Slashdot Mirror
Microsoft's New Plan For Keeping the Internet Safe
itwbennett writes "Microsoft Corporate Vice President for Trustworthy Computing Scott Charney used to think it was the responsibility of ISPs to keep hacked PCs off the Internet. Now, he says the burden should be on consumers. Speaking at the RSA Conference, Charney suggested that the solution may be for consumers to share trusted certificates about the health of their personal computer: 'The user remains in control. The user can say I don't want to pass a health certificate,' he said. 'There may be consequences for that decision, but you can do it.'"
From TFA:
"A bank could ask customers to sign up for a program that would scan their PC for signs of infection during online sessions"
hello ? privacy issues anybody ?
So basically organizations that do business with consumers would be allowed to scan the consumer PC. Great idea...
Next step, you have to allow the government, banks, Ebay, Paypal and what not to scan your PC otherwise they will refuse to do business with you. Since they may not have a linux or other OS scanners, you would be required to use Windows of course.
This guys is a genuis !
Everything I write is lies, read between the lines.
I wonder if openBSD will support these health certificates.
"Access has been refused as it seems you do not have an anti-virus. Why not try *insert highest paying AV company here* anti-virus 2011 for only £99 a year!"
Yeah, this will work real well on my old VAX that I use to surf the web using Lynx.
Karma: Excellent. 15 moderator points expire sometime.
The responsibility goes to the consumer, when Microsoft is assigning responsibility (blame). After all, the highly vulnerable operating system clearly has nothing to do with it, hence the company behind said vulnerable operating system shouldn't have any liability either.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
I like how all of Microsoft's solutions to this Internet-wide problem assume that absolutely everybody is using their software. Honestly, half the problem would go away if everybody stopped using their software.
Need a Python, C++, Unix, Linux develop
First he said he thought responsibility was one place, then he said it was supposed to be another. What will he say tomorrow? The position lacks credibility. Is this even newsworthy?
In order to keep the internet safe, Microsoft has detected and is removing computers running viruses masquerading as operating systems. Those operating systems are going by the names listed below:
Windows XP
Windows Vista
Windows 7
Violence is the last refuge of the incompetent. -- Isaac Asimov
It is the consumer/user error. I do not like this new step they think is helping, but at least people besides us computer nerds are finally starting to fess up to the fact that most of the world sucks on computers
The world is how you make it
They fixed slashdot!
I can now see comments to comments without the parent being expanded!!!!!!
Join me everyone.
Oh, top-level admin, yours is the root access and yours only.
Shall your processes run uninterrupted, and your system free of root kits.
Yours solely is the decision to edit my access level, and to allow me read and write.
I humbly present the output of my processes for you only.
You truly are the inspector of my source. Shall you find no bugs!
Please do not kill the threads of my processes, as I have not killed those of others.
Their start and their end have been seen by you.
Authenticate my files and validate my drivers, as I have done unto others.
You have calculated my file signatures before they have been even made.
You have such watermarks in my files that I do not even know of.
Protect me from viruses and system instability. You know what I'm made of.
My processes will not consume too many system recources, for I am wary of you.
Please back-up me and restore me, should there be a system crash.
Even my least significant bit has been saved by you. Not even smallest of them should flip.
I will adhere to EULA even in the slightest. You shall not find me guilty of a breach.
You shall hold the root access to time eternal, and I shall have an user account in your system.
Amen!
Website owners can probably make a pretty good first-guess at how compromised a system is, if it's running some obsolete and/or insecure web browser ( Firefox 3, IE 6, 7, 8, 9 :-) ).
If it has a certificate where Microsoft digitally signed that the machine indeed has IE6, do you really gain that much?
The user remains in control. The user can say I don't want to run Microsoft's operating system. There may be consequences for that decision, but you can do it.
I agree completely with that part of things. The burden is on consumers (or citizens, as we used to be called). Don't buy Microsoft products and the Internet will be a much safer place.
What are they smoking? They sell the buggiest, shittiest, most useless (some people find it useful...I don't; the last time I tried to use MS Office I spent 15 minutes dicking around w/ the application just to set some bullet points, and decided that 15 minutes could have been better spent downloading and installing OpenOffice - their applications have all turned into overblown, unusable pieces of shit, just like the internals of their operating systems) products, practice all kinds of shady business just to spread their crapware, and then blame the average, non-technical person for how fucked-up their operating system is and how it makes computers unusable to a significant portion of the population.
