Comments on: Code signing licences? http://www.p2pnet.net/story/7828 p2pnet.net - reader powered Wed, 01 Feb 2012 15:11:09 -0300 http://wordpress.org/?v=2.8.4 hourly 1 By: Reader's Write http://www.p2pnet.net/story/7828/comment-page-1#comment-33633 Reader's Write Mon, 06 Feb 2006 20:18:01 +0000 #comment-33633 I think, as another poster pointed out that the first part of any "trusted computing" law should be an absolute mandate that the consumer has the right to overide it. It could be set up so that the consumer would set up a password, which would then have to be entered before installing any non certified software. I think as it is now, the real purpose of so called "trusted computing", is for software companies to gain Nazi like control over users computers. Mp3 not certified-won't play, CD not certified-won't run, video not certified-fuzzy screen. This is what you are going to wind up with, so called "trusted computing" will turn out to be a DRM nightmare. I can already see a market for "hacked" hardware, like they already have for DVD players that have macrovision disabled and allow you to set region codes. I think, as another poster pointed out that the first part of any “trusted computing” law should be an absolute mandate that the consumer has the right to overide it. It could be set up so that the consumer would set up a password, which would then have to be entered before installing any non certified software. I think as it is now, the real purpose of so called “trusted computing”, is for software companies to gain Nazi like control over users computers. Mp3 not certified-won’t play, CD not certified-won’t run, video not certified-fuzzy screen. This is what you are going to wind up with, so called “trusted computing” will turn out to be a DRM nightmare. I can already see a market for “hacked” hardware, like they already have for DVD players that have macrovision disabled and allow you to set region codes.

]]> By: Reader's Write http://www.p2pnet.net/story/7828/comment-page-1#comment-33596 Reader's Write Mon, 06 Feb 2006 05:20:58 +0000 #comment-33596 The proposal for licences to sign code would merely transfer the problem of trust, and abuse of power, from the OEMs (which would hold the ultimate keys under the "trusted computing" scheme) to the licenced organizations and businesses and the agencies giving out the licences. The power over what gets to run on *your* computer will always, inevitably be abused, to opress and exploit you, as long as it is held by anyone other than *you*. So the correct response to the "trusted computing" menace is laws saying (a) the owner of the hardware has sole authority over what signatures will be accepted for programs to run on his machine (b) the owner must be granted read and write access to all digital keys on the machine when he/she purchases it and (c) no ISP may deny access to anyone based on what software the person is using. Only by these provisions can the TC scheme be prevented from becoming a vast engine of censorship and DRM. More on TC: * Ross Anderson's "TCPA FAQ": http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html * Richard M. Stallman, "Can you trust your computer?": http://www.gnu.org/philosophy/can-you-trust.html -- jen_eric999 The proposal for licences to sign code would merely transfer the problem of trust, and abuse of power, from the OEMs (which would hold the ultimate keys under the “trusted computing” scheme) to the licenced organizations and businesses and the agencies giving out the licences. The power over what gets to run on *your* computer will always, inevitably be abused, to opress and exploit you, as long as it is held by anyone other than *you*.

So the correct response to the “trusted computing” menace is laws saying (a) the owner of the hardware has sole authority over what signatures will be accepted for programs to run on his machine (b) the owner must be granted read and write access to all digital keys on the machine when he/she purchases it and (c) no ISP may deny access to anyone based on what software the person is using.

Only by these provisions can the TC scheme be prevented from becoming a vast engine of censorship and DRM.

More on TC:

* Ross Anderson’s “TCPA FAQ”: http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html

* Richard M. Stallman, “Can you trust your computer?”: http://www.gnu.org/philosophy/can-you-trust.html

– jen_eric999

]]> By: Reader's Write http://www.p2pnet.net/story/7828/comment-page-1#comment-33556 Reader's Write Sun, 05 Feb 2006 18:58:22 +0000 #comment-33556 The problem with windows is it tries to tackle the problem once it's already happend. You run bloated anti-virus/anti-spyware/software firewalls all to detect malicous code already running. Thats simply patching the problems, it doesn't solve the root cause, and that ladies and gentlemen is where windows security breaks down. As long as code is free to inject/stub/modify startup run entries and a host of other root level operations, windows will never be secure. Linux on the otherhand has file level user permissions. Arbitrarily executing code can't add itself to boot or modify other software on the system. Permission elevation through in memory patching is also impossible. The problem with windows is it tries to tackle the problem once it’s already happend.

You run bloated anti-virus/anti-spyware/software firewalls all to detect malicous code already running. Thats simply patching the problems, it doesn’t solve the root cause, and that ladies and gentlemen is where windows security breaks down.

As long as code is free to inject/stub/modify startup run entries and a host of other root level operations, windows will never be secure.

Linux on the otherhand has file level user permissions. Arbitrarily executing code can’t add itself to boot or modify other software on the system. Permission elevation through in memory patching is also impossible.

]]>