hope they won't sign Outlook nor its Express version. Melissa or ILoveYou, you remember ?
Re:It's an OPTION, guys! (Score:3)
I think developers have plenty of reason to be uneasy about this news.
Re:This isn't what I submitted (Score:4)
Frankly I am a damn anti-M$. And have reasons for such. 15 years people. Seeing some inside stories and a lot of outside ones. And I have always been too swift on public. On private I say Hell of them. But now I'll try to hold up some lines.
Does M$ needs to check their soft? YES! THANKS GOD THEY START TO REALISE IT!!! And certification is a good process to allow such things.
However Microsoft is on its own again. Yes, it gives power to some Versign to process certifications. But why is this needed. Why do we need another company to check certifications. Why not to give chances for users. Ranging from something similar to MD5/PGP checksums and over a database where one may get more detailed information about the characteristics of the package? If you are a good admin then you'll need exactly this last one option. You will surely want to see what was tampered and how. Only having this information, then you will be able to take measures necessary to protect your network and the potential victims of the exploit (specially if there was planned, objective, intentional and criminal intent).
Now M$ does everything for the lazy admin. "Oh it does not pass certification... BANG!" And the happy lazy admin waits until someone circumvents this and gets him on the hot seat. That what will happen if such scheme will be used. So "thanx but no thanx".
On the other side. You people seem to ignore a factor. Microsoft gives always cheese on a mousetrap. So do you think that, if you pay for freedom, M$ will keep these terms? You have to certify everything. So, in a possible future, someone may restrict the certification process and you're TRAPPED. You don't go anywhere. Much the same way we all have to pay for a M$ tax (my institution paid no less than $3500 once) you may be forced to accept such things as "you're soft didn't pass certification". And frankly, can you tell me that this will not happen from start? Verisign is an organisation that only issues certificates. It has no test labs, network control systems, staff with a good knowledge of software. Yes, they may issue certificates based only in the assurance that they may track the developer. But, in this virtual world, what is an address or a surname? Buy a mobile for $50, get a Verisign number addressed to Dock 3 Amsterdam, place it on the name of Ivan Ivanovich Ivanov and create havoc on the net. I hardly believe that Verisign will get over this without the help of our dear M$.
Besides. Who is M$ to forbid me the right to install a virus? Yes, I WANNA INSTALL IT! I wanna see how it acts and rips off the data on my HDD. I wanna see the how's and when's of it. Because no one knows about it and I have mission critical workstations that need to be protected. You may say that I am talking some nonsense. But when I don't know the original infector and I catch the virus on other program then it will be possible that this certification stuff will hang on my neck. I want the right to turn it off and I don't need M$ to think for me. Specially when millions of dollars or top-critical information is in question.
Ok people you're right that
Possibly sane (Score:5)
Re:THis is an *option*, (Score:3)
On what concerns the lack of a Verisign or similar certification system. On Linux this is not a good option as the dynamics of development are much higher and variable. This specially concerns cases when people work in such projects like distros. I don't wanna say that we don't need Verisign-like certifications at all. But it is not as universal as in Windows, where development is more enclosed.
Different types of certs (Score:4)
Which brings up an interesting point -- is it just executables that are signed? When it comes down to security risks, scripting files and macros are *much* worse. Will Microsoft perhaps get a clue and only allow signed Word macros to do things outside of the document scope?
This could be a good idea (Score:3)
Lotus Notes has worked this way for a decade, and has provided all the programmability of Outlook (albeit with a poor UI) with much less virus vulnerability. It is unconscionable that any executable code gets run out of e-mail without a signature when the technology to do this has existed and been proven years before Outlook even existed. In addition if every DLL and exe were cryptographically checked when it was loaded, there might be a bit of a performance hit but it would be worth it in many environments.
I think it would great if Microsoft considered any drivers signed by them as equivalent to "original equipment" -- in other words no more blaming third party drivers for BSODs.
Of course we don't know what the details are yet, but there's no reason to engage in FUD. It could be a very good thing or a very bad thing.
Re:Wooaahhhh!!! Relax (Score:5)
Honestly, I doubt that consumer-grade users will ever come to that expectation. I mean, come on, these are the people who shut off their worm and virus warnings so that they can run e-mailed exectuable greeting cards or animations.
Where this could present a problem is for shareware/PD/free software apps in the enterprise, where IS is more likely to enforce the signed app rule.
Yowza. (Score:5)
Y'know, this kind of crap doesn't help the Geek Community At Large overcome the image of being a bunch of fanatical morons. Every time I think that Slashdot just might be making the transition into mature, thoughtful news reporting, this kind of rubbish appears on the front page. It's an OPTION. you can turn it OFF. I don't recall seeing healines of "Linux Installs Insecure By Default" because several distros automatically installed and configured an insecure WU-FTP...
When am I going to be able to read Slashdot without feeling like I'm listening to a bunch of pre-teen 133t k1dd13z taking shots at The Man on #haX0rzC3ntRa1?
$ man reality
Peer Pressure and Lawrence Lessig (Score:5)
The only freedom we have exists because we can connect Turing devices to the net. Once we are forced to use hardware or software that can perform only "approved" functions, any freedoms we have are in the hands of the people who approve those functions. You will only be anonymous if Bill Gates wants to allow anonymity. You will only have free speech if Bill Gates prefers it. Even your intellectual property rights will be mediated through Bill Gates' software.
