Microsoft's New Plan For Keeping the Internet Safe 302
itwbennett writes "Microsoft Corporate Vice President for Trustworthy Computing Scott Charney used to think it was the responsibility of ISPs to keep hacked PCs off the Internet. Now, he says the burden should be on consumers. Speaking at the RSA Conference, Charney suggested that the solution may be for consumers to share trusted certificates about the health of their personal computer: 'The user remains in control. The user can say I don't want to pass a health certificate,' he said. 'There may be consequences for that decision, but you can do it.'"
The Burden Is On Consumers... (Score:2, Informative)
I agree completely with that part of things. The burden is on consumers (or citizens, as we used to be called). Don't buy Microsoft products and the Internet will be a much safer place.
What are they smoking? They sell the buggiest, shittiest, most useless (some people find it useful...I don't; the last time I tried to use MS Office I spent 15 minutes dicking around w/ the application just to set some bullet points, and decided that 15 minutes could have been better spent downloading and installing OpenOffice - their applications have all turned into overblown, unusable pieces of shit, just like the internals of their operating systems) products, practice all kinds of shady business just to spread their crapware, and then blame the average, non-technical person for how fucked-up their operating system is and how it makes computers unusable to a significant portion of the population.
Jesus. If I sold someone a car that had as many problems as a copy of Windows, I'd be sued - possibly even imprisoned. Someone would probably end up dead fairly quickly if I made a business out of it, and then I'd be up shit creek. But they can sell shitty software and then not be held accountable when it doesn't work? Yes, the world is that strange.
Re:Pathetic (Score:2, Informative)
>>>coming in virtual contact with your data to request that you prove that your data is sanitary.
Then you don't mind if I sit in my bankofamerica.com cubicle, and review the naked photos of your wife (or possibly daughter) that I just scraped off your/her machine?
Trusted Platform Module (Score:2, Informative)
ZDNet article (http://www.zdnet.com/blog/security/microsoft-continues-push-for-infected-computers-to-be-quarantined/8164) a little more informative.
Combining trusted software such as hypervisors and hardware elements such as a Trusted Platform Module (TPM) could further enable consumer devices to create robust health certificates and ensure the integrity of user information
You've never been laid, right? (Score:5, Informative)
The problem is that this isn't about "proving" that you're clean.
This is about proving that you have, in the past, purchased condoms (anti-virus).
And that you are currently wearing a condom (anti-virus is running).
NOT that you don't have a disease.
Or that you have any symptoms.
Or that anyone you've had sex with had a disease.
The BANKS are the ones that should be dealing with whether they can sanitize anything they receive from you (and anyone else) AND verify that it really is you initiating the transaction.
Sex is NOTHING like an on-line purchase. Try it and see.
Re:Pathetic (Score:4, Informative)
How about if banks hand out tokens? Mine does. I log on with a username\Password\token number that changes once every 30 seconds. So if the hacker has managed to get the https traffic unencrypted in record time, they only get 30 seconds to play.
The other feature is the "transfer money" feature requires re entry of the token number.
Re:Pathetic (Score:4, Informative)
Re:Pathetic (Score:4, Informative)
I love that they keep trying to bring this up. It's their Pinky and the Brain-style take over the world plan. The TCPA FAQ [cam.ac.uk], while somewhat old by now, is still relevant (and shows just how long they've been trying this).
Re:Pathetic (Score:5, Informative)
That simply means you need a "trusted" box to reply to the challenge. It doesn't have to be THE box. This sounds like something a Windows VM and some packet sniffing/injection could very easily defeat
Nope. The entire point of Trusted Computing is to make exactly that sort of thing impossible. It's impossible to virtualize the Trust chip unless you know the master keys locked inside the silicon. No amount of packet sniffing/injection will enable you to forge a Trusted communication. They are cryptographically signed by keys inside the chip. Trying to run a normal computer plus a second box to reply to challenges generally does you no good because everything gets encrypted or signed. The second box won't sign the stuff you need signed, and it won't decrypt what you need decrypted. The master keys are locked inside the silicon, and the lower level keys are generally encrypted before they leave the chip and only decrypted when they are loaded back into the Trust chip.
Trying to use a two-box setup would be extremely difficult and it wouldn't achieve much. Lets say your ISP wants a Trusted Health Check on your computer before giving you a connection. You use the Trust box to authenticate. During the authentication the ISP sends an encrypted internet session key. It is encrypted in such a way that it can only be decrypted by the Trust chip, INSIDE the Trust chip, using the a decryption key locked inside the Trust chip. You can't sniff the internet session key because it's been encrypted with the Trust chip's key, which you don't know. You now connect your "real" box and try to use your internet connection. Except now your ISP expects some or all of your outbound packets to have a validation code embedded. These validations codes can only be generated using the secret internet session key. You can't send packets because your "real" box doesn't know the internet session key needed to validate those packets, and your secondary Trust box refuses to validate them for you.
Do not underestimate Trusted Computing. I'm a programmer, I've read the 300+ page technical specification on this chip, I know DRM is impossible and the reasons it Always Fails. Trust me, software attacks are almost completely nullified. Any successful software attack is generally confined to temporarily exploiting localized bug affecting specific data belonging to that specific affected program, and they can FORCE down patches fixing the bug. It is essentially impossible to fundamentally defeat the system with any software attack. Only a hardware attack will truly defeat the system, and they are moving the Trust chip INSIDE THE CPU ITSELF. Not even the god of all modchips and motherboard hacks can do squat when the Trust chip is inside the CPU.
The only way to break the system is to literally rip open the CPU itself. That will indeed blow the Trust system wide ope, but then there's another problem. You have to be insanely careful never to allow them to detect that you have beaten the system and that you can do stuff you're not supposed to be able to do. Almost anything you do can be traced back to the the specific Trust identity code involved. If they ever detect you doing anything you shouldn't, then that identity code goes on a revocation list. You can still access the data you've already broken, but for all practical purposes that computer is dead. It can no longer access any new Trusted data, and all other Trusted devices will refuse to speak to it.
By revoking the hacked identity key they can make it cost you (up to) the price of an entire new computer, plus the difficulty of physically dissecting the new CPU chip to extract a new set of keys. You have to do this each and every time they catch anything anomalous relating to your cracked system.
And you're really screwed if you have to use your real identity during the Certificate Authority process required to enable a new chip. They may refuse to let you activate a new system, or they may send the feds to arrest you for violating the DMCA o