[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] Microsoft Signed code: Security or censorship?


------------------------------- CUT ---------------------------------

Monday November 27, 5:01 PM

Signed code: Security or censorship?  

Depending on Microsoft's approach, code signing could not only secure 
the desktop, but the software giant's control over it as well  

A push by Microsoft to secure each program that runs on its next-
generation PC operating system could easily be used to tighten its 
control over software developers, warned security experts last week.  

Several reports claimed that Microsoft plans to secure the code of 
its next-generation consumer operating system, codenamed Whistler, 
with digital signatures in an effort to prevent viruses and Trojan 

Known as code signing, the technique links a software developer's 
name with a program or Internet applet using digital signatures. The 
code cannot be changed without destroying the signature, giving users 
a way to link a company with a program. If something goes wrong, the 
user will know whom to blame.  

Yet the technique could also give Microsoft a way to regulate the 
code that's allowed to run on the consumer desktop, said Bruce 
Schneier, chief technology officer of security service provider 
Counterpane Internet Security.  

"It certainly consolidates power," he said.  

While Schneier believes code signing, if done right -- "a big if", he 
said -- could better secure the desktop, the control over the 
issuance of digital signatures for software developers should be a 


------------------------------- CUT ---------------------------------