Questions About Unsigned Code on Microsoft's Whistler OS
Earlier today, we learned that Whistler, a new operating system under development at Microsoft, may be designed to provide users with the ability to stop any code that is not digitally signed from being executed. As it was described on Slashdot and ZDnet, this security scheme would not be granular, thereby appealing to users and IT managers who do not have the expertise to determine the appropriateness of unsigned code.
It may be a bit early to question the approach since we've seen nothing official, but, we thought we would make a couple of observations about the drawbacks to the design as it has been described in the press. Our primary concerns are with the impact this type of security mechanism would have on template-driven Web publishing environments and P2P applications that we have seen or understand to be under development at this time.
Template-Driven Web Publishing EnvironmentsAt CTDATA, we use the Slashcode Web Publishing system for a lot of our Web Site development and operations. The main distribution of Slashcode does not currently run under Windows NT or 2000 without substantial modification. The next release of Slashcode, code-named Bender, provides a great deal more flexibility with respect to target databases and would make a much better candidate for use on Windows.
Although it would be a relatively trivial process for a business that is part of the Slashcode development community (like CTDATA) to digitally sign each component of Slashcode that it has tested and is willing to support, a few esoteric issues would come up rather quickly:
- Is the ActiveState Perl distribution going to honor the user's wishes and only execute digitally signed Perl scripts?
- How will executable code that resides in BLOBs within the SQL database be addressed, since these code elements are loaded and executed by components of the Slashcode system?
These issues are exclusively of concern to Corporate IT people and consultants operating in this space. However, code-signing issues may affect a much larger swath of the PC using population, since:
- Whistler is designed to bridge the gap between Windows 2000 and ME,
- P2P applications may take off in either the corporate or home use market segments, and
- Corporations may be forced to impose greater security on the home PCs of people who telecommute, as a result of VPN exploits like those that have plagued Microsoft recently.