Forgot your password?
typodupeerror
Microsoft Security IT

Microsoft's New Plan For Keeping the Internet Safe 302

Posted by timothy
from the new-metaphor-search-going-on dept.
itwbennett writes "Microsoft Corporate Vice President for Trustworthy Computing Scott Charney used to think it was the responsibility of ISPs to keep hacked PCs off the Internet. Now, he says the burden should be on consumers. Speaking at the RSA Conference, Charney suggested that the solution may be for consumers to share trusted certificates about the health of their personal computer: 'The user remains in control. The user can say I don't want to pass a health certificate,' he said. 'There may be consequences for that decision, but you can do it.'"
This discussion has been archived. No new comments can be posted.

Microsoft's New Plan For Keeping the Internet Safe

Comments Filter:
  • Pathetic (Score:5, Insightful)

    by ls671 (1122017) * on Tuesday February 15, 2011 @06:48PM (#35216158) Homepage

    From TFA:
    "A bank could ask customers to sign up for a program that would scan their PC for signs of infection during online sessions"

    hello ? privacy issues anybody ?

    So basically organizations that do business with consumers would be allowed to scan the consumer PC. Great idea...

    Next step, you have to allow the government, banks, Ebay, Paypal and what not to scan your PC otherwise they will refuse to do business with you. Since they may not have a linux or other OS scanners, you would be required to use Windows of course.

    This guys is a genuis !

    • by yincrash (854885)
      I think the it would have to be a third party company that the consumer and the bank would both need to trust. Like how we trust verisign to prove the identity of an https provider. I don't think it's a good solution, though.
      • Re:Pathetic (Score:5, Insightful)

        by x0ra (1249540) on Tuesday February 15, 2011 @07:03PM (#35216312)
        I do not trust Verisign.
        • by yincrash (854885)
          Do you remove it as a trusted root on your browsers?
      • Re:Pathetic (Score:5, Insightful)

        by causality (777677) on Tuesday February 15, 2011 @07:23PM (#35216478)

        I think the it would have to be a third party company that the consumer and the bank would both need to trust. Like how we trust verisign to prove the identity of an https provider.

        I don't think it's a good solution, though.

        There's another glaring problem with this idea. Those of us who study computer security and take steps to use our systems responsibly don't want to be burdened by all of these requirements intended for those who don't. I'm sorry that a few bad people defraud others of their money, but the minimum requirements for any proposed solution include not punishing those who are doing things correctly by imposing such intrusive measures.

        As far as banks are concerned, securing their own systems is all I would expect from them. As their customer, I really don't want my bank getting into the end-user computer security business and telling me how I should run my systems. I want them to stick with what they know. I also don't want to pay the higher fees and less favorable interest rates it would take to cover this expense. That's not even considering the support costs, as the users for whom this is really intended are the same ones who need the most handholding.

        If Microsoft really wants to do something helpful, they can stop marketing Windows as "the easiest thing ever!" to non-technical users. They can start being more realistic and up-front about the basic competency required to safely use a worldwide untrusted network. They can harden the Windows codebase and require that software be built with address randomization, non-executable pages, and other stack-smashing protections before it is allowed to use the little Windows certified logo. They could do a much better job of treating data from the network as untrusted and potentially malicious (the sandboxing they are beginning to implement for IE is a step in that direction).

        Hell, for that matter they could split the company up into separate corporations which make competing operating systems that all implement the Win32/64 API. Perhaps some of them could be based on *BSD like Mac OSX. Getting rid of the "write once, infect everywhere" Windows monoculture would be a decently effective way to limit the spread of malware.

        There are many options to be considered before we even think about universally intruding into everyone's PC and making this into a common practice that is somehow considered acceptable. Normally that's what the bad guys who write malware are trying to do. This is a terrible precedent. Not to mention that if average users get used to the idea of some company (that they don't get to audit) scanning their systems, what's to stop the organized criminals from just running their own scanning companies and collecting any financial data they find? This could change the nature of the attacks but has little or no hope of preventing attacks.

