Whistler MAY Refuse To Run All Unsigned Code UPDATED

Carnage4Life writes: "This ZDNet article describes how Microsoft's next generation consumer OS, condenamed Whistler, will begin a tradition started by Windows 2000 where programs that have not been digitally signed by Microsoft certified signature are flagged. Currently Windows 2000 merely issues a warning when an uncertified/unsigned device driver is used, the Microsoft vision is to expand this to include all executable programs. On the surface, this may seem like a good idea until one realizes that this means that it is conceivable that all executables that expect to run on Windows will have to be Microsoft certified or risk being flagged or even worse refused to run on future Microsoft OSes. As the ZDNet article speculates, this will put even more power over Windows software developers in the hands of Microsoft. " This story has been turning up a bit over the last few days - while I'm not one to buy into conspiracy theories, this whole thing seems like a plan that originally had good intentions, but the potentials for foul play are pretty easy to think up.Well, I've finally got X running again and can update this story - I should have been more clear that this is /not/ set in stone, but a potential path.

Guaranteed upgrades?

[Stephen+Ma]

One final point, what happens when someone wants to run some older (legacy) software which isn't certified? Is it going to be handled the same way, or is there going to be a "backdoor" for currently existing software or some kind of "opt-out" list?

If old software won't run, this will be great for MS: everyone will have to pony up again for another Office upgrade.

Re:It's an OPTION, guys!

[MrBogus]

Yeah, but since everyone and their dog already has a SSL website, presumably they've already paid the root cert tax and can go on with their business.

(That is a big presumption that the same certs will work, but I can't any technical reasoh see why they couldn't.)

Re:This isn't what I submitted

[hawkbug]

Dude, if you allow this type of functionality to exist in Windows... do you really trust MS that much? I don't. I'm always paranoid they are sending something I don't want them to onto the net, in their hands more specifically. So, if MS controlled a zone alarm type of program, I wouldn't trust it at all....

Capabilities

[Wesley+Felter]

There are some people working on this:

http://www.erights.org/
http://www.eros-os.org/

It's pretty far from something you could run on your desktop, though.

Re:Nope.

[RobHornick]

Let's say I whipped up a quick internal project for my company in VB, or VC++. If I want to avoid them getting "WARNING: J00 GUNN4 B3 H4x3D" from their MS Security running in the background because my app isn't certified, it's not a bad idea to be able to submit my small .exe for their testing.

Re:but ...

[TheCarp]

> If I see a control that was authored by
> Macromedia or Microsoft, I feel safe in running
> it, because I know that neither one of these
> companies is likely to insert malicious
> code into their systems.

So you never download shareware or code written by anyone but a huge company and run it?

Now... signing JUST means that the person who wrote it has access to a key that was given to them (or rather signed) by verisign.

If you have it check for signatures...does it stop before EVERY peice of code and tell you who signed it and ask "do you trust them?"

My understanding was that if code is signed, it is executed with no question, regardless of who signed it (as long as the key has a valid verigign signature)

So anyone who is capable of getting a key with a valid verisign signature can have code executed.
That makes it kind of pointless I think. Unless of course it is really hard and only biog companies can get them...in that case maybe it has a point.

Of course...since I don't usually run much software thats written by big companies...I don't know.

-Steve
-Steve

What about 3rd party certificates?

[gfecyk]

The Register ran a similar article citing this was another attempt at M$ to control the world, blah blah blah...

What I told them as I'll tell you now, is nothing stops a third party from becoming their own certificate authority and signing their own applications. Signed apps are nothing new - ever right-click on the .exe for a Windows NT/2000 service pack? This uses the same Crypto API that IE uses for SSL and S/MIME, and permits users to install new certificate authorities.

What this means for the office that develops their own in-house software is they can sign their own apps if they have OpenSSL or another SSL toolkit to make the CA cert. No doubt the tools for signing Win32 apps come with the latest Platform SDK. You don't need to pay Veri$ign or anyone else, but having your cert signed by a well known CA helps.

What this means for software houses like Corel is they can sign their own apps with their own cert, and their users can choose to trust them (or not) by importing their CA Cert into their system. Even Open Source houses can maintain their own certs and perhaps use a central CA operated by, say, Souce Forge. Again, having your cert signed by a well known CA helps but isn't necessary.

Re:What about 3rd party certificates?

[Ektanoor]

If the certifying authority is not bound to one entity then everything is ok! Yes, let's not forget that users should keep the right to revoke Whistler's control. However if this means one house - Verisign that is Bad Move. First because the house is private. Second because it is commercial. Third because it is only one.

Not having a state or non-governemntal institution here is potential step for trouble as we don't have a counterweight for possible abuses.

Being commercial means that you buy and sell things. And some people may think it would be a good thing to sell some stuff on the side. Or Verisign may go bankrupt and we get some cold shower over the whole system. Or it can be bought by M$ and farewell independence...

It is only one house. In case of financial crisis, takeovers, corruptions, theft and earthquakes in their basement, we will have trouble.

Re:Wooaahhhh!!! Relax

[IntlHarvester]

Where this could present a problem is for shareware/PD/free software apps in the enterprise, where IS is more likely to enforce the signed app rule

And this is where Microsoft's concept falls on it's face -- because there is no self-signing or apparent way for a System Admin to indicate that an app is trusted. Outside of the political issues surrounding signed code, talking the SA's rignt to blow his leg off makes for a very inflexible system.

I already have this problem with a USB printer driver that won't load for unprivliged users because it's not signed. But I know it's an authentic driver right from Lexmark, just not one that has had MS's unholy certification pee sprinked on it.

You also see this move with the System File Protection feature, which is neat, but can't be disabled per-file by the admin. So, now it's impossible to remove Notepad.exe or the Comic Sans font without jumping through hoops.
--

Another example of insecure security for Redmond

[faye]

This seems to be yet another example of a useless security feature from MS.

Why useless? Well I admit that in principal it would be great to stop people running only "authorised" programs on any of the PCs I maintain , the problem is with the definition of authorised. Many of the programs we use are written "in-house" and are not going to get authorised, we teach programming so the students code is not going to get authorised, we knock together small scripts to help us automate a task which we may do once or twice and are not going to get authorised.

All this authorisation will cost money - so if I want to use any of my own tools, or anything useful that somebody else has written that hasn't been authorised I've got to switch the setting off. And of course it's a global setting so that's it off for all programs. The result is a security feature that adds to the illusion of security without adding to the substance.

If only MS had put just a little bit more thought into it and made it on a per program basis and allowed the sysadmin/root to "authorise" programs for their machines it would have been *very* useful. Of course the cynic in me says that that way they wouldn't have as much control....

TTFN

Faye

Re:Don't worry

[Zocalo]

An unsigned one, I might add...

But that's the point. If this option is switched on, you can't run the crack to switch it off. Unless of course the "hack" is a registry patch and that area of the registry is open to general user updates, which it should not be. Only admin should be able to change to that setting, and admin will be able to do it though a tick box in some control/policy editor.

I use Windows, I use Solaris and I use Linux; they all have their places and uses and I think if done well this could address a good chunk of the issues that I have with Windows' security on networks. If Microsoft gets this right they can effectively add control over the "attrib +x" command to system admins, where it belongs. I can't think of any way of doing that on UNIX short of removing the "chmod" capable commands from users; they can compile their own code on many systems and you can even get precompiled binaries on the web for UNIX now.

Done wrong however, even more people might starting to look towards alternatives; it's a Win-Win situation whichever way you cut it.

Verisign?

[Lord_Pall]

if i remember correctly, to get certification you must buy "digital fingerprint" whatnots from verisign..

I'm unsure how much this will impact the development of smaller scale software..

Especially because it seems that ms has a fair amount of clout related to verisign..(Given that they've just made verisign a LOT of money)

This does introduce the new idealogy that the creation of smallscale software now requires either a recurring fee, or a "licensing" fee paid to a third party

Sorta sounds like console development to me..

Even if the end user can disable this feature, we now have introduced the concept of truly underground development

Not only can this be used for applications, but for drivers as well...

and given the limitations of SDMI and the rest of the secure music formats relating to signed/unsigned drivers, this has some creepy potential for future os's

But maybe i'm reading too much into it..

Re:Wait a minute...

[Signal+11]

Refresh my memory as to why a free software vendor can't get a signature? Why are you such an asshole as to feel that MS is going to exclude free software people? Does it say this anywhere? NO. You fucken zealots really make me sick sometimes.

Thanks, Cunt!

Shouldn't anyone be able to sign?

[shreak]

Why should only MS be able to sign executables? If the authoring company (or distributor) signed the executable then the binary could be verified against a trusted source. That way, when I downloaded the driver update I would know it was from the same place. Since the issuing company does the signing there's no worry about "licensing lag" Of course that "trusted" source might be MS, but for MS apps, that's not necessarily a bad thing.

How trusted?

[noims]

What I'm wondering is how much testing goes into deciding how trusted a piece of software is. If there's a lot of demand for signed software, and if the price is relatively low, surely someone could get their timebombed s/w signed and cause total havoc.

How many anti-MS s/w terrorists out there are working for reputable firms (that they don't like)?

Noims.

Gotta get a new job then.

[scott1853]

When Whistler ships and I have to install it on my development machine, I just know the boss will MAKE us turn that option on regardless of the inconvenience. So every time I want to run something I'm developing, I'll have to digitally sign it first.

What the hell's taking so long with that hello world app!!!!

I'm just waiting to get it back from the MS Certification Lab.

Re:Relaxation would indeed be good

[Delphis]

Typical slashfuck hype isn't it? .. I remember when (misty-fade-in) slashdot used to offer good and useful news and there was less 'spin' on everything... Or maybe I'm just hallucinating.

I'm sure VA / Andover won't let a proper story get in the way of a good sensationalistic piece now. You can bet that the slashbots are well brow-beaten into believing that too.

--

excellent idea

[aozilla]

I've been wondering for a long time why Microsoft hasn't done this before. This is a great way to stop email virii such as iloveyou right in their tracks. Sysadmins of major corporations can turn it on, probably on the domain server so it can't be turned off, and can rest assured that they won't pay the millions in damage for their employees stupidity. This is *more* power for those employees, as sysadmins don't have to resort to tactics such as disallowing all attachments, or all attachments of certain types.

Attachments don't kill people, people kill people.

phone support cop-outs

[geoff+lane]

Do you run uncertified software? Then sorry can't help - remove the s/w and if it still happens call us again. That'll be $90, thankyou.

Re:but ...

[Foogle]

Well that's hardly relavent, since you don't have to show your source code or even it's compiled results to Microsoft, or VeriSign. You just have to apply the digital signature that's been issued to you.

But don't let me stop you from drawing ridiculous analogies to prove a stupid point.

Re:Possibly sane

[Dyolf+Knip]

Whoever said a PC couldn't also be a dumb terminal?

I had the opportunity to set up a number of thin client workstations with MS Terminal Server. I loved that thing. Ran 36 clients off of two servers. Never had to worry about the lusers formatting the things, attempting to use their 733t ski1z on them, or screwing them up any other way, which they did all the fscking time with standalone PC's. And the real beauty of it was when we put the client on a bunch of old Mac LC's and IBM 386's, and then basically ran NT4 on them. Saved a fortune in hardware costs and about two thirds of the maintenance time...

--

Re:Get it right.

[Stonehand]

That is a GOOD thing.

It's 'bout high time users realize that installing software without having a good idea of who wrote it -- such as the toy applets sent frequently in the mail -- is not the swiftest thing to do.

Know how many Open Source advocates compare computers to cars, and a closed system to a car with the hood welded shut? Installing random software without some reasonable basis for knowing who wrote it is like allowing random people to monkey with the internals of your car. Given that there are people who write trojans for kicks, the metaphor extends to letting people wire Semtex and blasting caps to your ignition -- if they choose. And knowing that they'll leave much less evidence, as well...

If it makes people realize how trivial it is for a program to damage their files -- at least in a system w/o strong access control and provisions for a "sandbox" environment -- maybe a) they'll actually back up more (I would *not* buy a desktop without simultaneously getting a tape drive. Period.) and b) they'll think about what they run.

Re:Remember, IE was once optional too.

[Moofie]

Yeah...so optional you have to buy a program to get rid of it...

(Yes, I know there's a free (beer) version, but still...)

Re:Remember, IE was once optional too.

[JackVance]

Remember, IE was once optional too.

Still is - www.98lite.net

After my reasearch on this...

[RogueAngel7]

Well, I've done all the research I can and here are my results. (Please understand that I do not like Microsoft, but I will try and be objective. Also I do realize that this is only an Option for now.)

OnTopic First: It May be an option now, but do you want to let MS just trend you into submission?
What you really have to ask yourself is do you trust them. Let me present my case.

(Subjective)In the last ten years I have heard a thousand promises from a company that changes its mind on a whim. MS revolutionized the way the world looked at computers, especially for the end user be it business or consumer. But how can you believe a company that has failed to deliver so many times (any programmers remember DX1?).

Some of the problems I see with this company and its policies are:

They always promise big, but deliver small. Windows 95 is so difficult to keep stable that my own mother managed to lock it up every week with out installing anything. Sure it may have been experimental for MS in 95 (*remember plug and pray?*), but should they be able to claim it actually works when they know it only works on a certain 'percent' of the actual users out there?

"Windows Security". Need I say any more?

Hummm... I seem to remember that NSA_KEY thing... Something along the lines of "the reason the NSA_KEY was named in that convention was because it was the key that was sent to the us government for inspection. As long as we and any other company released or encryption techniques to them for inspection we were allowed to export it." (Note: this is not a direct quote, but only what I remember from a MS press release. It is pretty close though.)

I almost forgot about the AWSOME amount of 'undocumented features' that Microsoft allows too be in their programs. Ever tried to call MS support?

This company may have started on good intentions, but good intentions only get so far. Don't get me wrong. They have done a lot of good overall, but only for their own ends. I have worked at companies that choose to go with MS instead of Netscape purely because Internet Explorer was included with windows. (Which I'm sure would have been the opposite if Netscape made OS's, but that is not the point). Microsoft OWNS the most market in history as we stand, and most people don't even know it. Need I site their recent HUGE buy of 25% or so of AT&T stock?

(This is a straight fact) for those who cant draw the line, MS buys 25% of AT&T, who intern owns TCI, who is in a joint venture with Time/Warner (for nationwide broadband market) who is already mergered with AOL. Microsoft publicly still claims that AOL is one reason that MS claims they should not be considered a monopoly.

Is this the company you hope just 'leaves it an option' to restrict an exe (signed or not)?

(Back too subjective) Regardless of what anyone thinks, Microsoft is not going to shoot themselves in the foot. They are very smart, and willing to give the public exactly what it wants as long as it fits in their current company focus.

Even if you don't like what I said here, please research it out for yourselves. Stuff like this is to important to leave your opinions in the hands of others.

Follow the money trail. They wouldn't do anything with out major money backing them.

Re:You miss the point....

[Malcontent]

Yea linux has much better error messages and better logging too.

My favorite MS error message has got to be..

1) Error number 31XX there is no message for this error.
2) A blank dialog box with an OK button and nothing else.

Re:It will never work

[Stonehand]

It's not code-level verification (say, proof-carrying code), but authentication.

You'd probably put more trust in, say, Citibank, if you were sure that you were really dealing with them, than some random lending institution that gives you a P.O. box and solicits money for new accounts, no? This is the same deal.

Armadillos in a thunderstorm

[Graymalkin]

It always amuses me to see the non-newbie Linux zealots get their panties in an uproar if there is ever any news about Microsoft. Yes Whistler has an option to only let certified applications be run by users or user groups. Big fucking deal. If you're a serious Unix admin you spend hours configuring your system so foreign binaries don't get executed on your box and fuck everything up. Certificates are the next logical step in system security. Say I have a bunch of Whistler workstations and I write a cool VB script to automate some tasks and keep the systems in top shape even when I'm not in the office. Wait a second, it's a bad idea to allow VB scripts to run on your system because of malicious code. Solution, sign MY script with a signature (anything I can import, not just VeriSign) and allow it to run unfettered because it is signed by me. When you write a shell script do you not make sure it runs with an SUID but can't be executed by unprivilaged users? Oh yeah huh. Microsoft with Whistler is going to start integration of the .NET concept, security is going to be an enormous concern in this area. NextBestThing.exe fires up and uses some ActiveX components somewhere on the internet if there is no handshaking and authorization going on in this transaction you've just opened a huge security hole in your system and network. The EJB 1.0 spec has a problem of this sort that crops up. It supports authorization as you can have a user have access to a certain set of objects but beyond that it is up to the developer how to impliment more security. If I was planning to start offering applications that resided or executed remotely I would want some proof they were the real shebang. I'd actually like to see a good certificate implimentation on Linux, especially in a professional environment where you need real reliability and authorization, not just strong crypto on your pr0n and mp3s.

Re:Eeeeep! Wrong.

[Greyjack]

Shareware/Freeware/GPL/Open Source developers certainly will have access to this signing process. They can either buy a Verisign certificate themselves, or if they don't want to, five bucks says organized groups of some sort will step in to sign apps for those poor downtrodden shareware/freeware/gpl/open source guys.

In any event, the people who really care will all be using Linux anyway, so who cares?
--

social engineering

The real danger in this is what it will do to public perception. For example, if one thinks back to the Caldera (DRDOS) lawsuit, this talked about, among other things, the use of a section
of code in windows which was used to create the public impression that DR-DOS (or any non MS-DOS) was defective.

By using signing and making this the default behavior, MS can accomplish much the same goal without having the same legal risks. The
question then is what impression does it create
in the public's mind when they are told everything they might run which hasn't been "approved" must
be considered suspect and automatically excluded
by default.

If a user can sign for and self "certify" applications at thier own discretion when encountering unsigned images, it it not
nessisarly a bad feature. But if it pops up with a highly negative warning and refuses to run, then
I think it's a brilliant piece of propoganda and
social engineering, and one that could have very
negative consequences for the marketplace for
third party (non MS certified) software, and a
wonderful oppertunity for certificate authorities, or even better yet (from MS point of view), if
one must get a certificate from microsoft itself
before one can sign apps. Certainly it's a ca's wet dream come true.

Useful, surely?

[slim]

Surely this is a useful feature. I'm assuming tools will be available to sign your own code.

I can envisage wanting to create a self-signed root CA certificate for myself, and signing anything I compile, such that nobody can sneak in with a trojan and replace my lovingly created binaries.

Freeware distributors could equally sign their binaries with certificates from their own Certificate Authority to reassure users that the version they have is kosher.
--

This isn't what I submitted

[Carnage4Life]

Y'know, this kind of crap doesn't help the Geek Community At Large overcome the image of being a bunch of fanatical morons

Hemos took a lot of liberty with my submission including changing the title as well as cutting of some technical analysis at the end of my submission.

Basically the gist of my submission was that Microsoft is taking a heavyhanded and incorrect approach to attempting to solve the problems with Outlook viruses and the like. Specifically, instead of coming up with some Draconian all-or-nothing security policy why not introduce more granular access levels to Whistler?

For example, I currently run ZoneAlarm and it prompts whenever a program I haven't given permission tries to access the Internet (in fact I found a Trojan this way). ZoneAlarm has three permission settings Always Deny, Always Allow, and Always Ask. I wouldn't mind seeing such functionality moved to the OS and made even more granular so that programs have very explicit permissions as to what they can do (similar to java.policy files). Outlook should not be able to tweak the registry nor delete files (via the ILOVEYOU virus) regardless of whether it is signed by Microsoft or not.

Basically I am proposing something similar to Access Control Lists for executables on the OS, after all, there already is a central repository of information (the registry) so adding that data shouldn't be too hard.

Second Law of Blissful Ignorance

Re:This isn't what I submitted

[American+AC+in+Paris]

[posted by Carnage4Life, author of article submission:]
Hemos took a lot of liberty with my submission including changing the title as well as cutting of some technical analysis at the end of my submission.

Then I feel doubly sorry for you, as you're pretty clearly approaching this issue from a rational standpoint. I thought that this might be the case, and thus was careful to avoid pointing fingers at you the author, but rather at the /. editorial staff.

Having said that, a granular permissions model would be a decidedly better approach to this kind of problem than the all-or-nothing model Whistler will evidently implement. Sadly, this message was nowhere to be found in what finally got posted under your name. I'd be raising holy hell if I were you.

Knowing that this wasn't your intent in the first place makes me feel even angrier at /. than I did before. It's one thing to post zealous articles by zealous authors; it's another thing entirely to edit zealotry into them. Absolutely shameful.

$ man reality

Re:This isn't what I submitted

[pen]

This is already how every Unix out there works, and how NT supposedly works.

--

Re:This isn't what I submitted

[drinkypoo]

In general, Microsoft is in a position of EXTREME conflict of interest being both primary supplier and primary competitor. Their actions must be considerd in that light. How some people refuse to acknowledge this is confounding.

Few people are arguing that this is not Microsoft attempting to extend their control. However, they are saying that the headline added to the article by slashdot staff is pure FUD, and they're right.

Re:This isn't what I submitted

[Lauritz]

Isn't this why you run (the app) postgresql as (the user) 'postmaster' and (the app) apache as (the user) 'www'? So you can control the access a app has to your system.

(Windows do this too: the webserver run as 'iusr_machinename')

Re:This isn't what I submitted

[Ektanoor]

Frankly, slashdot staff is known for some yellowish view on submissions. And many people have talked about this. However, in this case I do not think that you people are seeing the whole picture. You blame the /. for overweighting the whistleblower stuff. I think that they are doing not enough here. Yes /. should be blamed to chenge the submission in such a way. But please stick in this fault and not in M$'s plans.

Frankly I am a damn anti-M$. And have reasons for such. 15 years people. Seeing some inside stories and a lot of outside ones. And I have always been too swift on public. On private I say Hell of them. But now I'll try to hold up some lines.

Does M$ needs to check their soft? YES! THANKS GOD THEY START TO REALISE IT!!! And certification is a good process to allow such things.

However Microsoft is on its own again. Yes, it gives power to some Versign to process certifications. But why is this needed. Why do we need another company to check certifications. Why not to give chances for users. Ranging from something similar to MD5/PGP checksums and over a database where one may get more detailed information about the characteristics of the package? If you are a good admin then you'll need exactly this last one option. You will surely want to see what was tampered and how. Only having this information, then you will be able to take measures necessary to protect your network and the potential victims of the exploit (specially if there was planned, objective, intentional and criminal intent).
Now M$ does everything for the lazy admin. "Oh it does not pass certification... BANG!" And the happy lazy admin waits until someone circumvents this and gets him on the hot seat. That what will happen if such scheme will be used. So "thanx but no thanx".
On the other side. You people seem to ignore a factor. Microsoft gives always cheese on a mousetrap. So do you think that, if you pay for freedom, M$ will keep these terms? You have to certify everything. So, in a possible future, someone may restrict the certification process and you're TRAPPED. You don't go anywhere. Much the same way we all have to pay for a M$ tax (my institution paid no less than $3500 once) you may be forced to accept such things as "you're soft didn't pass certification". And frankly, can you tell me that this will not happen from start? Verisign is an organisation that only issues certificates. It has no test labs, network control systems, staff with a good knowledge of software. Yes, they may issue certificates based only in the assurance that they may track the developer. But, in this virtual world, what is an address or a surname? Buy a mobile for $50, get a Verisign number addressed to Dock 3 Amsterdam, place it on the name of Ivan Ivanovich Ivanov and create havoc on the net. I hardly believe that Verisign will get over this without the help of our dear M$.

Besides. Who is M$ to forbid me the right to install a virus? Yes, I WANNA INSTALL IT! I wanna see how it acts and rips off the data on my HDD. I wanna see the how's and when's of it. Because no one knows about it and I have mission critical workstations that need to be protected. You may say that I am talking some nonsense. But when I don't know the original infector and I catch the virus on other program then it will be possible that this certification stuff will hang on my neck. I want the right to turn it off and I don't need M$ to think for me. Specially when millions of dollars or top-critical information is in question.

Ok people you're right that /. gets too yellow sometimes. Flame them at will. But don't start telling me about "oh poor M$". Specially on this stuff. I know the viper too well to know that they will not stop here.

Re:This isn't what I submitted

[QuoteMstr]

Hemos took a lot of liberty with my submission including changing the title as well as cutting of some technical analysis at the end of my submission.

You might want to try Kuro5hin instead, or in addition, next time. We welcome technical analysis and such. :)

Re:Switch

[Enahs]

Well, while your post reads like flamebait, you actually make some good points. There is one thing I take issue with, though:

"Command line is hard, GUI is easy."

Only if the GUI interface is designed well. I know some Joe Sixpacks that would rather use DOS commands than use Windows GUI ways of doing things (probably just because they learned the DOS ways first.) My dad's that way. He still has trouble with the Start menu. The Start menu, of all things! But when it comes time to get a sorted list of his AutoCAD files, sorted in order of file size, he heads for a DOS shell. It all depends on what's learned first, and how well the interface is designed.

Eeeeep! Wrong.

[Greyjack]

all executables that expect to run on Windows will have to be Microsoft certified

No, all executables will have to be signed by the developer. Which is done using a Microsoft tool that you can get free. Although you have to pay Verisign for an ID.

Assuming there's a low-cost option for free/smallbie developers that want to release signed binaries, I don't have any problem with it m'self. I haven't looked at Verisign pricing lately, so I don't remember what the rate schedule looks like; was $400/year for a full-blown corporate development certificate I used to sign ActiveX's at my last job. (Note--*I* signed them, not Microsoft). But yep, that is a good chunk more than I'd be inclined to pay m'self.
--

but ...

[Gricey]

does it have to sign each of it's 65553 bugs?

Re:but ...

[waddgodd]

1) DeCSS

2) You trust MICROSOFT to use a cryptographically secure system?! The same company that stored its passwords in plaintext for five years and had an avoidable authentication agent for much longer?

Re:but ...

[||Deech||]

Brute force with l0phtcrack? Why? Just use one of several happy little utilities that allows you to boot off a linux disk, suck out the .dat files, replace the password, and put em back again..

Only thing that will thwart most of them is if they actually use the Syskey utility. But I'm pretty sure that some of them have gotten around that little problem...

Re:but ...

[Foogle]

Well I was talking about ActiveX controls, not applications. ActiveX controls being more dangerous because they're embeddable in websites.

However you make a good argument about signing. Will Windows simply run an application with *any* signature. If so, how is that useful?

