Windows Marketplace For Mobile Kill Switch Details

An anonymous reader writes "Microsoft recently gave more details on Windows Marketplace for Mobile during the Tech Ed New Zealand 2009 session titled 'Distributing and Monetizing Applications through Windows Marketplace Mobile,' led by Loke Uei Tan, Senior Product Manager on the Windows Mobile Team. Geekzone covered the event in good detail, but one of their points caused a lot of uproar in the blogosphere: 'If an application is approved but later removed from the marketplace it will then be automatically removed from all mobile devices.' That sounded a bit ominous to Ars Technica, so they checked in with Microsoft. 'In the vast majority of instances where an application is removed from Windows Marketplace for Mobile, users of this application will continue to be able to use these applications on their phones,' a Microsoft spokesperson told Ars. 'In the rare event an application from Marketplace exhibits harmful behavior or has unforeseen effects, Marketplace has the capability to remotely uninstall these applications. While we hope to avoid this scenario, we will make refunds available in such cases.'"

Woah. That was me!

[Kalriath]

Woot. I was the one that asked that question too! Well, I clarified the question anyway since the guy didn't get it the first time.

Thats kind of scarry

What if the program encrypted your data and then it was remotley un-installed, what then?

Re:Thats kind of scarry

[palegray.net]

Sounds like a good reason to back up unencrypted copies of your data. I don't put a lot of faith in software on any platform, which is why backups are important. Then there's the hardware failure side of things, which further bolsters the need for backups; what if you dropped your phone in the toilet?

Re:Thats kind of scarry

[gcnaddict]

Microsoft does heavy testing on any app before putting any sort of kill order up, and that applies to code flagged by Microsoft Security Essentials as well as any apps which will eventually find their way onto Windows Marketplace for Mobile.

Rest assured, this scenario won't happen.

Re:Thats kind of scarry

[broken_chaos]

Or back up copies encrypted in another way. Lose one set? No problem, a different key, program, algorithm, or some combination of those unlocks another copy. If it's important enough to encrypt and important enough to backup, it's important enough to backup right.

Re:Thats kind of scarry

I wonder if the uproar about this will be as muted as the uproar about Apple breaking tethering (functionality that many users *PAID* their carriers for) in 3.1.

Oh wait, I forgot, Microsoft's PR team doesn't employ the Pied Piper.

Re:Thats kind of scarry

[stms]

What if the program encrypted your data and then it was remotley un-installed, what then?

Then you'd be out some porn. I wonder if Microsoft will reimburse you for it.

Re:Thats kind of scarry

[Gerzel]

What about the scenario where MS doesn't like a product for some reason other than being strictly insecure or malware?

We've seen Apple use that one quite liberally.

Re:Thats kind of scarry

[Kratisto]

I didn't know that hipster dork in the black T shirt and skinny jeans was the pied piper! No wonder PC never wins any arguments against him!

Re:Thats kind of scarry

[EdIII]

I don't put a lot of faith in software on any platform

I don't put a lot of faith in a platform in which I am not the all seeing, all powerful God of it's digital universe.

That's the problem. The platform that Microsoft (and others) provide is one in which they don't respect that cold hard fact. They refuse to respect it. In physical terms, it would be like renting a place and the landlord can come in and take out furniture and property at their whim. Sure, Microsoft is offering a refund. I don't care. I still had to come home to find my couches missing.

The poster you replied to mentioned encryption. That would be like finding the refrigerator missing and all your food on the kitchen floor. Will Microsoft be compensating you for the spoilage? The inconvenience? Most likely not, in fact, I am extremely shocked they even offered a refund.

This situation played out on the Kindle with 1984 (talk about a cosmic joke).

To bottom line it, people need to be educated about how all this "stuff" works. When they start to understand that they have zero control and are basically being treated like 4-year olds with their property, I expect change will come then.

Until that point, I guess we just have to hope these corporations are benevolent with our best interests in mind and would never, ever, compromise their ethics at our expense for a buck.

Re:Thats kind of scarry

[palegray.net]

You seem to be largely agreeing with me on the major points here and extending their premise, but I'll expand on a couple of points.

To bottom line it, people need to be educated about how all this "stuff" works. When they start to understand that they have zero control and are basically being treated like 4-year olds with their property, I expect change will come then.

This depends on people caring to learn about the platforms they use every day. Unfortunately, most folks won't bother, and will complain at every turn when things don't work the way they want on platforms designed to allow them the luxury of "not worrying about managing them."

Finding some way of making learning about a platform an appealing idea, or at least making it profitable for other organizations outside the primary vendor to learn about it and support it (and the data that resides on it) would go a long way toward mitigating the risks you've described.

I'd love to see an open platform, perhaps built on Linux or BSD and running truly open userland software, that offered the same type of services the major players in the market now seem to have a stranglehold on. I don't see how this will play to the network operators' ongoing aspirations toward sharing total control over platform with primary device vendors, but one can hope for better options in the future. If enough market demand were present, it would happen rapidly. Unfortunately, my first expanded point seems to make that rather unlikely.

Re:Thats kind of scarry

[Idiomatick]

That is kind of silly, this kill switch seems to be for malware. So why not instead of encrypting your stuff couldn't it just delete everything? Or do a large variety of other things... What you are basically saying is this:

Oh no if MS remotely deletes viruses it finds on my computer and the virus first encrypted everything then I could never get it back!

.... I really doubt that is the issue.

Re:Thats kind of scarry

[countertrolling]

Then hopefully you will have learned never to buy a product where this is possible ever again.

Re:Thats kind of scarry

[aix+tom]

Well. If the software used a known and documented cipher algorithm just decrypt it with another software that can decode that cipher.

If you "encrypted" your data with something that used some unknown and/or undocumented algorithm, then the data couldn't have been important anyway.

Re:Thats kind of scarry

Only idiots keep important stuff on their cellphones.

Re:Thats kind of scarry

[rtfa-troll]

They refuse to respect it.

this is perfectly right; There was a perfectly easy and right way to do this. Send a message to the user telling them to delete the application (with a click okay to do so) and then giving a message just before the application started up (with the same).

The reason that the feature doesn't work like that by default is exactly what you say. This is normal for mobile devices, however. Mostly the operator subsidises the device. Since this means that they are paying, they get to decide and at best they don't care much about your rights. At worst they see your rights as an enemy which has been interfering with their business.

I think this is most interesting to see with Nokia devices. The default when you pay yourself is a very open configurable device. When you get it from an operator they will turn off all sorts of features (e.g. some phones have been unable to be "tethered" where that's almost always in Nokia's basic feature set. Others have wonderful operator menus which spoil an otherwise nice interface).

In the Microsoft case, it's just that instead of giving you the rights when you pay for the device themselves, they choose to keep that power themselves.

Re:Thats kind of scarry

[misnohmer]

If the fridge is on fire, the landlord does have the right to come in and remove it. If the fridge is a fire hazard, the landlord will give you a deadline to when to remove it by. If somethings stinks to high heaven from your rented apartment, the landlord of course has the right to come in. Actually, the landlord can come in any time, with some notification requirement which varies by area. And there is a good reason people have granted those rights to the landlord. Think for a second about this from the landlord point of view.

Re:Thats kind of scarry

[shutdown+-p+now]

What about the scenario where MS doesn't like a product for some reason other than being strictly insecure or malware?

I guess it depends on the actual ToS once it's there. If it specifically says that Microsoft "reserves the right to remove malware", and nothing else, then both application developers and users could sue MS if it ever removes some application, arguing that it's not malware. On the other hand, if it's "it's our service, we do whatever the heck we want, any users have the right to bend over or walk out", that could be just as bad as Apple.

Re:Thats kind of scarry

[bcmm]

That's what will happen to you if you use closed-source software. They can do this already, you know.

Re:Thats kind of scarry

[erroneus]

You broke the spell with "people need to be educated."

The problem is that people actually work pretty hard to not learn things. Knowledge is seen as a burden and a responsibility and they don't have time for it. And I'm not going to rant about the masses being a bunch of stupid sheep either, because frankly, there are times when I agree with the people on this. While I am perfectly capable of fixing and repairing nearly everything I have ever come in contact with, there are times when it is simply more appealing to pay someone to take care of things for me. Not only am I released from the burden of thought and knowledge, but of responsibility as well! Now I can point fingers at someone else when it goes wrong.

And that is the problem that we, the people, are literally asking for. It would be nice if people accepted the good old days when you had to learn to use something because even though it was a burden, they knew more about what they were dealing with and how to deal with it better. Those days are gone. And we know we can't trust companies to be benevolent. Their interests will always come first. Their partners' interests will come second, third and fourth. The law will come in fifth and the user comes in somewhere after that. We know that companies are willing to upset the law and the user in order to make profit. We know that companies are willing to upset the law and the user in order to appease a partner. We know it because we have seen it already. And we know that business most always sides with the government before it will side with its customers... been there and done that too right?

