Announcement

Collapse
No announcement yet.

Microsoft recommends an "Internet Health Certificate"

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Microsoft recommends an "Internet Health Certificate"

    http://www.bbc.co.uk/news/technology-11483008

    Virus-infected computers that pose a risk to other PCs should be blocked from the net, a senior researcher at software giant Microsoft suggests.
    ...
    "Commonly available cyber defences such as firewalls, antivirus and automatic updates for security patches can reduce risk, but they're not enough," wrote Mr Charney. "Despite our best efforts, many consumer computers are host to malware or are part of a botnet."

    His proposal, presented at the International Security Solutions Europe (ISSE) Conference in Berlin, Germany, is for all computers to have a "health certificate" to prove that it is uninfected before it connects to the net.

    "Although the conditions to be checked may change over time, current experience suggests that such health checks should ensure that software patches are applied, a firewall is installed and configured correctly, an antivirus program with current signatures is running, and the machine is not currently infected with known malware," he wrote in the accompanying paper.

    If the health certificate indicates a problem the computer could be prompted to download a missing patch or update its anti-virus settings.

    "If the problem is more serious (the machine is spewing out malicious packets), or if the user refuses to produce a health certificate in the first instance, other remedies such as throttling the bandwidth of the potentially infected device, might be appropriate."
    ....
    Networks can consist of a few hundred to a few thousand Windows machines. However, some can contain millions of PCs.
    Microsoft used the US taxpayer to finance the development of Win95. Now they want to make the world pay for their own security ineptitude.

    Like many of Microsoft's ideas, and all of their software, this one has a GIGANTIC HOLE -- the "Health Certificate" itself. It is a ponzi scheme designed to take the onus off of Microsoft and make everyone else, even if they don't use Windows, comply with such a scheme. Microsoft, on the top of the pyramid, benefits at the expense of the users, which are at the base. The ISP and other vendors are in the middle, insuring that all the good passes up and all the bad stays below. Microsoft socializes their security problems but their profits on their buggy software are NOT socialized. Security is no longer Microsoft's problem. Users are responsible for getting and keeping a "Health Certificate". Windows users have to develop and sustain their own security and when they fail, as they must because they can NOT create what Microsoft cannot deliver, they pay the costs. It is THEIR bank account which is plundered. It is their credit rating which is destroyed. It is their country's security and freedom which is compromised.

    EVEN IF the user has a "Health Certificate" no one, not even Microsoft or anyone else above the user in the ponzi pyramid can guarantee that the certificate itself is not bogus. Stuxnet was "authenticated" with TWO stolen security certificates.

    I have a 100% effective and much simpler solution -- forbid ANY computer running Windows to connect to the Internet or be a server on the Internet until Microsoft, AT ITS OWN EXPENSE, can demonstrate a product which is at least as secure as Linux, BSD or Mac, and deliver it free of charge to every current user of any version of Windows.
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    #2
    Re: Microsoft recommends an "Internet Health Certificate"

    Heh -- I'm getting a mental image of whore with a certificate of good health, and an invitation for some fun ......

    Comment


      #3
      Re: Microsoft recommends an "Internet Health Certificate"

      But just imagine if the world was mad enough to go with this scheme - he's not just talking about windows computers, he's simply talking about computers.

      Under his analysis, wouldn't Mac and Linux computers, be banned from connecting at all? There is no way that they could satisfy the criteria for a certificate that he has set out, so he's not thought this through (or maybe he has?).

      Comment


        #4
        Re: Microsoft recommends an "Internet Health Certificate"

        And I was thinking he was talking M$ out of business...
        Once your problem is solved please mark the topic of the first post as SOLVED so others know and can benefit from your experience! / FAQ

        Comment


          #5
          Re: Microsoft recommends an "Internet Health Certificate"

          GG you didn't put all the article here

          Here is the rest

          Graham Cluely, of security firm Sophos, said that some ISPs had previously throttled some users suspected of having infections.

          "They knock off users who look like they are sending large numbers of spam e-mails - an indication of being part of a botnet," he told BBC News.