I see it as being more useful than the situation we have right now. If someone wants to get a signature from VeriSign, they need to submit contact information and (I'm not sure about this) probably a marginal fee. Now, this signature requirement doesn't stop malicious code from being executed on anyone's system, but it does add some accountability.

How many trojan-authors are willing to pay a fee to sign their apps? It's possible that they can do it, but they'll have to be willing to have their trojan discovered and their signature black-listed. And if their payment required some form of ID (even a credit-card), it would be much easier to trace the author.

I'm not saying it's a great solution. It's not a great solution. But it's better than nothing, which is what we have now. Besides, if you don't like it, you can just shut it off.

Re:but ...

[Enahs]

The certificates are controlled by VeriSign.

Re:but ...

[TheCarp]

Well we are talking about a "cryptographically secure" system as implimented by microsoft.

As a person who once had to recover a lost administrator password from an NT box - and was able to have it brute forced with l0phtcrack in under an hour on a P90 ... I have very little faith in their abilities.

Then again...I havn't used a single bit of microsoft software in quite a while now.... maybe they have gotten better? Perhaps this will take 2 hours to brute force.

-Steve

Re:but ...

[Foogle]

First of all: if you could lophtcrack the admin password on a P90 in under an hour, then the admin password *had* to be a dictionary word, or a very simple derivative of one.

Second: Given the same password, a brute-force cracking system would've been able to do the exact same thing under Linux, BSD, etc. It simply doesn't matter *how* the password is encrypted when you're dealing with brute force.

Now, on top of all of this, Microsoft doesn't write the software that signs applications. VeriSign does. It uses the same cryptographic principles that make SSH and SSL usable and secure.

Re:but ...

[Foogle]

Now that's funny. Reverse engineer the signing process? If you think you can "reverse engineer" a cryptographically secure system, I'd love to see it done.

Re:but ...

[Stephen+Samuel]

No big problem with having to register all code with Microsoft (possibly even having to show them your source) -- It's kinda like needing internal passports to travel between states... This would have make things a good deal more difficult for the Oklahoma Bombers....

Then we can add fingerprinting all children in Junior High. Makes tracking rapists and killers that much easier.

Then there's this "innocent until proven guilty" bullshit.... I mean do you know how many guilty murderers have gone free because of this? Why not have the accused prove their innocence?
.....

The road to a dictatorship is paved with good explanations.
`ø,,ø`ø,,ø!

Re:but ...

[Foogle]

Yes, case sensitity does increase your keyspace, but so do longer passwords and larger character sets. The method used to encrypt/hash those passwords is still relatively irrelevant, as long as it's cryptographically secure, which NT's system is.

And, we may agree to disagree here, but I am fairly familiar with lophtcrack and, although it is a very efficient system, it's not supernatural. To go through every alphanumeric combination of an NT password, on a Pentium 90, would still take a really long time. A month maybe? The bottom line is that on NT or Unix systems, a well-chosen password could take months or years to brute force, depending on the speed of the machine.

As for the idea being silly -- I disagree. Look at ActiveX controls right now. They're almost all signed, and it's works very well in alerting users to potentially dangerous or untrusted code. If I see a control that was authored by Macromedia or Microsoft, I feel safe in running it, because I know that neither one of these companies is likely to insert malicious code into their systems. However, if I see an ActiveX control that *isn't* signed, I won't run it. Why? Because it would easily delete all the system files on my machine without me being able to stop it.

The same is true for any application, and I see no reason not to extend the idea to other realms.

Re:You miss the point....

[Saurentine]

A lot of people I know (the ones who don't know computers anyway) don't even read the error messages that pop up. I can't count the times that someone as said "It's not working, there was an error." And every time, when I ask what it said, they responded very defensively that they didn't read it.

Well, it's no wonder because everyone's been conditioned to think of Windows error messages as something only a senior Windows programmer working at MS would understand, and no one ever found useful. I can't count the number of times I've seen "Error in FOOBAR.DLL at 0E132:12592" or the like, or called Microsoft (back when they actually pretended to support their products) and told them the exact error message ony to be told "reboot the system, it'll go away".

With Windows error messages, the faster you can dismiss them, the faster you can reboot the farging machine and get back to work. These messages have been so very useless for so very long that no one ever believes that they could offer any useful information anymore.

Crazy

[OzJimbob]

This is just crazy - MS seem to be doing everything POSSIBLE to piss off consumers! I can see a big crash ahead....

Re:Crazy

[Torak-]

What a lame post. If you're going to try and disguise your attempt at first post, at least put some effort into it next time.

Re:Crazy

[ichimunki]

I'm not sure I see where and how the article explains that MS itself will do any sort of certification. All it says is that they are building an option to prevent execution of unsigned code. The biggest problem I can see is MS requiring that certificates (which are different from certification) be purchased from them. Even if the certificates come from a 3rd party like Verisign, this is still additional expense for shareware developers. And if it relies on patented or non-Free algorithms to be applied, then it starts to take Free software out of the picture. However, simply having the option to not execute unsigned binaries is hardly a terrible thing. Security paranoid sysadmins should like this, since it means that all binaries come from a "trusted" source. How easily the ability to trojan a binary that appears trusted remains to be seen. But this option doesn't really sound like much more than the current (hihgly manual) option in Linux to download signed source code, use checksums, then compile, so that the odds of a trojaned binary are pretty much reduced to an impossibility.

Re:Crazy

[SevenSeasOfRhye]

I agree.
Microsoft is actually creating a hole for itself.
Every software company can not and will not get certification from MS.
If I use a product and it doesn't work in MS OSs, I'm going to change the freakin OS, not the product which works damn well for me. (Provided its important). So isn't MS screwing itself?

Re:Crazy

[OzJimbob]

Oh gee buster you caught me! Whatever shall I do?!

Re:Crazy

[pallex]

"So isn't MS screwing itself?"

What, by providing an OPTION so that you can prevent the execution of un-certified software on your machine? Doesnt that sound like a good idea to you?

Obviously its an option, otherwise it`d be impossible to write software for Windows. I think Microsoft may have actually thought about this for a few minutes.

beginning something that's already began

[Foss]

"Microsoft's next generation consumer OS, condenamed Whistler, will begin a tradition started by Windows 2000" huh???

I doubt Microsoft does the signing

[donutello]

It's probably licensed out to an external agency to manage.

At least this is how Windows logo certification is handled. Microsoft determined the criteria that had to be satisfied in order to obtain the logo certification and it is managed by an external company. Microsoft products have to work just as hard and comply just as much as any other ones in order to obtain certification.

I seriously doubt this will be any different.

Really!

[buttfucker2000]

The paranoia of the article is simply that.

Microsoft could not get away with controlling software in the way described. It just wouldn't happen - the EU and US wouldn't stand for it.

Get away from that and what do we find?

We find that Windows will continue consolidate its position as the most stable GUI operating system.

We find that users will no longer be able to break their systems by installing incompatible software.

We find, in fact, nothing but good news.

Re:Really!

[techsupersite.com]

The USA and the EU may get pissed that M$ is trying to control which software is "good" and "bad".

Why that's THEIR job! I'm not so convinced that the USA or the EU will follow thru on restraining Microsoft. And I'm not so sure that it even CAN be restrained as long as current management still have any say in any part of the operation.

Certainly the EU is more likely to stay hardline on Microsoft, since it's an American, not European company, but I still wonder as to what legal authority the EU has over M$ anyway. I suppose they could make it illegal to import M$ products, but that's unlikely, as that would highly piss off the USA.

But then I wonder if the US has any international respect anymore after the Presidential election, clearly already won based on the law, but the party in power is being allowed to force recount after recount amid many allegations of fraud to overturn an election.

Re:Really!

[Russell_A]

According to NPR this morning, EU has filed a lawsuit at MS for the same reasons the Anti-Trust lawsuits were in the US. Apparently EU and US do think alike at times.....

Re:Really!

[jallen02]

You would know that since it keeps the math simple that is also what makes it scale. So it produces some results that say 1minute, its just how it does math its not like its going to kill anyone..

Jeremy

Re:Really!

[Sir+Runcible+Spoon]

The EU and the US taking the same stand. Now that would be time to be paranoid.

Re:Really!

[Tuxedo+Mask]

Lots of ppl think EU and US are natural allies. What a laugh.

Whats really needed is a PRC/EU alliance to bring an end to the overbearing imperial buttmunching ways of the US.

Re:Really!

[el_chicano]

We find that Windows will continue consolidate its position as the most stable GUI operating system.

Nice troll! Using stable and Microsoft in the same sentence with a straight face -> score: 9.5. You only lost troll points by hiding it in a post that has content...
--
You think being a MIB is all voodoo mind control? You should see the paperwork!

Re:Wooaahhhh!!! Relax

[1010011010]

Until, of course, they sell "developer" versions of Windows, and the regular version run only signed programs. This would kill the shareware market for Windows, though, not to mention free software for Windows.

________________________________________

Yet Another Way To Make Money

[robbieduncan]

Beyond the awful consequences of not being alowed to run your own code on your own computer this could be a way for MS to make even more money. I don't imagine that they will be signing apps for free. They already do this with VBA in Office 2000 but at least provided a tool for you to sign your own code. This tool does not sign it in the same was as an official payed for signature though, and still causes all those really anoying warnings to come up.

Re:Possibly sane

[Demona]

"It also says that you have the option to send it to them for testing so they can approve it..."

It might be amusing to repeatedly execute and send them copies of "banned" stuff such as ASFRecorder, Streambox VCR and the like. It would be even more amusing if those apps managed to make it through the approval process.

This is great for network admins

[...+James+...]

Consider this -- combine this feature with active directory, and then, domain- (well, forest or whatever you want to call it) wide, administrators will have control over which applications are allowed on the desktops. No more users downloading screen savers, solitaire clones, etc. to screw up their computer. And as new applications come in, no problem -- add their signature to the list of approved apps before you roll it out. I can't wait for this.

I hope this is true

[Tet]

I really hope this happens. If Windows refuses to run anything but authorised code, then it'll hasten the end of Windows as a viable platform, and the world's computers might just switch to more reliable alternatives that little bit quicker. Given that Bill Gates has always been a fierce defender of unregulated development (and it's about the only area where I agree with him), I doubt this will ever happen, but it's possible. I suspect they won't take it any further than flagging unsigned code as potentially dangerous, and letting the users decide whether or not to run it.

Re:I hope this is true

[gle]

Yes. If it can't run Strcraft, it's doomed!

____________________

Re:I hope this is true

[GeZ117]

>I suspect they won't take it any further than flagging unsigned code as potentially dangerous
Considering the amount of bugs in common bloatware like Office, I don't think signed code will be less dangerous. Except if they don't sign their own products.
Oh, dangerousness refer to viral risks, not bugs ? Well, I hope they won't sign Outlook nor its Express version. Melissa or ILoveYou, you remember ?

That means...

[11thangel]

They can kill all partitioning software that can add linux/bsd/*nix partitions and increase their monopoly.

Re:That means...

[Foogle]

Oh, for Christ's sake! Make sure you understand how secure-signing works before you post anything about the subject.

"They" don't get a say in what is and is not a valid application. It doesn't work that way. A developer gets a signature and it is cryptographically written to their executables. It's just a simple method of authenticating *who* wrote/distributed the application. The process has nothing to do with whether the application is "ok" in anyone's view.

Re:That means...

[vslashg]

Why? Are users sophisticated enough to use partitioning software too dumb to figure out how to turn off a "run signed software only" option?

Re:That means...

[Gay+Mr.+T]

So how do open source projects get signed?
---

Re:That means...

[Foogle]

A decent question. Let's take Apache for example, because they produce a Win32 version of their program.

Before the Apache group puts a new (compiled) version of their program online, for people to download, they would sign the executable with a digital signature that has been assigned to them by VeriSign. This signature would guarantee that the application was released by Apache, and not altered by any third parties.

Now, if you were to download the source and compile it yourself, there would be no such signature. And there shouldn't be one either, because Apache can't verify that you haven't altered the source. It's not guaranteed to be the same executable anymore. However, you're perfectly capable of putting *your* signature on the Apache application, after you've compiled it. That would certify that the application hasn't been altered by anyone, after it was altered (compiled) by you.

Re:Wait a minute...

[f5426]

Yes, you are right. Thanks for all your insight. I hope I can be as intelligent as you one day (but it looks, it won't be possible. You are so brilliant)

Thanks you again. I now see that you really know what you are talking about. I thought you were a moron, but it is definitely not true. "You pay the money and have your code tested like everybody else". I didn't think about it. M$ certified code is tested before beeing certified.

Really, thanks a lot.

--fred

Re:Digital signatures cost a fat wad of bills.

[Foogle]

The target system does not require all code to be signed; It's an option. As for the GPL issue, I am hardly a legal expert, but I don't see how the GPL would be interpereted this way, as the signature is not related to the code, or its execution, in any way (other than its authorization).

Having said that, you could be correct. It's entirely possible that MS is creating a scenario where EVERY developer has to have their own signature. However, this isn't any more relevant to the free software community than it is to the closed-source community. To compile *anything*, closed or open, you'd have to have a signature.

Re:Will never be mandatory

[Foogle]

You'd never have to pay *every* time you compile. You'd pay for your signature once, and then apply it to every new executable you create. It's a one-time deal (unless it's subscription based, but that's still not unreasonable).

Conspiracy Theorists ...

[TexasCowboy23]

... relax and take your medications ... Thanks to one of my close friends who is working on the Whistler project, I got to see it up close and personal a few weeks ago. I saw nothing that would suggest this conspiracy has merit. And I would like to mention that a program can be digitally signed by other people and places from what I've seen. My video driver for my laptop, for instance, comes from ATI (not Microsoft) because the screen's resolution is 1400x1050 (which is an odd resolution) ... When I installed the driver (under Windows 2000 Advanced Server) and looked at the information, it is signed by ATI and not Microsoft. The goal then becomes for programmers and Microsoft developers to acquire a digital signature and sign programs themselves. Seems easy enough to do...

Re:Whistler/Office/.NET tech support line

[sbjornda]

I don't think most of MS's revenue stream for apps comes from home users phoning MS for support. I think this will be a tremendous boon to companies who have their own tech support folks.

Especially if it's a requirment that not only compiled exe's, but also all scripts, be signed. That will be almost the end of Outlook worms. In a totally managed environment, it could in fact mean the absolute end of Outlook worms -- such a thing is possible in Lotus Notes today.

Re:How long until a"Cracked" Signature Gen appears

[Wesley+Felter]

I think you mean unless they get hacked again, and their private key leaks...

But there's a much easier way. Just edit your copy of Windows and replace MS's public key with yours, so your copy of Windows will now only run code signed by you.

Re:Remember the history...correctly

[freeBill]

MS-DOS 1.0 was licensed from SCP and was out long before CP/M-86

I don't believe I (or anyone else) has claimed that MS-DOS 1.0 (or PC-DOS 1.0) was copied from CP/M-86 or any version of CP/M intended for processors made by Intel. The matter that was litigated (and settled by Microsoft in DRI's favor) was whether earlier versions of CP/M were used in developing that version which was licensed from SCP.

The case was settled when it became clear that Microsoft had the evidence which could have either cleared them of this charge or proved they did it. Since it became clear to the judge they were not going to allow that evidence to be seen by the court or its representatives under circumstances designed to protect their proprietary interests, he had ordered they reveal what they had described as their "crown jewels" to the court. Then they told him they couldn't find those "crown jewels." When it became clear they had lost credibility with the court (first claiming the source code to PC-DOS 1.0 was very valuable, then claiming they lost it), they decided to settle.

I apologize to anyone who objects to my conclusion from this evidence that MS probably stole the CP/M code. But my point was not that they did so, rather that they didn't do so until they had tried to help DRI get a good contract first.

I was trying to point out that the history of Microsoft shows that, even when they seem to be operating honorably in the beginning, their ethics have been known to slip. Thus, IT managers who wish to assume their eventual use of a given technology will be honest simply because they are currently not doing anything unethical with it may find themselves being hurt by that assumption.

AC is welcome to make that assumption, ignore the history, and take "The Road Ahead" to the Microsoft-prescribed future.

Word for Windows, Word for OS/2, WordPerfect for Windows and WordPerfect for OS/2 were all out years before Windows 95. (Microsoft and IBM split in the Windows 3.0 timeframe - five years before Win95)

The accusations of a head-fake by MS with some of the developers with whom they had long partnerships were made roughly one or two years after the release of OS2. Microsoft encouraged their partners to support OS2 while they were planning their own response to it.

Obviously, they could not maintain this dishonesty once they had announced Win95 (which happened long before its release). Traditionally, those who have defended Microsoft on this issue have argued not that it didn't happen, but that the owners of WordPerfect were naive in believing them. In other words, that MS's tactics were simply tough tactics which should be expected in the rough-and-tumble world of business. I've never heard anyone argue it didn't happen. (Or, stranger still, that it didn't happen when it did.)

Once again, I'm merely trying to point out that the relationship between MS and the developers with which it eventually began competing unfairly was entirely ethical and honest for a long time before anyone started claiming dishonest tactics. Indeed, I would argue the fundamental honesty of that set of relationships was largely responsible for the PC boom and the innovation of that period. I would also argue that the destruction of that fundamental honesty is responsible for the lack of innovation since the Internet browser was introduced (the last killer app, in my opinion).

About the only reality in the Netscape story is that there was a company called Netscape.

And that minor inconvenience of an anti-trust consent agreement and a subsequent anti-trust decision, not to mention Bill's testimony in court which serves as a virtual signed admission of guilt.

But don't let any of those facts get in the way of your decision to trust Microsoft. Trust them. Embrace them. Those of us who pay attention to the history know who will be screwed next.

And it's not gonna be us.

Re:Digital signatures cost a fat wad of bills.

[yerricde]

The target system does not require all code to be signed; It's an option

...that IT managers can turn on and refuse to turn off "for security purposes."

However, [requiring a unique signature for every developer] isn't any more relevant to the free software community than it is to the closed-source community.

Except most closed-source coders code within the scope of their employment, and employers can afford to provide such signatures, while Joe Free Software Hacker can't.

Slashdot To Refuse To Read All Submissions

[stx23]

Slashdot To Refuse To Read All Submissions [ SlashdotPosted by Macos on Tue November 21, 13:44
from the turn-on-red-alerts dept.
Carnage4Life writes: "This ZDNet article describes how Slashdot next generation scripts, condemned Slashcode, will begin a tradition started by CmdrTaco where stories that have not been written by anyone of /.'s friends are ignored. Currently Slashdot merely issues a warning when a fact based story is received, the Slashdot vision is to expand this to include all stories with a hint of truth in them.
On the surface, this may seem like a good idea until one realizes that this means that it is conceivable that all stories that expect to appear on Slashdot will have to be Roblimo certified or risk being ignored or even worse refused to publish. As the ZDNet article speculates, this will put even more power over Slashdot readers developers in the hands of Slashdot. "
This story has been turning up a bit over the last few days - while I'm not one to buy into conspiracy theories, this whole thing seems like a plan that originally had good intentions, but the potentials for foul play are pretty easy to think up, and I've been ignoring it.

I'd like to see that too....

[Jason+Levine]

But instead of waiting for MS to build it in to the OS, I made a program that does just that.

<plug mode on>
WatchDog intercepts Windows Scripting Host files by making itself be the default program that should run them. When a script tries to get run (say by tricking you to click on that e-mailed "Love Letter"), WatchDog will run and will examine the contents of the script to determine what security risks it poses. It then prompts you and lets you decide whether or not you should run it.

I'm currently working on a new version that lets you mark a script as safe. (WatchDog will, however, keep a record of the size and last modified date of the script and prompt you if those change.)

It won't replace your normal anti-virus program, but there's no way a WSH virus could get by it. (Which means it can catch new WSH virus' without needing update patches.) For those of you who'd like to try it out (it's freeware) go to http://www.winmag.com/fixes/watchdog/.
<end plug mode>

Drivers already support Signing - it's a failure

[jbridges]

Anyone already running Win2000 is familiar with the "Signed Drivers" problem.

Win2000 supports signed drivers, guess what? Have I ever see a signed driver from anyone besides Microsoft?

As far as I can remember... Nope!

So everytime I install a driver I get a nasty warning of unknown danger from Microsoft. Make that warning an error/abort, and then you have Whistler.

Would hardware people take all this more seriously if they HAD to have their drivers signed? Nahhh, they will just tell you to turn the requires signing feature off!

Re:Possibly sane

[hemp]

I think you will run into problems trying to explain to the "big" boss can't run the "season's greeting" flash that his daughter sent or load Quicken to keep track of his stock options...

its for the best

[gudacmacattacq]

this is only an attempt to gain control of shitty drivers that can bring down an NT system. After 3.51 M$ decided to open the range of devices that would work on NT. Yes, this move could look like a set of chains for developers. But 3.51 was a great OS, and I am a Solaris admin. In 94-95 oracle on 3.51 was a standard that people used. I think its a step in the right direction.

*cough* *cough* new world order *cough*

[RogueAngel7]

You've got to be kidding me. MS has been trying to unite pc users and buisnesses alike under thier 'one world, one web, one hitlerian software company' thing for years. hypathetical situation: Joe kid gets an old copy of Visual Studio from his programmmer friend who just got the new version. (and I don't even know if that is leagal anymore with SW liscencing as it is) He gets out his new handy dandy learn C++ in 60 secs. "Oh", he says "this hello world program looks nice and easy." So Joe writes himself up a nice little excecutable and tries to run it. BOOM - Joe gets a pop up message that says he can't run his new program because it isn't digitally signed, and is potentially dangerous. "click ok to continue" poor Joe, just starting out as he is. doesn't even know what a digital signiture is, much less what happened. Joe gets frustrated, Joe quits. (or better yet, Joe scraps windows and gets Learn Linux in 60 secs...) Anyway, as a professional programmer myself I have to admit I have manged to compile a countless amount of exe's that locked my system up, or were 'potentially' dangerous due to bugs and such, but I never would have learned the right way to do things, if i hadn't been able to screw up so many times and see the results. now think of this: what if this applies to schools. the teacher has to digitally sign every exe that is compiled by his students? Maybe the school will buy 1 'student sig' and let all the students compile under it, potentially having a rogue student reak havok in the schools name. Worse yet, what if they (they being anyone who would profit from this) put an experation date on that sig. 'uh oh, the time limit on that sig is up, you can't run the application anymore. time to buy a new copy! I promise you, this is not to protect consumers or make IT jobs easier. If they wanted to make IT jobs easier they would build more stable products, instead of building intentionally faulty products and then packaging the bugs up and selling them to *MS Technet*. Its a racket and don't let them tell you otherwise. -

Re:A few points on cost, practical application.

[Foogle]

Yeah, right. You also showed that you really don't understand the concept of signing an executable. It's not something that Microsoft does for individual EXEs, DLLs, etc. It's a cryptographically secure signature that get's written to new applications by their authors. The signature is registered with an authority (think VeriSign, not Microsoft) and then it's okay to run.

Your "malicious" DLL would have to be signed too, in order to be run under this scheme. The certification is in no way meant as an indicator of a program's relative maliciousness. It's just a method of verifying who authored it, for accountability purposes.

It is workable. Not everyone will want to keep this feature enabled, but I can think of tons of companies who will eat it up.

Well, well, well...

[krb]

Remember in the beginning of the Macintosh era, when all the M$/IBM devotees bitched at and denigrated Mac users because there was no choice for hardware or software, because Apple made almost all of it?

Looks like we've come full circle, haven't we.

It's the age-old battle between quality control and freedom. Of course, that also assumes that Microsoft will actually have the ability to guarantee quality, which, given Windows, I'm not betting on.

Sorry to dredge up the old OS wars, but that was my childhood, so it's pretty ingrained.

Solution to viruses...?

[CBoy]

Could this cut down on viruses ? is this _ANYTHING_ that is executeable ? If this applies to all the M$ office scripting languages, vbscript, active-x, etc., it could be a good thing.

Re:Possibly sane

Apparently you are the fucking idiot, monkey boy. User do get away with installing shit all the time, and not very few corporate cultures will allow you to lock down the boxes to the point where nothing can be installed. You see, monkey boy, you always have to take into effect the "CEO's Secratary" effect. She runs the CEO's life, and if she gets pissed off or tells him she can;t do her job as efficiently because IT won't let her install her programs, the IT gets beat down. You see, shining moron, the suits don't give a flying fuck your job or how hard it is or what makes sense to an admin, they simply care about the bottom line dealing with those around them. So, when you say your users can't install a fucking thing, i am inclined to say, you are fucking liar who has never dealt with the corporate world and culture before, monkey boy. now, hobble off and go fuck yourself.

Re:Please

[RogueAngel7]

Listen, I agree that signed drivers are a great boon, but were not talking about video card drivers here. we are talking about EVERY application you use, and EVERY application they use.
From a software development standpoint you can kiss any windows inovation goodbye. You can probably kiss shareware/wareware software goodbuy. For that matter you can probably kiss any independantly developed software goodbye (such as archivers like winzip and browsers like netscape once were.)

Conspiracy theory?

[finkployd]

Since we have seen Microsoft again and again engage in this kind of action, do we really have to refer to it as a conspiracy theory? How about business as usual.

Finkployd

You're all a bunch of stupid sheep

[innit]

For god's sake, you people really are stupid aren't you. You believe ANYTHING that Slashdot posts. You'd believe that Eminem has been elected US president if Slashdot reported it.

If you had actually read the god damn article , you would know that it said "the upcoming Windows release known as 'Whistler' will include a range of new security options, including one that will block any software lacking a valid digital signature".

Now, to me, a simple Englishman, the word "option" implies that it is something that I may choose to do if I please, but that is not forced upon me. I am unsure if the word "option" has a different meaning in "American English" (which, incidentally, does not exist).

Bloody idiots.

Microsoft is ass-covering, not controlling

[sethg]

Whether or not this code-signing requirement is turned on by default, the majority of Whistler users will probably turn it off, because the majority of Whistler users will have at least one piece of unsigned code that they want to run (perhaps Emacs, perhaps a shareware game, perhaps a legacy program, perhaps some tool that's used within their companies).

But when a virus spreads through millions of Whistler machines, Microsoft can just blame the users for letting their machines run unsigned code.
--

Re:You miss the point....

[Nater]

A lot of people I know (the ones who don't know computers anyway) don't even read the error messages that pop up. I can't count the times that someone as said "It's not working, there was an error." And every time, when I ask what it said, they responded very defensively that they didn't read it.