If there is any education that people need, it is that their [dollar] votes are all being cast in the wrong way. And by voting with their dollars spent, they are perpetuating the problems we all face. The nice thing about voting with dollars is that failure to vote doesn't mean some jackass will get into office... it just means they get less capital with which to continue abusing the public. But right now the public is pretty well hypnotized. They think they need to buy everything on credit and worship the "credit score god." They think they need to buy the latest versions of the latest tech without the slightest bit of understanding of what they are buying or how it benefits them. The sneeches all want stars on thars and that's all they care about.

Re:Thats kind of scarry

[markdavis]

> I'd love to see an open platform, perhaps built on Linux or BSD and running truly open userland software, that offered the same type of services the major players in the market now seem to have a stranglehold on.

Well, that is exactly what the Nokia N900 is supposed to be. I don't think anyone knows if it has a remote kill yet. I have a Nokia 770 & 810 and neither does, but they are not phones. Meanwhile...

1) The iPhone has a remote kill switch.
2) The Palm WebOS (Pre) is based on Linux. But it has a remote kill switch (sure, it can be hacked or turned off, but it is there).
3) Android is based on Linux. But it has a remote kill switch (not sure if it has ever been used).
4) While not a phone, the Amazon Kindle is based on Linux. But it has a remote kill switch.

People like us find it deplorable, but the carriers wield a LOT of power. They can make or break a phone or platform. Attempts have been made at a TRULY/EXTREMELY open based Linux phone before (OpenMoko sound familiar?) and they have never succeeded. So, being Linux based doesn't mean it will really be "open", nor killswitch-free.

Although I HATE the idea of someone having any type of forced control over any device I own, I understand why they are doing it.

Re:Thats kind of scarry

[ShieldW0lf]

That's the problem with money. Money is the vote you don't get to revoke, ever. It's all well and good to talk about how stupid people don't deserve to keep their vote, but when a few malicious assholes can be elevated on the backs of billions of people who never get to say "oops, we made a mistake", the fact that you voted wisely with your money doesn't change the fact that that malicious asshole is more powerful than you.

Money gives the intelligent man a choice between being the malicious asshole he knows it would be easy to become, or being steamrollered by someone who was willing to make the vicious choice that you weren't. Not much of a choice.

Re:Thats kind of scarry

[TheRaven64]

People like us find it deplorable, but the carriers wield a LOT of power

Carriers only wield as much power as you let them. If you buy phones from the manufacturer, then you are the customer and you get an unlocked phone. If you let the carrier buy your phone and then sell it to you (financed by a personal loan at 20% APR) and lock you into a contract, then they are the customer and the phone will be tailored to their requirements.

Re:Thats kind of scarry

[markdavis]

>If you buy phones from the manufacturer, then you are the customer and you get an unlocked phone.

That might SOUND great, and all, but

1) Many carriers will not let you use unlocked phones on their network
2) Many manufacturers will not sell unlocked phones directly to consumers
3) When purchased unlocked, they usually jack the price up WAY beyond what the networks are paying for them
4) Even unlocked, you are still trapped with only a few compatible network choices (with most handsets)

I hate the contract-based, anti-competition, anti-consumer, crappy system that is in the US, too; but to suggested I really wield much power over it isn't all that realistic :(

Re:Thats kind of scarry

[Flipao]

I think the landlord analogy is misleading.

If I was renting my phone from Microsoft, I wouldn't object to them having a certain degree of control over the software it runs, but if I own a house, and buy a sofa that is a fire hazard, I would certainly object to Ikea showing up and grabbing it without permission, no matter how noble their intentions.

A line has to be drawn, if a device is capable of having software removed remotely, then it is capable of receiving a recall notice. If the software is dangerous, warn the user and give them the choice to remove it or use it at their own risk.

Giving this degree of control away is just asking for trouble.

Re:Thats kind of scarry

[TheRaven64]

Many carriers will not let you use unlocked phones on their network

How do they stop you? Buy phone, insert SIM. Most even offer SIM-only deals.

Many manufacturers will not sell unlocked phones directly to consumers

Really? Nokia has their own store, Sony sells to customers, so does RIM. The only company I can think of that doesn't is Apple, and that's only in the USA (you can buy an unlocked iPhone in Europe).

When purchased unlocked, they usually jack the price up WAY beyond what the networks are paying for them

Not when you factor in the fact that the 'subsidy' is really a loan at around 20% APR (sometimes more), and compare the price with a SIM-only contract or pre-pay SIM.

Even unlocked, you are still trapped with only a few compatible network choices (with most handsets)

This must be a US thing. All of the networks here work with all phones, although HSPA still isn't widely deployed so there are coverage gaps with all of the major networks for high-speed mobile broadband. Networks in the US seem to be all moving (slowly) in the direction of LTE, so this problem should go away in the next few years. Even that doesn't alter the fact that you can buy a phone and use it with any of the GSM networks in the USA.

Re:Thats kind of scarry

[j_sp_r]

What kind of backwards country are you in? If I take a pre-paid phone, then it's locked to the network. If I take a subscription, I get the unlocked, unmodified phone in the box and a different box including my SIM card. I think Vodafone might have some branded phones, and most have some menu on their SIM card or something but you can easily get an unlocked phone.

Re:Thats kind of scarry

[ceoyoyo]

I've never heard of a landlord who doesn't keep a key to the properties they rent.

The analogy you wanted was buying a house and having the former owners keep a key just in case they need to get in some day.

Re:Thats kind of scarry

[Anubis350]

I'm confused, can you change the analogy to something involving a 4-wheeled motorized device?

Re:Thats kind of scarry

[bhtooefr]

Unless the malware encrypted your data with such an algorithm, to hold it ransom.

Re:Thats kind of scarry

[ScrewMaster]

3) Android is based on Linux. But it has a remote kill switch (not sure if it has ever been used).

Attempts have been made at a TRULY/EXTREMELY open based Linux phone before (OpenMoko sound familiar?) and they have never succeeded.

Android is pretty open. And there are a number of third-party distros out there (Cyanogenmod and others) than run well on the existing handsets (G1 & G2, etc.) Actually, better in most cases, since it's not hard to improve on the stock firmware. Furthermore, it's not really a "hack" to install an alternate distro on such a device any more than than it's a hack to install Slackware on your PC rather than Ubuntu. It's just another operating system running on a computing platform which happens to fit in your pocket. That's how it should be: give me my choice in apps and my choice in operating systems and I'll buy your phone and your service. That's the reason I chose a G1 over an iPhone ... sure, the iPhone is slicker, but the G1 doesn't make me worry about what the vendor might do next. Google, really, has a vested interest in NOT locking the thing down too much, since they are offering a vast cornucopia of services and APIs to developers more than they are offering specific applications. Nothing more than a logical extension of their largely platform-agnostic business model, in fact.

I'm more impressed that T-Mobile didn't try to enforce the usual carrier feature-crippling routine on the G1 ... maybe they recognized that their target market was NOT drain-bamaged, head-in-the-sand iPhone users but people that want to own their own phones. If so, kudos to them.

Re:Thats kind of scarry

[McBeer]

The platform that Microsoft (and others) provide is one in which they don't respect that cold hard fact. They refuse to respect it. In physical terms, it would be like renting a place and the landlord can come in and take out furniture and property at their whim. Sure, Microsoft is offering a refund. I don't care. I still had to come home to find my couches missing.

If your landlord finds water streaming out from under your doors into the hallway, s/he will go in and disable whatever water related appliance is causing the issue. Your right to flood your living space is superseded by everybody else's right to not be flooded. Similarly, if a computer application is causing wide spread problems for other people, I won't shed tears for people having that app taken away and a refund given. This sort of system can be abused, but as it is currently intended, it should be fine.

Re:Thats kind of scarry

[socsoc]

Any of the GSM networks in the USA? Nationwide, you only have T-Mobile and AT&T. Huge selection there, the other two national carriers are CDMA... That said, I've always used unlocked GSM phones (bought in Europe) with AT&T until my iPhone, so you're right there. Tmob also doesn't care, it's the CDMA folks who severely restrict the handsets on their networks.

Re:Thats kind of scarry

[modmans2ndcoming]

To bad CDMA is better tech and is not the only tech that isn't cracked to allow the easy and cheap ability to listen in on GSM based conversations.

