MS creates a root certificate, and produces signing certs for all the CA's who want to play. They then lock the root cert in a safe and bury it in concrete.
Company X then wants to create signed drivers, so they obtain a code-signing cert from the CA. They then use their code-signing cert to sign their driver. The signature shows clearly the identity of the company who purchased the code-signing cert from the CA.
In the off chance that a rogue code-signing cert gets out in the wild, windows can be updated to not trust that code-signing certificate anymore. In reality, this almost never happens, but the capability is there.
"You can't implement DRM if the user can patch the kernel to work around the DRM. Thus, they're going to try to prevent end-users from having the capacity to modify this behavior of their own computer."
Kernel patching is what Sony's rootkit, Starforce, and many other malware use to _enforce_ DRM on you. PatchGuard would have prevented these from the start.
Now there are things like Protected Audio Path and the like that probably benefit from PG, but these are minor, and you can opt out of using them if you like (just dont use the DRM content). But when any random software company (like sony) can patch the kernel of user's machines, then THEY get to decide how your system runs, and what works.
"The "security companies" are taking collateral damage from this, because their applications have to intercept all reads/writes (to files, the network, whatever) in order to scan all data against a blacklist of known malware in order to try to protect the comically fragile userspace. This scanning is implemented through kernel patches, I guess."
Only the incompetent ones. Sophos, TrendNet, AVG and others are all having zero problems working with PatchGuard.
"Great. What happens when MS doesn't quickly put out a patch... no choice on using the good samaritan patches anymore, you just have to sit and twiddle your thumbs."
I dont think you read TFA.
The 'kernel patching' referred to here has nothing to do with what we normally call 'patching', which is updating files to newer, more improved versions.
What is being talked about is PatchGuard, which prevents something called 'kernel patching'. Kernel patching is the act of, without using any windows APIs, modifying in-memory data structures used by the kernel. This is never a good idea, as these data structures sitting in memory are not designed to be modified this way, and it destabilizes the system. It's also how many rootkits and poorly written A/V software (McAfee and Norton) do their work. It's a technique that has been publicly documented as bad and unsupported for 10 years now.
"Referring to ever being able to secure 32 bit Windows - "That train has left the station." I think it's more like the Windows train has left the station. Why bother to convert to 64 bit Windows? Switch to something else as soon as possible."
Backwards compatibility is what they're referring to here. See how bad McAfee and Symantec are screaming and yelling about MS doing the right thing here by closing this decade old security hole? If they did this on x32 windows, you'd have thousands of ISVs doing the same thing.
"I would rather they went with the linux model of advanced permissions and a (seldom used) root account that had permission to everything"
Unless I'm misunderstanding what you're saying, thats exactly how windows works, or at least is designed and intended to work. Some corporate shops dont operate that way, and most home users dont, but thats an operational choice.
Our shop has been running all users in non-admin roles since early days of Windows 2000 professional. Those who can be trusted also get local admin accounts (which are different accounts) that have local admin rights on their boxes. This works great, and protects you from 95% of attack vectors with no extra effort on the users part.
We have delegate different aspects of domain and system management to different groups, from those who can reset passwords, to those who are enterprise admins. We use specific ACL modifications and group policy to deliver finely grained control over everything we need to.
I'm saying all this not to disagree with you, but rather to spread some knowledge around. Windows shops that are correctly run work precisely as you describe. Sadly, there are a lot of people out there who dont operate that way.
Keep in mind though that this is just Microsoft's very initial, public response. And Joanna even admits in the comments that she's not sure if MS public response is all that was done, or is all that will be done, to combat this technique.
Honestly, the final solution will probably be to just not let the kernel page out. This is a not-uncommon performance enhancing tweak you can do with a registry modification on your machine now.
Make sure you read through the comments on the blog, there's lots of good discussion there as well.
PatchGuard will continue to evolve as the attackers evolve, this is the nature of the business. As long as MS continues to close these holes as they're found, and the strengthening continues, I dont see this as a big problem.
"I wonder if any of corporate users are going to put 64-bit on employeees workstations in upcoming months..."
This has already been happening with the 64-bit version of Windows XP. For certain classes of users, like engineers (pro-e), cad/cam, multimedia, and developers, x64 XP is the _only_ way on windows to get past the 3GB point.
And since Dell/HP/IBM/etc have been selling the workstations with fully supported x64 driver sets, its been working for years.
Granted, it'll take a while to move into business mainstream users (accountants, secretaries, etc). But once all the Intel processors are post-Core2Duo, then all systems will have 64-bit hardware. At that point, its just a matter of drivers catching up and software being modified to work in it. It'll take a few years, and you probably wont see the breakover until the next desktop OS after Vista.
Having signed drivers has nothing to do with the discussion at hand.
What PatchGuard stops (PG is what Symantec and McAfee are complaining about) is bypassing kernel APIs and directly modifying in-memory kernel data structures. This is never a good thing.