Why would this be any different? If one of these people tries to run some unsigned application and gets an error message, do you really think that this time it might get read? No. Error messages are considered by many an annoyance to be disposed of as quickly as possible. I think the mentality here is that the longer the message stays on the screen, the worse it gets (or something like that).

This is good news

[gruntvald]

I support lots of windows workstations hooked up to SAMBA server(s). You don't realise how great this is, in the long term, on several fronts:

1. Greater reliability for authorized applications
2. Major shut-out to small application houses
3. Reduced incentive to upgrade

First, I will only have to deal with applications that don't goof up system files and libraries. That takes out a big chunk of the app flakiness on 'doze.
Second, nearly all of the 70 engineering applications I support will not be able to port to whistler, heck, they barely made the transition from DOS to windows 3.1 format by the end of 1999, and about half of them didn't even do that. They'll be looking at a new application development model pretty seriously - and I'm hoping applets or web services.
Finally, with Microsoft continuing to make it less desirable, and way more expensive to upgrade, I expect to see a continuing slow-down of adoption.

Re:This is good news

[techsupersite.com]

Reliability? Why should anyone trust "signed" code approved by a company that still hasn't worked all the bugs out of 6 year old Windows `9X, and released Windows 2000 with over 65,000 documented (and God knows how many UNDOCUMENTED) bugs?

Microsoft produces inferior products that succeed because of intertia and superior marketing. Intel got away with that for awhile too, but it caught up to them didn't it?

Re:Relaxation would indeed be good

[vees]

I did the same thing yesterday, with similar results. I was surprised when it finally made it to the front page today. I figured someone had already posted it before me. My title was "Whistler may block unsigned code."

--

Rotten Apple

[Trinition]

Didn't Apple used to make all software and hardware be certfieied by them before it could me sold as a product for the Macintosh? Isn't that bottleneck part of what made Apple rot? Could this be a blessing in disguise?

Re:Rotten Apple

[bruns]

Not that I can rememeber.... Nintendo does that though :)

How long until a"Cracked" Signature Gen appears ??

[Salgak1]

A month ?? Two months after the first general release beta of "Whistler" appears with the security feature ??? And not much longer until rogue apps appear that will turn the feature off???

Given the general disdain for M$, perhaps I'm being pessimistic. . . although on the time it will take, or whether it will actually occur, I'm not sure. . . .

Linux zealots spread anti-MS FUD shock horror

[steve.m]

Code can be signed by anyone - the point is you can configure the OS to only run signed code.

Then it becomes a case of who do YOU, the user trust - just because code is signed, doesn't mean it won't do anything naughty (like trash your disk). It just means you're trusting someone not to.

Unix could benifit from this - when you 'su -' to do that 'make install' how many of you read the Makefile to see what it's gonna do first?

Re:That's a good idea

[DavidTC]

As far as I know, this is what MS is doing.

However MS has control over the signing process, cause they control what CAs are included in Windows. What I'd be happy with is if we had like ten different CAs, all competing. Instead, I feel the same thing will happen to this as what happened to SSL certs...one company has control over the whole thing, because browser makers don't include other CA certs.

Where the heck is Pinkerton, or other detective agencies? They can tell you if someone really is someone. Or law firms? Or just some noteries who want in on the pie?

-David T. C.

Re:Switch

[DavidTC]

Um, dummy, you were talking about window managers. You know, this visual, in front-of-the-scenes thing? The way you see and interact with a computer?

And, by the way, I specifically said that behind the scenes had changed, but not the interface. SPECIFICALLY. I quote myself ' Windows 2.0, if I remember correctly, only could access 640k of memory and couldn't run dos programs' and then later 'If you mean, it was the same as Windows 2.0 windows-manipulationwise, I'll agreee. So is the latest Windows NT, dummy'.

You see that? You see my saying that windows 2.0 had crappy behind-the-scenes stuff? Then you see me saying the windowing manipulation of Windows NT is the same as Windows 2.0 (and is the same as WMs on Linux)?

Or did you somehow manage to respond to me without reading my comment? Or are you really just a troll?

-David T. C.

Re:Will never be mandatory

[GodSpiral]

Actually, a signature is tied to a specific version of an executable. Not to the name of it.
I can't compile my trojan, rename it excel.exe and use MS's certificate to say that it has a valid certificate.

Part of what the certificate does is validate that the program has the correct checksum-like value it had at the time the certificate was issued.

Re:Will never be mandatory

[Foogle]

That's right it is tied to the executable. The 'signing' process is the combination of the executable and the digital-signature. However, my point still stands -- you can use the same signature on multiple files; you don't have to pay for new ones every time you release.

Re:Digital signatures cost a fat wad of bills.

[Foogle]

Okay, I can imagine that scenario. In that situation, Joe Free Software Hacker would have to apply for his own signature before he could release software that would be run on that company's systems.

Or Joe Free Software Hacker could opt to release the software unsigned, and then the IT department at said company could sign it themselves, authorizing it for use in the department. It's not complicated, it's just less anonymous than the process is now. Besides, it's not like there's never been a platform that you've had to pay to develop on before. Think consoles, anyway.

Re:typo

[RogueAngel7]

that was supposed to say "You can probably kiss shareware/freeware software goodbuy."

Re:Old Hardware/Software/Drivers

[shippo]

They've already done this. I had a perfectly valid souncard, but I had to junk it when one version of DirectX appeared, because the drivers hadn't been updated. The card worked fine, but wouldn't run this version of DirectX. Unfortunatly the card was on a non-standard daughterboard and couldn't be removed without a hacksaw.

Yeah.. and how will upgrades and fixes be handled?

[geronimophillips]

This is a potential NIGHTMARE in terms of upgrades and bug fixes. I wonder if Microsoft charges for this certification as well. This is a potential cash cow if they get enough suckers^H^H^H^H^H^H^H developers to go along with this. But nonetheless the tedium of having to submit every change to executables (which i presume also includes dlls) will be a disincentive to fix software! This is the beginning of the end for Microsoft.

Re:Switch

[perlyking]

Your ISP doesnt support Linux? Or it just SAYS it doesnt support it because it doesnt know what Linux is.
Many clothing garments say "dry clean only" not because they need to be dry cleaned but because the manufacturer hasnt bothered making sure they will fare well in a normal machine - its the same principle.

Re:Anti-MS FUD

[cheekymonkey_68]

Any particular reason why Slashdot is always running rampant with Anti-MS FUD

Slashdot is an openly 'nix and open source biased site, most people here simply don't like Micro$oft for personal and/or ethical reasons.

Remember the opinions on /. posting are of slashdot readers and do not necessarily represent the views of the slashdot team.

RedHat and rpm --checksig

[Morty]

RedHat has had something similar for quite some
time: rpm --checksig.

Just like Mellisa

[MeNeXT]

Just like mellisa was prevented from being run.

Microsoft and security should not be in the same sentence.

You should be looking for the $$$$$$ in Bill's eyes.

Re:Possibly sane

[NineNine]

Oh, sure you will. But to do this, he has to call support, support can explain to him the possible ramifications of doing it, then override W2K's controls if need be. The important part is that with this feature enabled, the admins have some sort of control or at least advanced warning that a user is going to screw up his/her computer or introduce a virus. If anything, sysadmins should be rejoycing that with this feature, they have a huge new CYA. Their jobs will be much easier and allow then to use that extra time that would've been spent fixing PC's to do important stuff, screwing around, or reading Slashdot.

Most of US are a bunch of idiots?

[RogueAngel7]

if we were idiots we wouldn't read slashdot.

Personally I refuse to run Windows 2k. I don't trust it. at least with 95/98 I know most of whats going on in my machine.

-

great ideas

[Spider-X]

This sounds like a great idea... from a network administrator's point of view. I can disable running "unsigned executables" thereby eliminating everything except excel virii. I would also eliminate proliferation of those crappy little "hey-look-at-this.exe" files, or even the little games that people like to bring in from home. If I could choose who to accept signatures from, I could sign all the software that I want ran on my network, and disallow anyone from running anything I haven't seen yet. I sure hope it turns out that way.

Re:Are you an idiot or just a zealot?

[Araneas]

Given Microsoft's history it will be ENABLED by default. Other than that, it sounds reasonable.

From an IT point of view:

[ErichTheRed]

For those who work in IT (networks and delivery, not coding) think about the mindset of your average boss:

• We use Windows because it's the most common desktop platform in existence.
• We use Office because it works well with Windows, it's universal and the staff likes it.
• Microsoft just came out with a new version of Windows that the marketing guys say is Better! Cheaper! Faster! More Stable!!!
• They also say it'll only run with programs they've tested.
• Oh, wait, we only use Windows, SQL Server, Exchange, SMS, Office, and IIS.
• Plus, we won't have Jane Secretary running the buggy Thanksgiving screensaver on all the PCs in her office.
• No problems here. Order 1,000 licenses.

What I'm trying to point out is that MS is catering to business again. IT people loved the dumb-terminal days because user control was real easy. Now they have to worry about staff trashing their PCs with software they got from friends and losing their productivity while the helpdesk reimages their PC.

The circle is closing for MS with regards to enterprise computing. Not only do they have people convinced that Windows is the only OS available, now they are designing the product to give them even more control. Scary.

Re:From an IT point of view:

[Shotgun]

There's a one point you missed:

- Our line-of-business in-house apps aren't signed and won't run on this new OS.

ie, for most large companies, the most important apps are those that are designed in-house to meet specific business needs. These apps are usually the ones that run the company.

So, most companies use VBA, why can't MS just have VBA runtime signed and then all VBA apps will work. Well, then the whole system is useless, (see LOVE virus).

This move would do nothing but tighten MS' hold on the SOHO market, the one that Whistler is aimed at and the one that MS fears losing to Linux. The feature is not aimed at Enterprise class organizations. Win200 is reserved for that. Expect to see this implemented, and expect to see open-source take a punch in the nose because of it.

Re:From an IT point of view:

[MousePotato]

Great points. One of the firms I worked at took the dumb terminal days and revisited them to an extreme: mandatory/roaming profiles. All the machines were locked down real tight(ok as tight as winbloze allows) and then we set up roaming profiles. Thanksgiving screen saver? No problem. Just be sure to set it every time you log in and you can have it. Amazing how fast that trains employees not to mess with that stuff. It all worked great with the exception of the one user pref that we would have to unlock the profile for and let them set on day one: mouse speed and click/double click settings. From an IT point of view this is a dream state. From an end luser point of view this has to be one of the worst things your boss can do to you. I remember hearing employees moan to each other 'I have a name! I am not a number! I am a free man!' and other classic Dilbertarian / Orwelian type movie quotes. Various emails to the IT deptartment begging for this wallpapar to be set, that shortcut to be placed and this usser profile for launch on Autocad that all had to be replied with the 'This modification to your user account does not meet office standards and cannot be completed without you supervisor's approval.' Which btw, had an equally amazing effect on not hearing from that user again on that issue.

Re:From an IT point of view:

[Boiler99]

That's fine and dandy, but windows still lets you run registry scripts no matter how hard you lock it down (Win 95 does at least) so figure out which keys are used in a program like poledit.exe and bingo! Back to your usual settings :)

Re:From an IT point of view:

[TheAncientHacker]

And almost certainly had an equally amazing effect on not having qualified employees working in that company as soon as they could print their resumes from their home systems. Followed by an equally amazing decrease in earnings for the company. But, then again, the IT department got to be both lazy AND arrogent so it all worked out.

Re:From an IT point of view:

[MousePotato]

The boss had zero tolerance for win95 and 98. The machines were all NT workstations and all of the profiles were stored on one of the servers. Lots of other things were locked out from users too. No command prompt. No Run option on the start menu (was a hack i hadn't seen before). No Floppies. CD's had to be placed in a cd server. The IT director was brilliant in his execution of the 'office standard' there.

Re:From an IT point of view:

[MousePotato]

I was one of the very first to leave. (followed not too long thereafter by the IT director) How can you tell people that they can't use a complex app like AutoCAD the way they are acustomed to versus the way the boss (who doesn't use cad at all and therefore is -clue) wants. Office Standards have thier place like standard drawing practices but not letting users utilize thier own custom macro's and menus is just way out of hand. Last I heard they had a bunch of interns and students working for them so your statement was not too far off.

Re:Possibly sane

[Courier]

From what I read there isn't any final say on this yet. AS in it might be a feature you can't turn off depending on MS>

Don't Panic!

[The+Monster]

Oh. This isn't the Hitchhiker's Guide... The article states:

Developers may purchase the cryptographic certificates used to create such a signature from Verisign Inc.--Microsoft has no say in determining who may receive such certificates or what software may be signed.

So, there's no reason why someone like the FSF couldn't get a certificate in the name of "Unknown Author", and release the certificate to the community. Here's how it would work:

• Admin turns on this paranoid checking to keep viri from executing.
• User says "I can't run FOOBAR.EXE, and I need it to get my job done."
• Admin runs virus scan, possibly turns program loose on a quarantine machine running an emulator, and satisfies himself that it's safe.
• Admin uses the certificate to sign FOOBAR.

Result?

• User is happy because he gets to run FOOBAR.
• Admin is happy because he doesn't have to wipe every machine on his network whenever a new trojan sneaks in.
• Bean-counters are happy that the certificate is free as in beer.
• Slashdotters are happy that it is free as in speech.

Depending on how much it costs to get the certificates, some admins might even want to buy their own, and require everything to be certified by them, even locking out MS-authorized "upgrades".

Microsoft shoots its own foot?

[Trinition]

Suppose this "certification" grows to be a way to certify that a program won't crash when you run it. Does this mean Microsoft's own products won't be able to run on Whistler?

What of the even greater paradox that Whistler will probably crash, so wouldn't be certified, so you couldn't even run Whistler in the first place?

However, somehow I doubt Microsoft would take it to that meaningful level. Instead, it will be a way for them to get more revenue, assert control, and get a listing of all Windows developers.

MPAA/RIAA/DVDCCA will love this!

[snookums]

With an OS that refuses to use unsigned drivers, it will be a lot harder to make dummy sound and video drivers that write their output to a file.
Say goodbye to taking future-proof backups of proprietary-format data.

Please

[Fervent]

This is strictly pro-Slashdot FUD. Signed drivers are the second best thing that's come to my box recently (Windows 2000 being first). You don't know how good it feels to take a look at a video card driver, see that it's not signed and say "hey, do I really want to support this? It probably won't run."

Re:Please

[Fervent]

Conspiracy theorists, take note.

Re:Please

[Saurentine]

This is strictly pro-Slashdot FUD. Signed drivers are the second best thing that's come to my box recently (Windows 2000 being first). You don't know how good it feels to take a look at a video card driver, see that it's not signed and say "hey, do I really want to support this? It probably won't run."

Sounds like another case of Microsoft saying "We're the best basket for all your eggs!" without addressing the fact that not everyone wants all their eggs in one basket!.

Consider this: The MS-approved Nvidia drivers are OK, but they cause my system to crash occasionally. But Nvidia has proven TO ME more reliable, more responsive, and more able than Microsoft in delivering stable, high performance drivers for their cards.

With this "feature", I wouldn't have the option to choose to trust Nvidia over Microsoft! I SHOULD BE ABLE TO CHOOSE WHO TO TRUST! Microsoft is welcome to say to me "You can trust us", but they shouldn't be able to say "If you trust us, you must trust ONLY us."

THAT'S why crap like this IS a big issue, and why it's worth posting on the front page in a sensationalistic manner!

Re:Yeah, right. Whatever.

[MeNeXT]

The virus will modify the registry and it will then have free access.

Signature verification is not a problem.

[Ndog]

I see many people complaining that, if this is an option now, they will probably make it mandatory in the future. There is no way that will happen. There are too many programmers, developers, programs, drivers, executables, etc. that use unsigned software. By limiting software to those that have digital signatures, Microsoft would be narrowing the market for people who would use their OS, and as we all know, that is the last thing they would want to do.

Also, I have used their sigverif utility on W2K machines at work, and it is actually useful. One user had a laptop that would not power down properly and cause blue screen. It turned out that an unsigned file level driver was actually causing the problem. By running sigverif, I was able to get a list of all unsigned files and find the driver in question.

There are a lot of reasons not to like Microsoft, but I think trying to make a better product is not one of them.

This already exists - in a fashion.

[shippo]

Under IE a feature like this already exists for downloaded executables, where a warning is displayed in an attempt is made to run an executable downloaded directly, with the option to automatically trust all code signed by a particular certificate. Entities other than Microsoft can sign their own code. The purpose of this is to prevent trojans being installed. However it is easy to revoke.

The plans for whistler appear to be to extend this further.

Re:That's a good idea

[Foogle]

Not quite. VeriSign creates the signatures, yes? The authors sign them to their applications.

stop it you dumb bastards!

[hemos.]

come on folks, the whole reason i posted this article was to start some good old ms-bashing. let's not get off-topic with your defense of this code signature business.

-hemos

It will never work

[uradu]

It would be a developer's worst nightmare. Each time you whip out a quick utility--on a good week that could be dozens for me--you need to go through the signing process. Also, enterprises and shops that write their own software and distribute it internally are going to get sick REALLY quickly of the extra cycle involved.

If you simply add a signing capability to the compiler or IDE, and it signs the executable automatically when you hit RUN, what's the point? The signature is meaningless, it doesn't signify squat regarding the safety of the code. If, on the other hand, the signature has to be applied by QA after at least some testing, they'll get sick really quickly of signing every little piece of shit code churned out by anybody--they simply won't have time to do it, and/or the developers will eventually quit in disgust.

Whistler a weapon for Free Software

[tinahdee]

There's an article on this very subject at Newsforge, which brings up the very real problem of MS pushing home users to reject unsigned apps as being inferior or 'dangerous'.

Similar to XBox

[Snowfox]

The concept is similar to that of the X Box, and I have to wonder if that's where MS got the idea. The X Box also requires that programs be signed. This ensures that MS can collect royalties (bad) but also ensures that MS can run software through quality control (good, and something MS desperately needs to rework THEMSELVES before they start forcing their idea of it on others!)

A few points on cost, practical application.

[seizer]

I have absolutely no idea how many win32 x86 executables there are out there, but I'm fairly sure that there are far more than Microsoft could ever certify, even if they only tried to certify newly released ones, let alone try certifying the old ones - and I think I'm correct in that Whistler will still run good ole x86 code.

So, far too much to certify. Without charging, anyway.

So, only allow executables to run if they've been certified AND the author has paid for that certification? Doesn't sound likely! Even if there WAS a paid scheme, there would be far too many executables for MS to certify on its own. It would have to outsource the certification to an external company.

So, what happens when this company certifies code which turns out to crash in an interesting way causing huge damage to someone? Someone's very very liable, because MS even said that it'd work safely. I don't see themselves setting up a legal tripfall like that.

And what about what is classed as an executable? Just EXE and COM files? Just Win32 EXE files? What happens, say, if someone certifies winword.exe as safe, and then I come along and insert some malicious DLL file which is then loaded (uncertified, but with full "privileges")? Oh, so they'll have to certify those too.

I'm sorry, but in the 2 minutes in which I've brainstormed (incompletely) I think I've noticed something.

It's completely unworkable. What a surprise.



--Remove SPAM from my address to mail me

Re:Wooaahhhh!!! Relax

[Dannon]

Not just a burden on the 'small guys', but also on major developers.

I remember a long wait for Win2000 SoundBlaster Live! drivers... not because further development was necessary, but because Creative had, for the first time, bothered to submit their drivers to Microsoft for a thorough inspection and 'certification', so that a certain warning wouldn't pop up during the install.

And while Creative was waiting for the MS guys to send the drivers back with a 'stamp of approval', the PR guys had no way to answer the 'when will we have working drivers' question other than 'any day now'. Definitely not what any customer wants to hear.
---

What about interpreters?

[ianezz]

Ok, it's an option, and can be turned off. But:

• are they going to sign also .bat files, VB macros in Office/whatever, and scripts/programs executed by interpreters in general?

• or are they going to eradicate all scripting/macro capabilities from installations destinated to lusers?

In the first case, it's pretty useless.

In the second case, while I recognize that the only automation tool that the typical luser knows of (and needs, because it's a luser) is his/hers hands doing the same thing over and over, there would be trouble even USING an Excel sheet requiring the execution of macros in order to work.

Servers shouldn't need such an extreme solution. Lusers are not supposed to put their finger on them, and scripting is usually needed on servers.

IMHO, in order to be effective, an implementation of such a solution as now would require severe redesigning of the way common apps works. I doubt it's an option.

Re:What about interpreters?

[ianezz]

In the first case, it's pretty useless.

Sorry, I really meant:

If they are going only to sign whole interpreters, and then trust all the scripts such interpreters execute, it's useless.

Microsoft learning from consoles?

[jkujawa]

You can't run software not officially blessed by the maker of the console on machines like the Playstation. I'm pretty sure this has been the case (through legal, if not technological means) all the way back to the original NES. Maybe Microsoft is letting this Xbox thing get to their heads.

Leaked notes from MS Committee for Win Future Dev

[dkh2]

Names obfuscated to protect the "innocent."

[bill] :: The Win2K launch has been a raging success. What items do we have to discuss for future development.

[steve] :: Well, we've had very strong feedback regarding the unsigned driver warning in 2K. We'd like to expand that for Whistler.

[bill] :: Tell me more.

[steve] :: We'd like to require that all apps be signed and certified by a special team of Application SSigning Speciallists, or ASSes before they are permitted to run on Whister.

[bill] :: What's the up side for us?

[steve] :: Through effective marketing to the open source community we can get them to submit their code for certification. This will undoubtedly provide us insights into how to fix things in our own system. Additionally we can charge for this service and eliminate the drain from our evil tactics fund.

[bill] :: I think we should run this by legal. Jim, what's legal's take on this.

[jim] :: We're on board for now. Now that things in Florida are starting to look like Dubya will win we can divert some of our team from the anti-trust case to preparing the spin for this. We should be able to cut our potential detractors off at the knees.

[bill] :: Great! To prepare for this, we need to send all of our coders through that advanced firearms training course. We don't want anybody to miss their foot when release time comes.

Code commentary is like sex.
If it's good, it's VERY good.

How will it be implemented?

[segmond]

Is it going to be checksum like? If so, what makes them think it can't be cracked? I mean, how long did it take to figure out the checksum for dreamcast, n64, psx? what if the code modifies itself? say for example, shareware programmers? what if my program has it's own checksum, and whistler is using another checksum, how will they both co exist? will this only be limited to dll, exe? what if an authorized signed code tries to run an unsigned code or depends on one? Is the opensource community going to sign their codes? Mmm, many questions...

Re:How will it be implemented?

[emac]

As much as I dislike MS, I have to assume they'd at least use some sort of cryptographic hashing function to generate message digests of the apps for signing. Then again, if they want to licence the CueCat algorithm from Digital Convergence for this piece of the OS I wouldn't complain either. :)

As far as Shareware programmers, I suspect this will be a big pain in the ass for them. They're going to have to start including directions as to how to switch the feature off, since it's unlikely they could afford whatever MS is going to charge for signing.
--

Re:It's an option.

[gdiersing]

Like any other M$ feature that is "optional", I am sure there will be a reg hack if you want to change your mind afterwards.

So microsoft now has control over...

[MikeLRoy]

Lets see... most major computer manufacturers won't let you buy a machine without a Microsoft OS (Dell, compaq, gateway, others). Microsoft Office will now "time out" if you don't keep paying for it. And windows will only run Microsoft-approved applications. I don't know about you, but it seems as though Wine will be gaining a lot of popularity with people running old (ie, '97) versions of office, and other Windows applications in Linux or other OS's. I mean, at what point does Windows cease to be an operating system, so much as a Microsoft Interface?
-MR

A few questions

[macdaddy]

If there is an option to turn this BS "feature" off, what's the default setting?

If I create an installer for common Internet applications for the faculty/staff/students at my University, do I have to send it to M$ for approval?

"We're sorry. You didn't include IE in your installer. We've included it for you, made sure it always installs no matter what the user specifies because we know they'll always want to install it even if they didn't say so, set it's default homepage to www.microsoft.com and search page to our MSN site because they are the best and soon to be the standard, signed up the user (and everyone in their address book) for MSN because it's really where they want to go tomorrow, and removed Netscape because we don't approve of their code. Thank you."

If I update that installer each semester, do I have to send it back to M$ for approval?

What is M$ going to charge me to approve my app?

How can they actually audit my app without me sending them my actual code, part of my IP?

Can I make them sign an NDA so that my code and I are protected from M$ stealing ideas and code?

Am I forced to sign a M$ NDA that says they can do whatever they want with my code?

Re:Wait a minute...

[f5426]

> According to the article, this is an option that can be turned on or off - so in the appropriate setting, this is actually a very useful feature

So it will be turned on in corporate environments. And there, you could only run software signed by Microsoft.

I find this scary as hell. It won't be anymore secure (because you won't have all the scripts, excel macros, etc, etc, signed). But it will be more difficult to run free softweare.

Cheers,

--fred

Re:Wooaahhhh!!! Relax

[morzel]

Where this could present a problem is for shareware/PD/free software apps in the enterprise, where IS is more likely to enforce the signed app rule.

If that would be true, Melissa, ILOVEYOU,... wouldn't have caused the havoc they wreaked.

Okay... I'll do the stupid things first, then you shy people follow.

Re:So who get's to sign apps and how much $$$?

[gimgol]

So is the signature merely a means of tracing back to the developer or is it a system of software certification?

Tracing back to the developer. See this article for details on how this technology is going to work in the Windows Scripting Host.

Reverse Nintendo

[In-Doge]

We'll be seeing software now that has a little golden seal on the bottom that says "offical Micro$soft seal of inferiority".

Re:Wooaahhhh!!! Relax

[raffe]

dont doubt, its m$ !!!!

Re:Possibly sane

[MidnightLog]

Hmmm. I'm not so sure that this is going to help sys-admins. I agree that people installing random, unapproved stuff on their PC's can be a problem, but how do you define unapproved. There are several commercial packages that, when installed on certain PC's in our environment, will cause problems. These packages will undoubtably be digitally signed in the future (if they aren't already). This "feature" of Whistler won't stop people from installing those packages. It also won't stop people from installing commercial software that they brought from home. It will, however, stop people from installing most free/shareware. Whether or not this is a good thing is up to you to decide. I don't think it is.

I am not a sys-admin, so please have patience. Aren't there already MS-approved ways of controlling software installation?

One final point, what happens when someone wants to run some older (legacy) software which isn't certified? Is it going to be handled the same way, or is there going to be a "backdoor" for currently existing software or some kind of "opt-out" list?