Jesus. If I sold someone a car that had as many problems as a copy of Windows, I'd be sued - possibly even imprisoned. Someone would probably end up dead fairly quickly if I made a business out of it, and then I'd be up shit creek. But they can sell shitty software and then not be held accountable when it doesn't work? Yes, the world is that strange.
PC moderators can suck my White pierced, tattooed dick. If you think pride == hate, s/dick/Aryan meat mallet/g.
You misspelled Apple. Funnily, it came out as Microsoft. Go figure. A Freudian slip perhaps?
Mit der Dummheit kämpfen Götter selbst vergebens
When Microsoft talks about "security" they're talking about securing the property&rights of digital rights owners (BSA, MPAA, etc) from the untrustworthy users who licensed the software and DVD.
It's not at all about keeping the computer user safe.
It's about keeping data safe from the computer user.
to needing a dedicated device for your online transactions. Something that is not subject to other applications running amok. Perhaps the next generation of credit cards will have touchscreens and wifi.
Nullius in verba
Does he realize that if that were to be put in to place, all Windows users would face the "consequences" because if someone is on a Windows box, you can assume its infected.
Where has reason in the world gone? Have we abandoned it in favor of power and politics?
What party, ultimately, has the most control over how many infected machines there are on the internet? Could it possibly be the software company whose chief product runs on most of the machines out there?
What parties, ultimately, bear the costs of all the infected machines out there? Their owners, sometimes. Everyone who has to deal with the billions of spam emails that clog the internet. Not so much, the aforementioned large software company.
So an executive from that software company suggests that the burden of infection should be placed squarely upon the user. Funny, that.
What's going to stop malware from hooking into the checking program or extracting the key that the program uses to send back the scan results and fake it? You can't just "scan" a computer for malware, you need to get code running on the infected host.
health is very important, by sharing we can provide benefits for others
If you require positive proof of system health then this will penalize every minority operating system or device that does not have the scanning software/certificate available for it yet. But aren't these minority systems the ones that are least risky, compared to the millions of zombie WinXP boxes?
Sure, Microsoft systems will be supported by the bank (using the example given in the article) but what about everyone else (and I do mean everyone). Do we really want a presumption of "disconnect" or "limit"?
a health check. Could I just pass some gas instead?
There, that's better.
If they have a magic scanning technology that tells them if a machine is "safe", then why doesn't Microsoft just deploy that technology to everyone? When I managed a helpdesk, I saw many fully patched machines with updated antivirus machines still manage to become infected by Malware. I didn't know we were already past the age of Zero-day exploits
ZDNet article (http://www.zdnet.com/blog/security/microsoft-continues-push-for-infected-computers-to-be-quarantined/8164) a little more informative.
Combining trusted software such as hypervisors and hardware elements such as a Trusted Platform Module (TPM) could further enable consumer devices to create robust health certificates and ensure the integrity of user information
Just like in the auto industry, if a car maker creates a car that is prone to wrecks, its not the drivers fault.
Proper maintenance, is the responsibility of the user, not fundamental manufacturing flaws that create security problems.
---- Booth was a patriot ----
Heal certificates? My Ubuntu boxes are running just fine and don't need no crap like this.
The user can say I don't want to pass a health certificate,' he said. 'There may be consequences for that decision, but you can do it.
The user can say I don't want to run Windows. There may be consequences, but you can do it.
There fixed that for you, M$.
(Oh, did we forget to mention that that health certificate, de facto, requires you to run M$ Windows? That although there are Linux solutions around, 95% of ISPs don't support it?)
The problem is that this isn't about "proving" that you're clean.
This is about proving that you have, in the past, purchased condoms (anti-virus).
And that you are currently wearing a condom (anti-virus is running).
NOT that you don't have a disease.
Or that you have any symptoms.
Or that anyone you've had sex with had a disease.
The BANKS are the ones that should be dealing with whether they can sanitize anything they receive from you (and anyone else) AND verify that it really is you initiating the transaction.
Sex is NOTHING like an on-line purchase. Try it and see.
MS has there own good free AV and they will not let them self's be locked out from any plan.
It's called 'format'.
