[TCLUG] Secure Computing - The end of Linux?

Mon Dec 29 21:38:42 CST 2003

----- Original Message ----- 
From: "John T. Hoffoss" <hoff0438 at umn.edu>
To: "'TCLUG Mailing List'" <tclug-list at mn-linux.org>
Sent: Wednesday, December 24, 2003 11:39 AM
Subject: RE: [TCLUG] Secure Computing - The end of Linux?
<snip>
> To be a little more on topic, I guess I don't totally see how secure
> computing will endanger Linux. At the very least, I see SCO's FUD doing
> much greater harm in the long run than an extra chip on a motherboard.
> Perhaps I don't know enough though...
>
> /me goes to read up on secure computing
<snip>

I have a problem when the proposed standard hardware configuration will
*only* run software that has been signed by Microsoft, or a an authority
*recognized* by Microsoft.

Period.

This would imply that there would be some process where any software
written, say open source - including any OS such as Linux, has to be signed
before it will run on your computer. What I have read suggests that the
protection would be fairly comprehensive.  If the hardware protection is to
have any validity is should not be possible to make software that will
bypass security at home - or there would not be much point in having the
security in the first place.

The possibility for Microsoft mischief boggles the imagination. As it is
now, getting things signed is enough to drive a sane person around the bend.
Imagine having to do this for every compile you make. Ask anybody who has to
work with Verisign on a regular basis - does "Security set you free"?

Go a step further and imagine this mess intruding into every aspect of
program creation; every little home coder having to get permission from a
central body before their program will be allowed to run on the "standard"
computer. You see, if unauthorized software can be signed then we are right
back to where we are now; viruses can still be written and distributed. I
image that there would be some fairly restrictive policies put in place to
control who can be a developer - perhaps some sort of government licensing
or certification. Double plus ungood.

At the risk of repeating myself: Beware of the Secure Computing Initiative!

Mark Browne

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list