Whether a driver is signed or not has nothing to do with PatchGuard... signed drivers are blocked too from doing kernel data structure patching. And rightly so, as its a horribly destabilizing thing to do.
Common rootkits (and Norton/McAfee anti-virus) patch the kernels to introduce their own callbacks into the function tables, so that their code gets called before or instead of MS kernel code. This has been widely known and documented as unsupported, dangerous, and a very bad idea, as it causes as many problems as it solves, by destabilizing the kernel.
"I'm not sure why it is you want to believe that Microsoft will "fix" anything.
They haven't and they won't. Ever."
Hmmm. How about every single OS and systems improvement over the past 5-10 years? Every version of the OS since NT4 being radically improved? Abandoning the 9x lines due to them being completely broken? Finally taking a first step at cleaning up the RPC mess in xpsp2, continuing into Vista? Hundreds of patches a year? Going from IIS4 and IIS5 which were wide open, defaulted to everything on, and being a horrible mess, to IIS6 and 7 which are minimal on install, very well locked down, and having nearly zero security holes? How about in Vista moving a large segment of hardware and driver code out of the kernel into userspace to improve reliability?
Now granted, I couldnt come up with very many here in the 30 seconds I spent thinking about it.
"There is only money to lose if they actually had a legitimate security model built-in from the kernel upward."
This is a pretty out-there statement, care to elaborate or explain? And what is it about their current security model that is illegitimate? Process separation, mandatory security roles, and a robust ACL system is pretty standard stuff in secure designs/models.
"Like every monopoly ever studied, they are destroying wealth (long and boring explanation), putting out an inferior product and making you pay extra for it."
Well, there is quite a bit of successful competition in the space they supposedly have a monopoly in. There's Apple, which sells competitive products that are at or above the MS price point. They're not doing too badly and are making strong inroads (albeit into a niche market). And dont forget Linux on the desktop, which is free and Free. They've had some moderate success.
How exactly are they 'making you pay extra for it'?
"Why do you believe after 95/ME/XP "security" they will do anything to improve when there's absolutely no evidence to support this belief?"
I think your statement shows pretty clearly what the evidence is to support this belief. Look at the difference in security, reliability and manageability between 9x and XP. It's like night and day, with XP and the NT kernel line having made massive improvements.
The word 'tabernacle' is a semi-sarcastic word, meaning that the kernel is sacrosanct, untouchable, etc.
The read MS made this change on the x64 version was 100% purely an issue of backwards compatibility.
MS has been discussing this internally for many many years, but they have such a history of not stopping this on the 32-bit systems, that if they implemented patchguard on x32, a very large numbers of apps (which are abusing kernel patching) would not work.
With x64 version of windows, you're already forcing an incompatibility, since so much software needs to be at least recompiled, and nearly all drivers need to be re-done.
So the thinking was that since they're already going to break all backwards compatibility with the x64 versions, they might as well put in all the security improvements they've wanted to for years, and take all of the no-backwards-compatibility hit at once.
This is a very smart approach. MS is between a rock and a hard place on x32 windows. If they break backwards compatibility for security, they get railroaded in the press. If they dont, and let some of the security issues persist, they get railroaded in the press.
But the x64 versions have no expectation of backwards compatibility. Also, 32-bit vista may be the last 32-bit desktop OS from MS. So after the Vista timeframe, all the mainstream OSs will be 64-bit from MS, and they'll have successfully made their very painful for compatibility security improvements.
"... Linux has everything out in the open for all."
Really? So you're saying its a supported way to write Linux kernel modules, where you have third party software not using kernel apis, and rather just making changes to in-memory kernel structures and data?
IANALKH (Linux Kernel Hacker) but I very seriously doubt this. All MS is doing is stopping 3rd parties from doing things that no one should ever do. I've used the analogy before, but this is the rough equivalent of using a database server (ie, Oracle) and instead of going through the Oracle server and API, some companies do direct byte manipulation of the data-files and index-files. After all, everyone should have open access, right?
Would you care to explain the way you're using the words? Sounds like you're splitting syntactical hairs to me.
A tabbed interface is always MDI, but many MDI interfaces do not use tabs. In other words, a tabbed interface is one concrete implementation choice of an MDI approach.
This in no way forces us to have any trust in them whatsoever.
If you dont trust them, turn it off.
If you do trust them, leave it on.
If you find the balance of phishing-protection vs. information disclosure not to your liking, turn it on/off to your desire.
Note that Firefox also offers this as a real-time feature (optional, not on by default).
Also, if you RTFA, Borg talks very explicitly about this balance. He's very clear in that they're putting this in and turning it on by default for the non-technical users, like your mom and dad. For folks like that, who arent in the habit of surfing shemale-on-horse pr0n, this may be a good balance. For those of you who do want to keep the shemale-on-horse goodies to yourself, turn it off.
"Speed will not be affected, everything is done asynchronously and the content load is really minimal."
