Mood:
irritatedTopic: FORUM
Humildemente pienso que este ensayo reciente del guru de la seguridad, Bruce Schneier, puede resultar de utilidad para alguno que desee comprender porque ahora ademas de cuidarnos de los "hackers", tenemos que protegernos de algunas compan?as fabricantes de software.
Who Owns Your Computer?
Bruce Schneier
This essay originally appeared on Wired.com. (2006-05-04)
When technology serves its owners, it is liberating. When it is designed to serve others, over the owner's objection, it is oppressive. There's a battle raging on your computer right now -- one that pits you against worms and viruses, Trojans, spyware, automatic update features and digital rights management technologies. It's the battle to determine who owns your computer.
You own your computer, of course. You bought it. You paid for it. But how much control do you really have over what happens on your machine? Technically you might have bought the hardware and software, but you have less control over what it's doing behind the scenes.
Using the hacker sense of the term, your computer is "owned" by other people.
It used to be that only malicious hackers were trying to own your
computers. Whether through worms, viruses, Trojans or other means, they would try to install some kind of remote-control program onto your system. Then they'd use your computers to sniff passwords, make fraudulent bank transactions, send spam, initiate phishing attacks and so on. Estimates are that somewhere between hundreds of thousands and millions of computers are members of remotely controlled "bot" networks. Owned.
Now, things are not so simple. There are all sorts of interests vying for control of your computer. There are media companies that want to control what you can do with the music and videos they sell you.
There are companies that use software as a conduit to collect marketing information, deliver advertising or do whatever it is their real owners require. And there are software companies that are trying to make money by pleasing not only their customers, but other companies they ally themselves with. All these companies want to own your computer.
Some examples:
* Entertainment software: In October 2005, it emerged that Sony had
distributed a rootkit with several music CDs -- the same kind of
software that crackers use to own people's computers. This rootkit
secretly installed itself when the music CD was played on a computer. Its purpose was to prevent people from doing things with the music that Sony didn't approve of: It was a DRM system. If the exact same piece of software had been installed secretly by a hacker, this would have been an illegal act. But Sony believed that it had legitimate reasons for wanting to own its customers' machines.
* Antivirus: You might have expected your antivirus software to
detect Sony's rootkit. After all, that's why you bought it. But
initially, the security programs sold by Symantec and others did
not detect it, because Sony had asked them not to. You might
have thought that the software you bought was working for you, but you would have been wrong.
* Internet services: Hotmail allows you to blacklist certain e-mail
addresses, so that mail from them automatically goes into your spam trap. Have you ever tried blocking all that incessant marketing
e-mail from Microsoft? You can't.
* Application software: Internet Explorer users might have expected
the program to incorporate easy-to-use cookie handling and pop- up blockers. After all, other browsers do, and users have found them
useful in defending against Internet annoyances. But Microsoft isn't
just selling software to you; it sells Internet advertising as well.
It isn't in the company's best interest to offer users features that
would adversely affect its business partners.
* Spyware: Spyware is nothing but someone else trying to own your
computer. These programs eavesdrop on your behavior and report back to their real owners -- sometimes without your knowledge or consent -- about your behavior.
* Internet security: It recently came out that the firewall in
Microsoft Vista will ship with half its protections turned off.
Microsoft claims that large enterprise users demanded this default
configuration, but that makes no sense. It's far more likely that
Microsoft just doesn't want adware -- and DRM spyware -blocked
by default.
* Update: Automatic update features are another way software
companies try to own your computer. While they can be useful for
improving security, they also require you to trust your software
vendor not to disable your computer for nonpayment, breach of
contract or other presumed infractions.
Adware, software-as-a-service and Google Desktop search are all examples of some other company trying to own your computer. And Trusted Computing will only make the problem worse.
There is an inherent insecurity to technologies that try to own people's computers: They allow individuals other than the computers' legitimate owners to enforce policy on those machines. These systems invite attackers to assume the role of the third party and turn a user's device against him.
Remember the Sony story: The most insecure feature in that DRM system was a cloaking mechanism that gave the rootkit control over whether you could see it executing or spot its files on your hard disk. By taking ownership away from you, it reduced your security.
If left to grow, these external control systems will fundamentally
change your relationship with your computer. They will make your
computer much less useful by letting corporations limit what you can do with it. They will make your computer much less reliable because you will no longer have control of what is running on your machine, what it does, and how the various software components interact. At the extreme, they will transform your computer into a glorified boob tube.
You can fight back against this trend by only using software that
respects your boundaries. Boycott companies that don't honestly serve their customers, that don't disclose their alliances, that treat
users like marketing assets. Use open-source software -- software
created and owned by users, with no hidden agendas, no secret
alliances and no back-room marketing deals.
Just because computers were a liberating force in the past doesn't
mean they will be in the future. There is enormous political and
economic power behind the idea that you shouldn't truly own your
computer or your software, despite having paid for it.
Posted by askain
at 6:48 PM ADT