        • They can harden the Windows codebase and require that software be built with address randomization, non-executable pages, and other stack-smashing protections before it is allowed to use the little Windows certified logo.

          Shouldn't this be done via the kernel and OS support libraries?

          • by causality (777677)

            They can harden the Windows codebase and require that software be built with address randomization, non-executable pages, and other stack-smashing protections before it is allowed to use the little Windows certified logo.

            Shouldn't this be done via the kernel and OS support libraries?

            Yes, the way I worded that was sloppy of me. Still, for address randomization you'd have to compile the applications with position-independent (i.e. relocatable) code. So I should have said require that software built for Windows is compatible with such security measures. While they're at it, they can place canaries at the end of buffers like GCC's SSP to offer an additional layer of protection in userspace.

            Microsoft should take realistic, do-able steps like this to actually address its security problems

          • Why not have each computer replace some of the most important Windows API calls with a random string during installation? The software would work on the installed computer but a non-installed exe or dll that hasn't been 'mapped' to the specific computer's random list wouldn't run.
        • by rabbit994 (686936)

          You mean like ASLR which has been implemented in Windows 7 and DEP which is supported in Windows XP and beyond for certain system libraries and all x64 applications.

          Issue with Windows security isn't technical issues, it's trying to maintain compatibility and ease of use with compatibility being biggest hold up. I bet if they behaved like Mac and Linux did, doing the whole "I'm sorry your older program doesn't work with newest libraries, tough shit. Get program updated."

          At work, I'm still dealing with custom

          • Re:Pathetic (Score:4, Insightful)

            by Belial6 (794905) on Tuesday February 15, 2011 @10:11PM (#35217508)
            Wrong. Backward compatibility is a red herring. MS bought VirtualPC, so they have a PC emulator. MS could have very easily written Windows 7 with zero compatibility to any previous version, ported their VM to it, modified the UI so that appeared integrated (like VMWare's Unity) and included a copy of WinXP. This would have allowed MS to start with a completely clean slate security wise, while still keeping their OS 99.9% backwards compatible.

            MS obviously does not consider backward compatibility a defining feature for many users anyway. After all, XP mode is only available with the business versions of Windows 7. Most copies of Windows sold to consumers have copies of Windows that have specifically and intentionally left out a great deal of XP compatibility that MS is sitting on the code for.

            So, No. Backward compatibility has NOTHING to do with any security problems Windows may or may not have.
        • Re:Problem (Score:4, Interesting)

          by TaoPhoenix (980487) <TaoPhoenix@yahoo.com> on Wednesday February 16, 2011 @07:55AM (#35219890) Journal

          You're really on to something. Take it up a concept class.
          "Those of us who study (Airport) security and take steps to use our (Airport) systems responsibly don't want to be burdened by all of these requirements intended for those who don't. I'm sorry that a few bad people defraud others of their (Flight Safety), but the minimum requirements for any proposed solution include not punishing those who are doing things correctly by imposing such intrusive measures."

          One of the best descriptions of the TSA problem I've ever seen!

    • Re:Pathetic (Score:5, Insightful)

      by Homburg (213427) on Tuesday February 15, 2011 @06:57PM (#35216250) Homepage

      So, this guy wants to run a program on an untrusted machine, which will report back to a website on whether or not the machine should be trusted? Presumably he also thinks banks should employ people to stand at the front door and ask "are you a bankrobber?" rather than employing security guards.

      • Re:Pathetic (Score:5, Interesting)

        by Alsee (515537) on Tuesday February 15, 2011 @09:13PM (#35217200) Homepage

        "So, this guy wants to run a program on an untrusted machine, which will report back to a website on whether or not the machine should be trusted?"

        No, you're missing what they are actually proposing.