If you read on through the comments, you'll see that the anti-phishing stuff is done asynchronously. So if the Opera servers dont respond, then the page just loads normally. It's asynchronous and non-blocking to loading the main page.
"Your assessment is ignorant and wrong. Adobe is doing everything possible to keep MS from illegally driving them out of a market."
How exactly would bundling Acrobat Reader with Office or Windows drive Adobe out of a market? That seems like it would expand their market, as they would suddenly jump from whatever market penetration number they're at now to a much higher number.
It appears to me that Adobe's bad choices in this is going to effectively drive them right out of the market.
If they would have let MS bundle Acrobat Reader and make a 'Save to PDF' option in the File menu of Office products, they would have gained very deep penetration. Now, as a result of their threatening to sue MS in the EU over anti-trust concerns, MS has abandoned this and is putting their own in.
Of course, MS is also offering a plugin for 'Save to PDF' on their download site, but the net result is a PITA to the consumer.
I think its clear that they did exactly that, they strongarmed MS into removing it.
Threatening to sue in the EU under anti-trust law is very very much a strongarm tactic.
In addition, from everything I've read, Adobe didnt have a problem with MS implementing their open spec, they had a problem with the bundling. With either offering a 'Save as PDF' option in Office programs, or bundling the client with Office/Windows.
But suing or threatening to sue is very much a strongarm tactic. And it can be made to work! Look at what McAfee and Symantec have done... through the use of good PR/Marketing, they've pushed MS into making their products worse, and more unstable, in order to support McAntec's business model.
There are a number of press clippings to be found that indicate otherwise.
MS has stated publicly in many of these that Adobe told them they would start antitrust proceedings in the EU if they included a Save to PDF option in Office, or bundled Acrobat Reader with Windows/Office.
Given how many times this has been stated publicly in the press, and Adobe has never (that I've seen) disputed it, I think we can take it as a reasonably true statement.
"Note Do not confuse the Office XML Formats with the Microsoft Windows XML Paper Specification format. Office XML Formats use the Open Packaging Conventions, also used by the XML Paper Specification (XPS). However, the formats are different in several important ways. The XPS is a paginated, fixed document format introduced for the Microsoft Windows Vista operating system. Office XML Formats are fully editable file formats for Office Word 2007, Office Excel 2007, and Office PowerPoint 2007. Although they share similarities in their use of XML and ZIP compression, they are different in file format design and intended use."
"I always wonder what it really means when Microsoft makes "open standards" and such, ever since the MSO XML debacle."
What debacle was that? All I saw with Office XML format was:
1. MS released documented, open-standards (as in available to the public) formats for their documents. They stated many times they were hoping to create a thriving ecosystem around these formats.
2. A vocal minority of the open-source community screamed and yelled about patent threats and other issues, so MS modified the license.
3. More screaming and yelling ensued, so MS posted a 'covenant not to sue' with the Office 2007 version.
Every step of the way, they have modified their licenses and interactions with the community to open these things up so that no reasonable person could complain.
"Will Microsoft make a program to do the things that Acrobat does?"
Which things are that?
- Provide a fixed-layout format, printer, and viewer?
Yes.
- Make the player so horrendously slow and intensive that it takes 3-4 minutes to start up the app and lock up the entire browser while its happening, like Acrobat does?
I sure the hell hope not.
- Make installers/uninstallers so horrendously bad that supporters of the software have to learn how to 'manually' clean the software out of the file system and registry like Acrobat?
I hope not.
- Make software that satisfied: "Will it work with the companies in the print business to make sure it provides everything they need, and works on their equipment on the same level as PDF?"
To be honest, I dont care. The _only_ reason I and the vast, vast majority of internet users use PDF for is displaying and printing (on their inkjet or laser printers) documents.
For professional jobs, you have Illustrator and Photoshop. In fact, in my limited experience of going to professional printers, I've never had them ask for a PDF, they always ask for 'Adobe Illustrator or Photoshop' formats. Now I dont work in this segment all that often, so my experience may not be representative, I dont know.
"So that's what Microsoft needs to do to be on equal footing with Adobe, which still doesn't tell us why anyone should switch."
MS isnt trying to compete with Adobe in professional printing and publishing. They're trying to compete in the much, much larger market of regular, non-pro internet users who just want documents that print exactly as was intended.
Because when they didnt make that 'covenant not to sue', a very vocal minority of the open source community yelled and screamed that it didnt matter that it was an open format, MS would still sue you if you competed with their products (over patent issues). You can have a patented open-standard, GIF is a great example.
So they revised the license to try to make it more clear, and there was still yelling and screaming.
So they posted a 'covenant not to sue'.
Basically, MS has responded every step of the way to people's complaints about the licensing and patents, by making the protections/openness more and more explicit.
Microsoft has no say or control over who buys a signing cert. Theres 6 or 7 different companies listed on their website that you can buy a code-signing cert from.
This is fundamentally no different from the Authenticode system.
Nearly every single thing you've said is incorrect.