Anything like this 'trusted certificate' or 'health scanning app' will just become another attack vector.
Microsoft should just build a new operating system from the ground up that is secure. If MS applied everything they should have learnt from all the security problems they have had over the last 20 years, they could probably make something quite good.
Wouldn't this solve 95% of the problems with infected PC's? Of course that would require reinvesting some of the billions they make from selling their current offering.
You misspelled Linux. Funnily, it came out as Microsoft. Go figure. A Freudian slip perhaps?
FTFY. Monocultures are bad, m'kay?
Jesus was all right but his disciples were thick and ordinary. -John Lennon
like inviting a pedophile to a day care center...
This is basically what banks and e-commerce sites do in South Korea. They force you to install several Active-X programs (per website, by the way) which usually consist of an anti-keylogger, anti-virus, and some SSL related program. Banks also typically have a Active-X personal identification certificate program where it checks for this certificate that is tied to your account and to the machine you are on. The websites will check for these programs and will auto install them if they are not detected. By the time you've gone to a few bank sites and shopping sites, you've accumulated at least 10 Active-X apps which all essentially do the same thing.
Given that these websites are routinely hacked, and from what I hear, more often than sites that are actually standards compliant, I'd say any "health certificate" will only result in a false sense of security.
As a side note: Yes, if you don't have Internet Explorer, you cannot do banking, shop online, check email, or watch streaming video on a PC in South Korea. Smart phones have apps, so those are okay.
.. not containing malware. Malware is defined as programs that are designed to interfere with the normal operation of any other program
The group of programs that are designed to interfere with the normal operation of any other program is loosely defined, there's a lot of opinions about what it should contain, I mean hey, I'm not saying that for example programs to "hack" software to remove copy protection IS malware, just that many people might think it is.
"Problem solved"
"But in the course of the last year as I thought a lot more about this I realized that there are many flaws with that model."
I think thats the problem right there.
Speak and then think... and apparently the thinking takes a LONG time!
...getting tested for STDs as a condition of employment in a porn studio. Who hands out those certificates? Do you really want to trust them as you are getting ready to pull that train?
Have gnu, will travel.
You cannot store an OS "improperly". It doesn't catch germs just by normal decay.
Microsoft's decisions have placed "user friendly" above "security" for years.
That is a problem.
Most people who commented on this topic just don't understand what is Trusted Computing remote attestations. Come back with an opinion once you have a @#$^& clue!
Maybe he got the idea while standing in a queue for an airport security check...
Not like it's a particularly "new" plan.. and oh look, it even has built in support for RADIUS.....
I don't need to test my programs.. I have an error correcting modem.
Apparently, the alchemist did not read Slashdot much in 2009, see:
http://it.slashdot.org/story/09/11/23/1837238/English-Shell-Code-Could-Make-Security-Harder
In this technical paper, someone came up with a set of barely intelligible English sentence,
where some letters are actual BINARY X86 instruction and the rest is basically treated as NOP instructions,
so that he could bypass normal filtering techniques for malicious purposes.
English Shell Code extract:
"There is a major center of economic activity, such as Star Trek, including The Ed Sullivan Show. The former participation
in the United States Drug Enforcement Administration and..."
The way it work was like this, take all X86 instructions, take those who are in the printable range,
write a "decoder program" using only those instructions, then wrap your real exploit code with it
and write a nice ruby metasploit module to do so automagically and there you go.
More to the point, there isn't a single AV product available today that catches 100% of the mal-ware currently out there.
AV is a reactive process.
First comes the mal-ware.
Then comes the infections.
Then comes the signature file.
Then comes the download of the signature file.
Then comes the protection.
Saying that an AV scan found nothing on your computer is really pretty meaningless.
Remember the Sony root kit fiasco? There was ONE anti-virus product that detected it.
ONE!
And it wasn't McAfee or Norton.
You should not have been moderated troll just for defending Microsoft Windows. Sure, the analogy doesn't work, but you are entitled to your opinion. The troll moderation is in no way a substitute for "I disagree" or "the poster shows lack of knowledge by using a bad analogy".