        They are proposing that everyone must have a Trust chip locking down their computer. This Trust chip is most commonly known as a Trusted Platform Module or TPM. The Trust chip contains a unique identity code (PubEK) that can be used to securely track your computer and your identity. The Trust chip contains a master key (PrivEK) to lock down identity control. You are FORBIDDEN to know your own master key locking down your identity. This key is REQUIRED to be securely locked down inside the chip to deny the owner knowledge or control of this key. The chip also contains a key (RSK) to lock down files on your computer. You are FORBIDDEN to know your own master storage key. This key is REQUIRED to be securely locked down inside the chip to deny the owner the ability to read or modify his own files, except as permitted by the Trust chip. The Trust chip also scans the software you run on your computer, and it does this for two purposes:
        (1) It spies on and logs the software running on your computer in order to send over the internet Trusted spy reports (Remote Attestation) telling other people exactly what hardware and software you are running. For example a website can ask for a Remote Attestation spy report to check if you're running any sort of Ad Blocker. If you have any sort of Ad Blocker, or if you're running an unapproved web browser, or if you are runing an unapproved operating system, or if you don't have a Trust chip, or if you refuse to send the spy report, then you are blocked from viewing the web pages.
        (2) It logs exactly what software you are running in order to DENY YOU THE ABILITY TO READ OR MODIFY YOUR OWN FILES unless you are running the exact unmodified software that is APPROVED for reading or modifying the files. For example the Trust chip can make it impossible to play music downloads unless you play them with the exact unmodified RIAA Approved DRM-enforcing music player. The Trust chip can also make it impossible to view streaming video unless you are running the exact unmodified MPAA Approved DRM-enforcing web browser. Other people can store and modify data on your computer, but it's impossible for you to read or modify that data except to outright delete it. Of course, deleting the files will cause stuff on your computer to stop working.

        This is the "Security System" Microsoft originally codenamed Palladium. This is the "Security System" the government has been talking about for the last several years to secure the National Information Infrastructure. This is the "Security System" that underlies the Trusted Identity System that the White House has been talking about for the last several years. This is the "Security System" that Microsoft has been promoting to secure corporate networks. This is the "Security System" that the copyright industries have been pushing to lock down music and video and book and websites and to enable a "rental" model for software.

        The subject of the article is that Microsoft is backing off on the idea of having ISP's DENY YOU INTERNET ACCESS unless you have a Trust chip and run an Approved operating system along with Mandatory Approved software to "secure" your computer. The argument is that this is a "Health Check", and that if you fail the "health Check" then you computer might be infected by a virus, and that it is appropriate for ISPs to shut off your internet access if you have an infected or vulnerable machine. See? Doesn't that sound wonderful? The system comes wrapped in a bright shiny box advertising it as a GOOD thing to protect you and everyone else on the internet against viruses.

        The article here is merely saying that Microsoft noticed that some people (like me) have been calling out this evil Trust chip plan, in particular pointing out the blatantly evil step of having ISPs deny you internet access if you resist. The ar

        • Please some one mod this informative.
        • Re:Pathetic (Score:4, Informative)

          by TheSpoom (715771) <slashdot@@@uberm00...net> on Tuesday February 15, 2011 @11:05PM (#35217780) Homepage Journal

          I love that they keep trying to bring this up. It's their Pinky and the Brain-style take over the world plan. The TCPA FAQ [cam.ac.uk], while somewhat old by now, is still relevant (and shows just how long they've been trying this).

    • by toastar (573882)
      I let Warden/VAC scan my system but I don't shouldn't trust my bank?
      • by Jim Hall (2985)

        Think of it this way: would you mind if a web site ran their own programs on your computer, before they let you use their site? Maybe that's your bank, that's one example. Maybe he wants this extended to the cloud, like Microsoft's Office365. Taken to the extreme, what if social networking sites (Facebook?) decide to do this?

        Charney's proposal to put the onus on the end user is going to get old really fast. And I see it causing more problems than it solves. If users have web sites running their "scan" sof

      • Maybe you shouldn't trust either.

    • by linatux (63153)

      ZDNet article (http://www.zdnet.com/blog/security/microsoft-continues-push-for-infected-computers-to-be-quarantined/8164) a little more informative.

      Combining trusted software such as hypervisors and hardware elements such as a Trusted Platform Module (TPM) could further enable consumer devices to create robust health certificates and ensure the integrity of user information

    • by MtHuurne (602934)

      From TFA:
      "A bank could ask customers to sign up for a program that would scan their PC for signs of infection during online sessions"

      I think "program" here means an initiative by the bank that a customer can optionally participate in, rather than an executable running on the customer's PC. It might be a port scan done from the bank's servers.

      Still I doubt this is actually useful: if these scans becomes common practice, malware can stay undetected by not responding or faking another protocol/application unless the contact is initiated in a particular way that only the malware control network can perform. For example a TCP connection would

      • Most malware don't open incoming ports, they connect to a C&C server (using IRC, IM or even Twitter).

    • I would like to see Banks hand out Live 'Nix CDs with their website loaded up in the browser when its booted into X. This option will make it brainless for most to use and there should be a better assurance that the computer doesn't have a "Virus" unless BIOS ones are still around. It would be much easier to implement then some new certificate system.

      • by hairyfeet (841228)

        Two problems with your scenario: 1.-You just cut out smartphones, netbooks/nettops, pads, and everything else that isn't an X86 PC with a CD player, and 2.-Almost no computer is set by default to boot CD first so you're gonna have to pay an army of support guys to walk all those grandmas through switching boot order, which for those with little PC experience would probably be about as daunting as diffusing a bomb.

        The problem with all the ideas I've read here so far is there is a huge gap between "real secur

      • Re:Pathetic (Score:4, Informative)

        by TENTH SHOW JAM (599239) on Tuesday February 15, 2011 @09:44PM (#35217378) Homepage

        How about if banks hand out tokens? Mine does. I log on with a username\Password\token number that changes once every 30 seconds. So if the hacker has managed to get the https traffic unencrypted in record time, they only get 30 seconds to play.

        The other feature is the "transfer money" feature requires re entry of the token number.

    • by stg (43177)

      The largest bank in Brazil has been doing this for years - with a small Java program that at least says it's checking your computer (and takes only a few seconds). I've never tried denying it, but I'm pretty sure you just can't access their online banking without allowing it to run.

      I have never heard of anyone complaining about it.

    • It should be easy to run the scan program in a virtual pc (that is clean), while the computer itself is infected/botnet/malware server. Also a good way to get linux boxes on the net past windows only scanners. Therefore this won't work. The only way to reliably check for infection is to monitor network traffic from outside. The ISP is the only place that is likely to work. Like it or not the only way to cut botnets and virus infestations is to hold ISP's legally liable in some manner. (or to have gove
    • I swear, this guy will do anything to get the spotlight off Microsoft, even if it means he has to turn off his brain while taking the Glen Beck approach to his outcry.

      Come on Microsoft, the problem is you. I see it every day in my shop. Stop blaming the customer.

      This Microsoft guy is so out of touch with the consumer.

    • Did that ever occur?

      It drives me nuts that every reply to every new product idea assumes:
      1) The product is seriously being worked on
      2) The product will be released to the public, and soon, and
      3) They'll be forced to use the product, as if some thug was holding a gun to their head

      In this case, Microsoft's not even likely at step 1, much less step 3. Frickin' relax, ok?

  • "Access has been refused as it seems you do not have an anti-virus. Why not try *insert highest paying AV company here* anti-virus 2011 for only £99 a year!"
  • by thomasdz (178114) on Tuesday February 15, 2011 @06:53PM (#35216214)

    Yeah, this will work real well on my old VAX that I use to surf the web using Lynx.

    • by e9th (652576) <e9th@NOSpaM.tupodex.com> on Tuesday February 15, 2011 @07:09PM (#35216370)
      I think that's the point. Unless you're running a "supported" OS that will cheerfully phone home with its patch/AV status, (like, oh I don't know, Windows), you're not to be trusted.
    • by Jim Hall (2985) on Tuesday February 15, 2011 @08:02PM (#35216752) Homepage

      That's an important point - Charney probably expects this to apply to Windows only, because that's all he sees. What about Linux? What about Mac?

      More importantly, what about iPads, or smartphones, or tablets, etc that are increasingly used to access the web? Will Charney's plan work for all these devices? Apple doesn't like third-party apps to execute on the iPad - so good luck getting this to work with iPads. And if all it takes to "bypass" the scan is to fake your browser's user agent string to that of an iPad Safari browser, this won't be very effective.

  • Naturally. (Score:5, Insightful)

    by damn_registrars (1103043) <damn.registrars@gmail.com> on Tuesday February 15, 2011 @06:54PM (#35216226) Homepage Journal
    The responsibility goes to the consumer, when Microsoft is assigning responsibility (blame). After all, the highly vulnerable operating system clearly has nothing to do with it, hence the company behind said vulnerable operating system shouldn't have any liability either.
    • by c0lo (1497653)

      The responsibility goes to the consumer,

      That's right...after all, it is the consumer that keeps using a vulnerable operating system. Same degree of responsibility as in paying a certain vendor for the use of a said vulnerable system (and possibly generating extra CO2 by running a crappy AV solution to protect that OS).

      • Any operating system where the user knows how to get themselves root access is vulnerable, because the fundamental problem exists between the chair and the keyboard. If EVERY ONE grew up using Linux, there would be millions of people who could be exploited by simple social engineering. "What, I need to sudo run this script in order to see the naked boobies my e-mail is promising me? OK..." - Heck - how many people currently running Ubuntu could be exploited by a website simply listing shell commands to solv
        • by c0lo (1497653)

          Given, it is easier to do explot Windows. But it is even easier to exploit stupid users than it is to exploit Windows.

          Right. At least, you don't need to pay for the OS and be exploited while running Ubuntu d:)

      • The responsibility goes to the consumer,

        That's right...after all, it is the consumer that keeps using a vulnerable operating system

        However, the consumer doesn't have a choice in the matter - or at least none that they are aware of. Most consumers buy their PCs at big box retailers, where Windows is the only option. They can't buy a PC with Linux on it, they can't buy a PC with DOS on it, nor can they buy a PC with no OS at all. They might be able to buy a Mac - depending on where they are shopping - but they might not be inclined to pay that much for a PC. Windows is sold as a working OS, but it is provided as something not quite

    • by DAldredge (2353)
      How is Vista or Windows 7 a "highly vulnerable operating system"?
      • If you squish trojans, viruses, and worms all together, then Windows is clearly more vulnerable than, say, OSX or Linux, which don't get viruses.

        (if you didn't catch it ... people tend to lump all Windows attacks together: plugins, social, and executables-that-you-download-and-run-yourself, and then compare it to "real" viruses on Linux; downloading an rpm or deb and installing it yourself "doesn't count")

        I don't know if the OP is stating that, he may have valid arguments for why Windows is still more insec

    • by causality (777677)

      The responsibility goes to the consumer, when Microsoft is assigning responsibility (blame). After all, the highly vulnerable operating system clearly has nothing to do with it, hence the company behind said vulnerable operating system shouldn't have any liability either.

      In a way they have a point. Those customers have created a market where those who make highly vulnerable operating systems are rewarded with literally billions of dollars and greater than 90% marketshare. It's a logical extension of this reality for Microsoft to assign responsibility as you describe.

    • It's pretty amazing how they've managed to get their customers to swallow the line that it's reasonable to be expected to pay a third party for "anti-virus" software to fix their errors and vulnerabilities.

  • I like how all of Microsoft's solutions to this Internet-wide problem assume that absolutely everybody is using their software. Honestly, half the problem would go away if everybody stopped using their software.

    • by gstoddart (321705)

      I like how all of Microsoft's solutions to this Internet-wide problem assume that absolutely everybody is using their software. Honestly, half the problem would go away if everybody stopped using their software.

      Yeah, that about sums it up ... Microsoft's "Trustworthy" computing has always been about locking the damn thing down so tightly you can't use it, relying on their own proprietary technologies so that everybody pays them, and pretending like it's not the security holes in their OS that is the root pr

    • When Microsoft talks about "security" they're talking about securing the property&rights of digital rights owners (BSA, MPAA, etc) from the untrustworthy users who licensed the software and DVD.

      It's not at all about keeping the computer user safe.

      It's about keeping data safe from the computer user.

    • by Jim Hall (2985)

      And that may happen if Charney's plan goes into effect on popular web sites. At least, I predict a sizeable community of Windows users leaving for other options.

      This concept will immediately raise the perceived TCO for running Windows. Maybe not in cost, but even "general" users will see the delays and effort required just to access basic services (the Web) from Windows. If my mom has to let her bank, or Facebook, or her Yahoo!Mail run their virus software on her computer before she can access her favorite

  • First he said he thought responsibility was one place, then he said it was supposed to be another. What will he say tomorrow? The position lacks credibility. Is this even newsworthy?
  • It is the consumer/user error. I do not like this new step they think is helping, but at least people besides us computer nerds are finally starting to fess up to the fact that most of the world sucks on computers
  • Website owners can probably make a pretty good first-guess at how compromised a system is, if it's running some obsolete and/or insecure web browser ( Firefox 3, IE 6, 7, 8, 9 :-) ). If it has a certificate where Microsoft digitally signed that the machine indeed has IE6, do you really gain that much?
  • The user remains in control. The user can say I don't want to run Microsoft's operating system. There may be consequences for that decision, but you can do it.

    • So let me get this straight...in order to buy or sell anything I need to bear the mark of Microsoft on my hardware...

  • I agree completely with that part of things. The burden is on consumers (or citizens, as we used to be called). Don't buy Microsoft products and the Internet will be a much safer place.

    What are they smoking? They sell the buggiest, shittiest, most useless (some people find it useful...I don't; the last time I tried to use MS Office I spent 15 minutes dicking around w/ the application just to set some bullet points, and decided that 15 minutes could have been better spent downloading and installing OpenOf

  • to needing a dedicated device for your online transactions. Something that is not subject to other applications running amok. Perhaps the next generation of credit cards will have touchscreens and wifi.
  • by Palestrina (715471) * on Tuesday February 15, 2011 @07:15PM (#35216418) Homepage

    If you require positive proof of system health then this will penalize every minority operating system or device that does not have the scanning software/certificate available for it yet. But aren't these minority systems the ones that are least risky, compared to the millions of zombie WinXP boxes?

    Sure, Microsoft systems will be supported by the bank (using the example given in the article) but what about everyone else (and I do mean everyone). Do we really want a presumption of "disconnect" or "limit"?

    • by VortexCortex (1117377) <VortexCortex@Nos ... t-retrograde.com> on Tuesday February 15, 2011 @09:04PM (#35217152)

      If you require positive proof of system health then this will penalize every minority operating system or device that does not have the scanning software/certificate available for it yet.

      I get your point, however, I must point out two things:
      1) Zero Day exploits occur frequently.
      2) An infected machine can obviously not be trusted.

      Infected machines especially can not be trusted to scan themselves and report on their state of infection. Suppose you run a completely different machine in order to check the validity of another. Could not the machine doing the scan also be infected? Would not the validation apparatus be required to have a signing key somewhere within it? Would not simply extracting such a key, and forging your own certificates also be an option?

      The only thing reliable about Windows security is that it has been, and will continue to be broken.

      Honestly, MS does not have a good track record when it comes to cryptographically signing the system & software in order to validate that the machine is genuine... WGA certified my Linux machine as "Genuine Microsoft Windows" [slashdot.org], this is odd to me because I entirely switched to Linux after suffering a WGA false positive [zdnet.com] (no, my hardware had not been changed / upgraded).

      TFA Assumes that MS can deliver a system capable of detecting insecurities -- Forgive me if I'm sceptical -- If so, would not Windows itself just do this and no longer be vulnerable at all?

      AV: Are there any viruses in this directory?
      Rootkit: Nope, I'm not in this directory.
      AV [to bank]: All clear!
      AV [to user]: Proceed to enter your banking credentials!

      TL;DR: If ( ( Linux || Rootkit ) == false_negative && MS_defective_spyware == false_positive ) { MS_Plan != Secure }

  • by hawguy (1600213) on Tuesday February 15, 2011 @07:16PM (#35216426)

    If they have a magic scanning technology that tells them if a machine is "safe", then why doesn't Microsoft just deploy that technology to everyone? When I managed a helpdesk, I saw many fully patched machines with updated antivirus machines still manage to become infected by Malware. I didn't know we were already past the age of Zero-day exploits

  • by nurb432 (527695) on Tuesday February 15, 2011 @07:32PM (#35216526) Homepage Journal

    Just like in the auto industry, if a car maker creates a car that is prone to wrecks, its not the drivers fault.

    Proper maintenance, is the responsibility of the user, not fundamental manufacturing flaws that create security problems.

  • by Odinlake (1057938) on Tuesday February 15, 2011 @07:38PM (#35216548)

    The user can say I don't want to pass a health certificate,' he said. 'There may be consequences for that decision, but you can do it.

    The user can say I don't want to run Windows. There may be consequences, but you can do it.

    There fixed that for you, M$.

    (Oh, did we forget to mention that that health certificate, de facto, requires you to run M$ Windows? That although there are Linux solutions around, 95% of ISPs don't support it?)

  • Anything like this 'trusted certificate' or 'health scanning app' will just become another attack vector.

    Microsoft should just build a new operating system from the ground up that is secure. If MS applied everything they should have learnt from all the security problems they have had over the last 20 years, they could probably make something quite good.

    Wouldn't this solve 95% of the problems with infected PC's? Of course that would require reinvesting some of the billions they make from selling their curren

  • ...getting tested for STDs as a condition of employment in a porn studio. Who hands out those certificates? Do you really want to trust them as you are getting ready to pull that train?

  • Not like it's a particularly "new" [microsoft.com] plan.. and oh look [wikipedia.org], it even has built in support for RADIUS.....
  • Hacked PC's are the fault of the OS vendor. Not the user, or the ISP.

    Blaming the user is like blaming the driver for their car's recall-worthy shoddy components.

    Blaming the ISP is like blaming the highway department for a car's recall-worthy shoddy components.

    Who does car recalls? The manufacturer, who usually passes on the cost of it to the vendors who provided the faulty parts (see Toyota and the Tacoma frame rusting). All the OEMs should pass on the cost of their support for Redmond's flawed OS's to..

  • Modified from this [craphound.com]:

    Your post advocates a

    ( X ) technical ( ) legislative ( ) market-based ( ) vigilante

    approach to computer security. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

    ( ) Spammers can easily use it to harvest email addresses
    ( X ) Remote access and other legitimate computer uses would be affected
    ( ) No one will be able to fi

  • 1-Force everyone, even the ones that had a secure OS, to buy and use the latest version of Windows
    2-Profit
    3 ...
    4 Who cares, we already got profit

"It's when they say 2 + 2 = 5 that I begin to argue." -- Eric Pepke

Working...