"In Windows, to combat viruses and add security like firewalls, these programs need kernel level access (as many APIs unfortunately do)."
First, an API is what these programs use to access kernel structures and functions, not the other way around.
Second, you're right in that they do need kernel level access, THROUGH the Windows APIs. What PatchGuard does is to stop these companies from bypassing the APIs and directly modifying in-memory kernel structures. This is the rough equivalent of using a database, but instead of using the database APIs and interfaces to modify the data in them, you want to get raw disk access to the data stores, and read/write binary data directly to the files.
In Vista, MS has given 3rd party firewall software unprecedented access to the transport. They can insert filters to the IP stack through a very finely grained API. This is compared to earlier when firewall vendors had to write a full driver to implement this.
To properly implement a firewall, a company in NO WAY needs to directly modify in-memory kernel structures. This is all that PatchGuard stops, is software doing something they have been specifically instructed not to do, because it destabilizes the kernel.
MS software does not modify in-memory kernel structures, because its a horrifically stupid way to insert your software into the kernel. Ever notice how Symantec and McAfee are so commonly accused of destabilizing systems? This kind of crap is why.
"Now with Vista, MS had decided to close off that access to all software except their commercial security apps (which they will charge extra to the customer)."
Incorrect. The MS anti-virus software does not modify in-memory kernel structures. And its not out of generosity or being a good citizens, its because the alternative is stupid, and destabilizes the system.
"To some that is abusing their monopoly. It would one thing if they closed it totally because of security and that nothing but the OS could access it."
Yes, thats exactly what they did.
Blocking the kernel structures from direct access is a decade old security hole that MS _finally_ closed. This was The Right Thing To Do, and benefits everyone except for the incompetent folks at Symantec and McAfee. Why is it that the other firewall companies, and anti-virus companies, and anti-spam companies dont have any problem with these changes. Only McAfee and Symantec, makers of the most buggy, overbloated, system-destabilizing 'security suites', who have both been the cause of security holes that let people own the OS, have a problem with this.
- disable HTML mail entirely, view all email as plain text
Now you get to use a useful and featureful client like Outlook, but suffer zero risk from anything, even IFrames.
And the attachment business has nothing to do with your email client, but just be smart and have your office clients not allowed to do outbound packets at all in your host-based firewall.
Also, I just finished testing readnotify.com.
When using a fully-patched Outlook 2003 (against exchange), and viewing all email as plain-text (normal for me), nothing works from readnotify.com. It doesnt work at all.
When I attached a Word, Excel, PowerPoint, and PDF document (office fully patched), the Office document tracking does not work at all.
In fact, if you have your environment set up half sanely, ie fully patched and plain-text-only email, the only thing that works is the PDF tracking. This unfortunately, works perfectly.
"One thing that I haven't seen mentioned a whole lot, is liability for copyright violations. If students (or even faculty/staff) were to misuse their high speed connection for bittorrent downloads, movies, mp3's or other illegal downloads, the school would be held responsible for it."
It doesnt work that way, at least in the US.
Schools fall under the safe-harbor provision. All they have to do to keep that protection is to pull content when a copyright violation is identified. As long as they do this, they have zero liability for the content posted on their network.
In effect, they are treated as an ISP.
How can you not know that, given your job? Who responds to and deals with the DMCA notifications that your schools receive? Do you work with them?
"Next, with all the social networking sites, there is the problem of questionable content. I have seen some content on myspace, and a few other sites that have offended other students in labs, and had to be involved in the nasty mess that follows a student complaint such as that.. That content has NO JUSTIFICATION for educational value. NONE. Unfortunately for every one social networking site you block, 5 more pop up the next day just about."
Inappropriate browsing in a public lab is a completely separate and orthogonal problem to bandwidth management and even 'education-appropriate' content filtering. You solve that by having rules about inappropriate content in the labs, not by blocking content to everyone on the University.
What about the students living in dorms or on-campus housing? Browsing offensive-to-someone material in the privacy of theirs homes wont cause a problem, that I can see. They could abusively monopolize bandwidth, but again, thats a completely different problem (with a different solution) than content blocking.
I've said this to another person in this thread, but arent you worried about this harming your school's recruitment? Students choose schools in part because of IT infrastructure. Especially smart, academically-oriented ones. All things being equal, if you have filtered content and no wireless coverage, you're going to lose out to a campus that has those things.
Slashdot Mirror
Thats not how code-signing certs work.
MS creates a root certificate, and produces signing certs for all the CA's who want to play. They then lock the root cert in a safe and bury it in concrete.
Company X then wants to create signed drivers, so they obtain a code-signing cert from the CA. They then use their code-signing cert to sign their driver. The signature shows clearly the identity of the company who purchased the code-signing cert from the CA.
In the off chance that a rogue code-signing cert gets out in the wild, windows can be updated to not trust that code-signing certificate anymore. In reality, this almost never happens, but the capability is there.