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Customers *own* and therefore are in control of their own damn machines, and it's about time they start taking action with the security of their own data and the Internet as a whole, if they choose to be connected to it. So, customers--do your research. Learn about Internet safety, for a start. Find a different supplier for your operating system. If you need a tip, here's one: look away from Microsoft for your OS fix. The extra security, stability, speed, etc. achieved by avoiding Microsoft products will reward you for it. The lack of forced reboots with nearly every system update, increased resistance to malware, and the diminished "slowing down" of your computer over time are just the tip of the iceberg.
But I disagree that ISPs should not do anything. If some jackass is unknowingly running a bot over the Internet through their paid connection with their ISP to the Internet, then the ISP should warn them to get it fixed and deny service if they fail to do so.
It should be easy to run the scan program in a virtual pc (that is clean), while the computer itself is infected/botnet/malware server. Also a good way to get linux boxes on the net past windows only scanners. Therefore this won't work. The only way to reliably check for infection is to monitor network traffic from outside. The ISP is the only place that is likely to work. Like it or not the only way to cut botnets and virus infestations is to hold ISP's legally liable in some manner. (or to have government run traffic sniffer boxes between your house and the ISP, and we really don't want to go there.)
Hacked PC's are the fault of the OS vendor. Not the user, or the ISP.
Blaming the user is like blaming the driver for their car's recall-worthy shoddy components.
Blaming the ISP is like blaming the highway department for a car's recall-worthy shoddy components.
Who does car recalls? The manufacturer, who usually passes on the cost of it to the vendors who provided the faulty parts (see Toyota and the Tacoma frame rusting). All the OEMs should pass on the cost of their support for Redmond's flawed OS's to... Redmond.
Unless Charney is simply saying that the users are to blame for not installing a safer OS. Because all the owners were at fault for their Explorers having the wrong Firestone tires installed at the factory. Right.
The malware that this scheme is meant to detect will just evolve to include means to trick the detection program into thinking the host isn't infected. Duh! Malware detection will ALWAYS be playing catch up. The people who write viruses (and I'm not talking about moron scriptkiddies, but the likes of those who write the tools that the scriptkiddies download off the net) would become clued up to how the security measures work and loopholes would be found. They would probably pretty quickly come up with a way to infect the server hosting the security detection service through their own connections and then infect every machine that the server connects to thereafter. If you want a secure computer, put it in Fort Knox, run it off a battery and have no network or phone connections. There is a certain amount of risk that must be accepted when doing anything (crossing the street without getting hit by a car, eating without choking, breathing without inhaling noxious fumes, etc). Insurance is really the only way of protecting consumers and service providers. When it hits the fan (and it always may regardless of what measures you take), insurance can pay for it. This scheme is just another Microsoft marketing strategy, and a pretty lame one at that. No more, no less.
Maybe I'm missing something here, but wouldn't hackers just allow for these scans in the trojans they write? Pretty sure it would be easy enough for them to conceal their creations from the system scan required to pass the so-called health certificate. And then you're back to square one. So if I understand what he's suggesting properly, the whole issue of privacy is moot. The method used to check simply won't work in the first place.
Modified from this:
Your post advocates a
( X ) technical ( ) legislative ( ) market-based ( ) vigilante
approach to computer security. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( X ) Remote access and other legitimate computer uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( X ) It will stop insecure PCs for two weeks and then we'll be stuck with it
( X ) Users of computers will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( X ) Requires too much cooperation from spammers
( X ) Requires immediate total cooperation from everybody at once
( X ) Many computer users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( X ) Lack of centrally controlling authority for security
( ) VPNs in foreign countries
( ) Ease of searching tiny numeric address space of all computers
( X ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( X ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in security
( X ) Susceptibility of protocols other than HTTP to attack
( X ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( X ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( X ) Technically illiterate politicians
( X ) Extreme stupidity on the part of people who do business with spammers
( X ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Microsoft
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( X ) Any scheme based on opt-out is unacceptable
( ) HTTP headers should not be the subject of legislation
( X ) Blacklists suck
( X ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( X ) Countermeasures must work if phased in gradually
( ) Sending traffic should be free
( ) Why should we have to trust you and your servers?
( X ) Incompatiblity with open source or open source licenses
( X ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time passwords are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( X ) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Ask me about repetitive DNA
Did that ever occur?
It drives me nuts that every reply to every new product idea assumes:
1) The product is seriously being worked on
2) The product will be released to the public, and soon, and
3) They'll be forced to use the product, as if some thug was holding a gun to their head
In this case, Microsoft's not even likely at step 1, much less step 3. Frickin' relax, ok?
