Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Outlines Windows Phone 7 Kill Switch

Posted by samzenpus on from the stopped-in-its-tracks dept.

nk497 writes "Microsoft has outlined how it might use the little publicized 'kill switch' in Windows Phone 7 handsets. 'We don't really talk about it publicly because the focus is on testing of apps to make sure they're okay, but in the rare event that we need to, we have the tools to take action,' said Todd Biggs, director of product management for Windows Phone Marketplace. According to Biggs, Microsoft's strict testing of apps when they are submitted for inclusion in Marketplace should minimize kill switch use, but he explained how the company could remove apps from the marketplace or phones, when devices check-in to the system. 'We could unpublish it from the catalog so that it was no longer available, but if it was very rogue then we could remove applications from handsets — we don't want things to go that far, but we could.'"

46 of 258 comments (clear)

  1. Re:Proactive virus and bot protection by QuantumBeep · · Score: 2, Funny

    How sad that the phone is so insecure that malicious code could run.

    Everything can run malic... wait...

    Oh, OK. Trolling. Carry on then.

  2. Before people start in on MS..... by rwven · · Score: 4, Informative

    http://www.readwriteweb.com/archives/google_activates_android_kill_switch_zaps_useless_apps.php

    http://news.cnet.com/8301-13579_3-10010070-37.html

    Both Android and the iPhone have kill switches as well.

    Google has actually used theirs.

    1. Re:Before people start in on MS..... by indiechild · · Score: 4, Insightful

      Never let facts get in the way of a good Apple bashing, right?

      http://www.razorianfly.com/2010/07/08/did-apple-just-use-the-ios-kill-switch/

  3. Another Brilliant Microsoft Innovation! by Yvan256 · · Score: 4, Insightful

    Brought to you by Apple.

  4. Re:hmm by swanzilla · · Score: 2, Insightful

    this seems baiting....

    ...until someone points out that Apple and Google did this before M$

    --
    0 = 1 + e^(Alt something)
  5. I'm not as bothered as I should be by QuantumBeep · · Score: 4, Interesting

    Buying a mobile phone is already such an exercise in trust, I have a hard time worrying about a remote app kill switch.

    1. Re:I'm not as bothered as I should be by CosmeticLobotamy · · Score: 2, Insightful

      I don't understand why worrying is what this makes people do. There's nothing stopping someone from writing an app that appears useful, waits until June 2nd, 2011, then does the most malicious thing the phone's sandbox will allow it to do. At that point, if the phone becomes unusable for 20,000 people, or if it becomes a plague spreader, or if it starts making calls to Pakistani phone sex lines while you're asleep, but on the outside it still appears to be a friendly purple gorilla so people don't delete it themselves, someone has the power to kill it. Good.

      Yes, priority should be on making sure the app can't do anything you don't want it to do, and I'm sure that effort is being made, but things will be missed.

      They can stop you from running things they don't like, sure, but it's not like this is a purely evil tool. If I were designing it, I'd put it in, too.

    2. Re:I'm not as bothered as I should be by Sloppy · · Score: 5, Insightful

      I don't understand why worrying is what this makes people do. .. [if software does a bad thing] someone has the power to kill it.

      The reason people dislike it, is that the normal way for personal computers to operate is that the owner of the device (who is also typically the user), is the "someone" that you mention. And a lot of us are still used to the normal way (I guess that's why I call it "normal" ;-). The evil here is not the killswitch; it's whose hand is on the switch.

      If the phone were larger and had a full size keyboard and monitor, a lot of people would say that worrying is the right thing to do. But since we call it a "phone" (or a "game console" or an "ebook reader") the rules are magically different even though there's nothing about how the device is used, which should change who its master is.

      That said, while "a lot" of people would object to a desktop PC working this way, maybe some wouldn't. There does seem to be a level of frustration with users (typically Windows PC owners) installing malware, and this isn't the first time someone has proposed giving up and taking the power and authority out of their hands. What's interesting, though, is when you cross the line going down to a certain size (Apple's tablet being the new threshold) it's no longer just an idea, but is actually happening.

      Imagine if desktop PCs had evolved like the handheld ones are. Pretty sad. And pretty scary to think that the phone/gameconsole mindset still might infect the desktop. Why can't the next Mac come with IOS or the next Dell come with Windows Phone 7 or the next whitebox x86 come with Android -- and "brick" if the user tries to install something that doesn't suck? Throw in lock-in subsidies from ISPs, and people might actually buy 'em, and then desktop developers who want access to the widest market, might find themselves having to kiss the ass of the repository maintainers (a.k.a. "app store"), not be allowed to write competing apps, etc. This kind of shit would have totally prevented a lot of tech that we all take for granted today. Lame.

