October 10, 2003
- For the record...
[ posted by: R.I.P ]- Sorry for more poorly written rambling and less gaming... sigh.
- I've been reading over this recent announcement from Microsoft about "securing the perimeter", and I don't like it. Oh sure, on the surface the idea of blocking threats before the get onto the machine sounds great... One starts to think of some super firewall technology. But here's the reality of what we're going to end up with.
- Microsoft is moving toward full digital rights management across the board. The new Office has been announced with "voluntary" DRM features that you can enable to control when, how, and who views your documents... The goal here is to put termination marks on e-mail and documents so that they destroy themselves no matter where they are when the time comes. This can then be established as a "business rule" and when a court comes looking for last years e-mail... well, it doesn't exist anymore because all internal e-mail deletes itself after... oh 1 year? 90 days? 60 days? No more forgotten documents coming back to haunt you.
- Oh, and don't forget, we didn't give you rights to print, so there wasn't a hard copy either.
- This "voluntary" feature will soon be integrated across the entire MS product line in the next couple of years including all internet based applications (eg, IE). I would be willing to bet money that in 1-2 years, Microsoft is going to "revolutionize" the Internet with their new "security model" which will allow you to check mark a little box named something like "accept only secure Internet content". That will protect you from all viruses, worms and trojans.
- This little checkbox buried deep in the Internet Control Panel (or comparable interface), when checked will block all access to your PC from any data packet unless it has a "digital signature" of ownership/accountability. This little piece of data will be provided by your motherboard/network adapter through the Microsoft OS to every packet of data that you send out from your "secure server".
- So here is the first level of security... "accept all data from sources with a digital signature"... This is just for accountability reasons you know.
- Then the second level of security is... "accept only data from sources with a REGISTERED digital signature"... my emphasis on the word registered... ah, so what's that mean?
- Well, just like today you can get a Verisign certificate to sign data as authentic. Just how long do you think it's going to be before someone offers that service for a server's DRM motherboard signature, a web server, or a mail server/virus scanner configuration? Hm?
- Let's look at the facts, us Windows users who use 2000, XP and 2003 already have to face the scary warnings that pop up every time we try to install a driver that hasn't been "certified by Microsoft". What happens when the day comes that you get that warning on e-mails, or web sites?
- Some places (Roadrunner comes to mind) are already blocking mail servers and in some cases web servers that resolve to IP blocks owned by a ISPs since most ISPs don't allow daemons running on subscriber systems. The idea is if you're doing it, you must up to no good, or must be broadcasting viruses. Of course this doesn't take into consideration the hundreds or thousands of small businesses that do this legitimately such as us. Our DSL subscription is specifically limited to bandwidth. We have a fixed bandwidth cap and what we do with that connection is up to us. And for instance with Roadrunner, if we want to send e-mail to one of their subscribers I am going to have to file a written request along with a notice from my ISP specifically giving me authorization to send outbound e-mail from my IP address. So what happens I gets a support e-mail from a user who has purchased something but has a return address with one of these ISPs? Do we just ignore the customer? Do I spend hundreds or thousands of dollars extra in hosting fees to a co-lo provider to run our businesses. Or wait, I'm required to abandon the use of my domain name for my return address and send all my e-mail through my ISPs mail server using the account name I have with them @ their domain name. What a nightmare. What an added cost to do business, what a new barrier to entry... and it's only going to get worse.