Here's how the net ends -- not with a bang but an upgrade. The government won't put a gun to your head and make you give up your civil rights online. Instead, Microsoft and other vendors will come out with new features that you've just got to have. Well, maybe not you, but when every other person on the internet blindly upgrades, you will find yourself longing for them.
That's the dark flipside of the law of network efficiency. A network's value is proporational to the square of the number of people on it. And as the rest of the net flees to a Microsoft-only, proprietary operating system, using proprietary protocols, with none of your code allowed, you will discover that the remaining free network's value to you is being square-rooted.
No, you say, I'm a hardcore free-software supporter. Sure. You may be the hardest of the hard-core, but will even you continue to use a truly free, non-proprietary internet when the only people on it are you and RMS? How will it feel, being the Amish of the next century? As the world around you embraces Windows 20xx and its wonderful billg-approved code, you'll be stuck in your horse and buggy, refusing to use them newfangled zippers because you think they're the tool of the devil.
C'mon, you know you'll want to send email to all your friends, and check out the cool new holographic websites (that 2-D stuff is so 2000). All you have to do is install the new version of Windows. No, you might not be able to compile your own programs, or upload websites which the Nonobscenity Certification Board fails to approve, but isn't that a small price to pay?
Jamie McCarthy
Digital signatures cost a fat wad of bills. (Score:3)
sign the [compiled Apache] executable with a digital signature that has been assigned to them by VeriSign.
But it's different for GPL programs. The GNU GPL requires that all the tools necessary to rebuild the application be distributed and redistributable (except for compilers and other parts of the OS). This would include a private key, if the target system is one that requires all code to be signed. And VeriSign's monopoly on giving out Authenticode keys means that anyone who wants to build the application must pony up USD $400.
Re:Possibly sane (Score:3)
You can do the same thing on an NT/Win2K/Whistler system, you just don't give the user "Administrator" or "Power User" rights. The problems come in when some appliations require that the user have that level of rights to be able to function. I've had problems with Adobe PageMaker and ImageReady not working with just plain "user" rights. So, as a SysAdmin, you wind up giving some people higher rights than you'd like to because they have tools they need to use that weren't properly tested by the vendor. But, you've opened the door up to them installing all sorts of crap on their system.
I personally hate After Dark the most, it's the fastest way to screw up your Windows machine...
---
You miss the point.... (Score:5)
The average user does not tweak defaults, especially when the menu options are as hidden as they are in Microsoft products. After all there has been an option to turn of scripting support in Outlook for several years yet Melissa [fbi.gov] and ILOVEYOU [go.com] theoretically caused billions of dollars in damage because people do not change the default settings.
Anyway, how many non-computer savvy people are going to run an executable if Windows pops up a suitably scary error message up? After all Microsoft effectively killed Dr DOS [ddj.com] with phony error messages. If Microsoft decides to implement this policy it is very conceivable that all the major software houses will get Windows Certified(TM) thus pressurizing smaller shops to do the same. Where does this then leave independent developers?
Second Law of Blissful Ignorance
How SFP works (Score:4)
Windows System File Protection (SFP) is enforced by SFC.DLL, which is run by a thread in WINLOGON.EXE. It monitors for any file changes in the Windows directory. When it spots a change, it rescans the file by calling SfpVerifyFile() in SFC.DLL.
SfpVerifyFile() computes the 160-bit SHA digital signature hash of the file data and compares it to the signature in the corresponding catalog (.CAT) file. Note that the signature is not stored in the file itself.
The .CAT files are located under \WINNT\SYSTEM32\CATROOT. They are heavily armored with RSA PK and obfuscation of the data format. The catalog is modified by calling InstallCatalog() in SETUPAPI.DLL
The Office division of Microsoft doesn't use SFP, so files like WINWORD.EXE and EXCEL.EXE are not protected. Neither are macro files like NORMAL.DOT. If history is any guide, the Office division will run off and invent their own separate way of doing it.
Whistler/Office/.NET tech support line (Score:3)
It's that simple. On the one hand- this makes perfect sense. Windows is _plagued_ with horrible little shareware programs and random junk and AOL and who knows what else- it _is_ absurd to try and support some Windows system in which some idiot has installed a really old version of AOL from some random old CD or floppy. On the other hand, this is the mother of all network effects- a really strong argument for freezing out _all_ other software developers, essentially delivering on that long forgotten promise of Microsoft: "We think 100% penetration is a good marketshare". It is downright justifiable to take this attitude as Windows is easily rendered useless by screwed up software (so's MacOS, FYI). At the same time- this turns the situation at a stroke from a market into a command economy with MS the sole supplier- if you can't get support unless you abandon all untrusted code, a surprising number of people will do just that, particularly in controlled situations such as workplaces, or the large number of people who are _not_ busily checking out all the new games or whatever. Aunt Fannie, who only reads email and uses Word, is square in the crosshairs of this new development, and there are a lot of people like that out there.
Nothing more than a warning dialog and loss of 'support' need ever happen. Think of it as a combination cutting of support for 'renegade' users who run untrusted code- and keeping in line 'good' users who want normal, expected support from the vendor.