Slashdot is a Tabloid

[splunge2]

Look at this headline. It reminds me of the old tabloid headlines that say something like: "Ghost of Elvis Haunts Old Lady" and is really about some die hard fan who can't get him out of her mind, etc... The article on ZDNet is not half as sensational as the Slashdot headline suggests.

Re:Possibly sane

[el_chicano]

As a former sysadmin/support person for several big companies, I can tell you that people installing random, unapproved stuff on their PC's is a major source of support calls.

Two words: diskless workstations...
--
You think being a MIB is all voodoo mind control? You should see the paperwork!

Even so, this could be a problem

[nehril]

While I agree that there will always have to be an option to shut off code verification, the problem lies in what the default settings for whistler will be.

If MS decides that code signing will be on by default, and that to disable it you have to go through a convoluted series of clicks and/or registry hacks, there may be a problem. We could find that suddenly "unsigned" applications will cause scary looking error messages to be popped up on, say, your grandmother's screen. What will most people think when an error dialog pops up warning them that this application may be a virus and could damage the computer? 90% of home users will instead look for apps that don't display any error messages on install.

This could be a situation similar to the "Designed for Windows 95/98/2000" logo process, which Microsoft uses to gain leverage over software developers. The logo program has had a lot of success among users who might otherwise mistakenly buy a Playstation CD or Nintendo cartridge for their PC (that's most users folks). Except that now it's not just a graphic on your packaging.

My bet is that code signing will be necessary to get the "Designed for Windows 200x" logo, and that developers who don't follow the party line will be at a serious disadvantage in the marketplace. MS may be moving towards a console-esque software scheme (xbox, anyone?), where they get money for every "certified" application sold. And even if some hacker found some way around the signing process, a legitimate software company probably couldn't use it due to DMCA "anticircumvention".

So the question is not whether it will be optional, but will it be on by default, and who gets to sign the code?

Useless even when turned on...

[kris]

Of course, such an option to run only signed code is completely useless even when it is turned on in any Microsoft operating system. Remember we are talking a system here where any document can also be an application. That is, you can write a Microsoft word document that does a complete Linux install in VBA macros, including formatting the hard disk.

Unless turning on this option also disabled the WSH, all macro capabilities in all programming languages and certain other options (such as being able to call RUNDLL), turning on this option will NOT prevent the next Melissa and will NOT increase your systems security.


© Copyright 2000 Kristian Köhntopp

Re:Wooaahhhh!!! Relax

[GooberToo]

If an application has been signed as being an official certified application, does that, in the consumer mind, open the door for a libel mind set? In other words, if this certified and signed application hoses my data, doesn't that mean that Microsoft, or whom ever signed it, should pay for the restoration of my data? What about pain and suffering? After all, I had to tell my boss that the report that would of won us a $1,000,000 contract is now destroyed by this application. If not, why do I care that it's signed. Surely since it is signed and certified, this gives me as a consumer some additional recourse?

I'm not saying that there is or is not merit to such a claim, but doesn't it create the possibility of such an end-user mind share?

Greg

Switch

[RoofusPennymore]

What more do people need to switch to Linux or MacOSX?

Re:Switch

[XenoWolf]

> 5. Speed. X os slow. It will always be slow. On
> a 1.3 Ghz proc it is slow. If you think it is
> fast maybe you haven't used Windows in a while.
> I encourage you to go buy a copy of Windows 2000
> and see for yourself what a computer can do.

X is faster then MS's gui for me... What in the hell else are you running that is taking up CPU? Are you comparing E and Windows? That's an unbalanced comparison because E was designed for looks, not speed. If you want speed in an interface, try one of the ultra lightweight WMs that are geared for performance instead of prettiness. I don't need transparancy to be able to move a window, just something to grab and move. For an equivalant comparison, try running TWM and then compare your speed.

Second, where in the hell do you get the idea that Windows 2000 is faster than a UNIX for anything? Take a look at the top 500 supercomputer list. 499 of the 500 use a UNIX like OS, and the one NT entry is a hack done by NCSA at UIUC, not even something that MS themselves could do. Think again. If all you've compared is Win2k to the likes of RedHat, then you've got another thing coming. Try using a commercial UNIX, like AIX or HP/UX and compare again.

Thirdly, since when did ease of use and speed/performance coincide? A formula car is fast, but is hella hard to drive compared to say a VW Beetle which is all style and ergonomics, but could never keep up with that formula car.

Better look again, I don't think that body is as dead as you thought...

Re:Switch

[NecroPuppy]

What more do people need to switch to Linux or MacOSX?

I need my ISP to support Linux, and I need only one more program to be ported over to Linux before I switch...

Re:Switch

[l33t+j03]

Lucky for you I have compiled a list:

1. A productivity suite. StarOffice is crap. Corel Office is crap. If you people can write something that actually allows normal people to get some work done rather than stuff that lets shutins write worthless code all day, maybe you'll get some users. Until then, nothing MS does is going to matter because there is no viable alternative to Office.

2. A web browser. What piece of software is second in usefulness behind Office apps at the desk of the non-geek? Web browser. While Open Sourcers run around a whine about stability and protected memory and threads, Johnny Lunchpail just wants go to to the Packers web site after his wife is finished making invitations for their kids' birthday party. Johnny doesn't give a damn about whether his software is 'free as in speech'. He only wants the Packers site to render properly and he neither understands, nor cares, about the hows and whys.

3. GUI based administration. Face facts: People are morons. System admins are morons. This is because most people who hire sysadmins don't have the faintest clue about what is important for adminning the network (or they would be doing it themselves) thus not every company can have genuises running the show. Command line is hard, GUI is easy.

4. Easy software installs. Joe Sixpack has absolutely no idea what command he needs to type in to unzip a file, much less where all of the components need to go. He just wants to be able to double click on the little picture of a race car and have NASCAR 2001 install itself.

5. Speed. X os slow. It will always be slow. On a 1.3 Ghz proc it is slow. If you think it is fast maybe you haven't used Windows in a while. I encourage you to go buy a copy of Windows 2000 and see for yourself what a computer can do.

I could go on but it is no fun shooting a dead body.

Re:Switch

[Delphis]

.. and I need only one more program to be ported over to Linux before I switch

And that would be?

--

Re:Switch

[DavidTC]

I have no idea if this a troll, or just someone who swears every third word. A couple of points:

First of all, using GNOME/Qt/WindowMaker doesn't lock the end user into a WM at all, anymore then coding in VB means the end user has to have a visual basic only enviroment . It just means they need the right libraries.

Second...the 'lightweight' WMs are not 'windows 2.0'. Windows 2.0, if I remember correctly, only could access 640k of memory and couldn't run dos programs. If you mean, it was the same as Windows 2.0 windows-manipulationwise, I'll agreee. So is the latest Windows NT, dummy. Windows manipulation hasn't changed since Xerox standardize on it way back when. You click on part of the window to move it around, you can resize by grabbing the edge, you click somewhere else to hide it or move it out of the way in some fashion, whether to the taskbar, to an icon, or just plain invisible, and that's it. That's all the unnamed windows manager in Windows does, and all those actions can be done under any WM on Linux. Including the simpilest and most lightweight, called 'wm2'.

Actually, I take part of the back. The mac invented a new thing, called 'windowshade', that's halfway between minimizing/hide and normal sized windows. Some windows managers on Linux can do it natively, some just need to be patched, and you can get a program to do it on Windows. So, again, all equal.

I'm pretty sure you can, in fact, get a Viper with air conditioning, BTW.

-David T. C.

Re:Switch

[NecroPuppy]

Bryce 4. And while Ray Dream Studio would be nice, I think I could live without it.

Can you say...

[Godot]

Monopoly?

If the anti monopoly measures go through and Microsoft does get split, this is a nice way to maintain dominance of the market, don't you think? "We will only run software that we approve" if that doesn't reek of monopolization, I don't know what does.

Weapon

[BrightIce]

Maybe that's just another weapon against M$ they are putting in out hands.

Let us wait what the customers say about this.

Re:It's an option.

[OzJimbob]

Ah thats better then... It seems a lot of scare stories about MS end up in it being made clear it's "Only an Option". I remember tripping out about the Single Click interface...

Remember the history...

[freeBill]

...of Microsoft's cheating:

First, they compete honestly. Then, when they lose that fight, they cheat.

They didn't start out to steal CPM from DRI. First, they recommended IBM buy the operating system from DRI. Then, when they saw their language-compiler deal with Big Blue going up in smoke, they stole the OS, repackaged it, and sold it to IBM.

They didn't start out to screw over developers for their OSes. First, they gave them free rein. Then, they competed outside a "Chinese wall." Then, when they were still losing, they told WordPerfect et al that they were committing to OS2 while secretly planning Win95, which was closely integrated with Office.

They didn't start out to squash Netscape. First, they helped them develop Navigator. Then, they decided to compete with them honestly with IE, promising not to breach their "Chinese wall." Then, when they failed to win with Explorer, they decided to cheat by bundling. Finally, when they were forced to stop bundling because it is illegal, they decided to cheat by calling it "integration."

So, don't be fooled because they seem to be implementing this in an entirely fair and honest fashion at first. They probably are being fair, and they probably intend to avoid cheating. But, when it looks like they may be in trouble with some competitor who is beating them in the future, do not be surprised if they panic and cheat.

They do it so consistently one could almost call it their business model. But that would probably be unfair to them because it implies intentionality from the start.

My prediction: They will be scrupulously honest about this in the beginning and maybe even offer their users some some modicum of security derived from it. Then some killer app will come along and be certified after the code is submitted to them. Then they will decide to compete directly in the space created by the new killer app all the while promising not to use any clues derived from the code they certified. Finally, when they fail to compete in the new market, they will leverage the code submitted to them for all manner of dirty tricks, from finding out about new features before release to stealing code and re-designing APIs to break their competitor's code.

Re:Relaxation would indeed be good

[while]

/. apparently has an automatic rejection script for anything containing "theregister.co.uk". I doubt that ANYTHING containing the string "theregister.co.uk". Those stories eventually get posted -- A WEEK LATER, after C|Net or Yahoo! News posts the same unsubstantiated rumour, and then they are given the credit.

/. could stand to take some lessons from them. Whether the story is true or not, The Register gets the "facts" straight, and they happen to be more accurate than /. itself. Let's not forget that their story writing, grammar, and spelling is oh-so-much much better...

(end comment) */ }

Solution (not)

[RPoet]

Port WINE to Windows, get Microsoft to sign it, and voila, you can run "all" windows applications ;)

--

Re:Peer Pressure and Lawrence Lessig

[catfood]

No, you say, I'm a hardcore free-software supporter. Sure. You may be the hardest of the hard-core, but will even you continue to use a truly free, non-proprietary internet when the only people on it are you and RMS?

It was that way in the 1980s, and we liked it then.

Re:Possibly sane

[mr_typo]

Perhaps there is no disadvantage to us, as we know how to turn it on and off. But what about the other ppl, those that dont understand what signatures are and how they work. It would be interresting to know if the option is on by default.

Also interresting is that MickeySoft controls the driver signatures; this means they can regulate what hardware they have to support. And ofcourse, it is well known that whatever is an option today is a standard tomorrow in M$ world.

It is therefore my oppinion this allows M$ to grab a huge amount of power over both consumers and developpers, as they can regulate what consumers can use on their platform, today it's only the computer illiterate (is that the correct word?), but tomorrow it may be all of M$ users.

Wooaahhhh!!! Relax

[91degrees]

Whistler will have the option to only run signed applications. You can turn this off. If people find that they need to run older software, then they WILL turn it off. Since developers need to be able to run unsigned applications (you can't get a certificate for each incremental compile), this will have to always be an option.

Re:Wooaahhhh!!! Relax

[T0sk1]

Maybe that they[MS] should realize that a great deal many of their users are not inclined to change anything and just use the standard install. Then this freaking warning comes up everytime they try and install some shareware they have been using for forever and ..... Is there no end to this madness...

Re:Wooaahhhh!!! Relax

[Gay+Mr.+T]

I'm guessing either 3D studio, or Word.
---

Re:Wooaahhhh!!! Relax

[gargle]

The problem is that consumers will _expect_ "professional" applications to be signed. Which, as the article points out, will be a real burden on shareware programmers and small developers.

Re:Wooaahhhh!!! Relax

[ekidder]

>>
I mean, come on, these are the people who shut off their worm and virus warnings so that they can run e-mailed exectuable greeting cards or animations.
<<

Well, I haven't had a virus/worm program installed in years. I just never run any executable emailed to me, no matter how cute and cuddly it might be. :)

Re:Wooaahhhh!!! Relax

[Weezul]

Your not necissarily correct. Microsoft could just sell a seperate developer version of windows with the option, but all the normal windows versions would require the person to run signed applications.

Re:Wooaahhhh!!! Relax

[aquarian]

Ah, but it will be turned on by default, so the average Joe will feel his arm being twisted every time he runs something that bully Billy doesn't own a piece of.

Re:Wooaahhhh!!! Relax

[esper]

Yes, they would have. The 'don't run unsigned apps' setting didn't exist at the time Melissa, etc. ran their course.

If this goes in as described and it's turned on by default and IS departments prevent their users from turning it off, it might prevent another Melissa from getting off the ground. But, without a way to selectively mark specific apps as safe (instead of it being all-or-nothing), that would also effectively make all noncommercial software unusable without giving up your protection from Melissa-like worms.

Re:Wooaahhhh!!! Relax

[Jaime+Herazo+B.]

> Whistler will have the option to only run signed applications. You can turn this off.

And supposedly you can turn off active content in Outlook, its just that nobody bothers to do it.

-You mean that if i were root, i could get passwords?

Re:Wooaahhhh!!! Relax

[Zigg]

Honestly, I doubt that consumer-grade users will ever come to that expectation. I mean, come on, these are the people who shut off their worm and virus warnings so that they can run e-mailed exectuable greeting cards or animations.

Where this could present a problem is for shareware/PD/free software apps in the enterprise, where IS is more likely to enforce the signed app rule.

Re:Wooaahhhh!!! Relax

[Spit_Fire1]

It's an option now but in later versions it might not be, and how many common users will be able to turn it off? (Or even know that it is an option and go looking). From my experience about 15%, the others will now probably not run programs that aren't signed which is a way to make smaller software companies make sure to get (BUY) a certificate from Microsoft.

Re:Wooaahhhh!!! Relax

[zorgon]

Yep. You got it bra. Who says M$ can't learn from Sun? Remember when Solaris stopped coming with the development package and compilers? Of course, all that did was make Gnu dominant, but with this signed programs trick M$ obviates the third-party compiler issue. Wow.

Re:Wooaahhhh!!! Relax

still using OS/2 to run these, since it runs DOS code much better than anything else but it probably won't boot on my next machine

Have you tried MS-DOS?

Re:Wooaahhhh!!! Relax

[Tony-A]

But, will it run unsigned macro viruses?

Re:Wooaahhhh!!! Relax

[Ig0r]

Holding major software buisnesses liable for problems with their programs..?

Hah, I doubt it.

--

Re:Wooaahhhh!!! Relax

[Microsift]

Yeah and how many of you have changed your default font on MS Word?

Re:It's an option.

[flynt]

See I saw this on ZdNet yesterday. I just knew I'd see it on Slashdot soon with more spin than a Tiger Woods approach shot.

hmmm

[Johnny+Rocket]

think about this, someone calls up microsoft tech support complaining that windows isn't working. the tech support guy asks "did you run any unsigned software?", when they say yes, "oh i'm sorry, by doing that you have nullified any warranty you had with us. we are not responsible for what happened, i suggest you contact the maker of the unsigned software. or you can optionally pay for support from us. it'll only cost you your first born." or not.

Re:Eeeeep! Wrong.

[techsupersite.com]

This is exactly the point. Shareware/Freeware/GPL/Open Source developers will NOT have access to this signing process, and their apps will be perceived by the user as inferior when in fact it likely isn't.

Joe Q User doesn't have any clue, and thinks because "Microsoft" says it's OK, then it is. He will pass on apps that don't bear M$'s seal of approval.

And how long do you honestly think that it will be until this "feature" will run by default and refuse to run ANY app not "signed" unless the user goes into the system and manually disables it?

Exactly, about the same time it becomes impossible to "buy" a non Expireware version of any MS product...

Dear Microsoft

You may remember that earlier in this year, we faced each other in a court of law of the United States Of America. You may further recall that you, as a corporation, were found guilty of abusing your market power to efectivly create a monopolistic business for yourself.

Now, we understand that a day is a long time in the age of the Internet, but we really think you would have remembered something as big as this. Therefore we are sending you this email to remind you of the legal ruling against you.

This action has been prompted by your blatently stupid plane to enforce a digital signiture on all software that wishes to run on your latest operating system version (Codenamed Whistler, we believe) This is clearly a move to block further compitition in the applications market, and will obviously allow you to extort money from hard working, but low income, shareware and freeware software authors. If you would like, we can take you to court again and prove it. We'd probably win you know.

We find this action perplexing in light of your confirmed monopolistic status. Therfore, we have acelerated plans to bust your ass down. Please be advised that as of 1st January 2001, Microsoft will be broken up into itty bitty little peices, and sold off to the lowest bidder. Mr William Henry Gates III will be required to attend a special three hour, live showing, of "The Jerry Springer" show, to publically apoligise for being such a pleb.

We look forward to your prompt response on this matter, and wish you a nice day.

Yours,

Department of Justice (US)

Re:Possibly sane

[NineNine]

That IS a good idea. As a former sysadmin/support person for several big companies, I can tell you that people installing random, unapproved stuff on their PC's is a major source of support calls. This should make W2K be an even better choice for corporate desktops. This is yet another feature that shows that MS is thinking about enterprise implementation on the desktop. You do NOT want people to be able to install any old RPM on their desktop in a networked environment. That's a BIG "no-no".

Great, this breaks my code...

[warrior]

Half my stuff relies on unsigned chars!!! (But I guess it didn't run on Winders anyway).

Mike

Wait a minute...

[TopShelf]

According to the article, this is an option that can be turned on or off - so in the appropriate setting, this is actually a very useful feature. Far be it from me, however, to let the facts get in the way of a sensational headline...

Re:Wait a minute...

[f5426]

> Refresh my memory as to why a free software vendor can't get a signature?

I, for instance, am not a 'Vendor', but I still produce free software. Do you beleive that I'll be trusted ?

You can troll me without going to name calling, sucker. Obscenity is the crutch of inarticulate motherfuckers. I preferred to old sig11.

Cheers,

--fred

Re:Wait a minute...

[ca1v1n]

Free software vendor? Last I checked, anyone can be a free software vendor. That's the beauty of the system. Requiring apps to be signed cuts off the ability for people to do work as a labor of love, which is how some of our best free software was created and is still maintained.

This has to be optional

[TommyW]

Because if it's not optional, then the end-user (rather than end-luser) can't run software they've written themselves. Well, not without registering with Microsoft anyway. Which isn't going to happen.

And once the option's been turned off, you'll be able to run anything. I presume.

So it's got advantages for businesses, as they'll be able to ensure that their desktop machines don't get infected with screensavers, whilst home users will probably disable it at the first opportunity.

I hope...
--
Too stupid to live.

Re:This has to be optional

[Daemosthenes]

Oh no it doesn't...

MS could just force you to buy Visual Studio for 300 dollars, then allow only code written in VStudio to be compiled and run. I've worked with Studio, but I really don't see how much better it is than borland, codewarrior, or all the other IDE's out there. Just another fun money making tactic from MS.


47.5% Slashdot Pure(52.5% Corrupt)

Sign what?

[jariv]

If I run .jar or .class do I have to have signed java.exe (==VM) or does java prog have to be signed?

If first do html-pages/emails has to be signed?

--

Re:Relaxation would indeed be good

[Dannon]

from the turn-on-red-alerts dept.

Says it all, doesn't it?

An unfortunate truth: Even in the best of news media, sensationalism always wins out over objective, balanced, and reasonable reporting. Clue to MSNBC and other news networks: 'Too close to call' ain't exactly 'breaking news' any more!

---

It will never happen...

[wbattestilli]

MS has too many people to please. They still have a Win16/DOS subsystem in the OS because people want to run WordPerfect 5.1 for DOS. Microsoft couldn't get away with rejecting software at the OS level. Some they'd get too many calls saying:

"How come the (insert rare program here) is being rejected by your os. It used to work before I upgraded. I just wanted my internet to be faster, I didn't want to break all my software."

They would if they could but they can't so they won't.

This'll be fun.

[QuMa]

If this option (yes, it will be an _option_) get's used enough, it might be thouroughly entertaining... As you can't run infected apps anymore, only script virusses will work... Maybe there is a future for that .bat virus from '90 (or something near that) I have here...

Re:Possibly sane

[bockman]

It will be sane if it will allow anyone to handle the signature approvals. so that a corporate IT department set-up its desktop so that it can run only software with their (of IT department) signature. This would allow IT departments to deploy more secure installation ( if that is possible with M$oft software) without having to depend from M$oft.

/PARANOIA ON
For the sake of conspiration theories let's think of a different scnario : when the first virus/worm/trojan of Whistler will appear, a dialogue like this will take place:
User:"Help, help. This virus just f*ked up my data!"
M$oft: "oh, but you turned out this very important security feature!!!!! It is **your** fault, then !!!"
User:"But I just wanted to run FooSoft SuperBestSoftware 1.2"
M$soft:"Ah, but FooSoft does not comply with our security policy and it's not certified. Why don't you run M$oft UseOnlyMe application. It does the same thing, but better. And it's more secure. You'll have to pay every time you run it, but security has no price in this virus-ridden world."
/PARANOIA OFF

How long 'till it gets hacked?

[Alioth]

How secure is the signature anyway?

We know how long it took until DeCSS showed up, and the DVD security was broken. How long until signatures are broken?

signed or not, an app still may not be secure?

[Lt.Hawkins]

buffer overflow a signed app. can the new, arbitrary, (malicious) code be mistaken for signed code?

Microsoft Moderation

[The+Blackrat]

Everyone is busy skrieking and laughing at microsoft for this, their latest doom-inspiring mistake, that will surely lead to the distruction of MS. Just like win3.1, win95, winNT, Exchange, SQL, etc... MS has karma points like nobodies buisness. Whatever products they make (MS BOB excluded) will get moderated up to 5 (User Friendly!).

First Amendment

[Nemesys]

Doesn't this impinge on people's freedom of
speech? Ultimately, programmers will feel restrained from writing SCREW_MS.EXE.

Re:First Amendment

[Planesdragon]

No, it doesn't. You're free to write any software you want, or say anything you want, or the rest of it.

Microsoft is also free to "drown you out" by changing *their* OS. If you want freedom of speech guaranteed by your OS, work for the OS to be owned by the government.

The bill of rights *only* applies to the federal government, and the states *only* though the various "due process" laws.

Excuse me for asking, but

[NetWurkGuy]

won't this afford MS a fine way to duck respondsability for any problem, (especially viruses), that could arise if the "option" is switched off? If MS can say "Sorry, we can't help you since you are not using our recommended option and your problem could be due to an unregistered executable" then how many users will decide they have no real option after all?

That's a good idea

[GeZ117]

Microsoft will be entitled to refuse to sign software made by concurrent, thus forcing all program running on a Microsoft Machine to be Microsoft made, or Microsoft approved. Approval could cost big bucks: another revenue source adding to the sale of API licensing. And, all those so-called shareware/freeware/amateur/Free Software developers will be screwed.

Join Microsoft or Die, 'cause nothing else can run !

No, really, I must admit it's a grand idea. So sorry there are other OSes that won't have such a nice feature. Microsoft should hire Alan Cox to write a kernel patch for Linux to run only Microsoft binaries (through Wine).

The other great part in this wonderful idea is that with such things Microsoft will end-up totally discredited. First, the "all your datas will be on our HD" thing (.NET), then the "you won't be able to run homemade programs". From where does this corpse reeling coming ? Isn't it from Redmond ?

Who could want to go anywhere with Microsoft today ?

Re:That's a good idea

[sqlrob]

OK, let me rephrase that:
There is no limitation on signing by MS (at the current time anyway). As long as MS makes the algorithm available so that anyone can sign an app, even without using VC/VB, there's nothing wrong with this.

Re:That's a good idea

[DavidTC]

Um, no way in hell Ms would make the 'algorithm' (I suspect you mean the private key.) availible to all. That completely defeats the entire purpose of this. Virus makers will just sign their viruses.

-David T. C.

Re:That's a good idea

[sqlrob]

No, I mean the algorithm. (PGP? Something else? Key size is xxxx bits, code checksum produced by algorithm y, located at offset Z in the file) MS wouldn't need to supply their key to anyone, just as each vendor would keep their own private key.

Remember, apps are signed now (ActiveX controls). How is this any different? As long as a CA provides the certificate identifying you and itself, why does MS even have to be involved? It would be signed code.

So virus makers sign their virus. Go back to the CA, get the name and address (which was hopefully verified by the CA) and arrest them. All nice and tidy, if the CA does their job properly.

Just implement this so you supply a list of trusted CA's, everything else is considered unsigned. Allow the ability to add CA's to this (e.g. local, for testing), and it seems like it would work like a charm.

Re:That's a good idea

[sqlrob]

Verisign signs the apps, not MS

Anti-MS FUD

[Fervent]

Any particular reason why Slashdot is always running rampant with Anti-MS FUD? It's like, every single article that the dot posts about Bill ("Bill Gates gives to 14 children's charities") is plagued by responses basically saying, to different degrees of intelligence, "M$ $ucks!".

Re:Anti-MS FUD

[Stephen+Samuel]

If this were a startup or a company with a more positive history things would be different. As it is, you'll just have to adapt.

If this were a startup or a company which had a better history (i.e. wasn't used to acting like a monopoly), we wouldn't even dream of them being able to get away with the the kind of control-freak bull that this threat seems to entail.

"Do exactly as we say, and nobody will get hurt. &nbsp Just remember: It's for your own good."
`ø,,ø`ø,,ø!

I totally quit reading the Register.

[Jeff+DeMaagd]

Sometimes they actually get something right, but usually every story had some unjustified amount of skew in it.

There was a time when Slashdot used the Register as news a lot, like at least a story every week. I think the "editors" here finally wised up. Now to take ZDNet off should be our next task.

Re:I totally quit reading the Register.

[MidnightLog]

For those interested, The Reg is skewed against everything--they don't like anyone.

Personally, I thought the vulture kind of gave that away.

Re:I totally quit reading the Register.

