[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FYI] "Signed Code Regime" for MS Windows XP?
- To: debate@fitug.de
- Subject: [FYI] "Signed Code Regime" for MS Windows XP?
- From: "Axel H Horns" <horns@ipjur.com>
- Date: Tue, 22 May 2001 20:00:59 +0200
- Comment: This message comes from the debate mailing list.
- Comments: Sender has elected to use 8-bit data in this message. If problems arise, refer to postmaster at sender's site.
- Organization: NONE
- Sender: owner-debate@fitug.de
[Obwohl diese Sache zunaechst seht technisch klingt, ist sie doch von
allergroesster Brisanz. Wenn MS ein "Mandatory Signed Code Regime"
einfuehrt, laeuft bei _allen_ Windows XP-Usern _nur_ noch Code, der
von MS signiert ist. Die Konformitaet der Treiber mit dem XP
Treibermodell ist aber IMHO nur vorgeschoben. In Wahrheit geht es um
die Kontrolle der gesamten Softwarefunktionalitaet. Wenn
beispielsweise MS beschliessen sollte, dass XP (Teil-)Funktionen
eines DRMS beinhaltet, um ein lukratives Vermarktungs-Buendnis fuer
proprietaere Datenformate mit Hollywood machen zu koennen und um MP3
und DivX-Nachbauten an der technologischen Basis bekaempfen zu
koennen, gibt es keine Moeglichkeiten mehr, von dieser Policy
abweichende Software zu schreiben, die unter XP laeuft. ---AHH]
http://www.theregister.co.uk/content/4/19114.html
------------------------------ CUT --------------------------------
The truth about Redmond's WinXP signed driver plans
By: John Lettice
Posted: 22/05/2001 at 09:01 GMT
[...]
The warnings you get seem to be on a graduated scale, but as yet The
Register hasn't felt impelled to try to figure out what the rules
are. We have however got the impression that matters connected with
modems and USB seem to prompt particularly shrill ones, as well they
might.
Naturally, as we've said here before, many users are going to be a
bit worried by such warnings, which will mean hardware vendors will
get griped at about getting their drivers 'up to snuff,' and
Microsoft will have a 'told you so, contact your hardware vendor' get-
out in cases where XP does break after unsigned drivers are
installed. As we've also said here before, this will pressure
hardware vendors to support Microsoft's signed driver regime, and
will ultimately place even more power in Microsoft's hands. But it's
not compulsory, and Redmond probably doesn't think there's any need
for it to be.
As for apps, it's definitely not "unclear whether XP apps will need
to be signed." Reference to a November piece in, er, Smart Partner
(itself a follow-up to a slightly earlier piece in El Reg, reveals
that XP will include the option to block all unsigned code. And in a
presentation in Seattle earlier this year The Register distinctly
heard senior Microsoft reps say that while they were extremely keen
on digital signatures for apps, they realised it would be a highly
sensitive area, so they were going ot be real careful.
As yet, Microsoft has not set a default to warn against installing
unsigned apps, but even it it goes that far - which it quite probably
won't, given the howls it would generate from ISVs - it would be
politically impossible to set the default to block, at least in this
rev of Windows. The pressures that will drive ISVs towards a signed
regime are however the same as they are for signed drivers, and no
doubt somewhere within Fort Redmond there are people mulling over
possible opportunities for 'deflectors on full' editions.
Super-safe, super-crashproof corporate editions? The corps will like
signed regimes anyway, because they stop users installing crud.
Unbreakable, idiot-proof appliance editions for the home? Could
happen - but Redmond's planners are too sophisticated (no, really...)
to just slam down the shutters now, in one go.
Allchin's letter does however say something interesting that should
be made more of. He correctly states that the default is set to warn,
and that "we have been encouraged by computer manufacturers to change
the default to block, but we are staying with warn. The warning
message you get is scary if you are trying to load an unsigned driver
and rightly so, in my view."
Undoubtedly, we are being somewhat economical with l'actualite here.
What we presume is really happening is that Microsoft has been busily
doing the rounds of the hardware manufacturers, extolling the virtues
of signed driver regimes. As such regimes - operating correctly -
will involve hardware manufacturers working closely with Microsoft to
make sure their drivers work, and that Microsoft says they work,
there would seem to be considerable upsides for PC manufacturers
here.
They hate getting huge numbers of tech support calls, it costs them
when Microsoft accidentally breaks things and then they've got to
figure out why and placate their customers - on a level playing
field, signed drivers could be a good thing for them. But it's not
exactly the case that it's the evil hardware manufacturers who want
to lock everything down, and plucky Microsoft that's defending
liberty.
Get real, Jim. If they're lobbying for block all unsigned as the
default, it's because that's precisely what you've effectively been
encouraging them to lobby for. No doubt you'll be finding that your
enterprise customers will be demanding that same default for drivers,
and swiftly afterwards for apps, RSN.
So what's wrong with signed regimes anyway? Isn't it a good idea to
have entirely approved systems where all of the software is
guaranteed to work, and not to break things? In principle, nothing,
and in principle it'd be great to have a big pile of all the stuff
you'd ever need easily and instantly available in a giant store on
the Windows Update site. But as we've said before, the problem lies
in the nature of the custodian - It's the storekeeper's funny eyes. ®
------------------------------ CUT --------------------------------