          Whilst it solves the problem, he said, it can cause problems for computer users.

          "The challenge then is what the poor old user does," he said.

          "They can't get on the net to download fixes."

          He also said that there was a danger that many people would think that any message telling them that they had an infection on their machine was a scam.

          The approach is used around the world. In Japan, for example, more than 70 ISPs have formed the Cyber Clean Center, which contacts users and provides security software to prevent further infections.

          Other initiatives exist in France and Australia.

          Microsoft said that to make its plan work itwould need four steps, including defining a health computer, creating a trusted system for health certificates and finding a way for ISPs to process and act on them.

          Relevant legal frameworks would also be needed, it said.

          But Mr Cluley questioned whether Microsoft was best placed to recommend such security measures.

          "Microsoft doesn't have a faultless record when it comes to security," he said.

          "It has improved over the years, but every month they have to release a package of updates.


          "There may be some who would say that Microsoft shouldn't be on the internet until they get their own house in order."

          Comment


            #6
            Re: Microsoft recommends an "Internet Health Certificate"

            Ya, I saw that but I left something for the reader to find...

            I also forgot to mention that
            Scott Charney of the firm's Trustworthy Computing team.
            ...

            Wow! "Trustworthy Computing".. Browsing the Internet with Windows --- Oxymoron.

            It is also notable that the BBC isn't opening the article to user comments.
            "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
            – John F. Kennedy, February 26, 1962.

            Comment


              #7
              Re: Microsoft recommends an "Internet Health Certificate"

              I wouldn't completely say that it takes the onus off of Microsoft (although I agree with your attitude about the entire idea).

              Here's why:

              If I'm a Windows user, and I have all of the latest updates that Microsoft put out, and my antivirus/antispyware/firewall are installed, running, and updated, then I should be allowed to get on the Internet. Now, if Microsoft decides to wait for two years to release an update for a vulnerability and I get infected by a virus/trojan that is using it, then it makes Microsoft look bad.

              Why? Because I'm in complete compliance with their requirements for a "Health Certificate" and yet my computer was infected due to their vulnerability.

              So, the idea will backfire on Microsoft. Because they are the ones who said "You need a Health Certificate" and "In order to get the certificate, your computer must have all of the available updates for it [regardless of what Operating System you use (my opinion)]." When the infection spreads, which it will, Microsoft can't say "It's not our fault." because the user will have everything Microsoft offers them--and not the necessary updates to protect them against this vulnerability.

              In theory it may be a good idea--as long as the "Health Certificates" aren't something that can be faked, and as long as Microsoft or anyone with interests in Microsoft's success/failure are not in control of this. That means that if you do not have the latest security updates for your respective operating system, you can't get online (except to get those updates).

              Windows actually has a feature in some versions (Server 2003/2003R2/2008/2008R2 to be specific) that everyone should adopt. When you first install the operating system, and boot up, it does not allow you to get online completely. It opens a secure connection to Windows Update, and forces you to either a) get all available updates or b) cancel and use the Internet at your own risk (With a warning about the dangers).

              It's something that all versions of Windows, and all other operating systems should employ. After all, why would you want to surf the Internet with an operating system (regardless of which one it is) that isn't completely patched?

              Sorry for the long-winded post. These are just my opinions, and I'm sure that they are in the minority.

              Have a great day
              Patrick.

              Comment


                #8
                Re: Microsoft recommends an "Internet Health Certificate"

                Originally posted by The Liquidator
                Under his analysis, wouldn't Mac and Linux computers, be banned from connecting at all? There is no way that they could satisfy the criteria for a certificate that he has set out, so he's not thought this through (or maybe he has?).
                That was my first thought. Only Windows machines would be allowed on the internet. Which is the M$ intention.

                Comment


                  #9
                  Re: Microsoft recommends an "Internet Health Certificate"

                  Welcome to KubuntuForum, Patrick!
                  "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                  – John F. Kennedy, February 26, 1962.

                  Comment

                  Working...
                  X