Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Outlines Windows Phone 7 Kill Switch

Posted by samzenpus on from the stopped-in-its-tracks dept.

nk497 writes "Microsoft has outlined how it might use the little publicized 'kill switch' in Windows Phone 7 handsets. 'We don't really talk about it publicly because the focus is on testing of apps to make sure they're okay, but in the rare event that we need to, we have the tools to take action,' said Todd Biggs, director of product management for Windows Phone Marketplace. According to Biggs, Microsoft's strict testing of apps when they are submitted for inclusion in Marketplace should minimize kill switch use, but he explained how the company could remove apps from the marketplace or phones, when devices check-in to the system. 'We could unpublish it from the catalog so that it was no longer available, but if it was very rogue then we could remove applications from handsets — we don't want things to go that far, but we could.'"

29 of 258 comments (clear)

  1. Another Brilliant Microsoft Innovation! by Yvan256 · · Score: 4, Insightful

    Brought to you by Apple.

  2. Re:hmm by swanzilla · · Score: 2, Insightful

    this seems baiting....

    ...until someone points out that Apple and Google did this before M$

    --
    0 = 1 + e^(Alt something)
  3. So they sell it, make a buck, then take it? by mr_mischief · · Score: 2, Insightful

    I always thought selling me something then taking it back was theft.

  4. Remember, kids... by kurokame · · Score: 5, Insightful

    If someone else can come in remotely and change what you've got installed, it's not your system and it's not your software.

    But we encourage you to think of it as your own - it makes the fees hurt less, and we can always straighten you out on the details of ownership later.

    1. Re:Remember, kids... by rwven · · Score: 3, Insightful

      If people don't like the platform, they don't have to use it (yet).

    2. Re:Remember, kids... by melikamp · · Score: 1, Insightful

      This is a general purpose computer we are talking about, so it's not even your hardware in any meaningful sense of the word. What you own is a plastic-silicon brick which can function as a computer whenever Microsoft is feeling generous. You are basically renting a computer without an administrative account. Run afoul of the contract terms, and you are back to owning a brick.

      Fuck you Microsoft, and fuck you Apple: if you are marginally better now, it won't last long. The only big players poised to create a completely free phone now are Google and the firms behind MeeGo.

    3. Re:Remember, kids... by Amouth · · Score: 2, Insightful

      somethings gone wrong when you have to root/jailbreak the linux devices do do what you want but the windows ones are open..

      (except this newest version of windows.. but it isn't exactly out yet so i don't count it)

      --
      '...if only "Jumping to a Conclusion" was an event in the Olympics.'
    4. Re:Remember, kids... by mlts · · Score: 2, Insightful

      The sad part, what I want/need a device to do, usually isn't on the open platforms.

      1: Exchange support with strong encryption, so if a person is stupid enough to leave the device in the back of a taxi, someone with basic forensic skills cannot easily get sensitive E-mail and documents. Here, iPhones are decent, but the best (assuming no BES) would be a WM device with encryption on the memory card flipped on.

      Ideally, I'd like to see Android have LUKS as an option on both the data filesystem and the SD card, with key strengthening, as well as auto-erase if the PIN is mis-entered more than x amount of times. Maybe even allow for a strong passphrase when starting up the device, then a PIN for unlocking (where the volume password is not stored in persistent memory, so a reboot clears it.)

      2: Apps, apps, apps. Mobile platforms are very different from one another. This means that writing an app on obj-c will require a rewrite for the Dalvik VM. Same with Silverlight/XNA. So, developers are forced to pick one platform and be done with it, unless they are well funded enough to have multiple, disjoint codebases. I'd love to see Maemo/Meego pick up the critical mass of apps so it becomes a mainstream platform. However, right now, we essentially have iOS and Android as the two top contenders with everyone way far behind in the program department.

      3: Usability. iOS is very good at this. Android is as well. The ability to navigate between apps without jerkiness or freezing, a consistent UI, the ability to interrupt existing apps for phone calls, handle out of storage space gracefully, etc. Android might need a kick in the jimmies with an app like Advanced Task Manager sometimes, but that is normal.

      4: Accessories. iOS devices have accessories in spades. Even cars sport 30 pin docks sometimes.

  5. Too grainular by Nethead · · Score: 2, Insightful

    If the handset is causing issues with the network because of a rouge application just shut down the handset. (Well, allow 911 or your local PSAP number.) This, hopefully, would be just an AUP issue. Sometimes a hammer is the right tool.

    --
    -- I have a private email server in my basement.
    1. Re:Too grainular by amicusNYCL · · Score: 3, Insightful

      You're saying that it's better to disable the entire device instead of remove the one offending application? I'm not sure how you made that conclusion, but how would the owner recover their device if Microsoft shut the entire thing down? Should Microsoft or any handset vendor be allowed to simply disable the entire device?