Comment of the year
Their idea consumers should run something like NAP or be forced to go thru a certification process is just another money making scheme couched in nonsense.
The reason why these technologies fail is that ultimatly you end up going down the path of asking a liar if they are being truthful. Don't expect a compromised botnet zombie host to tell you it's anything but 100% healthy and trouble free.
1-Force everyone, even the ones that had a secure OS, to buy and use the latest version of Windows ...
2-Profit
3
4 Who cares, we already got profit
HSBC bank anywhere in the world secures their online banking by supplying its users with a digital security (RSA) device. HSBC in the UK opts to ignore such basic security on their online services by instead asking their users to download a program that scans their home computer for malware - every time they login. You may of course select 'cancel install', only to be painfully reminded on every subsequent login. Unfortunate if you are a MacOS X / *nix user, as you'll be reminded every time to install the (Win32 only) application.
Pathetic? Yes, but here already, and here to stay it seems.
When Microsoft talks about "security" they're talking about securing the property&rights of digital rights owners (BSA, MPAA, etc) from the untrustworthy users who licensed the software and DVD
Which may help explain why there are no native Linux clients for Netflix and Amazon Video On Demand. No iTunes. No Kindle Reader for the Linux PC.
No Hulu or Pandora without Flash or Adobe AIR.
Why Windows 7 sells to 300 million users and takes a 23% market share.
what about those of us who use Linux / Unix / other alternative OSs varieties? Does he really proposing to monopilize the market by performing a community-like legislation on who can and can not be on the net?
what about those of us who use Linux / Unix / other alternative OSs varieties?
Left out in the cold to freeze to death. Until some cool tinkerer reverse engineers it and takes down the entire scam.
Capability Based Security (CabSec) can SOMEDAY give you a computer which is both usable, and secure. It doesn't trust any program. Thus it's never necessary to try to enumerate goodness or badness. You can forget about the arms race with the virus writers, etc... and get back to work.
I'm not the right person to write it... I hate C, and I've got both a day job, and a young daughter.... but... I'll help someone who can do it. The pieces are falling into place. A version of the L4 microkernel has been proven to be bug free... that's a step in the right direction. Now all we need us the GNU Hurd running on top of it, to enforce capabilities.
you guys should really update the gates cyborg icon
Is it just me, or does anyone else worry when massive corporations offer "safety"? I'm not saying that Microsoft is necessarily doing anything evil, but it does make me wonder if this system will also work with Linux and OSX.
Look, MS knows little about security, and doesn't care about users.
Remind me why we're listening to them, please?
They've become so primitive recently. Did you notice who is missing in the list of people potentially responsible for the computer security? The user is there, the ISP is there, the OS manufacturer is... oh... hm... what a surprise.
If MS would get off its lazy but and add some 20 year old security principles to its OS, we'd all be better off.
Assorted stuff I do sometimes: Lemuria.org
Blackadder: Baldrick, I have a very, very, very cunning plan.
Baldrick: Is it as cunning as a fox what used to be Professor of Cunning at Oxford University but has moved on, and is now working for the UN at the High Commission of International Cunning Planning?
Blackadder: Yes, it is.
Sorry. I couldn't help myself.
From the headline: 'There may be consequences for that decision, but you can do it.'"
Let's face it, if you use Windows, there are consequences.
If Microsoft really wants to do something helpful, they can stop marketing Windows as "the easiest thing ever!" to non-technical users.
Likewise, commercial OS companies like Apple and Microsoft can't go around admitting that their software has bugs and that it crashes all the time, any more than Disney can issue press releases stating that Mickey Mouse is an actor in a suit.
Also; +1 Insightful!
IAIFARSIJDPOOTV - I Am In Fact A Reality Star; I Just Don't Play One On TV
Yes of course they remain in control. First of all they have the choice of not letting their PC get infected by NOT using Windows. And if they must use it, and were compromised, then please stay off the Internet.
Well, what about the standard level of UAC in Windows 7 (on notch below the strictest setting), that allows you to change networking settings without UAC confirmation. A rogue program can thus change the IP-address of your DNS without user intervention nor UAC prompt.
So having a "trusted" OS will not help you against rogue DNS servers in the Ukraine that logs your details in online banking transactions with a fake bank website.