[Paul+Komarek]

The Reg is proud of its skew! And any intelligent reader should be able to identify it--it's usually humorous. Obviously you're an intelligent reader. Why does this put so many people off?

And I don't care about protecting readers who can't detect the skew. For those interested, The Reg is skewed against everything--they don't like anyone.

-Paul

Re:I totally quit reading the Register.

[Jeff+DeMaagd]

Oops you are right! The whole site seemed to be the stereotypical trash rag. I know the use lots of unnamed insiders which is a good thing and a bad thing.

Oh well. It's not funny enough to make it worth my time, and rarely has useful or interesting enough news either, and unless I keep up it's hard enough to tell fact from fiction, so I don't read it anymore, besides "unannounced" news can change many times before it makes a real product, if ever.

I wish....

[Gibbys+Box+of+Trix]

... I had mod today and there was a Hysteria: -1 moderation option... I'd have burnt up my points in no time.

Talk about knee-jerk reactions...

--
01 13 19
TVDJC TDSLR AZNGT NWQSH KPN

Hmm

[llzackll]

It almost seems like Microsoft WANTS people to run to Linux!

Re:Possibly sane, but scores points for other OS

[ackthpt]

Ok, if it's optional then it's not so insidious. If they take that optional away and become sole arbeiter of good code it'll be the best thing they've ever done to promote Apple, Un*xes and Linux.

Nearly a laughable concept from a company well known, by now, for the security gaps in their own applications which pose perhaps the single most damning threat to business and personal users.

--

Re:Possibly sane

[Happy+Monkey]

It also says that you have the option to send it to them for testing so they can approve it and stuff.

Can someone sue MS for having lots of copies of unlicensed software then?
___

Now : option... And in a few years ?

[Vapula]

Right now, this signing job is only an option... Okay...

And in a few years, windows will ship with that not being an option anymore... Applications will have to be signed... But they'll ship you (for free of course) a program to sign your own applications... And your license key will also be your signature.
But, who will complain.... Nearly everybody will have signed programs... And MS will make arrangements with 3rd party company so their programs will be MS signed (in order to provide a greater level of confidence to the users thay'll say)

Then, one version later, you'll discover that this little tools dissapeared... It can only be found on the web... But still for free (one step back)... Most of us will have only signed applications, or will still have the program from their previous install so, they won't worry...

And, at last, M$ will decide to remove that program and only allow MS approved programs...
And many people won't see any difference... because the programs they use are anyway M$ signed... 3rd party companies would still (for a while) have theirs apps (and games) signed for free by MS... In order to have DoJ happy... Until there'll be no way back possible...

I know this is a little pessimistic... but it's possible... By making the moves step by step, slowly, nearly nobody will react... And those reacting will be called lunatics... You just have to look at the laws to see more and more laws protecting big companies from the people... while removing the protections of the public against the companies...

The only way around that... free software... will have bad days with these laws...

We already have DVD drives only running after an authentification by the program... And sound cards that needs their firmware uploaded at system boot... And the laws prevent us from going around these limitations ((c) laws, DMCA).
Next step is video cards needing authentification by the OS... Hard drive that have a small unlocked area and the rest of the drive which needs to be unlocked by the OS bootstrap, network cards are also good client to authentification (so you won't be able to mess with a stolen NIC to fool a server by using the correct Ethernet address from that card...)

Are we going to a world where computers will only be able to run MS Windows and where MS will be abl to define which programs may be run (and for how many days) ?

Isn't that ironic...

[Amokscience]

RANT:

You know, Slashdot feels more and more like Windows 9x. I 'have' to use it (or find even less suitable alternatives) but it makes me feel angrier, dirtier, and less prodcutive the longer I use it.

Not only that, they're obviously a bunch of irresponsible. hypocrites. Talk about FUD FUD FUD FUD FUD FUD. Dear lord, someone hand these clowns a cluestick.

...and for my opinion on the signed apps: I've for it, as long as I can turn it off and have different restriction levels. It's an excellent way to protect against virii and trojans.

It isn't even mentioned....

[flynt]

It isn't mentioned why this might be a good idea in the Slashdot blurb. It is so you don't run code that is potentially devestating to your machine. You know how you (should) check those MD5 checksums on all your Linux downloads, this is sort of like an automatic way to do that for people less inclined. And like I said before, it is an option. So why all the fuss? It shouldn't matter to many of you anyway, right? Linux doesn't do it.

Re:It isn't even mentioned....

[mattvd]

I think the main point of the article is that MICROSOFT will be the one signing things (or at least signing the developer's key). The MD5 checksums are (I believe) done soley by the developer without any influence from anyone.

Nice misleading headline

[Galaga88]

Wow! Why a typically misleading and paranoid article headline, considering Whistler will feature the option to warn about or not run unsigned code, not flat out refuse to run it all like the topic insinuates. Of course, what else can you expect with a track record of journalistic integrity like slashdot's?

New bug^Wfeature

[Darth+RadaR]

Just what I need. More voodoo. As if dealing with registry problems when programming for Windows wasn't bad enough. Then everyone will have to do a re-make of programs that worked fine until now. Arrrgghhh!!!

Maybe it's an evil way for M$ to up it's tech-support calls for Visual Studio.

Re:Possibly sane

[jejones]

Well, yes, but...people have the option of installing Netscape, too. Care to bet that the default will be to have it turned on, with lots of nice FUD about the dangers of running software not approved by Microsoft?

Programmers will have to upgrade their compilers

[JJoyner]

I wonder how compiler vendors are going to deal with this? Will each compiler be assigned a digital signature to imbed in the dll, or does this mean we are going to have to include a spoof for every C program we compile for Windows?

optional

[ideut]

The feature will be optional. Don't get your panties in a twist.

Thank god

[AintTooProudToBeg]

I have been having a lot of problems lately with my non-microsoft-certified binaries!

Easy of Use vs Security

[dirk]

Maybe I'm in the minority here, but I can't see how this is a bad thing. When ILOVEYOU and MELISSA were running rampant, everyone screamed about how MS set everything on low security by default, and no one would change it. Now they decide to set security higher by default (which would avoid a lot of the problems) and now people are screaming about that. There is no perfect way to set security by default. The only way to have real security is to set it yourself. If people take what MS is giving them as security settings, that is their choice. If low default is bad, and high default is bad, what is good?

Re:Easy of Use vs Security

[RogueAngel7]

ILOVEYOU and MELISSA were both visual basic scripts (not exe's). Macro visuses that only ran because outlook runs them automaticly.
-

Re:You miss the point....

Commodore BASIC has more useful error messages than that.

Re:A pirates nightmare

[Araneas]

I deal with home-users running win2k. Why, because its there. They have no need for any NT services what so ever. They have bought the sizzle and have no idea how to use the steak.

They often start by saying the os has told them to contact their sysadmin. I take some pleasure in telling them THEY are the sysadmin!

Verisign not Microsoft

[meadowsp]

It says in the article that it's going to be Verisign and not Microsoft doing the certification.

Be a rebel...

[HiQ]

Use unsigned integers wherever possible - that's one way to run some unsigned stuff in Whistler!
How to make a sig
without having an idea

Re:Widespread Paranoia about this feature....

[Mike+Monett]

You are boasting about having 85 hours uptime?

I wouldn't be so sure that MS is flawless and the system failures are caused by the apps. How would you know? MS could bomb during a memory request and claim the app was at fault. You have no way of knowing.

In a Brief Amicus Curiae of the Software and Information Industry association, in support of the United States

http://www.siia.net/

"Microsoft has further restricted innovation and consumer choice by withholding APIs to impede the development of products that it perceived as threats, and by fostering incompatibility between such products and Windows (or Internet Explorer)."

"The technical side of Microsoft's campaign against Netscape was designed to ensure that Internet Explorer was sufficiently interwoven with Windows so that Netscape users would have a "jolting experience." Findings 160; Gov't Ex. 334, at MS98 0104683."

All the evidence gained since the antitrust trial says we never should have trusted MS in the past, and we should never trust MS in the future.

if you can

[dalinian]

Yeah, it can be turned off. Just like macro execution in MS Word. ;-)

Re:if you can

[pallex]

"Whistler will be almost totally useless for the majority of users without the capability to turn this off"

I dont know....i can imagine a network guy installing a pc, cloning it, rolling it out to the 200 people who work there, and only allowing the ability to run unsigned code to the developers there.

In this situation, there is no need for users to be running unsigned stuff; it`ll stop the *huge* number of problems caused by people running email attachments, screen-savers etc they downloaded on company time!

Re:if you can

[Zigg]

Point well taken. However, seeing as how Whistler will be almost totally useless for the majority of users without the capability to turn this off, I doubt it'll be hard to have it shut off. Besides, Microsoft's history when it comes to implementing security options is to leave the less-secure option on by default. I doubt this will be getting in anyone's way.

Re:One thing doesn't make sense.

[scott1853]

Not without disabling those features for IE also. While activex and java aren't critical enough, if you disable Javascript almost every site out there craps out.

You can disable those things just for Outlook Express though if you tweak the registry and add a custom security zone just for OE and then tell it to use that. You can even modify the security settings in the standard Internet Options control panel applet.

Nice in Theory

[I-R-Baboon]

It's nice in theory, but that's where it needs to stay.

I think this would again be putting too much power and control into a singular entity. It could also lead to very bad things for code in general as new precedents are laid down and new decisions and laws are based on them. This might be down the road where all programmers have to be registered with some major organization etc etc.

Inevitably there would also be ways to spoof and fake things eventually which would only leave the permanent effects of the aftermath of court, government, and big business involvement.

I try...

[foxxtrot]

I try to think Microsoft isn't horrible. I may prefer Linux to Windows, but Windows has been good for a lot of people I guess, plus I need Windows for games.

But, then Microsoft goes and pulls this kind of garbage and they appear to be nothing less of Pure Evil.

It hurts Mommy, make them stop.

Re:Yeah, right. Whatever.

[Tin+Weasil]

AH! But the Virus would first have to be executed in order to modify the registry!

What we have here is a failure to communicate... bilingually.

That is probably bug filled as well.

[TermAnnex]

As with alot of windows security features, it is probably bug laden enough so that someone could easily bypass the protection.

Even more so if it's an option that you can enable and disable.

If microsoft will be the only entity signing applications, don't they have to perform they're own security auditing to make sure the program doesn't have a back door? Or will you just have to pay microsoft enough money and they will sign anything?

Lets start a fund to get the most common windows trojans signed by microsoft.

Re:You miss the point....

[kwashiorkor]

It leaves them developing for Linux et al. and/or web based applications that are 90% server side. What's the big deal? IMHO, this could eventually turn out to be a good thing.

-- kwashiorkor --
Leaps in Logic
should not be confused with

Re:OH MY FUCKING GOD HEMOS

[RogueAngel7]

It may be an option now, but it raises the bar for other products. Right now its an option, then its a harder to configure option, then its barely an option, then its not an option at all.

that is the grand ability of a company in microsofts position to change things over time.
They don't have any real competition other then linux and with out proper competition, the corperation doesn't have any incentive to care about the end users needs or wants. thus they change things in the direction that best suits themselves, not you or me.

this is also why they stand so fervantly against the open source movement. If they squash Open Source, they squash (or seriously dent) the threat Linux weighs against thier position. I.E. no linux, no competition. No Competiton, no worries.

One thing they will never learn is that they will never win against open source. Open source is an idea that gives the informed (perspectivly) mass populace the ability to handle things themselves. They will never win against an idea like that. Bigger groups have tried, and they have all failed.

in a way it is very much like the social theory of Oppression vs Rebellion that spawns wars and takes down goverments.

its all very facinating to me...

-

Microsoft as a totalitarian regime.

[leereyno]

This is yet another reason not to buy Microsoft's products. This all goes back to the personality of Bill Gates himself. Some people would be more than happy to be as rich as he is and to have such a powerful position within the computer industry. But not Bill, not he wants to have control over your desktop system, and your server as well. Now you can say he's not in charge at M$ anymore, but I don't believe that. Isn't he supposed to be working on long-term plans, being the visionary within the company? You can't do that if you have to play mother may I.

This reminds me of the slow and steady encroachment of a totalitarian regime. One which slowly but continuously works to undermine the rights and freedoms of the citizens, all the while denying that it is doing so and claiming to be working to preserve freedom.

Now of course the software industry is different, but isn't the freedom to choose which software packages and drivers you use on your system your right? How is it any of Microsoft's business what you do? They can all go to hell as far as I'm concerned.

I refuse to run an operating system which refuses to execute the code I give it on arbitrary grounds. I'll use star-office and make do long before I'll submit to the will of the Furher in Redmond.

This whole business just really pisses me off.

Lee Reynolds

Re:Microsoft as a totalitarian regime.

Your sig was appropriate: Religion stops a thinking mind. So it is with the Linux religion. Microsoft is beefing up it's internal security. The lack of security in Microsoft products is what many Slashdot readers have been bitching about for some time. This is not a bad idea. Microsoft is not evil. It's a business which will lose customers if it builds in too many restrictions. That's why the feature is optional. Linux wins no converts with blind dogma. Linux wins them one at a time by offering solid alternatives. Quit preaching and start coding.

Re:Microsoft as a totalitarian regime.

[LostScorp88]

It's so funny that MS keeps telling people that they are visionary and trying to improve computer technology, and then they try to pull off something like this. Anyone who knows anything about technology can see that the next evolution goes towards freedom, not control. The popularity of Linux shows this clearly. If MS is really trying to move us further, they need to wake up and smell the proverbial coffee of freedom, so to speak.

The downfall of MS is not too far away if they don't get a clue. People are sick of this crap. While I hate MS, I still feel they did a lot of good for computing and can continue to do so. Please, MS, wake up!

Re:Possibly sane

[NineNine]

That was the point of an OS a long, long time ago. Now, when you have mission critical data sitting on the desktop, and all machines internetworked, it's crucuial that some level of security and management is integrated into the OS. MS is, if anything, being pragmatic and creating a better product to meet the market's demands.

Linux

[H*rus]

Then this day will go into history as the day the world abandoned Windoze.

Mark
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."

Old Hardware/Software/Drivers

[Daemosthenes]

This brings up the issue of installing old hard ware without MS signature.

Let's just say I have a very old video card, and I want to use it on a computer which will only be used to check email (by say, my grandmother). Perhaps this is an old TNT by some generic company, and the drivers are no longer updated. This means that MS will not be able to use the drivers, and no new "MS verfied" drivers will be availiable.

Oh well....I guess it's time to introduce my grandmom to Linux. :)


47.5% Slashdot Pure(52.5% Corrupt)

Re:Old Hardware/Software/Drivers

[theguru]

Just don't put Whistler on the piece of junk macnhine you're going to give Grandma. I somehow doubt she'll need anything beyond Windows 95 or 98 just to check email. Give her Win98 and install WebTV for Windows so she can set up reminders for herself when that nice young man, Jimmy Stuart's films come on.

Re:Break it before it breaks you

[Foogle]

Microsoft doesn't handle the certification; they have no say in the process, and there are no standards to say what sorts of applications can be signed or not. The bottom line is that a signature just adds accountability, not certification of usefulness.

Get it right.

[scott1853]

It's going to be a security option. Something that can be toggled on and off.

upcoming Windows release known as "Whistler" will include a range of new security options - quote from ZDNet article.

Notice how they state option

Re:Get it right.

[Darth+RadaR]

It's going to be a security option. Something that can be toggled on and off.

If this little option gets put into Windows, it's pretty certain that I'm gonna have people complaining about software I wrote years ago saying "It doesn't work. Fix it!". You just know that the un-clued masses who are still wondering where the "any" button is are not gonna know how (or even try) to shut off any option that's default.

Re:Get it right.

[scott1853]

You're right about that. But knowing MS's history, they've never shipped anything that had high security defaults.

Re:Get it right.

[radja]

even if it is an option... it will make a user think twice about installing something that isn't M$ certified.. I know (and probably you too) that software is never guaranteed to work.

it could put people off...and you can bet M$ considered this...even if it is not the first goal.

//rdj

Re:Get it right.

[Goobah]

However, this does create a problem for those of us who write small shareware apps. I do it mostly for fun, but I do enjoy the little bit of cash it brings in. If I have to pay any amount to be part of M$'s Elite Software Force then I'm basically out of the shareware business. What am I gonna do otherwise, tell everyone that downloads my software to "turn off" their "security option"? Ya right.

Relaxation would indeed be good

[Zigg]

God, no kidding. What amazes me is that when this cropped up a couple weeks ago on The Register, I submitted an article about this being an option... it was refused in the space of an hour.

Apparently refusing to read the entire article and making the headline as sensational as possible is a formula for success when you're looking to get a Slashdot headline.

Re:Relaxation would indeed be good

[Ektanoor]

Well twice I saw this same thing. What amused me was that the submission about Plex86 was late a day, it was refused, and next day they published it.
Besides the situation with this article is quite bad as it is a typical example of yellow journalistics that people have been highly fearing. This way /. will loose every single drop of respect. Frankly, if it wasn't the fact that we readers make 80% of it, I would have quit reading long ago. The headers are sometimes irritating and stupid. Some comments and headers about M$ are on the same level as M$ FUD itself. And published submissions have been degrading highly. First they are coming terribly late, haven't you noted? Second they sometimes forget/delay some critical launches, events. Mandrake was nearly forgotten and only came out when people where already firing Hell for days, about an american distribution chain launching a pre-release as 7.2. And third, their selectivity seems to show that /. keeps living in the end of 90's and does not want to move further. In a day they seem to get 100-300 sumissions. And, published, we see only the same number as before 5-10 a day. It would be curious to think that all 90-290 are dupes, spam, trolls, anti-linux FUD, mass-media junk and co.

And sincerly. I believe Rob is getting no better than Bill. Keeping to rule of the game only in his own and his command is what M$ does and not the OSS/GNU/Free Software community. Open the house Rob, you will not loose but win. If you do it smartly, of course...

Re:You miss the point....

[LocalEmperor]

I completely agree. I once worked at a software retailer, and as anyone who has worked at such a place can tell you, people call you like you are a tech support line. I had this woman call up freakin' out because her computer hung and she had to hard restart it and got the "Your computer was improperly shut down" message along with scan disk. She thought her hard drive was erased or dead.

People just don't understand the warnings that they get from thier computers. If the dialog comes up an says that "this program is not signed by Microsoft" they will probably pack everything back up and try the take the software back to the store.

~LE

Re:Possibly sane

[devapoj]

One might say that it is optional, and perhaps even desirable in a secure, corporate environment. But that is beside the point. The point is that anyone who wants their software signed will have to bear all to microsoft and thereby allow microsoft's engineers in the process of "certifying" it, pilfer any good ideas that package might contain.

No doubt the empire will encourage businesses that such a move will be a "good thing", and any competitor that effectively does not show their source code to microsoft will be shown the back door by corporations that have taken the bait. Sounds anti-competitive to me.

It's retarded BUT...

[jcostom]

There's a way to turn the behavior off...

I saw it described on one of the beta newsgroups, but don't recall the exact sequence to do it. I think it's an incredibly stupid default.
--

Whose butt did they pull this story from?

[AFCArchvile]

Only drivers are digitally signed right now. I can go ahead and download stuff from Freshmeat that's in the alpha stage and run it nag-free. The whole reason for digitally signed drivers is to prevent from having shoddy drivers run on a mission-critical system. The biggest problem with this is either Microsoft's refusal to digitally sign drivers, or the companies' sheer laziness.

If the digital signing process is carried over to applications, though, then it would mean the end of Win32 application development as we know it, which is why Microsoft will most likely never implement such a draconian system.

There, I said it; the article is all FUD spread around by the Linux zealots.

Yes, this is a good idea.

[sbjornda]

Or be like Lotus Notes and have everything you do signed by default, with a certificate inherited from your company's head office.

The naysayers are thinking of their individual rights and freedoms, and yes that concerns me too when I'm working at home. At work, however, the company owns my time and my productivity, and if the company wants everything we do signed by its certificate, then that's fine by me. It sure cuts down on the number of worms!!!

"Relax, this won't hurt a bit."

[twitter]

Don't worry, Windows productivity will always shine. Older applications, aslo known as unsigned or unapproved and insecure, may crash newer versions of Windows because we broke the old code. To protect you from such crashes, we have put this new feature in that you will have to disable to find out your favorite piece of software no longer works. This will force you to buy one of our newer offerings, so you can be more productive than ever. Ah yes, see how good our subscription service looks? You will alwasy be (paying for) using new software when you trust MS.

The easiest option to turn off is Windows.

Re:Range of int

[krappie]

does it have to sign each of it's 65553 bugs?

if you switch the last two digits, thats 65535, which is the highest value of an unsigned 16-bit integer.

Re:ok.. none of you have got it right yet

[Vinster]

> hehe.. uh oh... unsigned shorts range from 0 to 65535.. sorry
Actually a quick scan of eBay will show unsigned shorts going for much less than that.
I doubt even signed shorts would go that high! Maybe if they were signed and game-worn by Michael Jordan or someone like that. But 65535 sure seems high.

Re:Possibly sane

[powerlord]

Okay, lets say its 'optional'.

Whats the default setting going to be?

How many people are going to go looking to disable it, or are going to be alarmed when they suddenly see a big dialog box with a red stop sign that say s "WARNING! The system attempted to run a program with questionable authentication!" or some such error message?

Given MS's track record this smacks of future bullying potential.

Re:You miss the point....

[Zigg]

I'd bet (without any substantive data to correlate my bet) turning the thing off is as simple as checking a "Don't bother me about this lame-o signed app stuff" box, at least on a machine that hasn't been tightly configured by a competent administrator. The difference is that Microsoft's record on security settings diverges depending on the nature of the setting:

1. If the default setting is for more security, give a checkbox to the user to allow him to opt to stop being bothered by the security setting when the security setting causes an interruption in the flow of execution.
2. If the default setting is for less security, require the user to dig through the aforementioned mess of dialogs in order to turn the higher-security setting on.

Again, all bets are off if the machine has a policy configured by an IT control freak. Also, I might add that this attitude is not exclusive to Microsoft -- I think it was first pioneered by Netscape (i.e. Navigator's "do you want to run this?" dialog that could be bypassed vs. having to dig through preferences to turn the cookies off).

Another thing ..

[BeanThere]

"Whistler will have the option to only run signed applications. You can turn this off"

This 'feature' is probably currently largely aimed at corporate desktop users for medium to large corporations as a means of controlling what software employees install and run. So in practice probably only your administrator is going to be able to turn it off.

What it seems to me

[ksan]

What it seems to me:
- Faith in that this is the right way to implement a security but it's flawed. Why ? No one can assure that this won't be used to implement wrong things or be abused to assure the prevalence of M$.
- A way to not teach people how to use their programs. It's a form of empoverish people.

Re:Different types of certs

[Chatterton]

Yes, but for my ease of work i have a bunch of macro that work outside my word documents with other soft. For example: I have one who to do this: - take the current word document and save is as text + as doc with the current date - load ftp and start a batch file to transfert the text version to the BS2000 - start a compilation on the BS2000 - get back the error logs... and display back it in word It seems to be stupid to do that, but i have some really interesting feature of word working for me like the revisions marks in my source code, color, bolds and so on that i haven't on the editor of the BS2000. And no, my company doesn't use a version managment system i do it myself with word. Do I need to send this macro to microsoft if my 'option' is forced on 'ON' by my company ?

I disagree completely.

[sbjornda]

Lotus Notes is aimed at the enterprise, not the SOHO, and it has signing built in. It works great. Every piece of code you write is signed automatically by your ID, transparently to you as a coder. The sig is checked by each server and client that the code is expected to run on. If Microsoft implements it as transparently as Lotus did, then this will be a tremendous boon to the thousand-seat-plus organizations.

The down side is that it will result in less business for the anti-virus people

Re:Possibly sane

[Zico]

Right at the very beginning of the article it is explained that this is an option. You know, as in "it's optional, you don't have to use it"?

Who knows why so many Slashdotters always fail to read those two simple words ("optional" and "option") when it comes to discussion of things Microsoft, but you can go back and read it for yourself if you don't believe me.

Cheers,

Dear Americans

You probably don't remember us, we are the founding fathers. We fought for what you abuse today. We don't like being misquoted and having socialist draconian laws linked to us as "this is what the founding fathers wanted" It is most certainly NOT what we wanted, as evidenced by not only what we fought against, but the Constitution, the Declaration of Independence, the Federalist Papers, and other documents written by us. This whole microsoft thing makes us sick. You bitch about someone having control over you, yet you could and HAVE chosen to go your own paths. Witness the glory and freedom of Open Source. As it gains mainstream and enteprise blessings you gain even more power to dethrone the evil empire, and put a democracy in place. Unfortunately, many of you are too lazy and stupid to work the system like we intended it to be used. Instead, you would rather hypocritically enact the same sort of control that you had defined as being evil. Do you not read history, do you not pay attention to current events? Like in Frankenstein, you perceive an evil, yet you still have a choice. Will you then be like the unruly mob that burns and murders in order to "destroy" the evil, thus becomming the biggest and most evil menace yourselves? Do you not realize that the regulations you put in place will only serve to hurt you and help the very people you want punish right now? Maybe you can't see in the long run. Maybe you have been lobotomized. Whatever the reason, you obviously feel your movement and OS is so inferior to your "enemy's" that you cannot compete with it. Perhaps you are prepared to reap what you sow? Probably not... you will bitch later at the governmental controls and regulations placed on you, crying foul, and that it must have been the evil corporations, when it was actually YOU who created the evil. Don't blame others for your stupidity

This could be a major problem

[drnomad]

for Open Source developers, who develop under Windows. If it's really going that way that no uncertified software is runnable, than the Open Source community on Windows is dead (and it didn't even flourish yet). How's this with freeware and shareware? Does this mean a mandatory payment for software due to certification fees?

Re:It's an option.

[BrK]

Personally, I think it's just a lot of sensationalism right now. The scary part is that we, the end Lusers of Microsoft products, seem to have little real input into these things. At first it will be optional, then MS will claim that this "feature" has been wildly successful and will make it a mandatory thing in the end-Luser version of the OS. To have the "right" to decide what programs can run, you'll have to pay a 500% markup for the Professional or Server version of the OS that just has some snippets of code disabled.

Remember, IE was once optional too.

[jabber01]

Remember, IE was once optional too.

The REAL jabber has the /. user id: 13196

Knock knock Slashdot - anybody home?

[gamorck]

Comeon guys.....

