Slashdot Mirror
Microsoft Outlines Windows Phone 7 Kill Switch
nk497 writes "Microsoft has outlined how it might use the little publicized 'kill switch' in Windows Phone 7 handsets. 'We don't really talk about it publicly because the focus is on testing of apps to make sure they're okay, but in the rare event that we need to, we have the tools to take action,' said Todd Biggs, director of product management for Windows Phone Marketplace. According to Biggs, Microsoft's strict testing of apps when they are submitted for inclusion in Marketplace should minimize kill switch use, but he explained how the company could remove apps from the marketplace or phones, when devices check-in to the system. 'We could unpublish it from the catalog so that it was no longer available, but if it was very rogue then we could remove applications from handsets — we don't want things to go that far, but we could.'"
this seems baiting....
2.0?
I'm not a lawyer, but I play one on the Internet. Blog
Looking forward to Slashdot telling me how Microsoft is teh evil but Google is OK.
How sad that the phone is so insecure that malicious code could run.
Everything can run malic... wait...
Oh, OK. Trolling. Carry on then.
http://www.readwriteweb.com/archives/google_activates_android_kill_switch_zaps_useless_apps.php
http://news.cnet.com/8301-13579_3-10010070-37.html
Both Android and the iPhone have kill switches as well.
Google has actually used theirs.
Brought to you by Apple.
Buying a mobile phone is already such an exercise in trust, I have a hard time worrying about a remote app kill switch.
I always thought selling me something then taking it back was theft.
Total non-story.
Nice going at making assumptions before the OS is on the market. Win7 Phone is going to be a locked iPhone like system for apps, so it's an issue of "if an app does something we didn't see" not "if malicious code installs itself"
If someone else can come in remotely and change what you've got installed, it's not your system and it's not your software.
But we encourage you to think of it as your own - it makes the fees hurt less, and we can always straighten you out on the details of ownership later.
If the handset is causing issues with the network because of a rouge application just shut down the handset. (Well, allow 911 or your local PSAP number.) This, hopefully, would be just an AUP issue. Sometimes a hammer is the right tool.
-- I have a private email server in my basement.
"...we could remove applications from handsets - we don't want things to go that far, but we could."
Now I have no need to even consider getting one.
Anybody know if they have such a switch?
Given how much their phones (going forward) are pretty much open, I wonder where they'd put a killswitch.
I'm not a lawyer, but I play one on the Internet. Blog
Am I the only person who envisions some mad scientist in a far off laboratory cackling with glee as he throws the switch to remove a program from your phone, all while lightning flashes and thunder crashes in the background?
Is there an app for that?
For justice, we must go to Don Corleone
Microsoft has made a lot of poor security choices in the past, so we should praise them when they do something that will improve the general level of mobile application security. All mobile platforms to-date have kill mechanisms, for the average user it's a great thing to be able to shut down a rogue app en-masse and not have to wait for even an update cycle.
Experienced technical users will ALWAYS have the equivalent of Jailbreaking to prevent applications from being removed or modified externally if they so wish. But that is a choice that should be made by a technically informed person after consideration, not a default configuration that the general public has to live with the repercussions from for the next decade.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
We don't really talk about it publicly because the focus is on testing of apps to make sure they're okay
How does information about this topic relate to (or even prevent) people from testing apps?
Twinstiq, game news
I can list many, but the main reason I wouldn't even consider an Apple product (and now perhaps MS) is the ability of the company to dictate what apps I can have and what I can't have. If I understand correctly, an iPhone owner can only get apps that are "approved" by Apple. Ditto MS & Droid?? I do know that RIM doesn't care what I put on my device because it's MY DEVICE. I BOUGHT IT.
but in the rare event that we need to, we have the tools to take action
And, but in the non-rare event where we don't intend to, we have the tools to take action, by mistake.
"Yo! Who hit the kill switch?"
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
"Unpublish it"? As opposed to simply de-listing it, or removing it from the catalog? "Very rogue"? I had no idea there was a spectrum of roguishness. I sincerely hope that English is his second language. I don't feel the need to correct the spelling or grammar of Slashdot commentators, but this guy is speaking on behalf of a giant corporation.
...and kill security risks such as Internet Explorer.
Am I the only one who's a little purturbed at the lack of phone functionality a lot of these new smartphones have?
