Secure Freedom on the Net

After reading about the latest hack-attack on the State of Nevada’s (USA) general fund bank account and how “…conventional anti-virus and signature detection IT security software – as was used on the computer – is no longer enough.” [1], the following started to come to mind and they suddenly all added up.
I would like to point out here that the issue that anti-virus software and signature detection systems are not up to detecting malicious software is highlighted very often in the news, Blogs [2, 3, 4, 5, 6] and in the latest paper from Google’s Security Team[7]. If we relate these facts with the fact that Microsoft is limiting our power over the Operating System:

“The software is licensed, not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways.” – Microsoft Windows Vista Business License [8]

Eventually all these incidences, obviously, will just convince everyone that the Trusted Computing [9, 10] paradigm is a good idea and should be pushed forward.

In the end we will limit our freedom to run programs freely and we will have some non-profitable organisation tell us what programs are safe to run; in order to avoid cyber criminals from infecting our machines. It is a weird trade off. Then again the Internet was built for the free exchange of ideas and documents and that is being taken away too[11].

Partial solution:
‘Safely’ surf the internet through a Virtualisation solution provided by VMware: Browser Appliance Virus-safe Internet browser – http://www.vmware.com/vmtn/appliances/directory/browserapp.html

Also mentioned in a previous blog posting http://isrg.weblog.glam.ac.uk/posts/2005/12/14/vmware-and-secure-web-browsing

Links Used:

[1] Computer hackers take US city for $450,000 – http://www.net-security.org/secworld.php?id=5234

[2] The slow death of AV technology
http://www.theregister.co.uk/2007/06/08/death_of_av/

[3] Bots on your net? Look twice
http://www.networkworld.com/columnists/2007/060707edit.html

[4] Malware report on BankFake.F trojan, MSNHideOptions and Grogotix worms – http://www.net-security.org/virus_news.php?id=815

[5] Google acquires ‘sandbox’ technology for secure browsing
http://www.theregister.co.uk/2007/05/29/google_security_acquisition/

[6] Hackers load malware onto Mercury music award site
http://www.theregister.co.uk/2007/06/07/dreamhost_hack/

[7] The Ghost in the Browser Analysis of Web-based Malware, Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang, and Nagendra Modadugu, USENIX Workshop on Hot Topics in Understanding Botnets, April 2007. – http://www.usenix.org/events/hotbots07/tech/full_papers/provos/provos.pdf

[8] Microsoft Windows Vista Business License – http://www.microsoft.com/about/legal/useterms/default.aspx

[9] Trusted Computing (Wikipedia) – http://en.wikipedia.org/wiki/Trusted_computing

[10] Trusted Computing Group – https://www.trustedcomputinggroup.org/home

[11] Net censorship growing worldwide – http://www.theregister.co.uk/2007/05/18/net_censorship/

This entry was posted in Uncategorized. Bookmark the permalink.

3 Responses to Secure Freedom on the Net

  1. Mike says:

    All our freedoms are trade-offs. Why should the Internet be any
    different?

    Isn’t security always a matter of risk management not risk
    avoidance? Yet another trade-off.

    Sorry, but I dont think we can blame Microsoft here.

  2. Isaac says:

    Maybe if we began to Love Microsoft and their efforts to secure their applications / Operating systems ( believe me they have!)we wouldn’t be cynical at what they are doing.
    I think the whole issue of technology is a trade-off, it depends on which side you fall.
    I can appreciate your desire to be able to freely access code, and be able to freely use bits of it that you want, but at the end of the day, its MS’s right to be allowed the freedom to close areas of their code…:-), another trade-off

  3. Kosta Xynos says:

    You know, you are right. Microsoft has the right to lock/limit/restrict/license any part of its newer systems, as it wishes. The bad thing that Microsoft, unfortunately, does is push consumers (not excluding big organisations) to buy and use its newer systems over its older (and usually well tuned by now) ones. This is done in numerous ways and I do not mean the usual marketing way of introducing new features etc, but by not issuing new licenses for M.W. XP after January 2008 [1], by providing Direct X 10 only for M.W. Vista, by eliminating support (ok this will be seen in a few years), by providing a default installation of M.W. Vista on any new laptop, just to name a few.

    Have you tried M.W. Vista? When using this fancy graphical interface (Aero), with all its bells and whistles, the process in charge for this GUI is dwm.exe and the amount of memory it takes up is about 150MB (on my test machine; that is). Once I used the simple interface it dropped to 924KB.

    Have a think, is this really an Operating System you would be interested in buying if the market had more mature solutions.

    [1] Users force Dell to resurrect XP – http://news.bbc.co.uk/2/hi/technology/6575089.stm

Leave a Reply

Your email address will not be published. Required fields are marked *