Re:Thats kind of scarry

better tech?? LOL

Re:Thats kind of scarry

[misnohmer]

First, Windows Mobile is an OS. The phone you have is not from Microsoft, some other manufacturer built it. If you rent it, it's from the operator. Second, to take your analogy, the operator is like your city, if your house poses a fire hazard, you remove it or your city will (heck, in some cities they'll come mow your lawn if you don't, then bill you of course). :-)

Re:Thats kind of scarry

[Flipao]

First, no one said Windows Mobile isn't an OS, I said I did not rent my phone from Microsoft, and therefore did not want them sniffing around it, if they thought and app I purchased was dangerous, they should let me know, not sneak in and uninstall it.

Second, we're not talking about public safety, so let's put the FUD aside. We're talking about giving someone else control over what is installed in something you own, and if it becomes acceptable now, how long before it becomes standard in any type of OS?

Re:Thats kind of scarry

[misnohmer]

The decision to pull the application will not come from Microsoft - it will come from the operator and/or the phone manufacturer. Microsoft simply offers this as an option to the phone manufacturers who choose to build phones with Windows Mobile on them (there are a lot of different devices from different manufacturers) AND choose to use Windows Marketplace. Note that it's not like iPhone where the app store is the only place to get apps, the manufacturer can leave the phone completely open for you to install anything you want, if that is what sells the most phones. It may not however. To give you an example of a feature which sounds great but actually lowers phone sales - email sync status indicator. It stands to reason that users would like to know whether their email sync succeeded or not, and maybe know when the last successful sync occurred. Coincidentally, WinMobile used to have this feature (not sure if it still does) but Blackberry does not. I saw a study, where the same model phone was given to two groups of people, the only difference was that one group had no sync status available. In the end, the group which was "in the dark" reported significantly higher satisfaction with the syncing of email and phones in general. Moral of the study? Keep the user in the dark and you'll get better user satisfaction leading to more sales. Yes there were some users who indicated they wish they had the feature, but it didn't make them dislike the phone as much as people who did have the status available (in the cell world, not every sync is successful). Counter-intuitive to engineers, but a valid business choice. Notice that since WinMobile is much more open than iPhone, you CAN in fact start a competing marketplace selling WinMobile software which won't allow manufacturers or operators to yank installations. Of course the operator may still demand that they'll only subsidize phones locked to marketplace (since they have to support them, and it may be cheaper to yank a bad app that deal with its fallout), so if you want one which is open you'll have to shell out $500 for an unlocked phone.

Re:Thats kind of scarry

[jc42]

I'm confused, can you change the analogy to something involving a 4-wheeled motorized device?

Sure. It's sorta like you buy a car, and you don't like the quality of the sound system and/or the GPS gadget that the dealer installed in it, so you replaced them when high-quality equipment that you like better. Maybe you also added a subwoofer. Then one day you take it in for routine maintenance or repair of a minor problem. When you get it back, you find that the gadgets you installed are gone, replaced with the "dealer authorized" products that the car came with. And the subwoofer is gone.

This isn't actually a totally hypothetical scenario, BTW. And with the advent of computerized controls inside our cars, we can look forward to the day soon when the inner workings of your car will be proprietary and "locked", and only authorized dealers (and "pirate" repair shops) will be able to work on it. And like the cell-phone system, there may even be internal parts of your car that are illegal to document or work on unless you're authorized by the auto company. Look into why the low-level telecomm library inside the G1 Android phone isn't open source. This is a precedent that is making auto companies quite happy. ;-)

Re:Thats kind of scarry

[modmans2ndcoming]

fewer towers for equal coverage... better speeds.... gsm CDMA seems better to me.

dumbass

[shentino]

Didn't you learn from the Kindle incident?

Re:dumbass

[Sonic+McTails]

The difference here is that you could sell a program that could cause a phone self-destruct (for instance, damaging the /Windows folder which will cause the phone to fail to boot) and require a manual reflash (which while is not a difficult process, would still probably require most users to bring the phone to a store to do it).

Since in all cases, Microsoft can only examine binaries, and can't see if such a Trojan horse exists, and even if they could see the source, it is still possible to obscure the behavior. If such a self-destruct feature is found, Microsoft can remotely delete the application, the Android Marketplace has the same sorta kill switch for the same reason.

If the program is just delisted, Microsoft won't remotely delete it (at least according to their press release). If you believe them is an entirely different problem.

Re:dumbass

[StreetStealth]

Well, this is different. Kind of.

A book, being a non-executable, isn't going to suddenly delete your data or leak personal information to a third party. As long as the kill switch is only used for actually dangerous applications, it should be fine, with one caveat:

It shouldn't be automatic. The user should be prompted with a severe warning, and then allowed to continue at their peril. Because there are always exceptions.

Actually, if Amazon had set up their system to do something similar, there wouldn't have been a firestorm. "Warning: The seller of this book has been discovered not to own the distribution rights to it. You may keep this copy, or click here to exchange it for a properly-licensed one." That's all they would have needed to do.

Re:dumbass

[jpmorgan]

Given that the most predominant attack vector is users ignorance and stupidity.... no, it really should be automatic. At the very least, a prompt should only be enabled by a very obscure setting somewhere.

Re:dumbass

[maxume]

I disagree. You can put all the stickers you want on my lawnmower, but once you remove the blade, it isn't a lawnmower anymore.

Doing something someone perceives as hostile, 'for their own good', is almost never the correct choice.

Re:dumbass

Except by knowingly allowing users to keep improperly obtained books, they would open themselves up to some of the most litigious people in the world. With that in mind, I'd say they're in a greater position to favor automatic removal over Apple/Microsoft.

However, as your other replier notes, it is users that drive a lot of attacks, which heavily encourages Apple/Microsoft to build the killswitch just in case. I have the feeling that it only happens when you connect to the store, as having a constant or even occasional connection could eat battery life and cause a lot of pain on both ends (e.g., could you imagine the backend cost of bandwidth for someone that does not have an unlimited data plan, or any data plan at all?).

Not a horrible idea

If an application is doing some harmful (virus, worm, whatever) it should be removed. A mobile OS isnt like Windows where you have or should have an anti virus running.

Not saying Microsoft would be honest with that kind of power, I doubt it. Good idea though.

Re:Not a horrible idea

[symbolset]

It's part of the whole philosophy. They only give the permission to use the software for a limited time -- it's far to precious to let someone have use of indefinitely. So of course to make it work they have to have complete control of your hardware to make it stick. All your hardware is working for them now, and deigns to obey you conditionally upon their approval for as long as they permit.

Completely makes sense. Unless you're some kind of tin-foil-hat wearing control freak who expects to exert control over his own equipment.

Re:Not a horrible idea

[rdnetto]

A mobile OS isnt like Windows where you have or should have an anti virus running.

Are you so sure about that? As phones, etc. get more powerful, we're going to be able to do a lot more with them, and more viruses are going to turn up. It may be just as necessary in the future to run AV on your phone as on your desktop.

Re:Not a horrible idea

[peragrin]

AV shouldn't be nessecary and in nearly all cases the AV software doens't work when confronted with something new, only old. If old bugs are patched properly then AV software is even less effective.

That is the difference between Apple/Linux and Windows. old bugs get patched properly. MSFT just works around them. While quick patches come out for apple linux to deal with the short term problem, the long term holes are properly filled in and smoothed over later.

That is why a patched XP bug made it's way into Vista and 2007.

Re:Not a horrible idea

[TheRaven64]

My current phone is a generation or two old now, and has more RAM and processing power than the workstation I ran NT 4 on. Why should it be different just because it's a more convenient form factor?

Re:Not a horrible idea

[rdnetto]

AV shouldn't be nessecary ... If old bugs are patched properly

AV shouldn't be necessary, but then malware shouldn't exist. Similarly, most users don't bother to install the latest updates. We have to work with what we have, not with some hypothetical world where these problems don't exist.
While I agree that MS has a bad history, that doesn't solve the problem at hand. Bugs will appear in any OS, and while there will be fewer in some than in others, any OS that gains sufficient popularity will be targeted. (e.g.)

in nearly all cases the AV software doens't work when confronted with something new, only old.

Heuristics are getting more effective. And most people are fine as long as they keep their AV updated, which is usually done automatically.

What it comes down to is that it's impossible to make a platform secure without locking it down, and even then malware for it will exist (see the iPhone example I gave earlier).

Re:Not a horrible idea

[mcgrew]

Your phone is already more powerful than a 1972 Cray, the most powerful computer there was at the time. I'm surprised we haven't already seen viruses on them.

Not to insult Microsoft, but they have a track record here. I'd not buy a phone with an MS OS, especially if it was manufactured by Sony, who also have their own bad track record.