      --
      As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
    3. Re:I'm not as bothered as I should be by Sloppy · · Score: 3, Interesting

      All those years of bitching about Windows and saying "This isn't normal!" and being right. At some undefinable point, the bizarre alien weirdness became old enough and accepted enough to pass as "normal." The facts changed underneath me.

      Damn you, AC, for pointing that out. Another little part of me just died. Fuck you. Fuck you with a chainsaw, for being right.

      [Deep breath] Ok, so Windows is [choke] ..

      Nnn..

      Nnnnn..

      Fuck you.

      Windows is nnnn

      Fuck.

      Windows is normal.

      It's normal, like how dog shit sometimes appearing in the back hall of the house is normal, now that I've had this puppy for 8 months. It wasn't normal and then, one day, it was normal. Ok, I get it. You bastard. AC, did I mention "fuck you?" I just wanna make sure we're clear on this: fuck you for implying Windows is normal and being right. Probably right. Right under protest. Fuck you.)

      So .. if that OS is that way (you know what I mean), even so: Windows users have the option of not installing (or removing if preloaded) AV software, don't they? Isn't the owner still ultimately empowered to take on the job of cleaning up their malware?

      (I'm still in shock. Tomorrow we might have to fight about the N word applying to that OS. I gotta gather my wits here. If someone wants to step in and explain how that AC just tricked me, go for it,)

      --
      As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  6. So they sell it, make a buck, then take it? by mr_mischief · · Score: 2, Insightful

    I always thought selling me something then taking it back was theft.

  7. Remember, kids... by kurokame · · Score: 5, Insightful

    If someone else can come in remotely and change what you've got installed, it's not your system and it's not your software.

    But we encourage you to think of it as your own - it makes the fees hurt less, and we can always straighten you out on the details of ownership later.

    1. Re:Remember, kids... by rwven · · Score: 3, Insightful

      If people don't like the platform, they don't have to use it (yet).

    2. Re:Remember, kids... by rwven · · Score: 4, Interesting

      You could always root/jailbreak your android/iphone and disable the kill switch.

    3. Re:Remember, kids... by Amouth · · Score: 2, Insightful

      somethings gone wrong when you have to root/jailbreak the linux devices do do what you want but the windows ones are open..

      (except this newest version of windows.. but it isn't exactly out yet so i don't count it)

      --
      '...if only "Jumping to a Conclusion" was an event in the Olympics.'
    4. Re:Remember, kids... by mlts · · Score: 2, Insightful

      The sad part, what I want/need a device to do, usually isn't on the open platforms.

      1: Exchange support with strong encryption, so if a person is stupid enough to leave the device in the back of a taxi, someone with basic forensic skills cannot easily get sensitive E-mail and documents. Here, iPhones are decent, but the best (assuming no BES) would be a WM device with encryption on the memory card flipped on.

      Ideally, I'd like to see Android have LUKS as an option on both the data filesystem and the SD card, with key strengthening, as well as auto-erase if the PIN is mis-entered more than x amount of times. Maybe even allow for a strong passphrase when starting up the device, then a PIN for unlocking (where the volume password is not stored in persistent memory, so a reboot clears it.)

      2: Apps, apps, apps. Mobile platforms are very different from one another. This means that writing an app on obj-c will require a rewrite for the Dalvik VM. Same with Silverlight/XNA. So, developers are forced to pick one platform and be done with it, unless they are well funded enough to have multiple, disjoint codebases. I'd love to see Maemo/Meego pick up the critical mass of apps so it becomes a mainstream platform. However, right now, we essentially have iOS and Android as the two top contenders with everyone way far behind in the program department.

      3: Usability. iOS is very good at this. Android is as well. The ability to navigate between apps without jerkiness or freezing, a consistent UI, the ability to interrupt existing apps for phone calls, handle out of storage space gracefully, etc. Android might need a kick in the jimmies with an app like Advanced Task Manager sometimes, but that is normal.

      4: Accessories. iOS devices have accessories in spades. Even cars sport 30 pin docks sometimes.

  8. Too grainular by Nethead · · Score: 2, Insightful

    If the handset is causing issues with the network because of a rouge application just shut down the handset. (Well, allow 911 or your local PSAP number.) This, hopefully, would be just an AUP issue. Sometimes a hammer is the right tool.

    --
    -- I have a private email server in my basement.
    1. Re:Too grainular by amicusNYCL · · Score: 3, Insightful

      You're saying that it's better to disable the entire device instead of remove the one offending application? I'm not sure how you made that conclusion, but how would the owner recover their device if Microsoft shut the entire thing down? Should Microsoft or any handset vendor be allowed to simply disable the entire device?

