[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FYI] Microsoft Signed code: Security or censorship?
- To: debate@fitug.de
- Subject: [FYI] Microsoft Signed code: Security or censorship?
- From: "Axel H Horns" <horns@ipjur.com>
- Date: Tue, 28 Nov 2000 18:50:41 +0100
- Comment: This message comes from the debate mailing list.
- Organization: NONE
- Sender: owner-debate@fitug.de
http://uk.news.yahoo.com/001127/15/aqa88.html
------------------------------- CUT ---------------------------------
Monday November 27, 5:01 PM
Signed code: Security or censorship?
Depending on Microsoft's approach, code signing could not only secure
the desktop, but the software giant's control over it as well
A push by Microsoft to secure each program that runs on its next-
generation PC operating system could easily be used to tighten its
control over software developers, warned security experts last week.
Several reports claimed that Microsoft plans to secure the code of
its next-generation consumer operating system, codenamed Whistler,
with digital signatures in an effort to prevent viruses and Trojan
horses.
Known as code signing, the technique links a software developer's
name with a program or Internet applet using digital signatures. The
code cannot be changed without destroying the signature, giving users
a way to link a company with a program. If something goes wrong, the
user will know whom to blame.
Yet the technique could also give Microsoft a way to regulate the
code that's allowed to run on the consumer desktop, said Bruce
Schneier, chief technology officer of security service provider
Counterpane Internet Security.
"It certainly consolidates power," he said.
While Schneier believes code signing, if done right -- "a big if", he
said -- could better secure the desktop, the control over the
issuance of digital signatures for software developers should be a
concern.
[...]
------------------------------- CUT ---------------------------------