Moving at the Speed of Creativity by Wesley Fryer

Required digital signatures bad for open source?

I listened to the “Blue Pill” episode of the Security Now! podcast on my drive back to Oklahoma this afternoon, and was interested to learn that Windows Vista may require digital signatures for all installed software. While this might initially sound good from a security standpoint, from an open source software standpoint this could be a nightmare. Of course, that could be part of Microsoft’s strategy– prevent users from utilizing fantastically powerful and FREE software solutions like The GIMP and OpenOffice (NeoOffice for Mac– thanks Cheryl) and instead continue to send more $$$ to Redmond and its partner software developers. Is that too conspiratorial a view? Probably not.

This article from January makes it sound like not all device drivers will require a digital signature, but most may. Personally, I’d rather not have to worry about this at all– but with Microsoft’s current dominance of the OS market I’m sure I’ll have to dabble more than a bit with arcane details like this. I am very enthused with developments in OS virtualization, however, and it looks like it will soon be practical for me to run a single operating system (Macintosh or Linux) and then run any variant of Windows I want within a protected virtualization window– at native processor speed. Very nice. Haven’t done this yet, but hope to soon.

The most immediately applicable tip from the podcast was a reference to the “No Scripts” plug-in for Firefox, which permits Windows FireFox users to selectively allow website scripts to run on their computer system. This may seem like overkill, but from a security standpoint the idea that websites can and do run a wide variety of scripts on your computer system when a user simply VIEWS a webpage is a big problem. Just ask avid MySpace Windows users. Some researchers are estimating that one in every 600 social networking profiles contain embedded malware that installs itself automatically on visitors’ systems without even asking permission! Yikes! “No Scripts” will likely diable (break) desired web content on many sites you visit, but you can selectively authorize them to run. Don’t authorize MySpace or other social networking sites, however! This security tip would be a good one to share with students as well, who may not realize how vulnerable their computer systems are to malware attacks just by visiting social networking sites.

If you enjoyed this post and found it useful, subscribe to Wes’ free newsletter. Check out Wes’ video tutorial library, “Playing with Media.” Information about more ways to learn with Dr. Wesley Fryer are available on wesfryer.com/after.

On this day..


Posted

in

,

by

Tags: