Full Disclosure mailing list archives
RE: Computer Sabotage by Microsoft
From: "Rainer Gerhards" <rgerhards () hq adiscon com>
Date: Fri, 12 Sep 2003 09:56:02 +0200
Besides the XBOX issue discussed in this thread, I think there is some more relevance to the security industry in it. While I still have the feeling that in this specific case Microsoft is operating in what I would call the "expected range", I would like to put this into a broader picture: Many say XBOX is the first try/pilot on TCPA, palladium or whatever your favouorite name is. The bottom line is that there is a movement to not let you own the hardware you purchased. I don't see any issue with XBOX in here, because you have the choice to purchase many other solutions without this "design defect". (In fact, I don't consider it to be smart to help make XBOX a commercial success if you dislike TCPA...). HOWEVER, now let's assume we have a Windows "XP" 2005 (Overlonghorn?;)) that implements TCPA. By design, now the VERY SAME should happen. That is you install an operating system which effectively denies you right to use your computer as you want to (ok, it can't stop you from smashing it...). Of course, there are alternatives to Windows on the desktop AND I think they will become more popular as the DRM/TCPA issue moves into the Windows products... BUT in this case I see a big difference. Then it is not an easy choice to avoid this operating system. Even if you manage to use some vuln in that OS that will help you circumvent TCPA, an security update could remove the vuln at any time of Microsoft's discretion. In fact, that alone is again what I would call to be in the "expected range", because a vuln in the security system must be targeted. The question is only if we like to hand over ownership of our machines to the software vendors. And thus it is indeed an interesting question if that can be done via an EULA. As of my understanding, it is much more likely to happen in the US, as the US law system grants you more freedom in what you can agree on in contracts. In Europe, there are many more things that you can NOT do in a contract and I assume may of these restrictions would fit in here (and I don't want to argue which law system is better ;)). The bottom line, I think, is that we must raise awareness on these issue not only in the infosec community but the general public. What I currently see is that Microsoft and other vendors slowly move towards DRM. So slowly, that customers do not really notice which rights they loose. It is well known that many small changes over some time period are often unnoticed while a big change would bring the vendor into trouble. Maybe the XBOX case, as weak as I see it, would make up a good sample... I would also applaud if someone of those being upset would actually try to bring it to court. Remeber, it doesn't help to complain with legal issues. It only helps to file a suit ;) [well, honestly, not in all the cases....] Rainer _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Re: Computer Sabotage by Microsoft, (continued)
- Re: Re: Computer Sabotage by Microsoft Blue Boar (Sep 11)
- Re: Computer Sabotage by Microsoft l8km7gr02 (Sep 11)
- Re: Computer Sabotage by Microsoft Helmut Springer (Sep 12)
- RE: Computer Sabotage by Microsoft Chris Wanstrath (Sep 12)
- RE: Computer Sabotage by Microsoft security snot (Sep 12)
- Re: Computer Sabotage by Microsoft l8km7gr02 (Sep 12)
- RE: Re: Computer Sabotage by Microsoft Andy Wood (Sep 12)
- Message not available
- Re: RE: Computer Sabotage by Microsoft Andreas Marx (Sep 12)
- Re: RE: Computer Sabotage by Microsoft Sebastian Niehaus (Sep 14)
- Re: Computer Sabotage by Microsoft Ansgar Wiechers (Sep 13)
- Re: Re: Computer Sabotage by Microsoft Gregory A. Gilliss (Sep 13)
- Re: Re: Computer Sabotage by Microsoft James A. Cox (Sep 13)