[ISN] Preparing For The Digital Dark Age (Comments on Palladium)

From: InfoSec News (isnat_private)
Date: Mon Jun 24 2002 - 02:46:36 PDT

  • Next message: InfoSec News: "[ISN] Linux Advisory Watch - June 21st 2002"

    Fowarded from: Richard Forno <rfornoat_private>
    Preparing For The Digital Dark Age
    Richard F. Forno
    (c) 2002 - Permission granted to reproduce with appropriate credit.
    (Article with active URL links and references)
    Article #2002-08
    23 June 2002
    A recent MSNBC article by techno-pundit Steven Levy discusses
    Microsoft's plans for a new computer operating environment (code-named
    "Palladium") that links hardware, software, and data into a neat
    package that allegedly is more secure and convenient for users.
    Or, putting it in simpler terms, it's Microsoft's answer to fixing
    everything that's wrong with computing today.
    According to the article, "Palladium" is a hardware and software
    combination that will supposedly seal information from attackers,
    block viruses and worms, eliminate spam, and allow users to control
    their personal information even after it leaves their computer. It
    will also implement Digital Rights Management (DRM) for movies and
    music to "allow users to exercise ³fair use² rights of such products.
    "Palladium" will essentially create a proprietary computing
    environment where Microsoft is the trusted gatekeeper, guard,
    watchstander, and ruler of all it surveys, thus turning the majority
    of computing users into unwilling corporate serfs and subjects of the
    Redmond Regime.
    Isn't it ironic that the company responsible for nearly every major
    computer security problem, virus, and backdoor - thanks to its poor
    software development and testing among other factors -- is now
    heralding its ability to make everything better? One might sense this
    is a manufactured problem resulting from Microsoft's inability to
    develop effective software in the first place.  As is commonly known,
    the single most significant factor contributing to the dismal state of
    today's internet security is Microsoft's complacency, not because of
    hackers, crackers, and pirates. As I mentioned in an earlier article,
    we're vulnerable because Microsoft makes it so damn easy for the bad
    guys to cause mischief. (It's also a result of lazy or incompetent
    system administrators, poor network design, and clueless executives
    and congressfolk, but that's another essay.)
    Contrary to Levy's fear-mongering remarks and positive spin on the
    need for "Palladium" to protect us, the Internet is not all evil. In
    fact, the Internet is safer than many parts of our physical world. It
    does, however, represent an evolution in social control, something
    that evokes fear in the hearts of established entities of such control
    - corporations, media, and governments. Hence the desire to trump up
    any number of reasons - real or perceived - to beguile public and
    garner support for ways to maintain social control and profit margins.  
    This technical tool of social control follows on the heels of CBDTPA,
    TCPA, DMCA, and other such controversial legislative efforts.
    As such, Levy's article is full of several very sensational
    soundbytes, including one particularly fear-mongering paragraph:
    "An endless roster of security holes allows cyber-thieves to fill up
    their buffers with credit-card numbers and corporate secrets. Itıs
    easier to vandalize a Web site than to program a remote control.
    Entertainment moguls boil in their hot tubs as movies and music are
    swapped, gratis, on the Internet. Consumers fret about the loss of
    privacy. And computer viruses proliferate and mutate faster than they
    can be named."
    Vandalizing a website is most often not because of the skillset of the
    vandal, but rather a combination of poor system administration coupled
    with notoriously buggy, easily-exploitable website software such as
    Microsoft's Internet Information Server. From what I've seen over the
    years, you probably don't even need opposable thumbs to break into
    IIS. "Palladium" won't help here, but more competent system
    administrators and much more secure server software (such as Apache or
    WebStar) most certainly would.
    Regarding the potential of stealing credit cards numbers, you've got a
    greater chance of losing your wallet or purse walking around town than
    a cyber-thief stealing your credit card from a webserver. What people
    forget in the hype is that despite the immense pain-in-the-ass
    associated with canceling credit cards and re-authorizing charges on a
    new one, people are not responsible for losses over $50 provided they
    promptly report the loss to their credit card issuer. I've had my card
    stolen online, but I haven't run away in terror about the chances it
    could happen again. Again, "Palladium" won't be of benefit to me -- my
    credit card company already protects me and limits my liability.
    Perhaps the most sinister part of Microsoft's "Palladium" concept
    (something that Levy quickly glosses over) is that "Palladium wonıt
    run unauthorized programs, so viruses canıt trash protected parts of
    your system." True, Windows-based viruses do proliferate and mutate
    quickly, but it's because Microsoft products are so interlinked and
    poorly-configured that enables such incidents to occur. And while
    "Palladium" is certainly one way to deal with viruses on Windows
    systems, what Levy doesn't say is that such a 'feature' means that
    Microsoft alone could decide what software is 'authorized' to run on
    Windows under "Palladium" -- and thus impose a layer of software-based
    In short, under the feel-good guise of 'enhanced security' and 'new
    features for customers' and despite its being found guilty of being a
    monopoly, Microsoft still wants to rule all it surveys. "Palladium"
    can be interpreted as Microsoft's attempt to play God. Again.
    With the announcement of "Palladium" Microsoft competitors and
    independent programmers should be gearing up for another court case,
    as this concept reeks of Microsoft's historic anti-competitive tactics
    in the marketplace. Techno-savvy consumers should be very concerned
    that "Palladium" would mean their computers and information are no
    longer under their positive control but rather the omnipresent
    surveillance and enforcement of a third party more interested in
    making a profit than truly empowering their customers to think and act
    for themselves. The computer will essentially become an appliance and
    tool of control over its user, rather than a tool of innovation,
    communication, and enlightenment for its user.
    Given the pervasiveness of computers in modern global society, the
    worldwide social ramifications of "Palladium" are enormous. Consider
    the ability of one entity - in this case, Microsoft - dictating what
    "is" and "is not" deemed acceptable behavior or content (remember
    Smart Tags?) for computer users or - more exactly - Microsoft's
    business interests. If your behavior or actions are deemed
    'unacceptable' by such a third party, you could find yourself impotent
    on the global stage. So you better toe the party line and be a good
    little Windows user.
    Just as the catapult and crossbow were technological innovations
    leading to the Dark Ages in Europe, "Palladium" represents a modern
    'innovation' that could lead to a similar outcome today.  
    Unchallenged, this likely will result in a Digital Dark Age, a period
    of innovative stagnation where the majority of the world's computing
    population will become unwitting subjects and indentured servants to
    the profiteering desires of the new corporate ruling class with
    Microsoft as its enforcer.
    One wonders if "Palladium" error messages will include a
    computer-generated audio clip of Bill Gates patronizingly announcing,
    "I'm sorry <USERNAME>, I'm afraid I can't do that....?"
    The first step in any revolution is the seizure of the lines of
    communication to hinder the target population's ability to communicate
    and exchange information amongst themselves. "Palladium" has the
    ability to do just that, and convert the traditionally-open fabric of
    the modern computing environment into a closed, proprietary domain
    under the rule of Redmond.
    Under the "Palladium" concept - despite the marketing spin and hype -
    the danger is that you will be asked (though not directly) to pledge
    your abilities and servitude to Microsoft (and its poor track record
    of security and reliability) and thus unwittingly relinquishing your
    ability to remain an independent person in cyberspace. In essence,
    you'll go back to the future instead of forward to innovation and
    Personally, I prefer being the one in-charge of the relationship with
    my computer and not subordinate to it or its vendors. I also prefer
    Camelot over Redmond....which probably goes a long way explaining why
    I don't run Windows.
    (c) 2002 - Permission granted to reproduce with appropriate credit.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Jun 24 2002 - 05:27:35 PDT