You've got it backwards.
h tml?articleID=193401506
0 06/10/vista-admins.html
0 06/10/sophos-vista.html
"You can't implement DRM if the user can patch the kernel to work around the DRM. Thus, they're going to try to prevent end-users from having the capacity to modify this behavior of their own computer."
Kernel patching is what Sony's rootkit, Starforce, and many other malware use to _enforce_ DRM on you. PatchGuard would have prevented these from the start.
Now there are things like Protected Audio Path and the like that probably benefit from PG, but these are minor, and you can opt out of using them if you like (just dont use the DRM content). But when any random software company (like sony) can patch the kernel of user's machines, then THEY get to decide how your system runs, and what works.
"The "security companies" are taking collateral damage from this, because their applications have to intercept all reads/writes (to files, the network, whatever) in order to scan all data against a blacklist of known malware in order to try to protect the comically fragile userspace. This scanning is implemented through kernel patches, I guess."
Only the incompetent ones. Sophos, TrendNet, AVG and others are all having zero problems working with PatchGuard.
Here's some good discussion on these topics:
http://www.informationweek.com/news/showArticle.j
http://www.sophos.com/pressoffice/news/articles/2
http://www.sophos.com/pressoffice/news/articles/2
"Great. What happens when MS doesn't quickly put out a patch... no choice on using the good samaritan patches anymore, you just have to sit and twiddle your thumbs."
I dont think you read TFA.
The 'kernel patching' referred to here has nothing to do with what we normally call 'patching', which is updating files to newer, more improved versions.
What is being talked about is PatchGuard, which prevents something called 'kernel patching'. Kernel patching is the act of, without using any windows APIs, modifying in-memory data structures used by the kernel. This is never a good idea, as these data structures sitting in memory are not designed to be modified this way, and it destabilizes the system. It's also how many rootkits and poorly written A/V software (McAfee and Norton) do their work. It's a technique that has been publicly documented as bad and unsupported for 10 years now.
"Referring to ever being able to secure 32 bit Windows - "That train has left the station."
I think it's more like the Windows train has left the station. Why bother to convert to 64 bit Windows? Switch to something else as soon as possible."
Backwards compatibility is what they're referring to here. See how bad McAfee and Symantec are screaming and yelling about MS doing the right thing here by closing this decade old security hole? If they did this on x32 windows, you'd have thousands of ISVs doing the same thing.
"I would rather they went with the linux model of advanced permissions and a (seldom used) root account that had permission to everything"
Unless I'm misunderstanding what you're saying, thats exactly how windows works, or at least is designed and intended to work. Some corporate shops dont operate that way, and most home users dont, but thats an operational choice.
Our shop has been running all users in non-admin roles since early days of Windows 2000 professional. Those who can be trusted also get local admin accounts (which are different accounts) that have local admin rights on their boxes. This works great, and protects you from 95% of attack vectors with no extra effort on the users part.
We have delegate different aspects of domain and system management to different groups, from those who can reset passwords, to those who are enterprise admins. We use specific ACL modifications and group policy to deliver finely grained control over everything we need to.
I'm saying all this not to disagree with you, but rather to spread some knowledge around. Windows shops that are correctly run work precisely as you describe. Sadly, there are a lot of people out there who dont operate that way.
Keep in mind though that this is just Microsoft's very initial, public response. And Joanna even admits in the comments that she's not sure if MS public response is all that was done, or is all that will be done, to combat this technique.
Honestly, the final solution will probably be to just not let the kernel page out. This is a not-uncommon performance enhancing tweak you can do with a registry modification on your machine now.
Make sure you read through the comments on the blog, there's lots of good discussion there as well.
PatchGuard will continue to evolve as the attackers evolve, this is the nature of the business. As long as MS continues to close these holes as they're found, and the strengthening continues, I dont see this as a big problem.
"I wonder if any of corporate users are going to put 64-bit on employeees workstations in upcoming months ..."
This has already been happening with the 64-bit version of Windows XP. For certain classes of users, like engineers (pro-e), cad/cam, multimedia, and developers, x64 XP is the _only_ way on windows to get past the 3GB point.
And since Dell/HP/IBM/etc have been selling the workstations with fully supported x64 driver sets, its been working for years.
Granted, it'll take a while to move into business mainstream users (accountants, secretaries, etc). But once all the Intel processors are post-Core2Duo, then all systems will have 64-bit hardware. At that point, its just a matter of drivers catching up and software being modified to work in it. It'll take a few years, and you probably wont see the breakover until the next desktop OS after Vista.
Having signed drivers has nothing to do with the discussion at hand.
... signed drivers are blocked too from doing kernel data structure patching. And rightly so, as its a horribly destabilizing thing to do.
What PatchGuard stops (PG is what Symantec and McAfee are complaining about) is bypassing kernel APIs and directly modifying in-memory kernel data structures. This is never a good thing.