      --
      "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
    2. Re:Too grainular by sempir · · Score: 3, Funny

      If I were to put rouge on my handset my neighbours son would be SO...SO jealous.

      --
      A closed mouth gathers no foot.
    3. Re:Too grainular by IndustrialComplex · · Score: 4, Insightful

      You're saying that it's better to disable the entire device instead of remove the one offending application?

      It can actually be less intrusive. I have no 'right' to use a network, so if I am screwing up the network because of an app I have, kicking me off the network doesn't do anything to MY equipment.

      It means I can install whatever I want on my phone and no backdoors are needed.

      Think of it like renting a car to someone. You can do whatever the hell you like to your body, but I don't want you smoking in my car. I refuse you the car, but I don't confiscate your cigarettes.

      --
      Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
  9. Re:hmm by mcgrew · · Score: 3, Insightful

    TFA pointed it out. I decided quite some time ago I'm just going to keep using my dumb phone; It's just smart enough to make calls, take calls, text, email, and access a limited internet.

    I don't want a third party screwing around with MY property, thanks.

    --
    Free Martian Whores!
  10. Re:hmm by gilesjuk · · Score: 2, Insightful

    Indeed. Plus Apple have never used it yet but Google have. So who are the bad guys?

  11. Re:hmm by Yvan256 · · Score: 4, Funny

    Commodore, for sitting on their asses and letting the Amiga fall behind the competition?

  12. Re:hmm by countertrolling · · Score: 3, Insightful

    So who are the bad guys?

    Everybody.

    --
    For justice, we must go to Don Corleone
  13. Re:hmm by pak9rabid · · Score: 2, Funny

    Ooooh goooooood for you!

  14. Re:Thanks for the warning. by Anonymous Coward · · Score: 4, Insightful

    Look, it's time to face reality. This is 2010, not 1990. This is a FEATURE for most people, not a drawback. They are sick and fed up with PCs and malware/spyware and anything that helps avoid this problem is worth more to them, not less.

    Apple does the same thing with iDevices and they are doing a brisk business and battling with Google for supremacy in the mobile computing space. The market has spoken, and it wants a safer computing experience which is provided by this ability.

  15. Re:Nokia by angiasaa · · Score: 3, Interesting

    No, Nokia does not have a Kill Switch. However, in the event of a rogue app infestation on their smart-phones, Nokia is capable of pushing an app to excavate the offending app before initiating a self-distruct. This is done with the users permission and discretion via the pre-installed Software Update app.

    --
    Geekism is your _only_ God!
  16. Re:Thanks for the warning. by amicusNYCL · · Score: 5, Insightful

    Now I have no need to even consider getting one.

    Nor an iPhone, nor an Android device, nor a Palm webOS device, nor a BlackBerry (assuming you're on a BES system). Indeed, when your world is black and white many decisions are easy.

    --
    "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
  17. We should applaud Microsoft for security by SuperKendall · · Score: 4, Insightful

    Microsoft has made a lot of poor security choices in the past, so we should praise them when they do something that will improve the general level of mobile application security. All mobile platforms to-date have kill mechanisms, for the average user it's a great thing to be able to shut down a rogue app en-masse and not have to wait for even an update cycle.

    Experienced technical users will ALWAYS have the equivalent of Jailbreaking to prevent applications from being removed or modified externally if they so wish. But that is a choice that should be made by a technically informed person after consideration, not a default configuration that the general public has to live with the repercussions from for the next decade.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:We should applaud Microsoft for security by rakuen · · Score: 2, Interesting

      Why not just make it an option? Not an option you'd just randomly stumble across and disable, mind you. I mean it's in a very specific place in the configuration, and when you toggle it, it pops up a disclaimer explaining what you are going to do and asking you if you are sure you want to accept the risk. Once you agree, anything that happens to your phone is on you.

      Note, I'm not talking about a "Jailbreak" option, because that'll never happen. I'm talking about a "Disable Killswitch" option.

    2. Re:We should applaud Microsoft for security by Anonymous Coward · · Score: 5, Insightful

      Which is why the right way to do it is with a configuration setting that you help the user select at purchase/installation time and through user training. Yes, people don't want training, but that's the price of using a complicated feature rich application. Give people the option to

          1) enable automatic remote kill
          2) enable automatic remote kill prompting
          3) disable it
          4) enable it on sync
          5) subscribe to push notifications of kill requests

      There's lots of ways to handle this--but automatic remote kill is only one of them, and the last tech friendly. Not just because geeks don't like DRM, but because it exposes all applications to a very real Denial of Service risk. What happens when somebody spoofs a remote kill to my VPN adapter or its corporate nameserver? What about remote killing my asset management application that scans barcodes (even if poorly) from the camera?

