The Kill Switch Comes to the PC A feature common in phones will let Microsoft remotely disable malware
February 16, 2012, 7:30 PM EST
Janne Kytömäki, a Finnish software developer, was cruising Google’s (GOOG) Android Market for smartphone apps last year when he noticed something strange. Dozens of best-selling applications suddenly listed the same wrong publisher. It was as if Stephen King’s name had vanished from the covers of his books, replaced by an unknown author. Kytömäki realized the culprit was a piece of malware that was spreading quickly, and he posted his findings online.
Google responded swiftly. It flipped a little-known kill switch, reaching into more than 250,000 infected Android smartphones and forcibly removing the malicious code. “It was sort of unreal, watching something like that unfold,” says Kytömäki, who makes dice simulator apps. Kill switches are a standard part of most smartphones, tablets, and e-readers. Google, Apple (AAPL), and Amazon (AMZN) all have the ability to reach into devices to delete illicit content or edit code without users’ permission. It’s a powerful way to stop threats that spread quickly, but it’s also a privacy and security land mine.
With the rollout of the Windows 8 operating system expected later this year, millions of desktop and laptop PCs will get kill switches for the first time. Microsoft (MSFT) hasn’t spoken publicly about its reasons for including this capability in Windows 8 beyond a cryptic warning that it might be compelled to use it for legal or security reasons. The feature was publicized in a widely cited Computerworld article in December when Microsoft posted the terms of use for its new application store, a feature in Windows 8 that will allow users to download software from a Microsoft-controlled portal. Windows smartphones, like those of its competitors, have included kill switches for several years, though software deletion “is a last resort, and it’s uncommon,” says Todd Biggs, director of product management for Windows Phone Marketplace.
Microsoft declined to answer questions about the kill switch in Windows 8 other than to say it will only be able to remove or change applications downloaded through the new app store. Any software loaded from a flash drive, DVD, or directly from the Web will remain outside Microsoft’s control. Still, the kill switch is a tool that could help Microsoft prevent mass malware infections. “For most users, the ability to remotely remove apps is a good thing,” says Charlie Miller, a researcher with the security company Accuvant.
The history of kill switches on smartphones and e-readers suggests they’re double-edged swords for the companies that wield them. In 2009, Amazon reached into users’ Kindles to delete e-book copies of George Orwell’s 1984 and Animal Farm that had been sold by a publisher without the necessary rights. The ensuing backlash caused Amazon Chief Executive Officer Jeff Bezos to call the move “stupid, thoughtless, and painfully out of line with our principles.”
The reluctance of tech companies to set explicit policies for when they will and will not use kill switches contributes to the fear they’ll be abused. Civil rights and free speech advocates worry that tech companies could be pressured by governments to delete software or data for political reasons. “You have someone who has absolute control over my hard drive in ways I may have never anticipated or consented to,” says Eric Goldman, director of the High Tech Law Institute at Santa Clara University’s law school in California. “If they use that power wisely, they actually make my life better. We don’t know if they use the power wisely. In fact, we may never know when they use their power at all.”
Hiroshi Lockheimer, Google’s vice president of Android engineering, says the search company reserves the use of the kill switch for “really egregious, really obvious cases” of harmful content. Microsoft’s Biggs says the company has used the functionality in its smartphones only for “technical issues and content issues.” Apple declined to comment. Amazon did not respond to several messages.
Like many in his profession, Kevin Mahaffey, co-founder of the San Francisco startup Lookout, which makes security software for smartphones, expresses mixed emotions about the emergence of kill switches. “The remote removal tools are very much a response to the mistakes of the PC era,” he says. “Whether or not it’s an overcorrection, I think history will tell us. It can be done right, but we as an industry need to tread carefully. It’s easy to imagine several dystopian futures that can arise from this.”
One supporter is Janne Kytömäki, the Finn who discovered the Android malware outbreak. He says Google did the right thing by deleting the malware without users’ permission. “What was the alternative?” he says. “Leave those apps installed on 200,000 people’s mobiles? This is something that had to be done.”
The bottom line: Kill switches can improve computer security, but they worry privacy and free speech advocates.
Robertson is a reporter for Bloomberg News in San Francisco.
|
|
Avoid Microsoft's free demo downloads and any Beta versions of Windows 8. The reason is that when they come out with Windows 8, Microsoft WILL (and they'll give you advance warning) lock your entire PC and make it inaccessible UNLESS YOU PURCHASE WINDOWS 8! They did this with Windows 7...in about 6 months after Windows 7 was released, any pc's with the demo version froze and locked the user out.
Another caveat about ANY Windows operating system: Sit on your hands and DO NOT GET IT (if at all possible) UNTIL Microsoft has released Service Pack 1 (a.k.a. SP1). The many, many updates contained in SP1, are to fix errors in programming AND fix many of Window's 8's security holes. And early releases of any Windows operating system has a plethora of security holes.
Now, would you like to know a dirty little secret from a veteran of Silicon Valley's computer/software industry? (that's me). When Windows 7 was first being developed, the very first version they had (and this is waaayyy before the beta version) was the engine that they continually improved until it was ready for public release. And guess what Windows 8 is built from? It is built from the very first version of Windows 7. Thus, it's chock full of errors and security holes from the very outset.
A sane person would ask "Why??" Excellent question. In an industry as historically volatile as Computers, programmers learned long ago that if one wants to have a long career in that industry--and reach retirement--then one had damn well better make sure their services are always in demand. That's why Windows/PC based software companies ALL release programs loaded with errors and security holes--long term job survival, pure and simple. ~Peace~
|
|