Whether a driver is signed or not has nothing to do with PatchGuard
Common rootkits (and Norton/McAfee anti-virus) patch the kernels to introduce their own callbacks into the function tables, so that their code gets called before or instead of MS kernel code. This has been widely known and documented as unsupported, dangerous, and a very bad idea, as it causes as many problems as it solves, by destabilizing the kernel.
"I'm not sure why it is you want to believe that Microsoft will "fix" anything.
They haven't and they won't. Ever."
Hmmm. How about every single OS and systems improvement over the past 5-10 years? Every version of the OS since NT4 being radically improved? Abandoning the 9x lines due to them being completely broken? Finally taking a first step at cleaning up the RPC mess in xpsp2, continuing into Vista? Hundreds of patches a year? Going from IIS4 and IIS5 which were wide open, defaulted to everything on, and being a horrible mess, to IIS6 and 7 which are minimal on install, very well locked down, and having nearly zero security holes? How about in Vista moving a large segment of hardware and driver code out of the kernel into userspace to improve reliability?
Now granted, I couldnt come up with very many here in the 30 seconds I spent thinking about it.
"There is only money to lose if they actually had a legitimate security model built-in from the kernel upward."
This is a pretty out-there statement, care to elaborate or explain? And what is it about their current security model that is illegitimate? Process separation, mandatory security roles, and a robust ACL system is pretty standard stuff in secure designs/models.
"Like every monopoly ever studied, they are destroying wealth (long and boring explanation), putting out an inferior product and making you pay extra for it."
Well, there is quite a bit of successful competition in the space they supposedly have a monopoly in. There's Apple, which sells competitive products that are at or above the MS price point. They're not doing too badly and are making strong inroads (albeit into a niche market). And dont forget Linux on the desktop, which is free and Free. They've had some moderate success.
How exactly are they 'making you pay extra for it'?
"Why do you believe after 95/ME/XP "security" they will do anything to improve when there's absolutely no evidence to support this belief?"
I think your statement shows pretty clearly what the evidence is to support this belief. Look at the difference in security, reliability and manageability between 9x and XP. It's like night and day, with XP and the NT kernel line having made massive improvements.
The word 'tabernacle' is a semi-sarcastic word, meaning that the kernel is sacrosanct, untouchable, etc.
The read MS made this change on the x64 version was 100% purely an issue of backwards compatibility.
MS has been discussing this internally for many many years, but they have such a history of not stopping this on the 32-bit systems, that if they implemented patchguard on x32, a very large numbers of apps (which are abusing kernel patching) would not work.
With x64 version of windows, you're already forcing an incompatibility, since so much software needs to be at least recompiled, and nearly all drivers need to be re-done.
So the thinking was that since they're already going to break all backwards compatibility with the x64 versions, they might as well put in all the security improvements they've wanted to for years, and take all of the no-backwards-compatibility hit at once.
This is a very smart approach. MS is between a rock and a hard place on x32 windows. If they break backwards compatibility for security, they get railroaded in the press. If they dont, and let some of the security issues persist, they get railroaded in the press.
But the x64 versions have no expectation of backwards compatibility. Also, 32-bit vista may be the last 32-bit desktop OS from MS. So after the Vista timeframe, all the mainstream OSs will be 64-bit from MS, and they'll have successfully made their very painful for compatibility security improvements.
Microsoft is not the certificate authority here. You can get a code signing cert from a number of vendors.
s scert.mspx
i t/kmsigning.mspx
Here's some more information from a 30-second google search:
http://www.microsoft.com/whdc/winlogo/drvsign/cro
http://www.microsoft.com/whdc/system/platform/64b
"... Linux has everything out in the open for all."
Really? So you're saying its a supported way to write Linux kernel modules, where you have third party software not using kernel apis, and rather just making changes to in-memory kernel structures and data?
IANALKH (Linux Kernel Hacker) but I very seriously doubt this. All MS is doing is stopping 3rd parties from doing things that no one should ever do. I've used the analogy before, but this is the rough equivalent of using a database server (ie, Oracle) and instead of going through the Oracle server and API, some companies do direct byte manipulation of the data-files and index-files. After all, everyone should have open access, right?
Would you care to explain the way you're using the words? Sounds like you're splitting syntactical hairs to me.
A tabbed interface is always MDI, but many MDI interfaces do not use tabs. In other words, a tabbed interface is one concrete implementation choice of an MDI approach.
This in no way forces us to have any trust in them whatsoever.
If you dont trust them, turn it off.
If you do trust them, leave it on.
If you find the balance of phishing-protection vs. information disclosure not to your liking, turn it on/off to your desire.
Note that Firefox also offers this as a real-time feature (optional, not on by default).
Also, if you RTFA, Borg talks very explicitly about this balance. He's very clear in that they're putting this in and turning it on by default for the non-technical users, like your mom and dad. For folks like that, who arent in the habit of surfing shemale-on-horse pr0n, this may be a good balance. For those of you who do want to keep the shemale-on-horse goodies to yourself, turn it off.