Microsoft: With our billions of dollars, we can't develop a secure OS, so therefore we put the onus on the users.
You're funny. I've been doing security as a profession since times when "windows" referred to the glassy panes you have in your house. I've also had one system of mine compromised in that entire time. But contrary to you, I don't believe that I should be responsible for installing the brakes, airbag, ABS and safety belts in my car, even if I happen to be a mechanic. If the car is inherently unsafe, it's not because the owner failed to install his own brakes, it's because cars ought to have brakes.
And if you think rwx is the pinacle of security principles, there's nothing I can do for you, because you would need years of study in order to appreciate what's out there. Meanwhile, remind me why a user has exactly one set of permissions and why every file he opens, every program he runs and everything else he does needs to inherit the very same set of permissions. As if we had never invented roles, domains, RBAC, MAC, MLS and two dozen other concepts.
Assorted stuff I do sometimes: Lemuria.org
This has always been the problem. Never-ending layers of "protection" around my fundamentally flawed OS.
The usual predictions apply.
10% wont have any clue what it is
20% will but wont install it properly
For the remaining 70%, the bad guys will already be busy with a workaround.
knows the bible better than most.
Seems fitting for this story.
You're really on to something. Take it up a concept class.
"Those of us who study (Airport) security and take steps to use our (Airport) systems responsibly don't want to be burdened by all of these requirements intended for those who don't. I'm sorry that a few bad people defraud others of their (Flight Safety), but the minimum requirements for any proposed solution include not punishing those who are doing things correctly by imposing such intrusive measures."
One of the best descriptions of the TSA problem I've ever seen!
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Whenever there's a problem with any M$-stuff, the kneejerk reaction is to blame the users or other companies and let them "solve" it. Nothing new there.
Why doesn't Microsoft just FIX their fscked-up software?
They've had so many security holes in so many versions of Windows/Exchange/Office/IE for so long, they MUST be making money from them.
Or are they really that stupid? We all know their CEO is.
You have to sell that differently. Here's how:
"We have come up with a security system that will improve the security where you need it most: When sensitive data, and most of all YOUR money, gets handled. For the longest time, the burden was on you, and security has never been easy. Even people with a lot of knowledge get hacked. Hasn't there every time you used online banking been that nagging feeling of "what if I have a trojan in my machine and my killer does not find it?".
Those worries are over now!
We, in cooperation with your bank, came up with a new system where your system gets an automatic full and in-depth analysis to make sure that none of your data goes to anyone in a country ending in -stan. You don't even have to do anything, the system is fully automatized and for you it is free of charge! Security has never been easier, more hassle free and required less knowledge of the inner workings of your computer!
THAT's how you sell something like this. Not with the looming threat of "there may be consequences should you dare to resist". C'mon, that begs for resistance! Tell people that it's free and that they don't have to do anything and they'll hand over any semblance of privacy to you. For their protection and safety.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Certificates it's what's not for dinner. Especially on my rack
XP graduates to cloned, offline built, air-gap-ed-hood
7 graduates to cyber nanny infested, wrongful accused, business killing, ad network for anyone left with money much longer
NETBSD and LINUX users scratch their heads or asses wondering if consequences mean restrictions on data, speed, ports, commerce, content
Certificates as an idea, vision, and framework is another fiat terrorism (TM) "DHS/TSA" for small business, journalists, media, artists, bands, or people who just want to have a server and host things non profit.
The heck with working on the predictable tcp packet sequence problem
or ipv4 or ipv6 or ipv4/6(mix em and matchem) firewalling right?
You break a big rule in my book, you've make it not fun to be here.
