Information security. |
Information freedom. | |
|
Flaws in Outlook, IIS, Microsoft SQL Server,
and the Windows DCOM service have exposed
millions of computers to increasingly serious virus outbreaks:
Melissa infected 150,000 hosts in 4 days in 1999 [1]. ILoveYou infected 500,000 hosts in 24 hours in 2000 [1]. Code Red infected 360,000 hosts in 14 hours in 2001 [1]. Sapphire infected 76,000 hosts in 10 minutes in January 2003 [2]. SoBig has now generated tens of millions of messages, becoming the worst e-mail virus in history [3]. The Melissa [4], ILoveYou [5, 6], and SoBig [7] viruses are all made possible only due to features Microsoft chose to incorporate into Word, Outlook, and Windows that give incoming documents the power to do anything they want to your computer when you try to view them. Microsoft has not announced any plans to fix this problem. Windows assists viruses in fooling the user by obscuring the extensions on file names. The .PIF and .SHS extensions are always hidden even if the user turns off the option to hide file extensions [8, 9]. (It was precisely this "feature" that the latest version of SoBig used to distribute itself.) Microsoft's Passport system, used by over 200 million people, contained security bugs that allow others to easily steal your personal information and credit card numbers within minutes of sending mail to your Hotmail account [10]. |
Microsoft's new security initiative, NGSCB,
will enable its software to encrypt documents in such a way
that they cannot be read by any other software or computer
[11].
(This would allow Word to hold your documents hostage.)
Microsoft's attestation feature in NGSCB will enable software and media providers to verify and require that you are running approved software [12]. (This will concentrate control of the software industry in the hands of a few players that maintain the lists of approved software.) Microsoft's Rights Management Services will require your computer to contact and notify a Windows rights server before opening any rights-controlled document [13, 14]. (This will enable and promote constant monitoring of your computer use, and impede employees from blowing the whistle on their companies' illegal practices.) Microsoft's Rights Management Services incorporate little or no support for fair use of information [15]. They will enable Microsoft to remotely disable non-Microsoft media players [16]. They will also enable Microsoft to remotely revoke your media content. Copyright holders would have to appeal to Microsoft to get content licenses revoked [16]. Microsoft's new security initiative, NGSCB, will not stop spam or viruses, according to Microsoft's own information about NGSCB [17]. |
NGSCB and Windows Rights Management are designed to enable your own computer to work against you. If widely deployed, they will concentrate power over the software and media industries, pushing them closer to monopoly control.
Microsoft says that you don't have to use these technologies. You always have the option to turn off NGSCB or to not use Windows Rights Management. This is true. You can choose not to use these things. But the choice will get harder and harder as the software is more widely adopted. For example, is it really possible for most people to "choose" not to use Microsoft Word? Only in a technical sense, perhaps.
So exercise your choice now by avoiding Microsoft products that contain NGSCB (also known as Palladium) and Windows Rights Management (and related Digital Rights Management schemes). Exercise your choice now by spreading the word about these technologies and dispelling the myth that they will make your computer any more secure.
Download the flyer and distribute it.