      Hell, doctors have PHI on phones these days--you *need* remote kill on that app, but the consequences of deletion could be medically deadly.

      Point us--remote kill isn't wrong because it's remote kill. It's wrong because there's no choice or control without jailbreaking it.

    3. Re:We should applaud Microsoft for security by SuperKendall · · Score: 2, Insightful

      What happens when somebody spoofs a remote kill to my VPN adapter or its corporate nameserver?

      Much less than what happens than when the 1% of users that change the configuration just because they can, get hit by a keylogger that cannot be removed.

      Even though all modern smartphone platforms have this ability we have yet to see such a denial of service attack, and at worst it would be a minor inconvenience compared to damage a more lax security policy can cause, even one where you can simply configure it to be more lax.

      For one thing it would require spoofing the exact server responses to a device attempting to access them main server from a WiFi location that the device joins (since a man in the middle attack when the device is using the cell network is much more impractical), which means the potential attack vector is limited to a tiny pool of devices in an isolated physical location. Compare that to the risk of letting users configure security policy across millions of devices. Large corporations do not let most people "opt out" of strict security policies, and I don't think smart-phone vendors should either. Again, for those with some corner case technical need, there will always be hacks (in the true sense of the word) to get around a system. But some things you just don't want to open up to the average user, especially in terms of security - we have all lived through decades of problems caused by doing so.

      --
      "There is more worth loving than we have strength to love." - Brian Jay Stanley
    4. Re:We should applaud Microsoft for security by Dhalka226 · · Score: 2, Interesting

      On the other hand, if you acknowledge that remote kill is sometimes necessary then 2, 3 and potentially 5 are counterproductive.

      Presumably, the users installed and want the application in question because it is installed on their phone, and the negative effects are not noticable, or they would have uninstalled the application themselves. Think of reasons Microsoft might (legitimately) want to remote kill an application: Something that is stealing identities, violating privacy, etc; something that is causing harm, either to the handset itself, the networks it runs on or other hosts (botnet/DDOS style, intentional or otherwise). Honestly that's all I can think of. Even your example of PHI (which I had to look up by the way!) doesn't necessarily make sense, unless companies have their own killswitches or Microsoft plans on doing it on their behalf, and the kills can be device-targeted -- any of which might be true, but I didn't see evidence of it from the article. Ether way, if somebody is trying to kill an app with PHI on your phone it's probably because you are no longer employed there; it's not like you'd be in surgery with your patient and go to look up anesthesia allergies and find the information is no longer on your phone.

      In either case I'm not sure "nahhh, I'll keep it" is a valid option. If you're harming somebody else, your opinion on whether or not to keep such an app is irrelevant. If you're harming your own hardware, the only reason I can see that you would keep it anyway is you don't believe it -- essentially punishing lack of technical expertise or naiveté ("I don't SEE my phone hardware melting..."). Similar with some sort of privacy-violating trojan. "This fart app is so cool that I don't care if it's trying to steal my bank login details!" isn't something I would consider valid. I mean, they would definitely DESERVE whatever happened to them but it isn't a case I would design the feature around.

      #4 is similar to what they're doing, except that "sync" is "checks in automatically for updates" and thus not requiring user intervention. Any user intervention that is required simply brings us back of the points above.

      Your concerns about security are valid and is something that definitely needs to be addressed in the feature planning stage, but I don't think it is an impossible problem to solve. Beyond that, if you don't trust Microsoft to only use the feature for valid reasons then you should probably buy a phone with another operating system.

  18. Re:A baffling non sequitor by Code+Master · · Score: 4, Informative
    What he's saying is that if MS tests the apps well enough to prevent bad apps from making it into the marketplace, then they won't need to use the kill switch.

    So they are focusing on their primary line of defense being the acceptance testing.

    --
    The Code Master
  19. Oy vey... by jamrock · · Score: 3, Funny

    'We could unpublish it from the catalog so that it was no longer available, but if it was very rogue then we could remove applications from handsets - we don't want things to go that far, but we could.'

    "Unpublish it"? As opposed to simply de-listing it, or removing it from the catalog? "Very rogue"? I had no idea there was a spectrum of roguishness. I sincerely hope that English is his second language. I don't feel the need to correct the spelling or grammar of Slashdot commentators, but this guy is speaking on behalf of a giant corporation.