Mind you, I have an iPhone, but I mainly use it as a phone with some apps which increase business functionality. I'm just curious why there would be a need to use said "killswitch" on a phone - unlicensed app? illegal app? immoral app (such as malware / viruses)?
More like, in the event that it would benefit us, regardless of its cost to you. Seriously, when the hell does anyone need to remotely kill some app on your phone? ... Yeah, I thought so.
Not a total non-story. It's good to be reminded that the capability exists, even if we come to the consensus that it's not a big deal, or even that it's a good thing. Not ever story on Slashdot has to result in moral outrage. Sometimes we can look at something and say "Yeah, that's probably and okay feature to have."
....anyone want to rent a win 7 phone?
I live in a society of "educated" idiots who seem to think features like this are a good idea. I am the only one who realizes that nobody, EVER, for any reason should be able to reach in my hardware and remove ANYTHING. It is a bad precedent. Period.
What would happen if MS gets threatened by some third-party app vendor to remove a program from users' phones? Who are they going to appease, the worthless consumer, or the company pressing a lawsuit? We already saw this with the Swindle. How many times do the morons that make up this population need to be subjected to what (in my opinion) amounts to a break-in and theft?
"Yo dog, we thought you had a virus on your computer, so we picked your lock, looked at the installed software on your machine and cleaned it up for you!"
Even if I resist this, the rest of the idiots won't. Every computer and microprocessor-infused device on the planet will soon have these features. At least nobody can remotely delete my Linux inst.............
WHAT?! That statement is utterly preposterous!
I was about to say something at this opportune time about how I enjoy Open, Free Software as it is Free as in freedom but also free from 'kill switches' that allow private corporations (evil or not) from dictating how I use a product I paid for, whether they like how I use it or not. I know that many people loved walled gardens, but I am not one of them. I like my freedom. Go ahead, enjoy your slavery if it suits you. Thank you for your time. P.S. I am not new here, not at all.
How about using your phone for making phone calls, and your computer as a computer? I have an ancient flip-phone that does little other than make phone calls and has the VZ navigator. I've never wanted for anything else. This is all so stupid. Now, get off my lawn.
I think this will take a week, max.
We could unpublish it from the catalog so that it was no longer available, but if it was very rogue then we could remove applications from handsets - we don't want things to go that far, but we could
I wonder whether "very rogue" is anything like when Windows Genuine Advantage was classified as a security update, and pushed out with the rest of the critical patches.
~Loyal
I aim to misbehave.
It's too bad Jon Stewart didn't include "scary #^%@ companies do to us" in his Rally to Restore Sanity. I mean, yes, it'd be very nice if companies that sold us hardware let us use it how we want to, and it would CERTAINLY be nice if FaceBook would get real with their privacy issues, but honestly, I don't think kill switches are anything to get overly concerned about. It's not as if they're going to randomly laugh maniacally and start wiping random people's phones out for fun.
Is it great that they (ALL of them, except maybe RIM) retain tons of control? Not really. But if the intent is to keep your hardware safe from malicious code, at least the intent is partially positive. Not saying it's not there for other potential uses, too (kill a rooted phone, etc), but still, I don't think random death is going to occur either.
For conscience is the wound, and there's naught to staunch it
According to Dave Haynie, "PCI bus had an army of engineers at Intel, Zorro III bus at Commodore... had me."
...so that high security risks such as Internet Explorer could be killed when this happens: http://www.theregister.co.uk/2010/11/03/ie_0day_bug/
The phone should alert and prompt you. If an app is dangerous, they should tell you so including details on the scope, ie "This app will disclose your personal information to third parties without consent." then give you the option of removing it or leaving it at your own risk.
How about we sell phones that the customer actually OWNS and CONTROLS?
Crazy thought, huh?
So... I buy an app that enables "FutureNeatoStuffThatM$FTDoesn'tLike" for $100... then Microsoft says "That hurts out business model! Rogue app!!!" and deletes it. Hrm... That doesn't sound like a feature to me.
Don't worry, maybe in 5 years we will have it for the PC as well. With the Cloud and SaaS it's easier.
