Microsoft is sending up a test balloon on a plan to 'quarantine' computers from accessing the Internet unless they produce a 'health certificate' to "ensure that software patches are applied, a firewall is installed and configured correctly, an antivirus program with current signatures is running, and the machine is not currently infected with known malware."
Apparently in a nod to the fact that on technical grounds this is effectively impossible, the representative goes on to say "Relevant legal frameworks would also be needed." as though that would make lawbreakers stop spoofing it. Existing malware already spoofs antivirus software to display current patches, in order to prevent itself from being uninstalled. It is hard to count the number of untestable and/or flat out wrong assumptions built into this idea, and harder still to enumerate all the ways it could go wrong. The article is available at: http://www.bbc.co.uk/news/technology-11483008 Bear --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com