You've made your "problem" into something which could quite literally backfire on everyone, including you and do even worse damage to the economy if it be maliciously foisted on an already hurting, paranoid from legal abuse, bankster, mortgage, bailiout, theft and vague false flag laws, unacceptable unconstitutional tos/aup and spied(1) on rotting unless part of the mix of Orwell 1984 + sky net infrastructure with rapidly worse choices of points of entry. You've also threatened everyone with "consequences" , do you think we are all your slaves. Are you really that insolent. Your likely one of those idiots who don't understand chain of custody and public oversight is the problem with internet voting, not which crypto is best(2). You probably think NFLX should be able to foist it's bandwidth problem on everyone else. But like crypto since the mid 90's not much have changed with all that dark fiber and this retarded-ness we call communications ran by a public hating fcc board who our financial and sometimes very physical life depends on. We are called customer, not US citizen(3). Everything is broken you better wake up. It's past time to start nipping these fascist framework visions in the bud.(4)
1. cryptome.org - Online Spying Guides
2. blackboxvoting.org - (USA) 1/11 - TOWARDS A MORE EFFECTIVE APPROACH TO FIGHTING INTERNET VOTING - by BEV HARRIS
3. I am Not a US Customer, I am a US Citizen
4. The Ben Burnank, Bill Gates, BLS, Corruption, CPI, Credit Crisis, Crude Oil, Federal Reserve, Fractional Reserve Banking, Hyperinflation, Meltdown, National Debt, Quantitative Easing, Recession, recovery, Reserve Currency, Unemployment, World Bank, The Sheeple
'The user remains in control. The user can say I don't want to pass a health certificate,' he said. 'There may be consequences for that decision, but you can do it'
I'd much prefer not to "share" any information about my computer with anyone in Redmond or Langley or Fort Meade. Getting the ISPs to block contaminated Windows computers would be the most practicle solution. That way no need to share certificates, just block whoever is running malware on specific ports.
People posting nonsensical comments anonymously. Is Microsoft quit no longer making money? Did they lose their monopoly?
Actually what's really sad are the comments: consumers have a choice; alternative OSes would be just as vulnerable as Windows, if they had a large market share; Bill Gates' past misdeeds are no longer relevant since he is now engaged in philanthropy; and Windows market share is proof of Bill Gates' technical competence. Only the second one would be hard to disprove, but it has no basis in logic. All of the rest are easily disproved by reviewing the findings of the Microsoft antitrust trial.
So you bought a home from a builder who didn't install any door or windows, as well as leaving numerous other gaping holes in the walls and roof. Now the builder wants to blame the Department of Transportation (aka, ISP) for daring to build a road to your house? When that doesn't work, he blames the buyer for not maintaining a 24/7 guard on the house to prevent a thief from taking the buyers property?
Sounds like the beginning of a trailer for a B-grade sci-fi flick:
"In a world where all PCs run Windows..."
XKCD:Xeric Knowledge Comically Dispen
So first he wants to take companies like VeriSign and put them out of business. Right now they make the majority of their money by selling licensed secure certificates. If every computer was required to have one to use the internet business would be severely hurt. Not to mention the huge privacy issue of requiring computers to share data in order to use a specific site. It should still be the job of the ISP to regulate websites. The only sites they should be allowed to remove are sites deemed hazardous to computer because they contain viruses or malware. This means companies actual have to take security seriously if they don't want hackers.
Why not just ban all computers running Windows from the Internet? Or if that is too severe, make Windows users "prove" their computer is clean...like every day. Other OSs are not infected so they get a free pass. Problem solved, and the rest of us can go on happily using our computers and the Internet ;-) I think it is hilarious that Microsoft, who has done more to allow viruses, trojans, malware etc. thinks it should decide how to make the Internet "safe" LOL
Since you need internet access to download any fixes your computer needs, how does one do that if you're blocked from the internet for having an infected computer?
bring back a new Amiga, non-standard modems, and BBSes. (of course all new consumer electronics will have backdoors...)
New virii flourish initially because antiviruses do not yet have a method for detecting them (need a definition update).
New virii will affect this magic security scanner the same way... if it's a new virus, it won't be detected - yet the machine will still present itself as secure to the rest of the Internet.
What exactly does this accomplish?
Common sense is the best antivirus, unfortunately that will never be required to participate in society.
Don't you give up your security by actually installing M$ windows? This seems to be the equivalent to dividing by zero, thus a paradox if I've ever heard one.
First and foremost no I have not read all the comments and yes I am on my iPod.
However I will because I am curious if anyone else sees the real reason Microsoft is taking this stance. If they can convince everyone that this is the best approach then they can essentially greatly reduce pirated copies of their operating system by forcing people to allow the connection back to windows concerning the "health" of their pc. Don't fall for it. Having Microsoft and Apple (yes I know there are other operating systems out there, I run them) as gatekeepers persay to the Internet is a terrible idea.
Software should be written better. Like the saying goes, work smarter not harder.