Why are people are get along with it? It's not only the marketplace, which now everybody sells as the best thing since sliced bread, not only the kill switches on their e-book readers and smartphones, but the general DRM scheme and the EULAs and licenses. I observe, that if it's software or a digital work, the customers are going to live with every abuse the provider can get away with. I always laugh if I think how different people think with real objects that they buy in contrast of a digital work. Like if you buy a book, you think it's your property and not just a license; you think you can read it however you like; you can do with it whatever you like. In contrast with a DVD with you have the only right to watch it, on predefined devices, on predefined times (you can't skip advertisement).
http://www.mueller-public.de - My site http://www.anr-institute.com/ - Advanced Natural Research Institute
see above
Indeed. Plus Apple have never used it yet but Google have. So who are the bad guys?
From http://www.slashgear.com/ndrive-gps-app-disappears-from-apple-app-store-kill-switch-the-culprit-0893419/
The application itself went for $2.99 in the App Store, and it provided upwards of 1.8GB of US map data. However, it sounds like people didn’t have long to download it, or enjoy it for that matter, before the application itself was pulled from the App Store. And then subsequently pulled from customer’s iPhones as well ..
Customers on forums are reporting the same thing, such as those on Apple Discussions, saying that the app was on their device, but now it’s just gone.
This space for rent.
Aside from "rogue" apps, a remote kill switch can remove any side loaded software; the application store will be the only choice, stifling competition. TFA says that the phone can check in and see if the app is approved, if not it can be deleted. We need laws that can't let hardware manufacturers dictate how a device is used or what's put on them after a sale, so long as it doesn't cause MEASURABLE harm or interference with or to other services or devices.
If the the remote kill switch bugs you, get a Palm/HP webOS device, they openly support their home brew community. webOS has a beta application store channel if you're feeling adventurous. Yes, I own a Palm Pre but no stock in HP.
maybe you should reconsider who or what's "gone wrong"
GPL - which is the license used by the Linux kernel and a good deal of the userspace (generally Busybox, Dropbear, etc. Sometimes GNU on more featured Linux Phone OSes) - was explicitely designed to make sure that the *END USER* *always* remain 100% in control of the software he has. (Can use it, copy it, study it, modify it, remix it, whatever) No matter what intermediate the software has gone through on its way to the user.
Kill switches are exactly designed in the opposite direction : No matter what, the application store owner (Google, Apple, Microsoft) has always the last word in deciding what is OK or not to run under their device.
That's objectively a contradiction between the original intent of the software, and the way the software is used. It's "gone wrong" no matter how many sheeple don't care.
(Expect a future GPLv4 to explicitely require that the end-user can override such killswitches.)
Sometimes the lone wolf everyone disagrees with isn't the revolutionary hero of legend he thinks he is.
Other times, the lone wolf is the only guy with enough foresight to pay attention to a tendency building up, that nobody else bother to notice until it's too late. And then what everybody complains about is only the consequence of their oversight.
(Ob xkcd ref)
(See the problems that IE6 and XP are causing now, even to microsoft themselves. Back then, people complaining about the risk of lock-in were probably considered silly crazy lone wolfs too)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
You're saying that it's better to disable the entire device instead of remove the one offending application?
No. Think more like "Towers refusing regular connections from aggressive phones".
- You get to install what you want.
- If some service provider can't take the load (US towers are bad at connection build/tear-down) they'll just refuse to speak to that phone (except for 911 / 112 calling). Or otherwise limit the affected service (Refuse data connections, degrade 3G to 2G) and send an alert message ("Too much data connection per minute, please uninstall application XYZ").
- At no point in time is any remote control of the phone required.
The phone network is protected from TEH EVUL APPS, but nothing happens without the end users consent.
(And the users will be quick to discover which ISP can't take the load and which can - EU towers don't have such problem because the same behaviour has been used for SMS since ages)
(Let the OS maker or the ISP create a separate opt-in "black list" service : receive over WiFi exact information about what to uninstall to get 3G Data working again).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
I hope they actually have a patent on this and decide to enforce it.
If someone is passing you on the right, you are an asshole for driving in the wrong lane.
Its just a phone. Once they start doing this to your computers, THEN you can get upset.
---- Booth was a patriot ----
nor a Palm webOS device
The default "walled garden"-type application manager has a kill switch to remotely remove installed applications.