  20. Re:hmm by adisakp · · Score: 4, Insightful

    So who are the bad guys?

    Everybody.

    I think you've not only figured out big business, but politics as well.

  21. Re:Another reason to keep my Blackberry? by alen · · Score: 3, Interesting

    except with RIM all of your data flows through the Blackberry Internet Service so all they have to do is block it there. at least with apple and google there is no middle proxy between the carrier and the internet

  22. Re:Thanks for the warning. by microbee · · Score: 3, Insightful

    Now I have no need to even consider getting one.

    I doubt you would get one anyways.

  23. Re:This should be good by TheRaven64 · · Score: 3, Insightful

    I think, after some years of practicing, most Slashdot readers are now able to accept that there is more than one evil company.

    --
    I am TheRaven on Soylent News
  24. Re:Cell phones... Are we missing the "phone"? by SmackTheIgnorant · · Score: 3, Informative

    Sorry, too many thoughts, too much incoherance...
    1 - Phones need more phones. not less apps - just more phone functionality
    2 - kill switch - this "could" go badly, but I'd like to see the history of use... Malicious app - Definitely see the use of it. Pirated app? Unlicensed app? Non-approved app? Patched app? These are more of a "Would they? Just because they can doesn't mean they should or will."

  25. Re:hmm by shentino · · Score: 2, Insightful

    Nice guys get their throats cut and their backs stab.

    They aren't even finishing last.

  26. Define: Very Rogue by LoyalOpposition · · Score: 3, Interesting

    We could unpublish it from the catalog so that it was no longer available, but if it was very rogue then we could remove applications from handsets - we don't want things to go that far, but we could

    I wonder whether "very rogue" is anything like when Windows Genuine Advantage was classified as a security update, and pushed out with the rest of the critical patches.

    ~Loyal

    --
    I aim to misbehave.
  27. Entirely new idea: by Arancaytar · · Score: 2, Funny

    How about we sell phones that the customer actually OWNS and CONTROLS?

    Crazy thought, huh?

  28. Re:NSA Key by Anonymous Coward · · Score: 2, Informative

    !seineew era sreenigne enohPi

    Mods: Poster is referring to "Netscape engineers are weenies!", found (typed backwards!) as the password to a vulnerable version of DVWSSR.DLL for Frontpage 98. Really.

  29. Reversal of intent by DrYak · · Score: 2, Interesting

    maybe you should reconsider who or what's "gone wrong"

    GPL - which is the license used by the Linux kernel and a good deal of the userspace (generally Busybox, Dropbear, etc. Sometimes GNU on more featured Linux Phone OSes) - was explicitely designed to make sure that the *END USER* *always* remain 100% in control of the software he has. (Can use it, copy it, study it, modify it, remix it, whatever) No matter what intermediate the software has gone through on its way to the user.

    Kill switches are exactly designed in the opposite direction : No matter what, the application store owner (Google, Apple, Microsoft) has always the last word in deciding what is OK or not to run under their device.

    That's objectively a contradiction between the original intent of the software, and the way the software is used. It's "gone wrong" no matter how many sheeple don't care.

    (Expect a future GPLv4 to explicitely require that the end-user can override such killswitches.)

    Sometimes the lone wolf everyone disagrees with isn't the revolutionary hero of legend he thinks he is.

    Other times, the lone wolf is the only guy with enough foresight to pay attention to a tendency building up, that nobody else bother to notice until it's too late. And then what everybody complains about is only the consequence of their oversight.
    (Ob xkcd ref)

    (See the problems that IE6 and XP are causing now, even to microsoft themselves. Back then, people complaining about the risk of lock-in were probably considered silly crazy lone wolfs too)

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  30. Re:Thanks for the warning. by YodaYid · · Score: 4, Insightful

    Malware is the justification for the kill switch. The concern is that the technology may be misused down the road for other things. Maybe 10 years from now, kill switches will be used to shut off legitimate apps that are considered a threat for some reason (like Iran shutting down Twitter during the anti-government protests). Maybe they can use the kill switch if you are watching a documentary or reading an article you're not supposed to...
    </tinfoilhat>

  31. Old tricks by HeckRuler · · Score: 2, Funny

    Actually it's a old form of English called weaselese where random words get replaced with euphemisms that don't sound as bad. For example, which sounds better to you:
    "A lack of synergy will commit us to depublishing your works and down-sizing your position. Thanks to competitive agreements with neighbors, we've cornered the market in potential employment with a bonus outreach to family members."
    OR
    "Since you don't share in the corporate culture around here, you're going to be censored and eventually fired. If you try to work in this city again, we'll skull fuck you and your whole family."