Whistler to block unsigned code

Speaking at a London press conference earlier this month, Microsoft VP for IT Infrastructure and Hosting Jim Ewel announced that the upcoming Windows release known as "Whistler" will include a range of new security options, including one that will block any software lacking a valid digital signature. Though implemented in response to e-mail-attachment viruses like the Love Bug and Melissa, the new feature will extend to "every piece of code executing on the machine," Ewel told British reporters.

A Microsoft spokeswoman says that Ewel's announcement was consistent with security features in Windows 2000. "This is part of our overall commitment to security. ... Signed drivers and trusted applications are features found today in Windows 2000, and this capability will be supported in future versions of Windows," she says.

Fear Of Redmond's Reign

Microsoft has not yet laid out details of the new feature, however, and some analysts fear that it could increase the giant's power over Windows software developers.

Win2K currently recognizes two types of signed code. A "trusted application" is signed by the software publisher, allowing end users to determine its source and verify that it has not been altered or tampered with. Developers may purchase the cryptographic certificates used to create such a signature from Verisign Inc.--Microsoft has no say in determining who may receive such certificates or what software may be signed. Windows 2000 will not automatically warn or block users from using untrusted applications; end users must manually check applications to determine whether they have a valid signature.

Windows 2000 does, meanwhile, include an option that will automatically warn or block users from installing unsigned drivers--the software code that allows a computer to control hardware like printers. Developers wishing to have their drivers signed must submit them to Microsoft for testing, which maintains complete control over the signing process.

Internet consultant Richard M. Smith believes that the new feature could represent a significant advance in Microsoft's approach to security. "Security people have been suggesting that Microsoft do something like this for a long time. I think it could be a good thing, particularly when it comes to virus defense."

Jon Callas, director of engineering at Counterpane Internet Security, is not so confident. "I think IT managers will absolutely love this ... until it blocks a shareware tool they need," he says. "Then, all of the sudden, it's preventing work from getting done, and it gets turned off. My guess is that it won't last more than a few months in most shops."

Callas also is concerned about the impact of the new feature on software developers. "At best, small developers are going to have to go out and buy certificates--not a big deal for the big guys, but a significant cost for shareware developers and the like," he adds. "At worst, they are going to have to get Microsoft's official seal of approval, which could be a huge problem for software directly competing with Microsoft apps. This could be a whole, new antitrust issue."

Smith concedes that tight control over the signing process could be a problem.

"I seriously doubt Microsoft wants to look like it's exercising that much control over the Windows software market; this would almost certainly be done through the existing Verisign process. Something that looked like the driver signing process, though, could be different story. That could be a real mess."