Re:Not a horrible idea

[rdnetto]

There are already some viruses, but only a handful. http://en.wikipedia.org/wiki/Mobile_virus
It seems that the only thing keeping them down is the lack of a standardized phone OS. I guess WinCE isn't popular enough to be targeted yet, and the iPhone is so locked down even the users can't install their own programs without jailbreaking.
I think viruses designed specifically for netbooks are more likely to catch on, since they have similar wireless connectivity to mobiles but the majority of them currently run WinXP.

So what?

[imemyself]

This is not that big of a deal. I don't like someone else having control over my hardware, but unlike with Apple's phones, nobody is requiring you to get Windows Mobile apps from the Microsoft "marketplace". If you're worried about something like this, then just skip the app store and get the .cab installation file straight from whoever made the software. The great thing about Windows Mobile is that its not locked down like other mobile OS's. You don't have to jailbreak your own hardware just to use it. Hell, you can load up Visual Studio, make a little .NET app for you phone, and install it on your device yourself.

Re:So what?

[Sonic+McTails]

Windows Mobile phones CAN be locked down to that extent and be setup to required signed cabs and reject unapproved applications (including those exe's that haven't been digitally signed. Most carriers do not enforce this, although the Motorola i930 for Nextel is a notable exception.

Re:So what?

[imemyself]

Yeah, I guess that's true, but in that case it's not really MS being dicks, it's the carrier. That interesting about that Nextel phone, my Sprint Treo was not locked down (even before I upgraded to an unofficial WinMob 6 firmware), I wonder why Sprint/Nextel would choose to lock down some of their phones but not others. I have to say, I would have some very unpleasant words for a person who sold me a phone that does not allow me to install applications (of my choosing) on it.

Re:So what?

[Kalriath]

Yes, but there are easy to follow instructions to undo the "signed apps only" restriction, since Microsoft doesn't want to stand in the way of "developers developers developers". Try THAT on Mac OS X Mobile (or even Symbian if locked down in such a manner).

Re:So what?

[ceoyoyo]

There are easy to follow instructions to jailbreak an iPhone. At one point it required visiting a web site. Now you have to run a program on your computer.

First Task

[Statecraftsman]

exhibits harmful behavior or has unforeseen effects

Doesn't sound like Windows Mobile and the Marketplace App are going to be with us for long.

Re:First Task

[drinkypoo]

Apple can and will do the same thing. The difference is that Microsoft won't be canning software simply because it duplicates built-in functionality. They'd love you to make it better than it is. But, apple hates competition. They're afraid that someone will demonstrate that it is possible to do it much better without them. The only thing keeping Apple going at this point is Microsoft's general incompetence - WinCE still blows and Microsoft is in the dictionary as the antonym of Agile (and I don't mean "...development".)

Re:First Task

Apple might but hasn't. If you bought an app that was taken out, it still works.

Re:Woah. That was me!

[Kalriath]

Troll? Nice. If that mod was actually present, they'd actually know that it actually was me. Well, if you knew who I was anyway.

Still, it seemed the presenter thought that he was asking if the app would be removed from sale, not remote nuked from devices. Anyway, pleased to hear that this isn't necessarily the case- the response seemed to indicate that the nuke would occur for any app Microsoft removed.

Bear in mind folks, that Apple can do, and have done, the same thing as well.

I see it happening....

[Antarctic+Pirates]

The only useful (and thus, profitable) app will be the one that embeds a Bluetooth device unto our brains, allowing us to communicate through sheer willpower.

Re:I see it happening....

[John+Hasler]

> ...allowing us to communicate through sheer willpower.

Until the vendor catches you thinking wrong thoughts and shuts down your mind.

Re:No way, dude. NO WAY.

No, I'm Spartacus! And my wife is too!

Why not ask the owner 1st?

I see the reasons for doing this, but I'm not sure I agree with the implementation. To me, a better way to handle this would be to not remove the application but to disable it instead and the next time the user tries to start it, give a short explanation on why it was disabled and maybe a link for more technical details with an option to enable/delete/stop. Sure, most users would probably immediately delete it, but it would be the users CHOICE too.

Re:Why not ask the owner 1st?

[broken_chaos]

Sure, most users would probably immediately delete it, but it would be the users CHOICE too.

You haven't really worked with many users, have you? Their program stops working and gives them an option to make it work again, do you really think they'll read/follow why they shouldn't make it work?

Re:Why not ask the owner 1st?

[Statecraftsman]

Yes and yes. Why is it so hard to start with respect for the user and work from there?

Re:Why not ask the owner 1st?

[mysidia]

They will when there's a thirty second timer before they can do anything, they have to check a box that says "I understand", click OK, and type some text to confirm their choice.

It's up to the person deciding the app to provide an adequate description to convince the user to delete it.

Re:Why not ask the owner 1st?

[izomiac]

The thing about choices are that you are allowed to make poor ones. Making a few bad choices will eventually teach people to make better ones in the future. That said, block the application from the network and make the warning simple to understand. Ethically, people have a right to autonomy over beneficence. Legally, I doubt kill switches would be tolerated if used very often/visibly given the doctrine of first sale.

I realize you're simply stating what most users would do, and I don't really disagree. I just figure that if someone is allowed to make bad choices with important stuff like their health or finances, that they should have that right with technology as well. Perhaps it's blind optimism in thinking that they'd show at least level 3 of 5 animal intelligence (association -- dog/cat level) and learn that disregarding scary messages correlates with bad things happening.

Re:Why not ask the owner 1st?

[geckipede]

It comes down to what sort of flaw there is in the software. If it's something like a network-raping app that displays bouncing tits every time the phone recieves a message, just offering the users a choice would be incredibly irresponsible.

It's the old "should I have the right to participate in a botnet?" question. Malware can and will affect more than just one person.

Re:Why not ask the owner 1st?

Yea what if the app is about to launch all of the worlds nukes and annihilate us all? It would be irresponsible not to have a killswitch! Think of the children!

Re:Why not ask the owner 1st?

[Shikaku]

Yes, the user is wary of everything that is going on when they install something and browse the web. This is why antivirus software profits are dying, because the user wised up for once.

Re:Why not ask the owner 1st?

[Arainach]

Because it was tried. And it was discovered that users don't read.

Re:Why not ask the owner 1st?

[cbhacking]

Two reasons. First, the vast majority of users don't *want* to deal with this - they just want their (computer|phone|car|whatever) to work. In this case, respecting their wishes involves making it so they don't have to see this. Second, computer users (and smartphones are computers, just small ones that happen to use ARM chips) are, by and large, idiots when it comes to computers. They're ignorant, but they don't even WANT to learn. Leaving something with the capability to spread malware or launch a DoS attack at their discretion is a bad idea.

Mind you, I think the OP's idea *COULD* work, if there were some way to ensure that the user has at least some idea what they're doing (basically, a reverse-Turing-test: is the human smart enough to interact with the computer?) An example of this is the Red Pill mode in Maemo (a Smartphone/PDA Linux distro). It's published how to enter it, but the user has to look it up, then do some things that a normal user would probably never attempt. In return, you get a lot of safety features (which occasionally don't do what you wnat them to do) disabled. http://wiki.maemo.org/Red_Pill_mode

Re:Why not ask the owner 1st?

You don't ask the user because... you don't TRUST the user.

Re:Why not ask the owner 1st?

[bhtooefr]

No, they'll just ignore it, and watch the timer, or complain that it got slower.

What you could do... have it initiate an automated PHONE CALL from Microsoft to the user, and pop up a dialog if the call isn't handled, saying that the program will not run until you answer the call and listen to the information. The phone call is a notification that the user may or may not ignore.

For better effect, randomize the numbers that you have to dial to select a keep or delete option.

Re:Why not ask the owner 1st?

[bit01]

Because it was tried. And it was discovered that users don't read.

No. It was discovered that badly written dialogs using jargon and concepts that the average computer user has no hope of understanding were being ignored.

Software is soft, it can be anything we want it to be but many poor programmers (not to mention certain astroturfers) prefer to point the finger at users instead. Most of the time it's incompetent programmers guiding the user into making bad choices, not the user's fault at all. I've lost count of the number of times I've been asked to help solve a computer problem and ended up having to apologize for some stupid dialog or icon that actually caused the problem in the first place.

Incompetent programmers program as if users are perfect and never make mistakes (while simultaneously claiming they are "professionals" and it's the user that's always at fault), that computers are at the center of users' lives, that users really like spending hours reading idiotic instructions for arcane, unnecessary procedures and that users have the jargon and knowledge of a multi-year computer course. Not to mention users expected to be time travelers because they should've known the instructions were coming after the point where they were needed. The dailywtf has some funny ones (including comments from unintentionally funny incompetents) however that just scratches the surface.

It's called designing software for your target audience. Some programmers should try doing it sometime. I'm tired of mediocre programmers with an inflated view of their own competence trying to blame others for their failings.