From TFA:
"Speed will not be affected, everything is done asynchronously and the content load is really minimal."
If you read on through the comments, you'll see that the anti-phishing stuff is done asynchronously. So if the Opera servers dont respond, then the page just loads normally. It's asynchronous and non-blocking to loading the main page.
"I hate to ask an obvious question, but what if I didn't want this feature?"
Turn it off?
If you RTFA, you'll see:
"We've made it easy to turn on and off the fraud protection from the information dialog you get when clicking the icon."
"Your assessment is ignorant and wrong. Adobe is doing everything possible to keep MS from illegally driving them out of a market."
How exactly would bundling Acrobat Reader with Office or Windows drive Adobe out of a market? That seems like it would expand their market, as they would suddenly jump from whatever market penetration number they're at now to a much higher number.
It appears to me that Adobe's bad choices in this is going to effectively drive them right out of the market.
If they would have let MS bundle Acrobat Reader and make a 'Save to PDF' option in the File menu of Office products, they would have gained very deep penetration. Now, as a result of their threatening to sue MS in the EU over anti-trust concerns, MS has abandoned this and is putting their own in.
Of course, MS is also offering a plugin for 'Save to PDF' on their download site, but the net result is a PITA to the consumer.
I think its clear that they did exactly that, they strongarmed MS into removing it.
... through the use of good PR/Marketing, they've pushed MS into making their products worse, and more unstable, in order to support McAntec's business model.
Threatening to sue in the EU under anti-trust law is very very much a strongarm tactic.
In addition, from everything I've read, Adobe didnt have a problem with MS implementing their open spec, they had a problem with the bundling. With either offering a 'Save as PDF' option in Office programs, or bundling the client with Office/Windows.
But suing or threatening to sue is very much a strongarm tactic. And it can be made to work! Look at what McAfee and Symantec have done
There are a number of press clippings to be found that indicate otherwise.
MS has stated publicly in many of these that Adobe told them they would start antitrust proceedings in the EU if they included a Save to PDF option in Office, or bundled Acrobat Reader with Windows/Office.
Given how many times this has been stated publicly in the press, and Adobe has never (that I've seen) disputed it, I think we can take it as a reasonably true statement.
XPS will not be the standard file format of Office.
. aspx
http://msdn2.microsoft.com/en-us/library/ms406049
Note particularly this section:
"Note Do not confuse the Office XML Formats with the Microsoft Windows XML Paper Specification format. Office XML Formats use the Open Packaging Conventions, also used by the XML Paper Specification (XPS). However, the formats are different in several important ways. The XPS is a paginated, fixed document format introduced for the Microsoft Windows Vista operating system. Office XML Formats are fully editable file formats for Office Word 2007, Office Excel 2007, and Office PowerPoint 2007. Although they share similarities in their use of XML and ZIP compression, they are different in file format design and intended use."
"I always wonder what it really means when Microsoft makes "open standards" and such, ever since the MSO XML debacle."
What debacle was that? All I saw with Office XML format was:
1. MS released documented, open-standards (as in available to the public) formats for their documents. They stated many times they were hoping to create a thriving ecosystem around these formats.
2. A vocal minority of the open-source community screamed and yelled about patent threats and other issues, so MS modified the license.
3. More screaming and yelling ensued, so MS posted a 'covenant not to sue' with the Office 2007 version.
Every step of the way, they have modified their licenses and interactions with the community to open these things up so that no reasonable person could complain.
"Will Microsoft make a program to do the things that Acrobat does?"
Which things are that?
- Provide a fixed-layout format, printer, and viewer?
Yes.
- Make the player so horrendously slow and intensive that it takes 3-4 minutes to start up the app and lock up the entire browser while its happening, like Acrobat does?
I sure the hell hope not.
- Make installers/uninstallers so horrendously bad that supporters of the software have to learn how to 'manually' clean the software out of the file system and registry like Acrobat?
I hope not.
- Make software that satisfied: "Will it work with the companies in the print business to make sure it provides everything they need, and works on their equipment on the same level as PDF?"
To be honest, I dont care. The _only_ reason I and the vast, vast majority of internet users use PDF for is displaying and printing (on their inkjet or laser printers) documents.
For professional jobs, you have Illustrator and Photoshop. In fact, in my limited experience of going to professional printers, I've never had them ask for a PDF, they always ask for 'Adobe Illustrator or Photoshop' formats. Now I dont work in this segment all that often, so my experience may not be representative, I dont know.
"So that's what Microsoft needs to do to be on equal footing with Adobe, which still doesn't tell us why anyone should switch."
MS isnt trying to compete with Adobe in professional printing and publishing. They're trying to compete in the much, much larger market of regular, non-pro internet users who just want documents that print exactly as was intended.
Because when they didnt make that 'covenant not to sue', a very vocal minority of the open source community yelled and screamed that it didnt matter that it was an open format, MS would still sue you if you competed with their products (over patent issues). You can have a patented open-standard, GIF is a great example.