But people interested in homebrew and other such advanced forms of uses can install (just install. No hacking/exploiting/jailbreaking involved. Just activate dev-mode with the corresponding command) other package managers (PreWare is an example) which can pull software from repositories which aren't controlled by the ISP or HP/Palm. .IPKs)
The command-line (enabled by the devmode or by installing SSH - again no jailbreaking) also gives directly access to "ipkg" (an "apt" clone) which let you install packages directly, without any online repository. Or you could even upload binaries directly after installing (no jailbreaking) the corresponding network handler (sftp, samba, whatever...) and such direct copies won't be registered by any database (not in the official walled garden, neither even in the list of installed
Basically the approach for the Palm Pre is : it comes out-of-the-box in "walled-garden" mode. power users can switch it to dev-mode after typing a command (so Joe Six Pack doesn't do something silly by accident), and then it's "Use at your own risk". At worst you can reflash a clean factory image.
It's like receiving a bicycle with training wheels, and the proper instruction about how to remove them/put them back in.
Yes, Palm had a long tradition of supporting 3rd party development and creative hacking.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
They are sick and fed up with PCs and malware/spyware and anything that helps avoid this problem is worth more to them, not less.
Except that, by the time a smart-phone is infected, you can't trust the kill switch to function correctly any more.
(Just like most modern PC malware try to bury themselves deeper, away from the virus scanner's reach)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Actually it's a old form of English called weaselese where random words get replaced with euphemisms that don't sound as bad. For example, which sounds better to you:
"A lack of synergy will commit us to depublishing your works and down-sizing your position. Thanks to competitive agreements with neighbors, we've cornered the market in potential employment with a bonus outreach to family members."
OR
"Since you don't share in the corporate culture around here, you're going to be censored and eventually fired. If you try to work in this city again, we'll skull fuck you and your whole family."
If people had a computer/device with no accessible admin root privs, an App Store that would slap down a word processor, Web browser, and maybe a version of Solitaire, there would be few complaints from the Joe Sixpack gallery, especially with an app store that is popular.
Well, as long as the possibility to get out of the walled garden is still offered, that's 100% OK with me.
You would indeed have described the situation of Linux desktops :
- Default user accounts are non-admin (you have to switch to root to do admin stuff, and you have to provide a password for that. This avoids doing it by incident).
- By default, software packages are pulled from the main repository (a place with known-good controlled applications)
- En user is free to add other repositories to the list to pull additionnal services.
Oh, and guess what: Linux operating systems *do* get less viruses. (Although in this case platform diversity helps too).
(In the mobile world, WebOS works that way : either use the default application manager and stay in the walled garden, or install Preware and pull additionnal packages from elsewhere too)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Microsoft's history of security - at least in anything it lets people at home use - suggests to me that the first virus that triggers kill-switches will probably appear as the first phone appears.
And if they protect it with something stupid - like the DCMA or its kin - they are failing to protect users from whatever fallout might happen.
I look forward to being happily surprised. I don't expect to be surprised.
A small amount of C4 embedded in the phone can be detonated. Naturally, they don't want to take it that far... but they can!
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
before home computers in general work this way?
comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
Thats what she said. ;)
I applaud Microsoft on the killswitch because they are finally attempting to compete with the likes of Apple on Apple's terms - as a company whose product is not a hardware or software technology, but an "experience". I expect much of the consumer marketplace to become much more "experience" driven, whether it's a complete home theater solution, or complete mobile social connectivity solution.
But you ARE really talking about it publicly, so stop pretending.
I am anarch of all I survey.
You really should market your 100% foolproof operating system better, you'd think it would be quite popular.
To have a right to do a thing is not at all the same as to be right in doing it
So guess what!?
Everybody involved with new tech suddenly has to use a closed platform.. And..
Mod me up, and you can get f**ked if you think otherwise. Invent your own phone.. and OS, and base it on OSS.
So stop whining, and enjoy your Iphone etc.
-Aussie Guy
And go and get f++ked.
Nor an iPhone, nor an Android device, nor a Palm webOS device, nor a BlackBerry (assuming you're on a BES system).
I'm with your parent here: I don't want any of these. I like my N900, though---it runs (basically) Debian, and if the "basically" part is too far away from the real deal, it runs the real Debian in a sandbox too. To pwn it, install 'gainroot'.
(I don't work for Nokia, I'm just a happy owner)
If I don't download apps all willy-nilly, I should be able to avoid such problems. However, in the event that my phone gets so compromised that I can't just remove the offending app, I can always reflash it. That's why I like my windows phone. And I swear to god - if the term "jailbreak" gets applied to unlocking windows phones, I will have to cut a bitch.