http://www.bbc.co.uk/news/technology-11483008
	
		
Microsoft used the US taxpayer to finance the development of Win95. Now they want to make the world pay for their own security ineptitude.  
Like many of Microsoft's ideas, and all of their software, this one has a GIGANTIC HOLE -- the "Health Certificate" itself. It is a ponzi scheme designed to take the onus off of Microsoft and make everyone else, even if they don't use Windows, comply with such a scheme. Microsoft, on the top of the pyramid, benefits at the expense of the users, which are at the base. The ISP and other vendors are in the middle, insuring that all the good passes up and all the bad stays below. Microsoft socializes their security problems but their profits on their buggy software are NOT socialized. Security is no longer Microsoft's problem. Users are responsible for getting and keeping a "Health Certificate". Windows users have to develop and sustain their own security and when they fail, as they must because they can NOT create what Microsoft cannot deliver, they pay the costs. It is THEIR bank account which is plundered. It is their credit rating which is destroyed. It is their country's security and freedom which is compromised.
EVEN IF the user has a "Health Certificate" no one, not even Microsoft or anyone else above the user in the ponzi pyramid can guarantee that the certificate itself is not bogus. Stuxnet was "authenticated" with TWO stolen security certificates.
I have a 100% effective and much simpler solution -- forbid ANY computer running Windows to connect to the Internet or be a server on the Internet until Microsoft, AT ITS OWN EXPENSE, can demonstrate a product which is at least as secure as Linux, BSD or Mac, and deliver it free of charge to every current user of any version of Windows.
					
			
			
				Virus-infected computers that pose a risk to other PCs should be blocked from the net, a senior researcher at software giant Microsoft suggests. 
...
"Commonly available cyber defences such as firewalls, antivirus and automatic updates for security patches can reduce risk, but they're not enough," wrote Mr Charney. "Despite our best efforts, many consumer computers are host to malware or are part of a botnet."
His proposal, presented at the International Security Solutions Europe (ISSE) Conference in Berlin, Germany, is for all computers to have a "health certificate" to prove that it is uninfected before it connects to the net.
"Although the conditions to be checked may change over time, current experience suggests that such health checks should ensure that software patches are applied, a firewall is installed and configured correctly, an antivirus program with current signatures is running, and the machine is not currently infected with known malware," he wrote in the accompanying paper.
If the health certificate indicates a problem the computer could be prompted to download a missing patch or update its anti-virus settings.
"If the problem is more serious (the machine is spewing out malicious packets), or if the user refuses to produce a health certificate in the first instance, other remedies such as throttling the bandwidth of the potentially infected device, might be appropriate."
....
Networks can consist of a few hundred to a few thousand Windows machines. However, some can contain millions of PCs.
	...
"Commonly available cyber defences such as firewalls, antivirus and automatic updates for security patches can reduce risk, but they're not enough," wrote Mr Charney. "Despite our best efforts, many consumer computers are host to malware or are part of a botnet."
His proposal, presented at the International Security Solutions Europe (ISSE) Conference in Berlin, Germany, is for all computers to have a "health certificate" to prove that it is uninfected before it connects to the net.
"Although the conditions to be checked may change over time, current experience suggests that such health checks should ensure that software patches are applied, a firewall is installed and configured correctly, an antivirus program with current signatures is running, and the machine is not currently infected with known malware," he wrote in the accompanying paper.
If the health certificate indicates a problem the computer could be prompted to download a missing patch or update its anti-virus settings.
"If the problem is more serious (the machine is spewing out malicious packets), or if the user refuses to produce a health certificate in the first instance, other remedies such as throttling the bandwidth of the potentially infected device, might be appropriate."
....
Networks can consist of a few hundred to a few thousand Windows machines. However, some can contain millions of PCs.
Like many of Microsoft's ideas, and all of their software, this one has a GIGANTIC HOLE -- the "Health Certificate" itself. It is a ponzi scheme designed to take the onus off of Microsoft and make everyone else, even if they don't use Windows, comply with such a scheme. Microsoft, on the top of the pyramid, benefits at the expense of the users, which are at the base. The ISP and other vendors are in the middle, insuring that all the good passes up and all the bad stays below. Microsoft socializes their security problems but their profits on their buggy software are NOT socialized. Security is no longer Microsoft's problem. Users are responsible for getting and keeping a "Health Certificate". Windows users have to develop and sustain their own security and when they fail, as they must because they can NOT create what Microsoft cannot deliver, they pay the costs. It is THEIR bank account which is plundered. It is their credit rating which is destroyed. It is their country's security and freedom which is compromised.
EVEN IF the user has a "Health Certificate" no one, not even Microsoft or anyone else above the user in the ponzi pyramid can guarantee that the certificate itself is not bogus. Stuxnet was "authenticated" with TWO stolen security certificates.
I have a 100% effective and much simpler solution -- forbid ANY computer running Windows to connect to the Internet or be a server on the Internet until Microsoft, AT ITS OWN EXPENSE, can demonstrate a product which is at least as secure as Linux, BSD or Mac, and deliver it free of charge to every current user of any version of Windows.



 
							
						




Comment