So they revised the license to try to make it more clear, and there was still yelling and screaming.
So they posted a 'covenant not to sue'.
Basically, MS has responded every step of the way to people's complaints about the licensing and patents, by making the protections/openness more and more explicit.
Incorrect.
Microsoft has no say or control over who buys a signing cert. Theres 6 or 7 different companies listed on their website that you can buy a code-signing cert from.
This is fundamentally no different from the Authenticode system.
Nearly every single thing you've said is incorrect.
"In Windows, to combat viruses and add security like firewalls, these programs need kernel level access (as many APIs unfortunately do)."
First, an API is what these programs use to access kernel structures and functions, not the other way around.
Second, you're right in that they do need kernel level access, THROUGH the Windows APIs. What PatchGuard does is to stop these companies from bypassing the APIs and directly modifying in-memory kernel structures. This is the rough equivalent of using a database, but instead of using the database APIs and interfaces to modify the data in them, you want to get raw disk access to the data stores, and read/write binary data directly to the files.
In Vista, MS has given 3rd party firewall software unprecedented access to the transport. They can insert filters to the IP stack through a very finely grained API. This is compared to earlier when firewall vendors had to write a full driver to implement this.
To properly implement a firewall, a company in NO WAY needs to directly modify in-memory kernel structures. This is all that PatchGuard stops, is software doing something they have been specifically instructed not to do, because it destabilizes the kernel.
MS software does not modify in-memory kernel structures, because its a horrifically stupid way to insert your software into the kernel. Ever notice how Symantec and McAfee are so commonly accused of destabilizing systems? This kind of crap is why.
"Now with Vista, MS had decided to close off that access to all software except their commercial security apps (which they will charge extra to the customer)."
Incorrect. The MS anti-virus software does not modify in-memory kernel structures. And its not out of generosity or being a good citizens, its because the alternative is stupid, and destabilizes the system.
"To some that is abusing their monopoly. It would one thing if they closed it totally because of security and that nothing but the OS could access it."
Yes, thats exactly what they did.
Blocking the kernel structures from direct access is a decade old security hole that MS _finally_ closed. This was The Right Thing To Do, and benefits everyone except for the incompetent folks at Symantec and McAfee. Why is it that the other firewall companies, and anti-virus companies, and anti-spam companies dont have any problem with these changes. Only McAfee and Symantec, makers of the most buggy, overbloated, system-destabilizing 'security suites', who have both been the cause of security holes that let people own the OS, have a problem with this.
A better solution:
- keep using Outlook
- disable HTML mail entirely, view all email as plain text
Now you get to use a useful and featureful client like Outlook, but suffer zero risk from anything, even IFrames.
And the attachment business has nothing to do with your email client, but just be smart and have your office clients not allowed to do outbound packets at all in your host-based firewall.
Also, I just finished testing readnotify.com.
When using a fully-patched Outlook 2003 (against exchange), and viewing all email as plain-text (normal for me), nothing works from readnotify.com. It doesnt work at all.
When I attached a Word, Excel, PowerPoint, and PDF document (office fully patched), the Office document tracking does not work at all.
In fact, if you have your environment set up half sanely, ie fully patched and plain-text-only email, the only thing that works is the PDF tracking. This unfortunately, works perfectly.
"One thing that I haven't seen mentioned a whole lot, is liability for copyright violations. If students (or even faculty/staff) were to misuse their high speed connection for bittorrent downloads, movies, mp3's or other illegal downloads, the school would be held responsible for it."
It doesnt work that way, at least in the US.
Schools fall under the safe-harbor provision. All they have to do to keep that protection is to pull content when a copyright violation is identified. As long as they do this, they have zero liability for the content posted on their network.
In effect, they are treated as an ISP.
How can you not know that, given your job? Who responds to and deals with the DMCA notifications that your schools receive? Do you work with them?
"Next, with all the social networking sites, there is the problem of questionable content. I have seen some content on myspace, and a few other sites that have offended other students in labs, and had to be involved in the nasty mess that follows a student complaint such as that.. That content has NO JUSTIFICATION for educational value. NONE. Unfortunately for every one social networking site you block, 5 more pop up the next day just about."
Inappropriate browsing in a public lab is a completely separate and orthogonal problem to bandwidth management and even 'education-appropriate' content filtering. You solve that by having rules about inappropriate content in the labs, not by blocking content to everyone on the University.
What about the students living in dorms or on-campus housing? Browsing offensive-to-someone material in the privacy of theirs homes wont cause a problem, that I can see. They could abusively monopolize bandwidth, but again, thats a completely different problem (with a different solution) than content blocking.
I've said this to another person in this thread, but arent you worried about this harming your school's recruitment? Students choose schools in part because of IT infrastructure. Especially smart, academically-oriented ones. All things being equal, if you have filtered content and no wireless coverage, you're going to lose out to a campus that has those things.