It seems like every Microsoft story up here doesn't bother to relate all the facts. It also seems that most of the Slashdot readers are too brainwashed to go read the actual articles themselves (or even - GOD FORBID - sign up for the beta test and try it out for themselves!)

Its an option. End of story. Windows 2000 warns about unsigned drivers - it also warns about software in which there may be OS incompatibilites (aka pre PC Anywhere 9.2 for example). It warns - but it does give you the option of using it anyway - even though you will probably screw alot of stuff up if you decided to do such a thing. And yes - it does so for a REASON. The same goes for Whistler - I should know because afterall I am a beta tester.

Think about it - why would MS want to stop all freeware and shareware software development for their platform? That would really be dumb.... and to be dreadfully honest to you guys - MS is alot of things - but they are certainly NOT STUPID.

They've captured the OS market on nearly every front and they intend to keep it that way. By the way, they are doing a damn good job.

Look at .NET for example - now thats inovation. Look at Linux..... ummmm... hmmmm.... well they almost got USB support right? Oh yeah.... well they might start working on Color Calibration support in the near future..... And sometime in the next 100 years they will have an internet browser worth a damn.

One of these days you kids are going to wake up and smell the reality of this free and open-source situation. More often than not - you get what you pay for. End of story.

Yes there are a few notable exceptions to that rule. Most notably - The Gimp, Netcat, and Nmap. Personally I can't think of any other open source apps I really find all that appealing. Most of them are underdocumented, overbugged, and supported by teenagers not even old enough to shave - forget it.

Just remember - all that the Linux community has done since its birth is try to emulate Microsoft Windows. Whenever I ask someone just why I should switch to Linux - they say something it regards to Windows. They have strived to match the monster feature for feature, megabyte for megabyte and so far they've done a really crappy job...... but ask yourselves this:

Without Windows, where would Linux be?

Absolutely Nowhere.

Re:This is the other half of subscription

[Foogle]

That's simply not how this signing-system is designed to work. The OS isn't choosey about who signs the executables, simply that they are signed by someone. It's an effort to add accountability to the programs that run on your system, not to pick and choose which ones can run.

And, for God's sake, it can be disabled -- what the heck is wrong with you people? I am so disappointed with Slashdot for the way they ran this story.

MIcrosoft endorsement?

[onion2k]

So, does this means that its up to Microsoft who can write software that will be signed? What if they decide that Netscape is a profits^h^h^h^h^h^hsecurity risk and don't let them have a signature? Or, more comically, what if the post-breakup Microsoft OS division don't let the post-breakup Microsoft Office division have a certificate? Surely having the OS creator certify the applications is a conflict of interest. It'd be better to have a third party validate stuff. Right?

How I read this...

[linqued]

It looks to me that M$ has decided that GW has won the presidency and all their current and future legal problems are going to go away. If they were concerned about anti-trust cases they never would release something like this.

Re:It's an OPTION, guys!

[Golias]

The problem with this "option" is that if you are selling or distributing software you might be forced to assume that a certain percentage of your customers will have it turned on, which means that you have no choice but to send a fat wad of bills to Verisign (just like getting SSL certification on your web forms), and subject yourself to whatever anal probed MS insists on performing.

I think developers have plenty of reason to be uneasy about this news.

Why do we need the US?

[Ektanoor]

Well look at this GREAT future! Yes, this is an extrapolation of this certification stuff. But think well. Technically someone may lead things to such extreme...

1) Certifying things like patents. So why do we need courts, suits and such stuff? Courts will only deal with hackers, crackers and bad boys who use pirated/cracked soft.

2) Certifying application packages. Somehow this is a consequence of the first. No more need for these patent battles, wild concurrency that creates consumer confusion. No need for DOJ probes, FTC certifications. Everything is in the system itself.

3) Certifying computers. How many poor users suffer from this mess of hardware configurations that don't go well with soft. Let's certify them. And even no WTO's will be needed. Why to give certifications to the bad boys on the other side of the Ocean?

4) Certifying docs. Isn't this great? Amazon's will be assured that it is selling you its book and you are not reading some pirated copy. And no Phracks, hack mailists, underground chats like Slashdot. Consequently no need for FBI's and similar stuff.

So, in the end, why do we need the US? Frankly I don't see any need on it except to support a huge army that will fight rough states which refuse to accept the new rules. Specially Russia, EU, China and several others.

So let's certify the Constitution (after changing "We, the People..." for "You, the users..." and removing some subversive stuff) and publish it as the EULA of the New Age. How great this Marvellous New World!!!!

Re:Possibly sane

[chainxor]

The reason for Win9x being crappy, is not neccessarily due to bad programmers/designers. It's more likely because of the backward compatibily issues (DOS based kernel and stuff). If you run WindowsNT or Windows2000, you'll realize that these OS'es are a lot more stable, but also less compatible with old DOS and Windows 16-bit software. I run Windows2000 and develop app's under it, I think it runs very stable and fast, a LOT better than WindowsNT ever has btw. Windows 98, ME and alike are crappy, no argument there. They're only useful for gaming :-) But then again Windows2000 runs almost any new game available, so I don't really understand why MS are still sticking with the Win9x OS brands, technically speaking. But I guess from a money making point of view it's a different story, so I guess it's always a good thing to have things like Linux :-)

Re:You miss the point....

[MidnightLog]

OS/400 has much more useful error messages. In most cases, a fatal error in an application will produce a job log which can be looked over by your sysadmin to determine the source of the error. Of course, the people who buy OS/400 aren't the same people who buy Windows (or at least they don't use Windows for the same types of things).

Sorry guys

[guibaby]

The following is the true story behind microsoft signing their code:

I started this whole thing. I didn't really mean to, but it is my fault.

I used to work for a small company named Lockheed Martin. My job was to provide UNIX users with access to windows software. (office; exchange, whatever) I was migrating about 1000 users from Citrix Winframe 1.6(1.7) to Windows NT 4.0 Terminal Server Edition (WTS). I had been playing with this software since it came out in beta and had not had any (-relative) problems with it. Every thing tested well so I started to move production users to the new system. I had a few minor problems at first, but no big deal. One day out of the blue I started to get BSODs.(oops pun) I had not changed anything. So I could not figure out what the problem was. I called ms after about 3 months and a ton of live debugs, the determined that a problem existed with one of the print driver. I was told to download the latest version of said print driver. This solved my problem for about a week. Again and again the same thing kept happening. BSOD....Call ms....Live debug...Upgrade printer driver. Finally after talking to several ms people and having two really bright ms consultants on site, I discovered the real problem.

BACKGROUND

The whole multi-user thing is new to windows. (Yes I know UNIX has been doing this for a long time.) A company call CITRIX used Windows NT 3.51, plopped a multi user kernel on top and it worked. It was a great product. Well eventually they decided to upgrad this product to an NT 4.0 version. ms said your not licensed for that *smack smack smack* but I think were going to do it instead. ms licensed CITRIX tech and said "henceforth let this product be called WTS." What microsoft failed to realize was that the products (nt3.51 and 4.0) are fundamentally different. In 3.51 the print drivers are written in user mode. When you add multi-win (CITRIX multi user tech) to the 3.51 kernel, it separates the user space. When you print in this environment the print jobs are rendered by that users print driver process. This causes no problems with any 3.51 version of the print driver because it only sees print jobs printed in that single user space. NT 4.0 is different. It's print driver are written in kernel mode. Therefore the user spaces all share the same instance if the print driver. This is not a problem if there is only one user space (nt workstation) but, if multiple people try to print to the same driver at the same time and the print driver doesn't understand what is going on, the driver pukes. If a driver running in NT kernel mode pukes, the puke runs blue.

Were back

I told ms what I suspected and after several layers of management, they confirmed it. This process took 8 months. Their original solution was for me to test each print driver for compatibility. I explained with NT's trusted print driver model, this was sort of impossible. Their answer was service pack 4. SP4 gave you the ability to disable trusted driver. This was a step to fix our immediate problems. The real answer was to either rewrite the print process to be more forgiving of problem drivers of yank the print drivers out of the kernel. I was told and I quote "Windows 2000 will be out and February and the problem is fixed." I made several statement concerning Bill Gates mother and
explained to our account manager why a new release of a product doesn't fix a current products problems.

Anyway, since when this problem was discovered after win2k was pretty much written they decided the easiest thing to do was to test each print driver and sign it.

I am sorry that was so long.. Any question???

me

That's not what the article says at all!

[drivers]

Here is a quote from the article:
Developers may purchase the cryptographic certificates used to create such a signature from Verisign Inc.--Microsoft has no say in determining who may receive such certificates or what software may be signed.

It kind of says it all doesn't it? It never says Microsoft has a final say over who can write apps for it (although it does raise some issues, not the ones everyone is going on about here...)

(It's not like it was that long of an article.)

Microsoft's anti-trust gamble

[einhverfr]

Microsoft must be aware that ANY abuse of the signing policy will be grounds for immediate and multilateral anti-trust suits independent of the federal case. Microsoft is a monopoly, and the main question before the courts now are whether Microsoft has abused the economic power which has come with their success. One should note that under common interpretations of the Clayton and Sherman acts do not forbid successful companies from obtaining even 100% market share but rather seek to guard against the economic damage that results from such companies strong-arming the market.

I have a hard time believing that Microsoft would want to inrease their liability like this. What happens if Microsoft refuses to sign software which, say includes reverse-engineered office formats because the formats were not licensed by Microsoft? Such a policy would be in clear violation of sections 1 and 2 of the Sherman act and probably of the Clayton act as well. Microsoft has a history of sabotaging competition as documented in Jackson's Findings of Fact and the various pretrial documents in Caldera vs. Microsoft (which was settled out of court two days before it would have gone to trial). Of particular interest was an exhibit in the latter case concerning the AARD code, from Dr. Dobbs.

All that being said, I do not want to see Microsoft broken up by the government. I think that the current plan would create two monopolistic powers out of one, and increase their competitiveness because each of the two companies would be more nimble than they would be if they were together, faced both with legal and market restraints. I think, unfortunately, this move is a step in the wrong direction for them.

What is the leadership in Redmond thinking? They are probably looking at this approach as a means of increasing the stability of the platform as a means of increasing their competitiveness against such OSs as Linux. As far as this reasoning goes, it is solid, but it seriously increases their liability, and I hope that they realize that. Such concerns may even force them to sign sub-standard competing software just to avert lawsuits. This could turn into a joke.

-----------
All programmers are playwrights and all computers are lousy actors.
--anon

Re:Range of int

[Gay+Mr.+T]

-32768 to 32767 SIGNED 16-bit integer
---

Re:Possibly sane

[chainxor]

I think it would be suicide for MS, if the signature thing for programs becomes mandatory. I could imagine several developers (possibly myself included), would consider alternative OS'es for that very reason. And maybe that will go for ordinary users too, esspecially if Linux and alike, will get mature enough for the desktop/gaming market (which I really hope).

Don't get your panties in a bunch...

[illumin8]

This is not a plot by Microsoft to require all software to be approved by Microsoft. Anyone that is familiar with the digital signing of an application using a developer certificate knows that any developer can purchase a signing certificate from a root certificate authority such as Verisign or Thawte. You can then digitally sign your applications, which prevents them from being altered, tampered with, or in other ways modified during distribution. Microsoft themselves is doing no verification and doesn't even have to know your application exists. When you run the Setup.exe for your application, the OS contacts the root certificate authority that issued your developer certificate and makes sure that the signature is valid. This is when you get a dialog box stating that the application was provided by XYZ company, do you want to trust it to make modifications to your system? This is a good thing. Sure, it may raise the bar of entry for hobbyist programmers because they now have to spend a few hundred dollars buying a developer cert, but it also forces developers to take reasonable precautions to prevent trojans and other malicious code that could be embedded in their executable programs. It also ensures the overall integrity of your OS will be better, because the setup application is only allowed to have the specific permissions that you give to it (modify file system, modify registry, etc.) The main purpose of this is to overcome some of the shortcomings of the Windows OS, such as .DLL files that get overwritten by unruly setup applications. Think of it from a *nix standpoint: You would want to know if an application was going to modify your system library (*.so) files. These problems don't exist as much in the *nix space, and most responsible developers at least checksum their distribution .tar files or use PGP signatures. This is basically the Windows equivelant.

THis is an *option*,

[mindstrm]

And, regardles of how much anti-ms sentiment there is, a GOOD option. Linux should *also* have something along these lines. Think of the security that is made possible.

And it's an *OPTION*. Microsoft would NEVER get away with making this mandatory. Not in the US, not in the UK. They would be SLAUGHTERED in court (or by every developer out there first)

Also, who says you can't use *other* keys? I assume this follows standard PKI? WHo says you can't give other CA certs who can be used to validate an executable, and then your IT Dept. can also 'authorize' apps, while preventing useless employees from running things that aren't certified?

Re:THis is an *option*,

[Ektanoor]

Linux has several systems to verify the integrity of an archive/package/program (ex. PGP/MD5 signatures). I should note that it possesses also several systems that checkup the integrity of files installed (ex. Tripwire). What Linux may not have, is a mechanism doing these checks at run time. Probably this would be a useful option in some cases, but not all as this causes some overload that may be uncessary/undesirable.

On what concerns the lack of a Verisign or similar certification system. On Linux this is not a good option as the dynamics of development are much higher and variable. This specially concerns cases when people work in such projects like distros. I don't wanna say that we don't need Verisign-like certifications at all. But it is not as universal as in Windows, where development is more enclosed.

Re:It's an OPTION, guys!

[Golias]

g/probed/s//probes/g
I gotta start remembering to use the preview button.

Service vs Manufacturing

[PotatoMan]

MS would rather offer this as a "new feature", rather than fix their pitiful security.

This underscores the idea that the software industry is a service industry that thinks it's a manufacturing industry. If MS would admit that it's really a service industry, they'd fix all the Outlook holes instead. But since they think they are a manufacturer, they have to sell new products. This means that they spend their time adding "features" instead of servicing the existing code.

Hopefully, the .NET strategy will move them towards a business model based on service. Then users can get things that work, rather than new features that are bolted on to bad code.

Nope.

[Fist+Prost]

Think about it, you're a third party S/W vendor, and you WANT your code to be blessed by MS, right? Who's going to sue the benevolent giant for making sure their apps are going to work?

What's really funny is that they say this as if the TPSV hasn't already sent their program to MS to get it approved and obviously failed, or else why would the *user* be sending it to them? Other than legacy/abandonware apps there shouldn't be any NEED for users to be sending programs to MS to test (not that it won't happen of course). Sounds like just another way to force the IT types to move over to an MS-Only shop.

Fist Prost

"We're talking about a planet of helpdesks."

Re:Nope.

[Happy+Monkey]

Think about it, you're a third party S/W vendor, and you WANT your code to be blessed by MS, right? Who's going to sue the benevolent giant for making sure their apps are going to work?

But if they don't 'bless' your code (or even if they do), simply by testing it they have used an illegal copy of it...
___

One thing doesn't make sense.

[scott1853]

MS states that this is in response to the e-mail virii that are going around. But you can't put a digital signature on a VBS file. And the wscript.exe program that runs them will already be signed by MS, so how will that solve Outlook Express security issues?

Personally, the best thing you can do is tweak the registry to give yourself more security. Apparently MS still doesn't have a firm grasp on the complex definition of security. On the other hand, every newbie user seems to have more insight into the subject. Go figure.

Re:One thing doesn't make sense.

[thechink]

Sorry but wrong, it's simple to do and no registry tweaking required. I currently have scipting, ActiveX & Java disabled for OE but working in IE.

Step 1 - In OE set your IE security zone to Restricted Sites.
Step 2 - In IE, go to Internet Options, select Security and choose Restricted sites.
Step 3 - Select Custom Level and turn off everything or set it to the most restrictive setting.

From now on OE will use those settings for HTML email.

More than an option.

[oconnorcjo]

"Warning: you are about to install potentially dangerous software on your computer 'Ok':'Cancel'."... Now if you are a company who is trying to sell software on the windows platform and this showed up in peoples faces when they tried installing your product, how do you think your bussiness will do? How much will your company pay Microsoft to get certified? What if Microsoft did not want your company to develope certain products/features? Would your company try to negotiate for a certificate? Ok this may be a _little_ paranoid but "that doesn't mean they aren't out to get us". As a security feature it is SO weak but as a money maker it is SO usefull. It just about begs to be used to strongarm software vendors into paying for certificates and Micro$oft can now hold tabs on what other software companies are developing/doing (and I am not even going into hardware/device driver issues/vendors).

So who get's to sign apps and how much $$$?

[Performer+Guy]

So is the signature merely a means of tracing back to the developer or is it a system of software certification?

If it's the latter who get's to sign applications and how much will it cost?

I assume that big developers like ADOBE will have to jump on board here, so will they have to send software to Microsoft to be signed (like WHQL or in this case WSQL), or will they be added to a database of default trusted signatories in the Operating System?

The devil's in the details, this could be a reasonable scheme or it could be evil incarnate. Does anyone have any more detailed information?

Re:So who get's to sign apps and how much $$$?

[Smallest]

even more, this signature can be used as a complicated checksum to tell when an app has been modified (either by virus or by a crack).

the downside is that this effectively shuts out free software to many many people. as soon as bored worker X figures out that he can't use the hot new screen savers from www.screesavers.com because they were developed for fun, distributed for free and therefore are unsigned, he'll either give up on non-signed software or turn off the signtaure checking stuff altogether.

either way, MS has just made some people's days a little less fun.

-c

MY Opinion

[Cepper]

If they do not make it a user configurable option that would be bad and my Conspiracy Hat would come on. If it stays an option this is a Good Thing(TM) to have especially if you are concerned about apps breaking stuff.

Possibly sane

[b0z]

From what I read on the article, it means that you have the *option* to set up the OS to warn you if you are trying to use an application that is unsigned by Micro$oft. It also says that you have the option to send it to them for testing so they can approve it and stuff. I think that is fine, so long as this ability is an option. It sounds like a decent security feature to me for a closed system. I know it goes completely against the open source ideals, but for M$ to improve their security this is one way to do it. If you are running a machine at work running Win2k or Whistler (when it comes out) that could be good to have this option enabled because you only want to run a few applications and services that your company approves, and you don't want people installing software that could potentially cause a problem on your system or network. Also, you can leave it disabled on your PC at home (if you want to run one of these crappy OS's) and install whatever you want. I don't really see a downside to this, if someone doesn't want to use this option but wants the OS, they simply turn it off. If this were mandatory, It would be crazy.

Re:Possibly sane

[esper]

Why is it that Microsoft code is "assumed" (and you know what that means) to be BETTER than 3rd party code?

Who said anything about this scheme assuming MS code is better? It's based on the notion that MS is a trusted agent which will make responsible decisions about whether code is safe and add a signature to those programs which are found to be trustworthy.

This has nothing to do with quality. It's all about trust.

(Now, I don't consider MS to be particularly trustworthy, nor do I consider them competent enough at assessing security issues to be willing to give them responsibility for doing a security review on code that will run on my boxes. Most of the market, however, currently does trust MS and their judgement.)

Re:Possibly sane

[TheAncientHacker]

You seem to have caught SES (Sysadmin Ego Syndrome). You see, the admin's job is to make the users' lives easier since they actually do productive work. You seem to be under the impression that it works the other way. Really, an admin is just a high tech version of a plumber. Both maintain infrastructure but don't add anything. Keep things running and let the users get back to doing their jobs.

Re:Possibly sane

[malfunct]

The only thing I worry about in this situation is that if people see the "This program is not signed it may cause damage to your computer." message for nearly every program they run, they will be conditioned to ignore it. Then when the truely nasty attack that the dialog warns of comes along, the person will just naturally hit ok and there computer will be zapped anyways.

Of course the solution to this on a computer that needs to stay healthy is to not allow running unsigned programs, but this is just particularily anal and Microsoft-centric. I guess I hope that Microsoft includes the ability for this feature, but I want it off by default.

Re:Possibly sane

[Gay+Mr.+T]

This is not the problem. The problem is that, with Microsoft in control of the certification process, that process might be a bit... biased. *IF* there were an open source Office competitor that was better than Office, how easily do you think it would get certified? Plus the fact that any good O/S product gets re-released at least every week anyways, or people compile them for themselves, may make certification by MS "difficult."
---

Re:Possibly sane

[TheAncientHacker]

No, no. You're mising the point. The purpose of an OS is to give whiny junior IS techs a toy and give them a chance to treat their users with contempt so they can feel worthwhile.

If their ISPs ever treated them like they treat the users they support they'd be on here screaming bloody murder.

Re:Possibly sane

[NumberSyx]

You do NOT want people to be able to install any old RPM on their desktop in a networked environment. That's a BIG "no-no".

Linux doesn't have this problem to begin with, if you are setting up a desktop system for someone and you don't want them to install software, you simply do not give them the root password. They can still download, install and run software, but only in thier home directory and only with thier own user permissions. Which means; no formating the hard drive, deleting or altering system files and few if any virus.

Jesus died for sombodies sins, but not mine.

Re:Possibly sane

[jeffw]

I'm guessing that you didn't read the article. Application developers do not send their code to MS.

1. MS does NOT have anything to do with signing a random application. You purchase that service from Verisign (for instance). MS will not be anywhere near your code unless you are a device driver developer.

2. MS does validate device drivers since they have the ability to blue screen or otherwise trash the system. Device driver developers are the only group that actually has to submit their program to MS. It's not clear whether they need to submit the source or just the compiled code.

3. This is an option which would likely only be used by big corp IT departments who already try to lock down their systems.

Having MS check the device drivers is something that can only help the stability of Win2k systems. If they had been doing that for NT4 I would have seen far fewer BSODs.

I doubt any developer will use the option to only allow signed executables on his machines, but I expect that many IT shops will.

Re:Possibly sane

[TheAncientHacker]

Or we could go back to dumb terminals and mainframes. Or maybe submitting jobs to the MIS department's staff (wearing lab coats in their glass rooms) on punch cards after getting three levels of management approval and a six-month MIS review to see if it is really needed.

You guys just don't get what Personal Computers are about, do you?

Re:Possibly sane

[Sethb]

Why is it that Microsoft code is "assumed" (and you know what that means) to be BETTER than 3rd party code? I can't think of ANY app I've ever bought that was buggier than the first Windows `98, or the original Office 2000. Office 2000 was so annoying it made me switch to Star Office on my `Doze machine...

The point of having Microsoft certified apps isn't that Microsoft's code is better than another vendor's. The point is making sure that the vendors conform to Microsoft's way of doing things. There's one HUGE reason to do this, and it's all about .dll files. Microsoft certified apps won't write their .dll files into places they shouldn't, like the system folders. This is a huge problem on some Windows systems, depending on your particular mix of applications. Having an app be Microsoft Certified gives you at least some assurance that it won't hose your computer due to sloppiness on the part of the vendor.
---

Re:Possibly sane

[Sethb]

Linux doesn't have this problem to begin with, if you are setting up a desktop system for someone and you don't want them to install software, you simply do not give them the root password. They can still download, install and run software, but only in thier home directory and only with thier own user permissions. Which means; no formating the hard drive, deleting or altering system files and few if any virus.

You can do the same thing on an NT/Win2K/Whistler system, you just don't give the user "Administrator" or "Power User" rights. The problems come in when some appliations require that the user have that level of rights to be able to function. I've had problems with Adobe PageMaker and ImageReady not working with just plain "user" rights. So, as a SysAdmin, you wind up giving some people higher rights than you'd like to because they have tools they need to use that weren't properly tested by the vendor. But, you've opened the door up to them installing all sorts of crap on their system.

I personally hate After Dark the most, it's the fastest way to screw up your Windows machine...
---

Re:Possibly sane

[techsupersite.com]

Windows ME and IE 5.5 do this by default. I haven't tried to switch it off, because I don't ever LET the browser download stuff for itself... Another stupid idea guaranteed to get viruses on your computer (just like running Outlook).

Why is it that Microsoft code is "assumed" (and you know what that means) to be BETTER than 3rd party code? I can't think of ANY app I've ever bought that was buggier than the first Windows `98, or the original Office 2000. Office 2000 was so annoying it made me switch to Star Office on my `Doze machine...

Admittedly Win ME fixes much of `98's instability, but then it's still based on the 9X codebase which has been around for SIX years... If M$ programmers were good enough to be CERTIFYING other people's code as "safe" they would have fixed all those 9X bugs YEARS ago. Even ME is very far from a perfect product.

Re:Possibly sane

[Gay+Mr.+T]

YHBT
---

poor assumptions, bad analogy

[twitter]

No, you say, I'm a hardcore free-software supporter. Sure. You may be the hardest of the hard-core, but will even you continue to use a truly free, non-proprietary internet when the only people on it are you and RMS? How will it feel, being the Amish of the next century? As the world around you embraces Windows 20xx and its wonderful billg-approved code, you'll be stuck in your horse and buggy, refusing to use them newfangled zippers because you think they're the tool of the devil.

C'mon, you know you'll want to send email to all your friends, and check out the cool new holographic websites (that 2-D stuff is so 2000). All you have to do is install the new version of Windows. No, you might not be able to compile your own programs, or upload websites which the Nonobscenity Certification Board fails to approve, but isn't that a small price to pay?

That's a nice look down a dark alley, but I'll bet that you are wrong.

You assume that people are stupid and enjoy being screwed. You also assume that MS will continue to be the harbiger of new cool stuff. Not so. MS has never been inovative and never will be. Expect new things to continue to come from free software. Expect more people to become sick of MS, banner adds and other anoyances.

The more MS breaks, the less useful it becomes. The less useful it is, the fewer people will use it. The less people use it, the less it will be relavent.

General purpose machines will always be able to connect to each other. The net routes around damage.

The problem with using Verisign and signed apps...

[w3woody]

is that a number of viruses that have been spread around the 'net were VBA macros. The problem I see with this is that if Microsoft requires a "software developer" to purchase a Verisign signature to sign all applications, this is going to have to extend to guys who hack together Excel spreadsheets or embed simple VBA macros into Word to sum rows in a table.

I'm wondering how pissed off some random accountant is going to get when he can no longer share his Excel spreadsheets with others in the office.

Further, when you put digital signatures in the way of a virus hackers, I wonder how long it will take before someone figures out how to hack a Microsoft Windows list of root certificates. By hacking the root certificates to include another root certifier beyond Verisign, you can easily circumvent signature security by generating your own key signatures. That's because the whole key signature system relies on a handful of trusted root certificates that come preinstalled on a Windows machine, and if you can add your own "trusted" root certificate, then it's a slam dunk to sign every bit of virus code that you wish to send out.