---

Open source software is everything that closed source software is. Plus the source is available.

Re:Why not ask the owner 1st?

It's the old "should I have the right to participate in a botnet?" question. Malware can and will affect more than just one person.

Summarily remotely removing software from a user's computer/phone/whatever is not the way to deal with a bot. It is not Microsoft's/Apple's/Dell's/ATT's/Verizon's computer/phone; it is the user's.

Depending upon the nature of the infection, the user should be warned and then disconnected. If the bot is particularly nasty, disconnect the computer/phone first and then issue the warning. Give the user an explanation up front of why the device was disconnected from the computer/phone network. Preferrably, offer to help the user fix the problem.

It is the user's equipment and the user has the right to do whatever the user wants. It should be part of the network ToS that the user must be a good network citizen to be allowed to connect to the network.

Problem solved.

Re:Why not ask the owner 1st?

[mysidia]

Better yet, tell them a URL they have to go to on a real computer.

They'll go to the URL read a disclaimer, type in their e-mail address, click a button.

Wait 2 hours to receive an e-mail with a confirmation code to re-enable the app.

Re:Why not ask the owner 1st?

[Your.Master]

What about something like: " is bad. [Remove it!] [Do Nothing]" with a big frown image on "Do Nothing", and a big smile image on "Remove it!"?

I think you'd find that users would *still* randomly click. At best it might alter the distribution of random clicks slightly. Of course, ProgramName will turn out to be "Indiciso679transit.yonkeys--é" and ruin the friendliness.

Re:Why not ask the owner 1st?

[Svartalfar]

If a person doesn't read a prompt and their program is deleted, isn't it their fault?

Re:Why not ask the owner 1st?

[bit01]

What about something like: " is bad. [Remove it!] [Do Nothing]" with a big frown image on "Do Nothing", and a big smile image on "Remove it!"?

That's been designed for young child, not a typical computer user. It is asking the user to make a decision but provides no useful information to base that decision on. " is bad" is useless, the user is smart enough to know that question would not have been asked unless there was a possibility that it was not bad.

I think you'd find that users would *still* randomly click. At best it might alter the distribution of random clicks slightly. Of course, ProgramName will turn out to be "Indiciso679transit.yonkeys--é" and ruin the friendliness.

Of course. The user has no information to make an informed decision so of course it's going to be random. Since the majority of prompts provide no useful information that becomes a habit.

---

DRM breaks ownership, the basis of capitalism and the free market.

How does this compare to Maemo

[kurt555gs]

If I want an app through http://maemo.org/ for my soon to be N900 and some one doesn't like it, what then? See OSS and Linux doesn't have this protection that Microsoft and Apple offer.

Re:How does this compare to Maemo

[Statecraftsman]

That n900 looks like it's about to replace laptops and desktops. Are there any plans to allow it to be docked to a keyboard, mouse, and monitor?

Re:How does this compare to Maemo

Yes. Keyboard/mouse: Bluetooth. Monitor: Video out cable.

Re:How does this compare to Maemo

[cbhacking]

Maemo uses a fairly standard apt-based package management system. I'm pretty sure that if a package from one of the repositories had a serious problem, the repo maintainer could push a "critical update" that disabled a misbehaving program. Of course, if the user wasn't updating (I forget if it updates by default or not) then nothing would happen.

Re:How does this compare to Maemo

[kurt555gs]

Actually I was practicing sarcasm. I know it is rare, but I like the idea of being able to see how programs work, and have control over something I have bought. I know, it isn't the way most big companies like it, but hey I'm old.

I already have an N770, N800, and an N810 so i'm both hyped and familiar with the platform. I also have an N95 8GB (great) and an N97 (steaming pile of shit).

Well, my life is just on hold waiting for the N97. My only big decision is weather to stay with the evil AT&T, or switch to the slightly less evil T-Mobile. "Dial Central" already works with Google Voice and I am out of contract so for me it's a question of better coverage (AT&T) or better price (T-Mobile).

Ahh I digress.

Re:How does this compare to Maemo

[miknix]

That n900 looks like it's about to replace laptops and desktops. Are there any plans to allow it to be docked to a keyboard, mouse, and monitor?

From what I can tell, the n900 is powered by a OMAP 3430 and this SoC is capable of USB2.0 OTG.
The omap Linux USB stack can work in usb host (OHCI) mode and OTG client (UDC) mode.

Given all above, I can tell either Host or OTG modes would support USB mouse or keyboard. There is a catch though, it also depends on the USB transceiver chip the n900 uses. The chip must be capable of delivering USB power when requested, otherwise you will need a USB HUB.

For example, my HTC Wizard (omap850) works in host and OTG modes in Linux. However, the USB transceiver chip is not capable of delivering power (manufacturer's fault).

Re:How does this compare to Maemo

[kurt555gs]

The statement "Well, my life is just on hold waiting for the N97." was meant to say N900. The N97 is/was the worst phone I have ever had.

That, too, is their choice

[Rix]

Lets be honest here. The kill switch isn't to remotely disable malware, it's to remotely disable useful software that threatens some entrenched interest's business model.

Re:That, too, is their choice

[Achromatic1978]

So it's kinda like a retroactive version of Apple's App Store rejecting apps for being too similar to Apple functionality? (Google Latitude, anyone?)

Re:Woah. That was me!

[beelsebob]

Bear in mind folks, that Apple can do, and have done, the same thing as well.
[Citation needed]

Apple do not have the ability to remove an app from your iPhone, at least not currently (thankfully).

Kill switch

[siloko]

Apple have time and again rejected an App before it ever reaches an iPhone, just check out their Developer forum for gripes and confusion. However I don't know of any examples where an App has actually been nuked after acceptance and in fact Jobs' comment about the hitherto mythical kill switch seems to suggest a policy almost exactly the same as Microsoft, i.e. if an App is accepted that steals user data or can otherwise be considered malware then Apple/Microsoft need a mechanism to disable it.

I guess this can be abused and it is unclear what constitutes malware, but I also believe had both Corp's not incorporated this facility in their platform then there would be a heap of lawsuits waiting for them when some malware started mailing users contacts all over the web!

Re:Kill switch

[beuges]

Apple pulled the Commodore 64 emulator from the app store after it was accepted. To be fair, this was after reports of how to get to a BASIC command prompt surfaced, which is why the app was originally rejected.
But Apple has removed previously accepted apps from the store. If they had a kill-switch mechanism on the iPhone, they most likely would have remotely remoted the C64 emulator from those phones that had purchased it as well.

see http://apple.slashdot.org/apple/09/09/08/1714205.shtml

Re:Kill switch

[bcmm]

Few apps have been nuked after acceptance, but for some apps they started rejecting upgrades due to a change in policy, effectively nuking the app when it needs to be updated to work with a new firmware version.

Re:Kill switch

[Kalriath]

Actually, the gripes and confusion are more prevalent on the actual Developer forum (free developer login required to view),

Re:Kill switch

[Kristoph]

Yes, Apple removed the applications from the STORE but if you bought the app already it remained on your iPhone.

Somewhere, eight lucky (and stupid) people have the 'I am Rich' application they bought from the Apple store installed on their iPhone:
http://en.wikipedia.org/wiki/I_Am_Rich

Even though it's long gone from the Apple store.

Interestingly, Google is ok with this application staying on their store. What happens when someone buys this application accidentally, thinking it's a finance management or something. Does Google offer refunds?

Re:Woah. That was me!

[AuMatar]

http://consumerist.com/5035528/jobs-confirms-iphone-kill-switch

Jobs himself confirmed the capability is in the iphone. I don't know if they've used it, but they can.

Re:Woah. That was me!

[DDLKermit007]

Orrrrrr if you pwn your iPhone you can kill the killswitch.

