FITUG e.V.

Förderverein Informationstechnik und Gesellschaft

Microsoft Signed code: Security or censorship?

http://uk.news.yahoo.com/001127/15/aqa88.html


Monday November 27, 5:01 PM

Signed code: Security or censorship?

Depending on Microsoft's approach, code signing could not only secure the desktop, but the software giant's control over it as well

A push by Microsoft to secure each program that runs on its next- generation PC operating system could easily be used to tighten its control over software developers, warned security experts last week.

Several reports claimed that Microsoft plans to secure the code of its next-generation consumer operating system, codenamed Whistler, with digital signatures in an effort to prevent viruses and Trojan horses.

Known as code signing, the technique links a software developer's name with a program or Internet applet using digital signatures. The code cannot be changed without destroying the signature, giving users a way to link a company with a program. If something goes wrong, the user will know whom to blame.

Yet the technique could also give Microsoft a way to regulate the code that's allowed to run on the consumer desktop, said Bruce Schneier, chief technology officer of security service provider Counterpane Internet Security.

"It certainly consolidates power," he said.

While Schneier believes code signing, if done right -- "a big if", he said -- could better secure the desktop, the control over the issuance of digital signatures for software developers should be a concern.

[...]


Zurück