Re:This could be a good idea

[zCyl]

Definitely! Reading the headline, I was hoping someone had voiced this view. Personally, I prefer to stay lightyears from most Microsoft products, but this is definitely a positive step forward for Microsoft users, under one condition... That condition being that Microsoft opens up the ability for system administrators to declare other authenticating agents besides Microsoft as authorized binary signers. I wouldn't want Microsoft to be the only agent who can authorize what software I run on my system, but if I can declare, say, Microsoft, Symantec, CERN, etc, then maybe I have a wonderful useful system that can protect or immunize against unwanted viruses and downloaded trojans that pretend to be real software.

Re:Yeah, right. Whatever.

[MeNeXT]

AH! But the Virus would first have to be executed in order to modify the registry!

AH! But we know that this would be complex for the average user so this feature would be disactivated by default.

More FUD from Slashdot

[rabtech]

What the submitter, poster, and to some extent the article author don't tell us,
is that this is a security OPTION. Key emphasis here is that Whistler will support
MANY security levels, and this just happens to be the most secure, only allowing
code that you approve (or is digitally signed by Microsoft) to be run.
Administrators/users can turn this on or off, or select a whole host of security levels inbetween.

Slashdot, the free software movement, and hackers in general need to be wary
of resorting to the same kind of FUD that they accuse Microsoft
of engaging in.

Some of us are actually on the Beta team, so it might be wise to listen
to what we have to say, rather than alarmists such as Mr. Raikow.


-----

Little developers can't afford the cost...

[Cerlyn]

... right now, anyway. Check out http://www.verisign.com/developer/index.html I believe each of those certificates are $400.00 US *per year*.

The implications of this are complex...

[defile]

At the risk of being repetitive:

This is a good idea if it can be done without bias. It would certainly erase any doubts as to whether or not an application has been tampered with by a virus (the code anyway) and it'd be neat if they extended it to Outlook, which could eliminate those stupid script "viruses" that seem to be causing so much chaos.

The scary disaster scenario is that you cannot run code that is not signed by Microsoft. It's optional right now, but I would imagine that Microsoft's competitors or competing standards would have a very difficult time running on Windows once Microsoft got their customers used to the idea of trusted code.

Imagine Microsoft refusing to certify an OpenGL driver provided by a vendor because they want to push their Direct3D agenda. Imagine them refusing to sign AOL software because they want to promote MSN.

Also, what do you do if "trusted" Microsoft code is found to have a vulnerability or a trojan? That's a PR blunder waiting to happen.

This could work really well if the vendor does not have biased commercial interests.. which they always will. *shrug*.

ok.. none of you have got it right yet

[krappie]

by default, all variable types are signed

char's range from -128 to 127
short's range from -32768 to 32767
long's range from -2147483648 to 2147483647

or they can be unsigned:

unsigned char's range from 0 to 255
unsigned short's range from 0 to 65536
unsigned long's range from 0 to 4294967296

now int's will change sizes depending on the platform of the program you're developing, which depends on the compiler. I *think* in real mode dos, ints will be like shorts, 16 bit.. and in protected mode, they will be like long's, 32 bit.

Re:ok.. none of you have got it right yet

[krappie]

hehe.. uh oh... unsigned shorts range from 0 to 65535.. sorry

Duh... think about it.

[Bad_CRC]

they put the default option as programs they don't approve won't run... BUT, they give you an option to turn that off, knowing 90% of consumers run everything at the default settings, thereby causing any program not certified by them to be instantly useless.

They will probably start out with a "third" party (which they will own) verifying software, then after a while, switch it back to themselves.

Want to get rid of netscape? no problem, no need to refuse to disclose the critical api's they need, just don't sign off on their program. boom. Netscape is instantly out of business.

this should scare the hell out of everyone.

________

Break it before it breaks you

[HiyaPower]

Given the M$ attitude toward competing products, what do you think the chances are that it will "permit" a competing office suite? How about something that competes with Windows Media Player. Divx anyone? This is analogous to a car manufacturer demanding that you get their prior approval to buy from a gas station. If I develop my own code do I have to go to unka Bill and say "Pretty please Mr. Gates, let me run it huh??" It is time that M$ was broken up into little pieces before they sink the software industry. Whats big and grey, eats peanuts and is in your living room? Yeah, that's right its an elephant, now talk about it.

Re:More crack smoking in Redmond

[gamorck]

I must say - I find your comment that of a complete moron - but funny nonetheless - read my response to the situation above for my take on this....Sheepboy

So what?

[poor_thing]

I think someone will get perl or some other decent interpreted language executable signed in some weeks after all that starts. And this will not prevent malicious scripts from running, too. Moreover' it could be possible to sign an app which has an option of loading any binary by hand and passing conrol to that block of memory. Just one more annoyance, nothing more

Poor excuse for Security

[Sherman+Peabody]

They can't fix their fatally flawed idea of tying everything together into Active-X controls and giving the user power to do anything on the PC. M$ has so much time and money wrapped up into that paradigm they can't bear to let it go. So they're implementing this stupid idea as a replacement for the security model they should have built in from the start.

I agree, this looks like another way for them to make money. Same as the licensing changes they made for Win 2k - they just want to pump the big corporations for more and more and more. I wouldn't be surprised to find out they had a special, expensive way around this so that the big guys could run their custom apps without too much more trouble.

It adds another layer of 'vendor buy in'. Sooner or later, CTO's are going to realize they don't have to be Microserfs and will find better solutions to their problems elsewhere. Maybe even Open Source ones.

Granularity?

[prisoner]

This seems like a good idea, at least on the face of it. However, the possibility of misuse on MS's part is big.
I didn't see any mention of being able to block unsigned apps at different "levels" though. It seems like this sort of blanket protection, while good, may be a bit much. If you wanted to keep something like the Melissa email virus from running you need to kill of the ability to run unsigned apps *everywhere*. Too bad they can't just fix the applications like outlook that seem to have the worst problems.

Re:This could be a good idea

[TheAncientHacker]

I think it would great if Microsoft considered any drivers signed by them as equivalent to "original equipment" -- in other words no more blaming third party drivers for BSODs.

Microsoft already does something like this with the Windows Hardware Quality Labs program.

What they don't do is require users to only buy hardware that has that certification. Oh, and by the way, Microsoft doesn't do the testing or certification. They set up the specific standards and third parties do the tests.

Re: Whistler to Refuse to Run All Unsigned Code

[Ourobouros]

What...Microsoft, make malicious use of code that forces device drivers to be Microsoft-certified? What would ever make you think such a thing...?

Re:It's an OPTION, guys!

[Golias]

Yes, but it is NOT an option to turn it off on your CUSTOMERS' SYSTEMS. If you sell software to Whistler users, you will have to assume that SOME of them WILL have it turned ON, which means you are FORCED TO BUY a certificate, unless you want those customers frightened off my nasty MS error messages saying that your software is not trustworthy.

Nice racket, if you can get in on it.

Re:You miss the point....

The average user does not tweak defaults, especially when the menu options are as hidden as they are in Microsoft products.

and hence the acceptance of *nix on the desktop, right?

Re:Peer Pressure and Lawrence Lessig -somewhat OT

[MidnightLog]

What a well thought out post. Please get yourself an account Mr./Ms. Anonymous Coward.

In case you're browsing at 1, I'm replying to an AC who replied to jamiemccarthy.

Will never be mandatory

[GodSpiral]

Signatures on running programs will never be a mandatory part of their OS.

It should end at edit-run-compile... without the pay $50 to sign step each time you make a code change.

Another likely (or useful) feature is to have corporate/self made certificate providers, so that the Corporate Standards police can deprive use of anything that doesn't go through their corporate certificate server, and more liberal companies can self certify home grown software, as well as approved shareware/freeware.

ReactOS+GCC/PE if you don't want that happening

[Kant]

If you don't want that happening, please support the GCC/MingW/CygWin, ReactOS and WinE open source projects.

Driver Signing Mixup?

[gmholt]

You guys may be confusing this with Microsofts goal of providing driver signing... I will not attempt to speak for MS (so don't flame me) but here's a link from their site http://www.microsoft.com/HWDEV/desinit/digitsign.h tm

Reaction to Java

[AT]

This is totally another reaction to Java. Now that MS has come up with .NET, lifting and proprieterizing the Java network service architecture, it needs to address the security issues that were designed into the core of Java. Namely, the idea of sandboxes, trusted code, and code signers.

This is an unavoidable step, a key building block needed to compete with Java as a network service provider platform. It's highly doubtful this will have any impact at all on user targeted applications.

it's about kernel space software, not userland's

[Otis_INF]

When I code a win32 app under windows2000 using vc++, and I execute it, I don't get a warning nor is it flagged as 'perhaps bad'. These 'flags' and errorreporting is only done when you want to install a piece of software that runs in kernelspace (f.e. a driver, or a subsystem layer). Because it's important that that kind of software is stable, secure and robust, it needs testing, plus it should follow the guidelines set by the OS manufacturer. Well, that's exactly what the signing program does: MS testlabs test the stuff for stability/robustness/security (no jokes please, the tests are very thourough) and also for usage of the win32 api and the os features like the Windows Installer. If you want to get your software signed/certified, it also has to follow rules like it has to work with policies/multiple profiles for more than 1 user etc.

Why is this important? -> the user doesn't know any better. He just purchases/downloads a piece of software and expects it to run. If it's signed/certified, he CAN BE SURE it's tested to bring what it should and that it should work on the OS PROPERLY.

Signing of software and especially kernelspace software is very important: it brings reliability to the softwareworld. Userland software should also follow the guidelines set by MS (check the MSDN for more details) so the USER of the software gets what he expects.
--

Good thing

[Frodo]

Actually, this is good thing, used properly. Allows to create "trusted installations", which are known to run only authorized software. Might be good for many applications, like public-access computers, security-sensitive installations, etc.

Not every idea of Microsoft is necessarily bad, y'know...

Litigation and conflicts with license agreement

[redglyph]

IANAL, but by signing the driver are they creating a duty to the user to ensure that driver doesn't cause problems? If so, wouldn't this conflict with portions of the license agreement? Otherwise, why sign the drivers at all? If signing isn't a guarantee, what is it? Who do I sue when my new Snazzy-SCSI (tm) driver toasts my data or a NIC driver locks up a hosted server and the clients lose revenue? The driver writer can point their finger to MS (who signed it), and MS back to the driver. From my point of view, a signed driver is a guarantee.

MS Blackmail

[pivot_enabled]

Yet another episode in Microsoft's ongoing efforts to blackmail developers.

We have to obtain MS logo certification on an ongoing basis for our software products. Since our software has no alternative but to use some unusual means of installing we have point this out each time we test for certification. Each time requires several rounds and, naturally, costs thousands of dollars.

Revenue is what MS signed apps are really all about. Just another revenue source for MS and don't believe otherwise!

condenamed

[_SIGKILL_]

Microsoft's next generation consumer OS, condenamed Whistler

Did anybody else read this as condemned?

Technology available now

[gimgol]

This feature is going to be available on the Windows platform long before Whistler goes gold. The new version of the Windows Scripting Host (5.6 - currently in beta) includes this technology and is available on all MS platforms.

More technical details on how the process will work are also available.

To the people who run Slashdot.

[Torak-]

If you're going to continue to try and appeal to the intellectual midgets who go for a sensationalist headline, don't be surprised maybe a year from when them and the first post trolls are the only people left reading this site.

Some of us don't like finding that 9 out of 10 headlines are misleading, or worse, completely untrue. Some of us even have no qualms about not coming back to a site that's becoming so consistently dishonest.

Don't do this to yourself Slashdot. You're worth more than just another trashy "news" site that creates bullshit headlines to pull in clicks on the banner ads.

coding

[jrennie]

Soon, it may essentially be impossible to write code under the MS platform. That is, unless you own and use the only approved MS compiler suite. MS will decide that allowing other compiler companies to produce the MS signature is just too risky and hence when the MS OS no longer executes anything that isn't MS signed, all other compiler companies will be "out of luck." How's that for screwing the competition?

Jason

Re:coding

[radja]

>. That is, unless you own and use the only approved MS compiler suite

own? OWN? unless you RENT and use it... silly annual fee stuff.

//rdj

Re:You miss the point....

[Defiler]

Can you think of an operating system that has more useful error messages? I can't.

What will dumb user think

[smartin]

Sure someone with a clue will know how to turn the feature off, but what will your dad think when he runs non-M$ sanctioned programs and it pops up warnings to the effect that they are dangerous and may trash his computer. Many people are going to be tricked into only buying M$ products because of this. Yet another subtle way that the evil empire is using it's monopoly position push all competition out of the market.

Re:What will dumb user think

[msouth]

uh, "subtle"? Try this.
<p>
:)
<p>
But otherwise, you're absolutely <!--stating the obvious--> right.

<!--Yes, the extrans is on purpose. sheesh, guys-->
--

Different types of certs

[Zigg]

Which brings up an interesting point -- is it just executables that are signed? When it comes down to security risks, scripting files and macros are *much* worse. Will Microsoft perhaps get a clue and only allow signed Word macros to do things outside of the document scope?

Yeah, right. Whatever.

[Tin+Weasil]

I am sure that a simple registry edit will allow Windows Whistler to run unsigned code, just like a registry edit will allow WinNT to logon to a domain server without using encryption.

I think that Microsoft may actually have it's customers best interests in mind with this one. How much flak did MS get over not preventing virii like "love bug"? This will certainly make it more difficult for "Joe average computer illiterate" to execute malicious code.

However, maybe these poor bastards who run into virii problems should just move to a more secure OS.

This could be a good idea

[hey!]

The details of this are just speculation, but if users and admin could control who they extend trust to, and their is provision for third party certificate authorities, this would be a very good thing indeed.

Lotus Notes has worked this way for a decade, and has provided all the programmability of Outlook (albeit with a poor UI) with much less virus vulnerability. It is unconscionable that any executable code gets run out of e-mail without a signature when the technology to do this has existed and been proven years before Outlook even existed. In addition if every DLL and exe were cryptographically checked when it was loaded, there might be a bit of a performance hit but it would be worth it in many environments.

I think it would great if Microsoft considered any drivers signed by them as equivalent to "original equipment" -- in other words no more blaming third party drivers for BSODs.

Of course we don't know what the details are yet, but there's no reason to engage in FUD. It could be a very good thing or a very bad thing.

This could be a superb thing

[Zocalo]

There is one thing missing from this that would make this idea an absolutely killer thing for any OS. The ability for a user to generate their own, unique, personal certificate and apply it to non-certified code that isn't already approved.

So we could have a long list of "approved" vendors that get automatic approval such as the commercial and larger shareware vendors, the rest you apply your own personal key to when you trust them. To extend this idea further you could assign a temporary "sandbox" certificate to software that you are testing and the OS could take extra precautions in running it, and restricting which users are able to apply their own certificates. If this could be made to cover macros too it could make a big impact on the amount of macro virii that plague Windows.

Anyway, I seem to recall something like this in Windows 3.x that was used to mark older 16 bit code as stable enough to run without an irksome warning message, so the idea has been bouncing around Redmond for a while I think.

Ready aim, FIRE at the foot.

[techsupersite.com]

Is it me or is Microsoft INTENTIONALLY trying to piss everyone off?
First this stupid .NET idea to make you rent software, turning Office into expensive Crippleware.
Now this... I guess Microsoft wants to look at the code of all 3rd party software so they can steal it or figure out how to break it in the next service pack?
Microsoft is behaving as though they own the computer industry, as if ordained by God. They have a short memory. Windows was being rejected by the market over and over until about 1994, and didn't gain wide acceptance until `95-6. The market can decide to go in another direction, especially now that viable alternatives (Linux) exist.
Microsoft in 2000 is doing to itself what Intel did to itself last year. That allowed AMD to go from tiny market share to large market share. Microsoft is opening the same opportunity to Linux. .NET and this stupid idea could prove to be M$'s RAMBUST.

They HAVE to do this for XBOX

[barfy]

This will come to pass for XBOX. In the marketplace of consumer game consoles that are otherwise Whistler boxes, Microsoft will have to do something like this, or there will be an outbreak of "console" virii and other bad things. The only protection Microsoft will have is to not let "unauthorized" code from running...

Think about the technical not the emotional aspect

[Darren.Moffat]

Refusing to run unsigned code is far from being a new concept in the computing world. There seems (as usual) to be a lot of heat and shouting here on Slashdot about this because it is Microsoft pre-announcing that they may use this feature in a future OS.

Lots of other platforms and vendors have done this in the past and will continue to move in this direction in the future.

Sun's Trusted Solaris 1.x released over 5 years ago had a feature in a similar vain that meant the system failed to boot if all of the critical software (TCB - Trusted Computing Base) didn't verify its checksums (this was checksums rather than proper digital signatures but the end goal is the same).

Java has stuff like this as well.

Please people stop and think about the technical issues and goals before mouthing off and assuming just because it was announced by Microsoft that is is a bad thing technically.

If the article had s/Microsoft/Linux/g what then would have been the thread of converstation in Slashdot ? I guess it would have gone something along the lines of Linux making leaps and bounds in security something that Microsoft doesn't care about and would never implement because it was too useful and would get in the way of lame user doing any work.

This is good progress for Security on their platform.

Neither have you.

[Scott+Wood]

The exact range of char, short, and long can also vary. The numbers you quote are *almost* the minimum ranges specified by C99 (not sure about C89), except that you need to add one to the lower bound of the signed types, as ANSI C does not assume two's complement.

However, implementations are free to use any larger range. For instance, on 64-bit platforms, long is usually 64-bit.

Certified Insecure?

[iabervon]

Given the security record of MS apps vs. non-MS apps, is being signed by MS actually a positive thing? Back in the days when viruses were mostly executables, this might have made some sense, since you'd at least know when you were suddenly running something that wasn't part of the OS and that you hadn't meant to run.

But now most of the malicious "code" you're likely to run into is actually data which causes (signed) MS code to damage your system. Makes you wonder what the signature is supposed to certify. Back in the days of ActiveX, it was a big deal that there was a signed MS control with a bug that broke security, and they had no way to revoke it. But now, it's a feature.

Re:Widespread Paranoia about this feature....

[brianvan]

I boast about 85 hours uptime only because I don't expect it out of Win9x code - long term stability and constant uptime is NOT supposed to be a feature of the OS I use, so it's a bonus that I see that somewhat. Besides, soon after I posted, I needed a reboot. (My DSL software/driver likes to stop working sometimes, and even though it doesn't really crash on me, I need the reboot to reconnect the DSL connection) That's irony for you.

How do I know that applications cause errors and not Windows itself? Well, first of all, Windows itself CAN cause errors. But you just have to apply a little common sense when assigning blame. If an application crashes randomly, if something like that usually doesn't happen with that particular application, and if the occurrence of such crashes among different applications is far greater than the occurence of crashes in particular programs, then you can say that the OS is flaky. However, if the same 2 or 3 programs crash all the time, and other programs that you use a lot do not crash often, and if you don't have those kind of crashes among most or all the programs you run, then I'd say that those 2 or 3 programs are suspect.

The rest of your post is an anti-corporate rant. MS is no better or worse than any other big corporation out there, and in general they do good thing for consumers at the expense of their freedom. I could start talking like Patrick Henry here, but let's face it... we're talking about PC's, not food or education. Besides, I don't want to think about a company bad-ass enough to bring down MS, as that possibility is just too scary...

A clear path to opensources universal adoption

[NZheretic]

Quick Summary

You DON'T have to use/trust the vendors digital certificates,
you can resign all the applications used within your organization
using an administrators signature and certificate.

Organizations need this functionally to defend themselves against
viruses, worms and hostile users.

ONLY open source offers any real protection against trojan and badly
implemented programs.

Once organizations become used to the idea of requiring their
operating environment to be secure, then it will be easy to convince
them that Opensource products provide a more secure solution.

Long summary

All I know about the possible implementation of Whistler's
"block all unsigned apps" security mode is only gleaned from articles
such as the one on "The Register"
http://www.theregister.co.uk/content/1/14592.htm l .
Even Microsoft's VP for IT infrastructure and hosting - Jim Ewel is somewhat
vague on the subject.
( Someone from Microsoft just may have been reading my usenet
posts in alt.comp.virus on digital signatures in document
embedded scripts )

For a couple of companies I work for, the paragraph in the above article
that ends with
"... set up your own internal certificate authority that would allow internal
machines to trust anything bearing that certificate.",
raised a few eyebrows. It means you DON'T have to use/trust the vendors
digital certificates, you can resign all the applications used within your
organization using an administrators signature and certificate.

Microsoft users are currently betting their security on the existing
antivirus industry. The problem for them is that they are losing - time,
money, files and vital documentation.

There is an close to infinite number of ways that a virus can cloak
itself, there are existing viruses that are polymorphic and new
viruses/worms are appearing that update themselves over the net to cloak
themselves with new skins. The anti-virus industry's scanning based strategy
is failing. Also most organizations are now very vulnerable to hostile users.

The "block all unsigned apps" security model provides the only solution
to the hostile virus and user problem. It is up to each organization
to balance this against the cost to the user of not being able to
individually install applications, scripts or non-applet scripted documents
without going though an approval process.

Setting policies and signing each executable and scripts will be an ongoing
task for an administrator, this will not end up as an easy set and forget
option.

It will also create a demand for truly secure, restrictive applet-like,
scripting systems. The administrator could, via a policy mechanism, grant and
deny access to files, directories and interfaces for individual
script files and scripted documents. The owner-user would be free to change
the content of the script without having to get the administrator to
resign the script each time.

The big advantage of opensource is that any program/script could be a trojan
horse or just be full of exploitable security holes. You either have to
blindly trust the supplying vendor or ONLY use Opensource applications
that can be positively vetted by trusted third parties.

The OpenBSD distribution is the best example of a positively vetted
opensource product. If there is an increased demand for secure
environments and applications then the Opensource distribution providers
are in a far better position to supply secure "Trustworthy" products.

This functionality is something the Opensource community should be
embracing - not flaming, as it offers a clear path for the near
universal adoption of Opensource's development model.

3rd party signing and MS viewing source code

[jesterzog]

It's already been established that it's going to be an option to turn this on. Hopefully Microsoft will let others create their own signatures and any IT department with any intelligence will be able to sign whatever software they want to use, as well as trust whatever other organisation they want.

For the Microsoft signing part of it, I'm wondering what they'll need before they put their name on someone's software. Will they need to view the source code to make sure it's not malicious?

===

Re:3rd party signing and MS viewing source code

[Ektanoor]

This is one of the potential dangers. (Note that I refer to POTENTIAL dangers)
If you are producing closed source programs and M$ asks for your code to certify it, then this will give an unileral competitive advantage to M$. They can reuse your code, hijack/steal it, or block its distribution due to something they didn't like on it. Note the "reuse your code" does not forcefully means that they will steal it from you. That's why I refer to hijack/steal. They may offer you a million dollars bargain for it. But in the market, your code could cost 2-3-10 times more. However the fact that only M$ sees it will give them the power to offer a "get or die" contract.

Besides do not think that stealing/hijacking code means Microsoft Corp. It means something worse. It means all what is M$ is made of. The potential of such situation may create a "inner bazaar" where code is trafficked by M$ employees, departments and other organisms. This would look too similar to Soviet Union, where some valuable items where confiscated to be traded among commissars, Central Committee people and party workers. The point here is that creating such a form of restricted "overlook" will forcefully lead to such.

Interesting to note that the only way to overcome the degree of this danger would be to open the software. Then, such situation would be less critical.

Re:You miss the point....

[quonsar]

A lot of people I know (the ones who don't know computers anyway) don't even read the error messages that pop up.

most of them don't read, period. i tell them 'you are operating a piece of machinery, not being entertained by it. until you begin to read what appears on screen, you are going to feel like a computer dumbass for no reason.'

i have had highly paid, supposedly highly educated executives look at web pages and ask me 'what's all this?' while pointing at a block of text. i remotely host some simple database queries for a local government site. the query page is located on my server, and features several buttons, and one link. when it went online, they got several emails the first month complaining that there was no way to return to their main page, even though the link saying "Return To The City of Blahblah's Home Page" was prominently displayed. i changed the link to a button and they got emails thanking them for correcting the oversight. there is no hope.

people who repeatedly seek out my assistance very quickly learn 2 things: a computer is not a television, and they get nowhere with me until they can describe for me, in language that means something (not "the thingy, you know, din't work") exactly what happened. (i.e. "the buttons in the dialog box are greyed out") i am more than happy to provide the terminology, i then expect them to learn and use it.

well, i'm off. so many windmills, so little time to tilt against them...

"I will gladly pay you today, sir, and eat up

Everybody just relax.

[ptyerr]

First of all, users and administrators already have full control of what certificates their systems trust. (Skip to the end of this note for details.) There's no reason to think this will be a pain for users, admins, or developers.

For developers, the expense of getting code signed is next to nothing, and it's a one-time expense per product cycle. Also note that default Windows installations trust roots from companies other than Verisign and MS.

But what about MIS shops who might want to install some unsigned shareware widget? Won't they just disable this feature? (ahem, Jon Callas.) No, there are better options: Why don't they generate a root certificate of their own (for free) and deploy it themselves? Now they can self-sign anything they want to deploy, and they still have their security in place on the desktop.

And if you're a user who feels capable of making smart decisions about what attachments should and shouldn't be opened, you can just disable the feature.

As far as I can tell, all that anyone's talking about changing in Whistler is the user experience. You know, warm fuzzy dialog boxes, default signing policies, that kind of thing.

As long as you (and I mean "you" in either the individual or the organizational sense) maintain control of your system's trusted roots, this feature will be a Good Thing.

- pty

The semi-technical details: Open an IE5 window (even if it means a trip down the hall to some less enlightened luser's office) and click Tools. Then Internet Options. Then the Content tab. Then Certificates. Then the Trusted Root Authorities tab. See the 'Import' button? Pretty cool, huh? (Let's save the UI discussion for another day, though.)

Lather, rinse, repeat

[msouth]

while I'm not one to buy into conspiracy theories, this whole thing seems like a plan that originally had good intentions, but the potentials for foul play are pretty easy to think up

Apply above comment to Windows ... .NET ... MSN ... anything[1] Gates touches ...

See a pattern?

[1] Okay, except maybe Bob.
--

Optionality is pointless.