Cell phone is not your computer

[misnohmer]

I think a clear distinction should be made between your computer and your cell phone. The cell phones are supported by the operator, they have to support anything you can screw up with the phone. If you install an application on your computer which slows it down you don't call your internet provider to fix it. With the cell phone you do. Think of the cell phone as your work computer, where your work IT guy is responsible for its operation therefore they have the right to restrict you. What if an application interacts with the radio stack and interferes with the cellular network? Would you rather have the application pulled or your account suspended and/or phone bricked by the operator (or worse yet, you get a fine from the FCC for doing illegal stuff in a licensed spectrum)? What if the app has a bug which may erase the boot flash and bricks the phone? There may be other reasons, what if the application is easily compromised and it then becomes a node in a netbot, ringing up customer's data bill (or do you believe that you are in fact liable for anything any application can do on your phone). What about a less extreme example of an application which drains your phone's battery in 6hrs? The operator then sees a slew of phones being brought to the store, the reputation of the phone and indirectly Windows Mobile suffers. I would also like to add that even though it is very tempting to compare iPhone to Windows Mobile, it's apples and oranges (no pun intended). iPhone is one device (ok, few versions over time) vs. Windows Mobile is an Operating System which exists on a myriad of different devices. Microsoft does not manufacture any of those devices, they only provide the OS. Some devices have touch screens, some don't. They do have some standardized buttons and features (as per Windows Mobile Logo requirements) but their peripherals, screens, keypads, etc vary greatly. Some Windows Mobile devices are great, some are not. You cannot compare Windows Mobile (which is an OS) and iPhone (which is a phone). The manufacturer of the phone has the option to lock things down or keep them open to whatever degree, though that is typically dictated to the manufacturer by the operator. I am speculating here but the decision to pull any app is likely to come from the operator or "maybe" the manufacturer and apply to a subset of the devices affected. Microsoft is simply offering the capability to the phone manufacturers and operators.

Re:Cell phone is not your computer

[vadim_t]

The cell phones are supported by the operator, they have to support anything you can screw up with the phone.

No, in my case it isn't. I paid the full price for my phone precisely because I don't want to depend on the carrier. Any time I want to, I can swap the sim card.

If you install an application on your computer which slows it down you don't call your internet provider to fix it. With the cell phone you do

No, I don't, because the cell phone is fully mine, and the carrier had nothing to do with it.

What if the app has a bug which may erase the boot flash and bricks the phone?

I'd consider that a bug in the phone. There's no reason why an application should be able to do that.

There may be other reasons, what if the application is easily compromised and it then becomes a node in a netbot, ringing up customer's data bill (or do you believe that you are in fact liable for anything any application can do on your phone).

In my case, yes, I suppose that'd be problematic. But that would also be a bug in the phone. In mine, at least, unsigned applications require authorization to connect to the network. So there's no way for some random calculator app to start a botnet without me having allowed it to first.

It wouldn't be hard to make the phone keep detailed accounting of how much data each application uses, and put limits on it, either.

What about a less extreme example of an application which drains your phone's battery in 6hrs? The operator then sees a slew of phones being brought to the store, the reputation of the phone and indirectly Windows Mobile suffers.

This I absolutely don't care about. Screw Microsoft's reputation. If a badly written application is still useful for me, I want to be able to keep using it. The GPS drains my battery in 3 hours, but I definitely don't want it to be gone.

Re:Cell phone is not your computer

[misnohmer]

You are obviously way more advanced than a typical user. If your phone gets a virus which dials a toll number, you'll be happy to pay the bill. The phone you bought is also likely to be completely unlocked and unrestricted, since you didn't buy it though the operator and therefore there would be no operator restrictions. Since you have no restrictions, you CAN simply install whatever apps you want, no need to get it via the marketplace. Your comment about signed apps doesn't really apply since all the apps from marketplace will be signed (unless you expect Microsoft to only sign apps which are guaranteed to never have bugs or security holes - something of course impossible). Also, you misunderstood my comment about battery drain. What I was referring to are apps with bugs which will drain your phone in no time just because they are installed or in some cases if you have run them at least once since boot (I used to deal with apps like this in my job). I guarantee you that if having the GPS app simply installed on your phone would drain the battery in 3 hours, you would care, and want it gone.

Re:Cell phone is not your computer

[vadim_t]

If your phone gets a virus which dials a toll number, you'll be happy to pay the bill.

Eh, not precisely happy, but I'd put the blame on the phone unless it was my own action that allowed it to happen.

In my view, the carrier has nothing to do with it in any case, even for a carrier owned phone.

I guarantee you that if having the GPS app simply installed on your phone would drain the battery in 3 hours, you would care, and want it gone.

Sure, but that doesn't require carrier control. All it needs is having the phone measure the power usage of every application. Then I'd like two things: a display that provides a complete breakdown of power usage, and if an application gets really out of line, a warning message that suggests disabling the misbehaving application.

If the app store provides a list of applications that were found to be badly coded, then that would be useful, but in no event I would want anything to be uninstalled without my consent.

Re:Cell phone is not your computer

[misnohmer]

If you install a VoIP application integrated with your dialer, it has a security hole, makes the app dial 1900 number you blame.... the phone! Same for p2p file sharing application (which you explicitly allowed to access internet). This is exactly why the operators want the ability to remove such apps. As far as measuring power usage of applications, you are describing what you'd like to see from user perspective. Unfortunately it's a pipe dream. I would love to see something like this also, but it's not possible. First, to measure power you'd need to run an application to measure and log such power - this in itself would eat power, and actually quite a bit of it if you wanted a say a 1 or 2 second resolution (app waked the phone to measure and log it every 1-2 seconds). Second, power usage by an application is not very measurable. To give you some examples of bad apps - some apps break and refuse to give the phone's OS the "permission" do go to low power sleep mode (there is a call for example which polls the apps to make sure they are not about to do something which would break if the phone went to low power mode, like DMA, etc). Another example would be an app which causes a lot of page swaps, function which theoretically belongs to the OS, but if the app causes the behavior, it costs power. Other examples include apps which turn peripherals on and forget to turn them off. Or ones which will randomly turn on your backlight for no reason at all while you don't see it or even the screen is off (you cannot account backlight power to any specific application, all applications share the backlight), or they leave the volume up (sound amplifier maxed out), etc, etc. An application may cause a lot of interrupts, causing a lot of context switches, causing OS to spend a lot of time (and power) just context switching. Or if the application overstates what resources it needs and makes the OS keep the hardware running at faster performance (more power expensive) modes, faster clocks, higher voltages, etc. All these things eat power indirectly. Believe me, if it was possible, it would be there - there are a lot of people in the field who would like to see this.

Re:Cell phone is not your computer

[vadim_t]

If you install a VoIP application integrated with your dialer, it has a security hole, makes the app dial 1900 number you blame.... the phone!

Well, of course. How did the VoIP application's hole get exploited? It may have had a hole, but the hole had to be accessed in some way. It certainly didn't dial the 1900 number on its own. I see several attack vectors:

Another application on the phone exploited it: Phone's fault for allowing one application to have such access to another
The VoIP application was somehow accessed over the network and exploited: Phone's fault for allowing such access to happen, and for allowing the exploit to happen (lack of buffer overflow protection for instance)
The VoIP application was accessed by breaking into the phone first over the network then accessing the application locally: Phone's fault for allowing it to happen.

As far as measuring power usage of applications, you are describing what you'd like to see from user perspective. Unfortunately it's a pipe dream. I would love to see something like this also, but it's not possible.

Yet powertop exists on Linux. And you're speaking a lot of nonsense.

Yes, applications can mess with the backlight, cause swapping, context switches and so on, but it's not the application what does that. The application must call to the OS to do it, and the OS is therefore perfectly capable of knowing which application asked the backlight to be turned on, how much CPU time it uses, how often it accesses various devices and transfers data... there's nothing that prevents the OS from keeping accurate stats of what each application does, and in fact modern OSes do already. Page swaps don't "belong to the OS", they happen because an application needs more memory than is available. The OS knows perfectly well which application needs data that's swapped to disk, or which application's data was sent to disk. Try iotop on Linux, or the task manager (you have to add columns) on Windows.

Would it consume some power? Like any other code that runs on the phone, but it doesn't need to consume much. Any time an application requests the backlight to be turned on, the CPU has to be executing code for it to happen, so it's already not sleeping. Increasing a counter, and appending a timestamp to a log of requests at that time would take a tiny amount of power. Then that data can be processed for instance every 5 minutes.

Re:Cell phone is not your computer

[misnohmer]

So in your view, the phone equals OS and the OS is responsible for any application exploits because it allowed it? So if apache on linux has a security hole, it's Linux fault. If I write an app with buffer overflow hole, it's Linux fault for allowing it. If my app allows users to execute code, Linux fault, right? You've proven my point, people will blame the phone for everything, including independent developer's errors - hence the operator just wants to lock it down...

Re:Cell phone is not your computer

[vadim_t]

If Apache has a hole, that's Apache's fault. If the Linux kernel allows that to be exploited to compromise the rest of the system, yes, that's the kernel's fault. And SELinux exists precisely to make it so that even if Apache has a hole, nothing useful can be done with it. Note that SELinux has nothing to do with any vendor or operator enforcing anything, it's simply a mechanism that allows to specify exactly what an application is supposed to be doing, so that it can't do anything else if its original purpose is subverted.

Properly securing a desktop in this manner is currently very difficult due to usability issues. But on a device like a phone it seems a lot more doable, due to the reduced functionality, less interaction between applications, widely used sandboxes like the one provided by Java, and especially the fact that applications are coded specifically for phones, so if the phone runs the app in the sandbox, the app has to work in the sanbox, even if the developer thinks that's annoying to deal with.