      --
      "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
    2. Re:Too grainular by IndustrialComplex · · Score: 4, Insightful

      You're saying that it's better to disable the entire device instead of remove the one offending application?

      It can actually be less intrusive. I have no 'right' to use a network, so if I am screwing up the network because of an app I have, kicking me off the network doesn't do anything to MY equipment.

      It means I can install whatever I want on my phone and no backdoors are needed.

      Think of it like renting a car to someone. You can do whatever the hell you like to your body, but I don't want you smoking in my car. I refuse you the car, but I don't confiscate your cigarettes.

      --
      Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
  6. Re:hmm by mcgrew · · Score: 3, Insightful

    TFA pointed it out. I decided quite some time ago I'm just going to keep using my dumb phone; It's just smart enough to make calls, take calls, text, email, and access a limited internet.

    I don't want a third party screwing around with MY property, thanks.

    --
    Free Martian Whores!
  7. Thanks for the warning. by Cornwallis · · Score: 1, Insightful

    "...we could remove applications from handsets - we don't want things to go that far, but we could."

    Now I have no need to even consider getting one.

    1. Re:Thanks for the warning. by Anonymous Coward · · Score: 4, Insightful

      Look, it's time to face reality. This is 2010, not 1990. This is a FEATURE for most people, not a drawback. They are sick and fed up with PCs and malware/spyware and anything that helps avoid this problem is worth more to them, not less.

      Apple does the same thing with iDevices and they are doing a brisk business and battling with Google for supremacy in the mobile computing space. The market has spoken, and it wants a safer computing experience which is provided by this ability.

    2. Re:Thanks for the warning. by amicusNYCL · · Score: 5, Insightful

      Now I have no need to even consider getting one.

      Nor an iPhone, nor an Android device, nor a Palm webOS device, nor a BlackBerry (assuming you're on a BES system). Indeed, when your world is black and white many decisions are easy.

      --
      "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
    3. Re:Thanks for the warning. by microbee · · Score: 3, Insightful

      Now I have no need to even consider getting one.

      I doubt you would get one anyways.

    4. Re:Thanks for the warning. by YodaYid · · Score: 4, Insightful

      Malware is the justification for the kill switch. The concern is that the technology may be misused down the road for other things. Maybe 10 years from now, kill switches will be used to shut off legitimate apps that are considered a threat for some reason (like Iran shutting down Twitter during the anti-government protests). Maybe they can use the kill switch if you are watching a documentary or reading an article you're not supposed to...
      </tinfoilhat>

  8. Re:hmm by gilesjuk · · Score: 2, Insightful

    Indeed. Plus Apple have never used it yet but Google have. So who are the bad guys?

  9. Re:hmm by countertrolling · · Score: 3, Insightful

    So who are the bad guys?

    Everybody.

    --
    For justice, we must go to Don Corleone
  10. We should applaud Microsoft for security by SuperKendall · · Score: 4, Insightful

    Microsoft has made a lot of poor security choices in the past, so we should praise them when they do something that will improve the general level of mobile application security. All mobile platforms to-date have kill mechanisms, for the average user it's a great thing to be able to shut down a rogue app en-masse and not have to wait for even an update cycle.

    Experienced technical users will ALWAYS have the equivalent of Jailbreaking to prevent applications from being removed or modified externally if they so wish. But that is a choice that should be made by a technically informed person after consideration, not a default configuration that the general public has to live with the repercussions from for the next decade.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:We should applaud Microsoft for security by Anonymous Coward · · Score: 5, Insightful

      Which is why the right way to do it is with a configuration setting that you help the user select at purchase/installation time and through user training. Yes, people don't want training, but that's the price of using a complicated feature rich application. Give people the option to

          1) enable automatic remote kill
          2) enable automatic remote kill prompting
          3) disable it
          4) enable it on sync
          5) subscribe to push notifications of kill requests

      There's lots of ways to handle this--but automatic remote kill is only one of them, and the last tech friendly. Not just because geeks don't like DRM, but because it exposes all applications to a very real Denial of Service risk. What happens when somebody spoofs a remote kill to my VPN adapter or its corporate nameserver? What about remote killing my asset management application that scans barcodes (even if poorly) from the camera?

      Hell, doctors have PHI on phones these days--you *need* remote kill on that app, but the consequences of deletion could be medically deadly.

      Point us--remote kill isn't wrong because it's remote kill. It's wrong because there's no choice or control without jailbreaking it.

