Francis Hwang on Sat, 1 Feb 2003 00:30:55 +0100 (CET) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: <nettime> anti-piracy goons considered harmful |
Far be it from me to ever defend Microsoft, like, ever, but I do have to take issue with this part of Mr. Ball's argument: >There is another reason for human rights organizations to eschew Windows: >verifiability. Whenever death squads make threats against a villager who >speaks with rights workers, those workers have a moral responsibility to be >sure their computers are secured with the best technology available. Lives >depend on it. There is no way to verify the security of Windows: the >software is secret. Indeed, Microsoft's latest license agreements give the >company the right to go into computers without their owners' permission (or >knowledge) to load software and retrieve "technicalg information at >Microsoft's sole discretion. A hostile government could probably exploit >these vulnerabilities, reaching through the Internet to break into a rights >worker's computer, never even setting foot in that person's office. > >The only way a human rights organization (or anybody else) can be sure >there are no back doors into its software is to have an expert remove all >parts of the program that allow remote access. Clearly, this verification >would require access to the source code. In practice, the need for >verification rules out not only Windows but also any other closed-source >system, including those on Macintoshes and on Palm handheld devices. There's no question that Microsoft products are generally much less secure than anything else, but being able to see the source code does you no good if you don't understand it. Computer security is a difficult, arcane endeavor. Any human rights organization -- either in a developing country or in the U.S. -- would be extremely lucky to get their hands on a hacker with the geek-fu to be capable of a code audit. Also, many security breaches don't actually occur because of software failures -- they occur because people aren't naturally as distrustful about this stuff as they should be. A really expensive security system does you no good if Bill picks "bill" as his password. Or, if you can call him up at home pretending to be somebody else, and ask for his password because you need to look at a file on his machine. That's a problem whether you're running Windows or Linux or BSD or whatever. Francis -- # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: [email protected] and "info nettime-l" in the msg body # archive: http://www.nettime.org contact: [email protected]