Where I disagree is with that the operator has anything to do with security. Microsoft being able to uninstall stuff from phones is completely unhelpful, because that's the old and horribly broken antivirus system -- somebody must be screwed over first (probably quite a few people), the vendor/operator has to find out, create an update, and your phone has to notice that instruction to tell it to remove the application before you get hit by the problem. If it can, because the exploit may have well compromised the phone's ability to remove the application by then.

The much, MUCH better way is when the phone actually works to protect you without depending on a third party.

Re:Cell phone is not your computer

[misnohmer]

Ok, think of Windows Mobile like SE Linux. The operator is the administrator and you don't get the password. Don't think of it removing the app as "uninstall", just that the admin restricted the ability to execute the code or access resources. The operator makes decisions based on what results in most profit, the principle which makes capitalism thrive. They go for what most users would like (majority forces the minority, otherwise known as democracy) and most users prefer no hassles. For every user like you who gets ticked, they gain many users who don't leave or spread bad impressions because they blame it on the phone. If you want a box with admin password, build it yourself. If you want to use the operator's network, you have to follow their rules. You're free to build or buy a device, install linux on it and hook it up to one of the broadband modems from the mobile operators for connectivity (modems available via USB, PCMCIA, even WiFi). And as far as blaming the OS, I don't think even SElinux has the ability to peek into connections and determine that your p2p file-sharing app is now relaying things for the netbot instead. I know, you still blame the OS for allowing the app to do that. RELATED: I do understand your frustration though. Working in the mobile handset industry I have seen a number of decisions which didn't even make sense to me, but were based on general user preferences. Here is one good example: when your phone syncs up with your mail/calendar server, it would be useful to know whether the sync succeeded or had errors, or even when the last successful sync occured. WinMobile had that feature but Blackberry did not. Turns out not having this feature wins with the general public. In a study users were given same phones, but one group had the error/status reporting removed completely, overall on average, the users with the feature removed reported much better sync experience. Were they fooled, you bet, BUT the one who makes the phone which hides this info wins, people like the phone more, better word of mouth, they sell more phones! You would complain about the lack of the feature, so would I, but I understand why from the phone maker point of view you want it gone - to make the phones more successful.

Re:Cell phone is not your computer

[vadim_t]

Ok, think of Windows Mobile like SE Linux. The operator is the administrator and you don't get the password.

Err, no? SELinux is simply a permissions mechanism. It's an OS feature, and I don't see why the operator's involvement is needed.

And that won't do. I'll take the password, thanks. I bought the phone after all. If I can't have it, I'll buy something else instead. Currently it seems I can get that with OpenMoko, a Pre, or a recent Nokia phone like the N900. Those are the ones I'm looking at.

If you want to use the operator's network, you have to follow their rules.

Not so much where I am, no. I can use any cell phone on any operator that's technically compatible, just got to insert a sim card.

And as far as blaming the OS, I don't think even SElinux has the ability to peek into connections and determine that your p2p file-sharing app is now relaying things for the netbot instead

That's a pretty difficult instance, but even here I think SELinux should be able to do something. A botnet has to do something to be useful. If it sends mail, then SELinux can control whether the P2P app can connect to port 25.

BTW, who the hell runs file sharing software on their phone?

when your phone syncs up with your mail/calendar server, it would be useful to know whether the sync succeeded or had errors, or even when the last successful sync occured. WinMobile had that feature but Blackberry did not.

Well, thanks for telling me. That's incredibly retarded. This alone guarantees I won't have a WinMobile or Blackberry ever now and will recommend against purchasing them to other people. I'll make sure to point at your post.

BTW, would it kill you to use paragraphs?

Re:Cell phone is not your computer

[misnohmer]

What is the current unlocked phone you have? As far as Linux phones, just like WinMobile, there are good ones and there are bad ones. Believe it or not, manufacturer of a Linux phone may also remove sync status in order to increase sales. They can also lock down the phone and install ability to yank applications. Something like OpenMoko may be your best bet for flexibility. Second bet would probably be an unlocked WinMobile PPC - you can get apps from other places, no lock to marketplace. They are very customizable and even if the phone maker removed the sync status feature you can write your own app for the sync status. Let's face it though, average users don't care about the flexibility so much. Personally I used to use WinMobile for years - most phones were not very locked down and I used to even write my own apps, customize things the way I want. Few years ago I switched to Blackberry, mostly because I didn't want the flexibility any more - I found that the blackberry does everything I need it to do, does it well, but I don't have to worry about all the extra customizations and the drawbacks they bring (like the computer style window manager - I hate pop-ups from different apps, especially while typing). For work by the way I used to use a number of Linux, Symbian, Blackberry and WinMobile phones - so my choice was based on actual experience using the above phones. In the end, it comes down to a personal choice. I used to love the fact that I could write and use my own apps on WinMobile, but over time my needs changed so my phone changed too. I hope you find the phone which suits your needs.

Sorry about the paragraphs, have been reading slashdot for years but only recently created an account to allow me to reply. In HTML mode the newlines get eaten. This is "plain old text".

Re:Cell phone is not your computer

[vadim_t]

What is the current unlocked phone you have?

Nokia 6210 Navigator. Looking to replace it with something better.

Leaves a lot to be desired, but works precisely the way I think these things are supposed to: If I install an unsigned application it still allows it to run, but it requires permission to do things like accessing the network.

Believe it or not, manufacturer of a Linux phone may also remove sync status in order to increase sales. They can also lock down the phone and install ability to yank applications.

They can do that, but I won't buy it unless I can reformat the whole thing and install whatever I want on it. Maemo phones and OpenMoko seem to fulfill this requirement: If there's anything objectionable about the phone as sold, it shouldn't take long for somebody to release a patch for that.

I don't really care much about what comes on the phone from the factory, so long I can rip all of it out and replace with something better.

Let's face it though, average users don't care about the flexibility so much

I don't care about "average users", I care about me.

I don't have to worry about all the extra customizations and the drawbacks they bring (like the computer style window manager - I hate pop-ups from different apps, especially while typing).

With a proper open phone it wouldn't take long to patch the OS to make the popups stop interferring

Re:Woah. That was me!

[beelsebob]

and have done
Your citation does not say what you said it said. It does say they have the ability to remove them though, you're right. Have you got evidence that apple actually have removed an app, ever?

It's a matter of trust

[erroneus]

If any other company said "we are doing it this way because it's for the best... trust us" we might still have the same reaction to it. We see it everywhere we go. Amazon did it with their removal of eBooks. And in every case of internet censorship I have ever heard of, it went well beyond its stated purpose of "guarding against child porn."

It's bad enough that "we don't trust." It is worse when a company believes it can "impose a trust relationship... or else."

Re:It's a matter of trust

I'm curious - what would the response be if the government did this? Both the government and Microsoft are monopolies in certain contexts.

Re:It's a matter of trust

[erroneus]

Other governments do this. The U.S. government and the governments of the states of the U.S. have probably tried to but failed on constitutional challenge. (And it is quite likely that US governments have done it successfully and haven't yet been challenged successfully.) That's the nice thing about having a constitution. It limits what the government can do and that was "by design." What we need is a constitution that limits what business can do to the environment and to the consumer and so on. We already have some laws in place, but they don't seem to be enough when they are allowed to effectively steal from their customers in this way. And make no mistake about it, it is theft. It would not matter one bit if I broke into a store somewhere and picked up a couch and left the correct amount of money in its place to pay for it and any damages I may have caused. If I didn't buy it, I didn't enter into an agreement with the seller for its purchase. And if that seller decided after the sale that he didn't want to sell it after all, it would be theft for them to enter my home and remove the couch leaving a complete refund in its place without my having agreed to it prior. And I seriously doubt that any agreement on the back of any receipt would enable the couch seller to extract my property.

The EULA is the software industry's contract for consumer abuse. It's time a constitution outlawed most of the provisions listed in most EULAs. Some state laws already do this, but not across the board.

Re:It's a matter of trust

It's bad enough that "we don't trust." It is worse when a company believes it can "impose a trust relationship... or else."

This is exactly it. There isn't any trust at all--they can do it because they can get away with it and people will still buy their stuff. Well, I know that I won't be buying any of their stuff.

It's so simple

[spacefight]

Don't buy this shit.

Re:Woah. That was me!

[Kalriath]

Granted, actually. I'm not even 100% certain that the baby-shaker app was remote-nuked. Regardless, the ability is there.

Re:No way, dude. NO WAY.

[Kalriath]

Madness?!? THIS IS SPARTA!

Yeah, back on topic now.