[kyz]

Smart-asses are saying "but it's just an option to only run signed apps". So, we can conclude that Microsoft's security policy is this:

1. Only run signed executables. (too strict)
2. Run absolutely any executable. (too lax)

I somehow doubt this is how it would work. At minimum, I would expect to see the Java sandbox security model in place, where the user can choose what's OK and what's not, for different levels of trust.

Summary

[TheAncientHacker]

What all of this discussion seems to boil down to is this. A bunch of sysadmins saying:

• Users shouldn't get to choose their own software
• People above me shouldn't get to choose users' software
• Vendors shouldn't get to choose users' software
• Only I should get to choose users' software

And they should all thank for for it because I am nigh unto a god.

Yowza.

[American+AC+in+Paris]

..."Whistler To Refuse To Run All Unsigned Code"? Oh, come on, Slashdot. -10, ÜberTroll.

Y'know, this kind of crap doesn't help the Geek Community At Large overcome the image of being a bunch of fanatical morons. Every time I think that Slashdot just might be making the transition into mature, thoughtful news reporting, this kind of rubbish appears on the front page. It's an OPTION. you can turn it OFF. I don't recall seeing healines of "Linux Installs Insecure By Default" because several distros automatically installed and configured an insecure WU-FTP...

When am I going to be able to read Slashdot without feeling like I'm listening to a bunch of pre-teen 133t k1dd13z taking shots at The Man on #haX0rzC3ntRa1?

$ man reality

Re:Yowza.

[quonsar]

When am I going to be able to read Slashdot without feeling like I'm listening to a bunch of pre-teen 133t k1dd13z taking shots at The Man on #haX0rzC3ntRa1?

well, lets see... pigs have already flown... should be any minute now.

"I will gladly pay you today, sir, and eat up

Re:Yowza.

[rnd()]

i agree. often, the 'headlines' chosen are not all that helpful. my guess is that this is an ad revenue consideration, since I would probably not have clicked through to read the article if it had been titled, 'whistler to resemble 2000'...

More crack smoking in Redmond

[tewwetruggur]

There must be a huge abundance of drugs going 'round their headquaters up yonder... it could also be due to the supposed high quality of pot grown in near-by British Columbia, too. Either way, MS needs to check themselves into a rehab clinic and soon before they receive a real beating.

Not that I wouldn't like to see that happen.

the beating, that is.

with lots of blood.

Conspiracy...

[Ino]

*LART-LART-LART* How may times do I have to tell you there is no conspiracy ?

Next thing Microsoft will invent (look mom, Microsoft is inventing again!!) will be running executables personally signed by Bill Gates. I should see the next-generation viruses then!
BWAHAHAHAHAH!!! :)

--

Major Problem with this theory

[WinDoze]

One of the key selling points of Windows is the backwards-compatibility and bazillions of applications for it. If they don't allow unsigned programs to run, they break backwards-compatibility badly.

The real goal IMHO

[GeZ117]

In my opinion, I think this decision aim at selling certificate to software developers. You want to code ? Right, please buy a license of Microsoft Visual Studio. If you want to distribute your software, make sure to have it pass our Microsoft Certification. It's a very minor cost, something like $199 for test-based certification and $499 for automatic certification. You can also buy a perpetual certification for all software made by your studio, it will cost you $24900 a year.

Remember ActiveX signatures

[Epeeist]

When MS tried to "improve" ActiveX security by digitally signing applets, so that they could claim they were as secure as Java applets. As far as I recollect it only took a couple of days before someone managed to spoof the signatures.

Now security managers may like the idea of "secured"£ code, but let them get the idea that the encryption is poor and they will drop it like a shot.

Peer Pressure and Lawrence Lessig

[jamiemccarthy]

If you don't understand why this is important, go read Code and Other Laws of Cyberspace, by Lawrence Lessig. The future he fears is one where freedom and anonymity on the net are erased because general-purpose computing devices will no longer be able to connect.

The only freedom we have exists because we can connect Turing devices to the net. Once we are forced to use hardware or software that can perform only "approved" functions, any freedoms we have are in the hands of the people who approve those functions. You will only be anonymous if Bill Gates wants to allow anonymity. You will only have free speech if Bill Gates prefers it. Even your intellectual property rights will be mediated through Bill Gates' software.

Here's how the net ends -- not with a bang but an upgrade. The government won't put a gun to your head and make you give up your civil rights online. Instead, Microsoft and other vendors will come out with new features that you've just got to have. Well, maybe not you, but when every other person on the internet blindly upgrades, you will find yourself longing for them.

That's the dark flipside of the law of network efficiency. A network's value is proporational to the square of the number of people on it. And as the rest of the net flees to a Microsoft-only, proprietary operating system, using proprietary protocols, with none of your code allowed, you will discover that the remaining free network's value to you is being square-rooted.

No, you say, I'm a hardcore free-software supporter. Sure. You may be the hardest of the hard-core, but will even you continue to use a truly free, non-proprietary internet when the only people on it are you and RMS? How will it feel, being the Amish of the next century? As the world around you embraces Windows 20xx and its wonderful billg-approved code, you'll be stuck in your horse and buggy, refusing to use them newfangled zippers because you think they're the tool of the devil.

C'mon, you know you'll want to send email to all your friends, and check out the cool new holographic websites (that 2-D stuff is so 2000). All you have to do is install the new version of Windows. No, you might not be able to compile your own programs, or upload websites which the Nonobscenity Certification Board fails to approve, but isn't that a small price to pay?

Jamie McCarthy

What!?

[spellcheckur]

I'm sorry. I'm beta testing a new M$ browser, and it keeps giving me the following error:

The page you are trying to access has not been approved by Microsoft. To protect you, your browser has been configured not to display it.

I'm a little worried they're trying to control what I'm seeing. Could someone send me a summary of the article so I can read it?

Oh, wait... Outlook has been bouncing messages.

Could someone just print out this page and mail it to me?

Re:A pirates nightmare

[telstar]

Should we cry? Seriously ... nobody's forcing you or anyone else to upgrade. If you don't want to deal with this ... don't install Whistler. It seems way too often people install the newest greatest thing because they think they need it but then complain about the rules of the new product that are imposed on them. It's OPTIONAL. Don't like it? Don't install it!

Sounds like Nintendo

[bjb]

Sounds like how Nintendo required an authentication chip of sorts in each of its NES cartridges or the game wouldn't run. I like the idea from one standpoint (quality software, assures you're not getting a trojan [hopefully]), but from the other standpoint that if I want to write a simple program without validating it, Windows will bark, OR the even scario scenario is that if I write a program that competes with a Microsoft product, they might not allow it to operate at all?

This sounds like a monopoly strength device with a vengance.

--

Widespread Paranoia about this feature....

[brianvan]

I'm gonna be the 90th person to say this, but the feature is an option... it's kind of like the ActiveX settings under Internet Explorer, where you can run only certified applets... it's simply an option and/or a dialog box to confirm if you want to run a program that isn't certified.

On one hand, perhaps MS should not make itself the lone entity in charge of certification. It IS a bit of a power position (just like the MPAA has a lot of power to wield when it comes to movie ratings... they can let mass violence and gratuitous sex by with an R rating, but Clerks got an NC-17) and perhaps they'd be doing a better service to the world by forming a certification committee composed of members from other high profile tech companies. This may have already been planned... and it's nothing new in the tech industry, either.

But, on the other hand... rarely do I run anything that comes with the OS and experience a crash. I use Win98SE with Internet Explorer on a very regular basis, and right now I'm on 85 hours uptime - not an unusual occurance, and certainly not bad for a consumer OS. I also run a lot of programs from other software companies and hardware makers (drivers), and in general they never crash either. Basically, if I want Windows to crash, I know what to do - start playing lots of Java games in IE, start 30 applications at once, or install lots of iffy beta-test software. That, in the past, has caused me endless pain with Windows. AND Linux. (Well, I only ran Red Had 6.0 a couple of times, I can't help that Netscape locked up the whole system 15 minutes after installing the OS) Essentially, it's a lot of bad programming on the part of non-Microsoft companies that causes Windows to crash. With the bad rap that people give their OS for all its crashing, they can't help but sit back and take it... unless they can tell people what to run that won't crash, which would save them some face in the long run. I also believe that perhaps this is a great way for them to increase the stability of the OS for the everyday user... that is, the user that chooses to run certified programs only. Otherwise, you're on your own...

Another thing... maybe it's a move to reduce/filter tech support calls better? With 90% of the consumer OS market, can you blame them for wanting to do that?

Re:You miss the point....

[quonsar]

I'll pop up a little warning of my own first: "WARNING: You are about to be warned by Microsoft."

hahahahahahahahahahahaha!

"I will gladly pay you today, sir, and eat up

A good reason for them to not do this?

[Scott+Robinson]

This would inconvenience the programmers. I can't see them adding this feature without a disabling option. Freshly compiled programs or consumer versions of their compilers would have to have some type of "debugging" private key for signing... and that would negate the whole purpose of "forcing" this feature. Scott.

Digital signatures cost a fat wad of bills.

[yerricde]

sign the [compiled Apache] executable with a digital signature that has been assigned to them by VeriSign.

But it's different for GPL programs. The GNU GPL requires that all the tools necessary to rebuild the application be distributed and redistributable (except for compilers and other parts of the OS). This would include a private key, if the target system is one that requires all code to be signed. And VeriSign's monopoly on giving out Authenticode keys means that anyone who wants to build the application must pony up USD $400.

This is logical evolution of MS

[crucini]

Ever since PC-DOS, Microsoft has been steadily moving towards a completely closed platform. The Microsoft promise is that one entity will take responsibility for the proper functioning of the PC. In Microsoft's view, the only reasons to run "third-party" applications are:

• business-specific code
• Bleeding edge stuff they haven't rolled into Windows/Office yet.
• Niche stuff that's very hard to write, like AutoCAD

A William Gibson quote says it best:

The semiotics of the Villa bespeak a turning in, a denial of the bright void beyond the hull. "Tessier and Ashpool climbed the well of gravity to discover that they loathed space. They built Freeside to tap the wealth of the new islands, grew rich and eccentric, and began the construction of an extended body in Straylight. We have sealed ourselves away behind our money, growing inward, generating a seamless universe of self."

While I consider Microsoft a harmful and unpleasant organism, I cannot condemn this particular action very wholeheartedly because it is simply a restatement of Microsoft's central imperative. Like the stinger on a wasp.

So how do free software authors create apps now?

[yerricde]

What they show you is that a program has an author and that author is registered with VeriSign.

Registering with VeriSign, the Authenticode certificate monopoly holder, currently costs USD $400. Most individual free software developers cannot afford to create apps that will run on systems whose policy has been set to run only signed code. (This is why there are no Free drivers for Win2K devices.)

Godwin's Law

[gaudior]

This Thread is now CLOSED.
--

This is a good thing.

[jonbrewer]

I don't mind obtaining a certificate for my apps, not a bit. From the article:

A "trusted application" is signed by the software publisher, allowing end users to determine its source and verify that it has not been altered or tampered with. Developers may purchase the cryptographic certificates used to create such a signature from Verisign Inc. -- Microsoft has no say in determining who may receive such certificates or what software may be signed.

I currently have Verisign digital certificates for the Intranet apps I am writing so I can do https. It wasn't difficult to get them. In fact the first certificate I got was from RSA in 1995. There are also other authorities you can obtain certificates from, and getting cert for an app is no more difficult than getting an encryption key for https.

Anyone who is complaining loudly about this hasn't worked in IT for long, if at all.

Joe Lunchpail's needs

[crucini]

I pretty much agree with points 1 and 2. But have you tried Abiword or Wordperfect?
Point 3 - GUI administration: I think you're talking about a corporate environment because you mention "people who hire sysadmins". I see where NT still has the advantage for small (less than 50 people) offices. But for widespread enterprise deployment, the increased efficiencies of Unix administration more than make up for the more expensive people. From what I've seen, desktop Unix admins are tremendously more efficient than desktop windows admins.
4. Easy software installs: The problem is constructing a trust framework that lets the user easily understand what privileges the package will have. In the windows world, users seem to have no control over what a software package will do to their systems.
5. Speed of X: I've found this mostly correlates with what graphics card you're using. With a high-end Matrox card, X has no speed problems. With a cheap card, X has serious problems, no matter how much CPU and RAM you throw at it.

Re:You miss the point....

>there has been an option to turn of scripting support in Outlook yet Melissa and ILOVEYOU...

Why would the average person disable the scripting feature? Most people didn't see that coming.

>Microsoft effectively killed Dr DOS with phony error messages.

Yeah, that little message in some pre-release beta of Windows 3.1 is the one and only reason DR-DOS is no longer around.

>conceivable that all the major software houses will get Windows Certified... Where does this then leave independent developers?

Speaking as such, I don't care. So a warning pops up when the software is installed. I'll pop up a little warning of my own first: "WARNING: You are about to be warned by Microsoft."

This is only the beginning....

[dforsey]

Yes it is an option. An option that has tremedous appeal to the vast majority of folk who don't have the time or inclination to wade through the complexities of good security.

To them it will save worry, time and money.

Sometime in the future there will be an option only to allow "signed" packets through to your computer. Switches will lead this trend by giving preferencial treatment to trusted hosts, or banning all others outright for security reasons.

Business will love this, the general populace won't know what's happening (and from a day-to-day practical point of view will love it) and the infrastructure that controls the flow of information will solidify.

Wake up folks. You're not creating a utopia here!

another day in prison ..

[clovis]

So you're getting buggered every day by the gang running the prison, and now you're complaining because they want you to accept your reaming from pre-approved cellmates.

Ridiculous. M$'s developper tools view.

[marcovje]

Utterly impossible to enforce. Take for example VB: - Too strict control: I can't even run a binary generated by Visual Basic to test it? - Too loose: If everything from VB is auto signed, the safety argument is bogus. 99% of all hazardous stuff sent around with Outlook and published on webpages(ActiveX etc), is generated by M$ applications. I think the ZDNET commenter is far too optimistic. It doesn't even last a week. unless the admin is willing to barricade his door.

Re:What's the point then?

[Foogle]

You don't understand the concepts behind signing. It has nothing to do with the compiler. The compiler doesn't sign the executable (although, in theory, this functionality could be added to a compiler).

You can digitally sign any sort of file. It's like adding your PGP signature to an email. It doesn't certify that the contents of your email are particularly interesting, or truthful. What it does is mathematically certify that you are the only person who could've produced the email (provided your signature hasn't been compromised, which would be your own fault).

So here's how it goes: Say I'm a Win32 developer, and I have an application called FooSpaz. I finish a release version of this application, and it's ready for distribution to the unwashed masses. Before I start the factory burning it to the CDs, I digitally sign the executables (and probably the installation program as well), certifying that they haven't been altered by any third-parties.

The signature I write has been given to me by VeriSign, and I am the only one who can sign files with it, because no one else has my key, cerrtainly not my compiler or microsoft.

What you need to keep in mind is that these signatures do not, in any way, indicate that a program is trustworthy. That's not their intention. What they show you is that a program has an author and that author is registered with VeriSign. If the application happens to be malicious, you'll know who produced it. However, this is not a certification process, by any means.

You miss the point....

[Carnage4Life]

Whistler will have the option to only run signed applications. You can turn this off.

The average user does not tweak defaults, especially when the menu options are as hidden as they are in Microsoft products. After all there has been an option to turn of scripting support in Outlook for several years yet Melissa and ILOVEYOU theoretically caused billions of dollars in damage because people do not change the default settings.

Anyway, how many non-computer savvy people are going to run an executable if Windows pops up a suitably scary error message up? After all Microsoft effectively killed Dr DOS with phony error messages. If Microsoft decides to implement this policy it is very conceivable that all the major software houses will get Windows Certified(TM) thus pressurizing smaller shops to do the same. Where does this then leave independent developers?

Second Law of Blissful Ignorance

Re:You miss the point....

[Tony-A]

IBM/360 JCL
Even that was better.

Re:You miss the point....

[drinkypoo]

Anyway, how many non-computer savvy people are going to run an executable if Windows pops up a suitably scary error message up?

If they're not smart enough to click the checkbox in the dialog that says "Don't ask me about this again" then they're too stupid to know what's happening when a program doesn't run properly under whistler, which is a fairly significant rewrite of NT.

It's also possible that Microsoft will just sign everything for free, and they just want to scan it for scary opcodes or see if it's linked to old DLLs. You can certainly get your ActiveX controls signed for nothing.

Re:great...

[gimgol]

now a program has to be certified by microsoft to run

No.

Now a program has to be certified by the developer. The certification is in essence the developer's signature that they wrote the code that is about to execute and that it has not been tampered with since it was written.

MS is not in the certification loop at all.

Check out this article for details on how the signing process will be integrated into the Windows Scripting Host.

Hrm.

[Enahs]

Sounds like a piss-poor attempt at controlling what sort of code can be run on your system--maybe they're trying to limit buggy code, or trying to do away with virii. I don't know.

Wouldn't it just be easier to improve the operating system? Oh wait; you can't have dual purposes with that strategy. Oops.

Not quite

[alanjstr]

If you read the articles about it, they are considering it as an option. One of the security features that you can turn on and off would be installation of signed programs. As the article mentions, as soon as you have one little program that isn't signed that is critical, you'll turn it off and never use it again. Think of all the in-house developed programs out there.

The other issue is who certifies it. If its M$, then it would be considered a monopoly control (especially over competitors). Drivers are one thing, applications are another.

Certification? on what bsis?

[Cmdr.+Marille]

Well I guess this a interesting move by Microsoft and actually could turn out to be either bad or good for customers.
The point is: On what basis will MS certifiy apps, drivers ?
Does anybody know how the system works with drivers for Windows 2000?
I know that MS is certainly not going do certify for free, I think that is obvious but what does the MS certification really mean beside that fact that the publisher of the certified software has transferred a certain amount of money over to MS?
I mean it's relatively(very relative in fact) easy to certify drivers up to a certain extend, but apps?
If MS signs some program does that mean that they certify that it will work flawless(which seems somewhat impossible with all the Interactions in a system).
If i submit my program for certification does that mean I have to submit sourcecode?
This could turn out to be a measure by Microsoft to gain higher stabilty and industry respect for their platform but it might as well become a way of assuring total control over the platform which might piss a lot of developers of
I would certainly like to have some insight from someone who was or is in the process of getting a driver certified for Windows 2000.

NEVER!

[alacrityfitzhugh]

This will never happen. Clearly the author has no idea what drives MS. This would mean a programmer at a large firm could not write a 'run-once' kind of application. That would kill the popularity of the OS. MS is not as naive as the author would have us beleive.

So where does a fellow get MS-DOS?

[yerricde]

Does Microsoft still sell MS-DOS? No. For desktop systems, Microsoft is pushing Windows 2000 Professional Bloatware Edition. For embedded systems, Microsoft is pushing Windows CE. You can still, however, get a DOS-compatible operating system from other publishers. For example, GPL'd FreeDOS is very popular among comp.os.msdos.programmer regulars.

Re: this extends the Verisign Monopoly!

[Splork]

Signed code support merely extends the stupid Verisign Monopoly! They are -not- a good trusted party.

They just kissed netscape's ass enough in the beginning to get them to be the sole key signer in the first major SSL web browser thus granting them a multi-billion dollar natural monopoly as long as people think that key signing actually means squat.

All it really means is that someone forked over $$$ for a "stamp of submission to the man."

Re:It's an OPTION, guys!

[Golias]

If you sell software and want it installed on the maximum number of machines possible, buy a certificate.

This is my whole point. In the world you envision, every time somebody tries to sell a new program, MS and Verisign get a taste of the action... risk free! They get paid even if your program makes no profit, even though they did nothing to help develop it. All they would be doing is extorting money out of you by threatening to frighten away your prospective customers if you don't buy their protection^H^H^H^H^H^H^H^H^H^Hcertificate. It's what the feds used to call racketeering.

How SFP works

[Huusker]

Windows System File Protection (SFP) is enforced by SFC.DLL, which is run by a thread in WINLOGON.EXE. It monitors for any file changes in the Windows directory. When it spots a change, it rescans the file by calling SfpVerifyFile() in SFC.DLL.

SfpVerifyFile() computes the 160-bit SHA digital signature hash of the file data and compares it to the signature in the corresponding catalog (.CAT) file. Note that the signature is not stored in the file itself.

The .CAT files are located under \WINNT\SYSTEM32\CATROOT. They are heavily armored with RSA PK and obfuscation of the data format. The catalog is modified by calling InstallCatalog() in SETUPAPI.DLL

The Office division of Microsoft doesn't use SFP, so files like WINWORD.EXE and EXCEL.EXE are not protected. Neither are macro files like NORMAL.DOT. If history is any guide, the Office division will run off and invent their own separate way of doing it.

Open source implications

[johndoe42]

It sounds like this new feature (ahem) will allow independant compaines like VeriSign to certify software. Hopefully, they'll just let a developer get a certificate which will allow certification (really easy way to track the author of a virus).

Imagine what would happen to the Open Source community. Someone releases some app and signs it. Someone else patches it, and they need to sign the new one. Now every open-source contributor needs a certificate, and every build has its own signature. Ugh!

The upshot is that M$ is too lazy to implement a good sandbox (even JavaScript can thoroughly bring down Windows with looped window.open calls). If a program could be run with the equivalent of chroot, there would be no problem (except that windows is so convoluted that it is much more complicated to sandbox without breaking existing apps -- I imaging a virtual profile to run an untrusted app where all changes are app-specific and volatile)

Whistler/Office/.NET tech support line

[Chris+Johnson]

"Are you running any software which produces a warning dialog?"

...

"Well, we apologize, but we cannot support 'hacked' systems. In these cases our recommendation is to reinstall the system and all Office/.NET files, and don't install the untrusted software. If you've done this and are still experiencing problems you may qualify for tech support, but we can't take responsibility for 'hacked' systems, okay?"

It's that simple. On the one hand- this makes perfect sense. Windows is _plagued_ with horrible little shareware programs and random junk and AOL and who knows what else- it _is_ absurd to try and support some Windows system in which some idiot has installed a really old version of AOL from some random old CD or floppy. On the other hand, this is the mother of all network effects- a really strong argument for freezing out _all_ other software developers, essentially delivering on that long forgotten promise of Microsoft: "We think 100% penetration is a good marketshare". It is downright justifiable to take this attitude as Windows is easily rendered useless by screwed up software (so's MacOS, FYI). At the same time- this turns the situation at a stroke from a market into a command economy with MS the sole supplier- if you can't get support unless you abandon all untrusted code, a surprising number of people will do just that, particularly in controlled situations such as workplaces, or the large number of people who are _not_ busily checking out all the new games or whatever. Aunt Fannie, who only reads email and uses Word, is square in the crosshairs of this new development, and there are a lot of people like that out there.

Nothing more than a warning dialog and loss of 'support' need ever happen. Think of it as a combination cutting of support for 'renegade' users who run untrusted code- and keeping in line 'good' users who want normal, expected support from the vendor.

Wont' work

[Mike_K]

It's probably a nice idea, but probably won't work. If it's used as a warning, people will still run the programs (that's how initial e-mail viruses spread anyway). If it stops all non-signed programs from running, people will turn it off. If they can't turn it off, they'll hate it so much, MS will change it back or give them an option.

This does raise an interesting issue. I think Java has so far given the best method to protect yourself against programs wrecking havoc on your computer - verifiability of code that doesn't do 'bad things'.

m

Ask Slashdot: Securing a Monopoly

[ari_j]

Step 1: Secure monopoly with the bare minimum requirements; say required installation of your web browser with your operating system Step 2: Get sued by the DoJ Step 3: While still under legal fire, do something that will really establish a monopoly if any idiots buy into it (which you know they will because you already have the monopoly over the idiot market)

Now only Microsfot-made viruses will work

[tenzig_112]

But script-kiddie macro viruses will still function perfectly.

www.ridiculopathy.com

Optional, still a serious problem

[Vulpine]

Even if this is an option, it still poses a problem to anyone producing scripts on a small scale. Example: Let's say I am an ISP, and I write a small script to configure a end-user's computer with the Internet. Obviously, I'm not going to spend the time & money to get it 'certified' by Microsoft, but my newbie end users will call endlessly because either: a) they don't want to run 'uncertified' code or b) they are afraid to because Papa Microsoft tells them it's bad. Remember, these are the people that click on those 'Your Internet Feed is Not Optimized!' banner ads, thinking they are real Windows errors.

The other problem is that Microsoft is doing this as a direct result of their own sloppy code writing -- the article states that it is at least partially in response to Melissa/I Love You viruses, which only work because of crappy code & programming on their own products (Outlook, et al). Rather than fixing those security holes, they are adding this nifty new 'feature.'

Change for VB Course Syllabus

[blogan]

In addition to learning about dialog boxes, If statements, and for loops, people taking courses in VB will now get to learn how to have Hello World signed by Microsoft.

Think about it. Microsoft can't deny any program from being denied, no matter how small it is. The courts would have a field day with it. "What? You refused to allow this program to properly run? And you say you program is the start of an Office competitor, that right now just says 'Hello World'?"

Whoops.

[Enahs]

It's great having /. spin doctors:

" Developers may purchase the cryptographiccertificates used to create such a signature from Verisign Inc.--Microsoft has no say in determining who may receive such certificates or what software may be signed."

Good going, guys. I even bought it for a second. So, when I go to update my AdultCheck ID to get more pr0n, I can get my certificate too, eh? ;-)

This is the other half of subscription

[gelfling]

This is simply and only a lock on what code you can run and when. This is simply giving subscription type control for ANY chunk of code to the OS. So it's not just drivers. Even for a moment if it were just drivers consider this. Compaq now can have a certified version of the OS that only runs on their hardware and only supports the hardware that they want to sell you. Same for Dell or IBM or anyone else. So if you want a sexy new liquid helium cooled plutonioum powered 9 dimensional video adapter and Brand "Z" wants you to buy only their crappy ol' model then you are S.O.L. Now let's expand that. Say there is a hardware company - let's call it HP for example and now let's say that they buy a management consulting company - let's say its called PriceWaterhouseCoopers, and let's assume that this management consulting company makes most of their money selling Siebel software to Fortune 500 companies. Ummmm . . . . d'ya think that there is a possibility that those HP units will only be able to run a flavor of Siebel that was installed by PWC. d'ya think that the DMCA has ANYTHING to do with this? ? ? ? ? Can you imagine a time when software vendors can use the OS to prohibit running an application that was restored from another media like an uncertified backup or a gold CD used internally for common build distribution? ? ? Can you imagine a day when SMS becomes an application subscription licence management system and its the only game in town? ?