    2. Re:We should applaud Microsoft for security by SuperKendall · · Score: 2, Insightful

      What happens when somebody spoofs a remote kill to my VPN adapter or its corporate nameserver?

      Much less than what happens than when the 1% of users that change the configuration just because they can, get hit by a keylogger that cannot be removed.

      Even though all modern smartphone platforms have this ability we have yet to see such a denial of service attack, and at worst it would be a minor inconvenience compared to damage a more lax security policy can cause, even one where you can simply configure it to be more lax.

      For one thing it would require spoofing the exact server responses to a device attempting to access them main server from a WiFi location that the device joins (since a man in the middle attack when the device is using the cell network is much more impractical), which means the potential attack vector is limited to a tiny pool of devices in an isolated physical location. Compare that to the risk of letting users configure security policy across millions of devices. Large corporations do not let most people "opt out" of strict security policies, and I don't think smart-phone vendors should either. Again, for those with some corner case technical need, there will always be hacks (in the true sense of the word) to get around a system. But some things you just don't want to open up to the average user, especially in terms of security - we have all lived through decades of problems caused by doing so.

      --
      "There is more worth loving than we have strength to love." - Brian Jay Stanley
  11. Re:hmm by adisakp · · Score: 4, Insightful

    So who are the bad guys?

    Everybody.

    I think you've not only figured out big business, but politics as well.

  12. Re:This should be good by TheRaven64 · · Score: 3, Insightful

    I think, after some years of practicing, most Slashdot readers are now able to accept that there is more than one evil company.

    --
    I am TheRaven on Soylent News
  13. Re:hmm by shentino · · Score: 2, Insightful

    Nice guys get their throats cut and their backs stab.

    They aren't even finishing last.

  14. Re:I'm not as bothered as I should be by CosmeticLobotamy · · Score: 2, Insightful

    I don't understand why worrying is what this makes people do. There's nothing stopping someone from writing an app that appears useful, waits until June 2nd, 2011, then does the most malicious thing the phone's sandbox will allow it to do. At that point, if the phone becomes unusable for 20,000 people, or if it becomes a plague spreader, or if it starts making calls to Pakistani phone sex lines while you're asleep, but on the outside it still appears to be a friendly purple gorilla so people don't delete it themselves, someone has the power to kill it. Good.

    Yes, priority should be on making sure the app can't do anything you don't want it to do, and I'm sure that effort is being made, but things will be missed.

    They can stop you from running things they don't like, sure, but it's not like this is a purely evil tool. If I were designing it, I'd put it in, too.

  15. Re:Before people start in on MS..... by Anonymous Coward · · Score: 1, Insightful

    So has Apple for NDrive

    Have they? Just checked and NDrive is installed and working fine on my iPhone.

  16. Re:I'm not as bothered as I should be by Sloppy · · Score: 5, Insightful

    I don't understand why worrying is what this makes people do. .. [if software does a bad thing] someone has the power to kill it.

    The reason people dislike it, is that the normal way for personal computers to operate is that the owner of the device (who is also typically the user), is the "someone" that you mention. And a lot of us are still used to the normal way (I guess that's why I call it "normal" ;-). The evil here is not the killswitch; it's whose hand is on the switch.

    If the phone were larger and had a full size keyboard and monitor, a lot of people would say that worrying is the right thing to do. But since we call it a "phone" (or a "game console" or an "ebook reader") the rules are magically different even though there's nothing about how the device is used, which should change who its master is.

    That said, while "a lot" of people would object to a desktop PC working this way, maybe some wouldn't. There does seem to be a level of frustration with users (typically Windows PC owners) installing malware, and this isn't the first time someone has proposed giving up and taking the power and authority out of their hands. What's interesting, though, is when you cross the line going down to a certain size (Apple's tablet being the new threshold) it's no longer just an idea, but is actually happening.

    Imagine if desktop PCs had evolved like the handheld ones are. Pretty sad. And pretty scary to think that the phone/gameconsole mindset still might infect the desktop. Why can't the next Mac come with IOS or the next Dell come with Windows Phone 7 or the next whitebox x86 come with Android -- and "brick" if the user tries to install something that doesn't suck? Throw in lock-in subsidies from ISPs, and people might actually buy 'em, and then desktop developers who want access to the widest market, might find themselves having to kiss the ass of the repository maintainers (a.k.a. "app store"), not be allowed to write competing apps, etc. This kind of shit would have totally prevented a lot of tech that we all take for granted today. Lame.

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  17. Re:Before people start in on MS..... by indiechild · · Score: 4, Insightful

    Never let facts get in the way of a good Apple bashing, right?

    http://www.razorianfly.com/2010/07/08/did-apple-just-use-the-ios-kill-switch/