Refunds as in "pre-installed MS Windows" refunds?

[cheros]

I can't believe they are actually serious about this. Let's do the car analogy. I sell you a car, and find out later that a lot of those cars have been used as getaway cars in robberies etc. The police would like me to withdraw this car from the market.

So, doorbell rings on Sunday afternoon and a guy stands there with a box with has everything you left in the car, an envelope with the payments you have already made and a confirmation that the rest of your loan is cancelled, and he wants your remaining keys (because they kept a set when they sold you that car - think about that one for a moment). And he shows you the clause in your agreement in 6 point font in light grey on white where they make this legal. The car is about to be towed - they opened your garage already because they somehow gained access.

You need "car functionality": You have to bring the kids to school on Monday, you have a work appointment straight after, and you have to do some shopping because it got late on Saturday.

Would you:

(a) thank the guy, accept the box and figure out WTF to do next
(b) tell the guy to drop the box, hand over his copy of your car keys and tell him to be off your drive -minus your car- before you come back to the door with an appliance to assist in his removal which may or may not consider his health in the process.

Bonus question:
Would you EVER consider buying a car from that company again, even if it somehow got sorted out?

This gig has just closed the market for me for phones with an MS OS. I hope Apple doesn't try to pull this one either - they have no removal clause in their T&Cs (which is probably why they are rather retentive in their app checking to start with).

Where the hell have we got to over the last decade? Since when did it become acceptable for a company to become judge and jury about what you buy? /rant

Refund-Smeefund - That is Big Brother Speaking

[pubwvj]

A refund is no good. I don't want Corp/Gov pulling these kinds of strings. That's too much power. It's my computer, my data. They have no right to reach in and mess with it. The Amazon Animal Farm book rescinding fiasco proved how bad an idea this is. They destroyed the class notes people had made while reading the book. That was the user's data. I won't buy any products with remote deactivation. A kill switch is a product killer.

N900 apps: are there enough?

[KWTm]

If I want an app through http://maemo.org/ for my soon to be N900 and some one doesn't like it, what then? See OSS and Linux doesn't have this protection that Microsoft and Apple offer.

Funny guy. I guess I'll be stuck with this "problem", too, since I plan to get a N900 this year (hope there's no delay in it coming out or I won't be able to charge it to corporate in time for their mid-November deadline).

I was wondering, though: are there enough 3rd party apps for the N900? (After all, there'd be no need for any kill switch if there aren't even any apps!) I know Maemo is Linux-based, and I should be able to compile my own OpenOffice.org suite on it, but I'm afraid of any idiosyncrasies in the system that would render most apps incompatible, like "Maemo uses NokiaFS which has no symlinks or nested directories" or something. I'm still thinking of my Zaurus SL-5500 which had approximately 2 third-party apps (3 if you install Opie) and which is now gathering dust.

Hopefully N900 users would benefit from a collection of apps built up for the N770, N800 and N810 (are they compatible? Still smarting from the PalmOS 5 switchover). If there are enough apps to warrant a kill switch, we can always do it by the honour system, sort of like the Honour System email virus: "Hi! This virus works on the honour system. Please delete a few essential files on your computer and reformat your own hard drive, then send this email to a few of your friends."

Re:Woah. That was me!

[Midnight+Thunder]

Granted, actually. I'm not even 100% certain that the baby-shaker app was remote-nuked. Regardless, the ability is there.

In certain cases it could be useful and could protect the customers. On the other hand, using it for the wrong reason or at least one that is questionable would be very dangerous and would likely trigger an outside, government led, investigation into the reasons.

Re:Woah. That was me!

[AvitarX]

Well MS hasn't either, though I agree OP was stating falseness as fact.

1984

[Ozlanthos]

I find the lack of outrage over this really surprising. Seems like we are drifting closer and closer to a time when texts found online will be changed globally without anyone knowing the difference. All "bad" news (stories not conforming to the party line) will suddenly disappear. All apps that do things Apple or any other company don't like will just disappear off of your phone (no matter how much you paid for it, or where you bought it from). Now you know why they are trying to kill the written word in all it's non-digital forms. You simply can't change a story on the fly if people have a solid printed copy of what it use to say.

-Oz

Re:Woah. That was me!

[ClaraBow]

I agree that the ability is there, but they have never done it! Just a piece of anecdotal evidence, my Netshare up which was pulled more than a year ago still works in the latest Iphone. Apple may pull apps, but they certainly haven't removed apps that were sold and later pulled from the app store.

Freeware FTW

[doronbc]

That's why only morons keep buying shit from Microsoft. PPC freeware ftw.

scary

[AliasMarlowe]

this kill switch seems to be malware.

Fixed that for you.
It's hard to distinguish between a remote kill switch (which is not controlled by the owner of the device) and various other types of malware.

Re:scary

[Your.Master]

What are you talking about? It's very easy to distinguish between such a remote kill switch and other types of malware, by comparing what the remote kill switch does and what the malware does.

You could just as easily be arguing that it's difficult to distinguish between a firewall and a denial-of-service attack.

The one essential thing...

[westlake]

... about a telephone is that it has to work when you need it to work.

Your world won't come to end if your Soduku game makes a sudden departure.

It just might if you can't raise 911.

Probably we have a NSA finger here.

Remotely disabling applications is like a guy going into your house and destroying an equipment. The Windows Mobile today is used by some voice, message and email encryption systems.
The fact of developing powerful encrypted systems probably let the NSA ( US National Security Agency ) requesting Microsoft with this kind of feature and probably other features hidden inside this operating system.
Now the companies, like mine, that develops encryption software will migrate to Open Source Operating Systems, where we will be allowed to customize the operating system with more security, disabling this kind of back-doors like the new reported.
Until Windows Mobile version 6.1, we are able to disable some Security Policies inside Windows Mobile that allows this kind of external intruders, because nobody wants to have his equipment changed without his permission.
Now with this gift from Microsoft, we will change to another Operating System, like Android or Maemo inside a new hardware.
Security is a process, your enemy moves, you must move too.

Re:Woah. That was me!

[mcgrew]

Well, I clarified the question anyway since the guy didn't get it the first time.

Sometimes you'll submit a story and two days later it's accepted -- by another submitter. It happens, no reason to worry about it.

Re:Woah. That was me!

[Kalriath]

No, I actually meant I was physically present at TechEd and was the one who asked that question.

Re:Refunds as in "pre-installed MS Windows" refund

I can't believe they are actually serious about this. Let's do the car analogy. I sell you a car, and find out later that a lot of those cars have been used as getaway cars in robberies etc. The police would like me to withdraw this car from the market.

So, doorbell rings on Sunday afternoon and a guy stands there with a box with has everything you left in the car, an envelope with the payments you have already made and a confirmation that the rest of your loan is cancelled, and he wants your remaining keys (because they kept a set when they sold you that car - think about that one for a moment). And he shows you the clause in your agreement in 6 point font in light grey on white where they make this legal. The car is about to be towed - they opened your garage already because they somehow gained access.

You need "car functionality": You have to bring the kids to school on Monday, you have a work appointment straight after, and you have to do some shopping because it got late on Saturday.

Would you:

(a) thank the guy, accept the box and figure out WTF to do next
(b) tell the guy to drop the box, hand over his copy of your car keys and tell him to be off your drive -minus your car- before you come back to the door with an appliance to assist in his removal which may or may not consider his health in the process.

Bonus question:
Would you EVER consider buying a car from that company again, even if it somehow got sorted out?

This gig has just closed the market for me for phones with an MS OS. I hope Apple doesn't try to pull this one either - they have no removal clause in their T&Cs (which is probably why they are rather retentive in their app checking to start with).

Where the hell have we got to over the last decade? Since when did it become acceptable for a company to become judge and jury about what you buy? /rant

Hell yeah. I get all my money back, they get stuck with the depreciation of the old car and if they hadn't notified me the police would have towed it anyway until I prove it wasn't used in a crime? I'd recommend that dealer to everyone. Getting months or even years of car payments back will certainly cover the cost of a rental until I get a new one. Enterprise will even "pick me up" so I don't have to hitch to the lot.

Apple on the other hand, just firebombs the old car, makes the manufacturer eat the cost despite the fact that Apple "certified" the car and fails to remove my kids from the back seat before firebombing the car in the first place.

Re:Refunds as in "pre-installed MS Windows" refund

[cheros]

"fails to remove my kids from the back seat before firebombing the car"

That's probably a good Darwinistic approach - anyone who leaves their kids in a locked garage should not be allowed to pollute the gene pool..

Joking aside, I'm no fan of Apple either, they are too much control freaks. Just in this *specific* instance they appear to act more sensibly - I just wonder how long that self restraint will last..