Summary: A feature common in phones will let Microsoft remotely disable malware 

This doesn’t surprise me at all, people tend to forget that Microsoft is well in it’s rights to put something like that in, after all they own it not you, you paid a license to use, NOT own.  In reality, kill switches are nothing new, all recent versions of Windows OS’s have one built in, that’s why you have to activate your version of Windows.

Janne Kytömäki, a Finnish software developer, was cruising Google’s Android Market for smartphone apps last year when he noticed something strange. Dozens of best-selling applications suddenly listed the same wrong publisher. It was as if Stephen King’s name had vanished from the covers of his books, replaced by an unknown author. Kytömäki realized the culprit was a piece of malware that was spreading quickly, and he posted his findings online.

Google responded swiftly. It flipped a little-known kill switch, reaching into more than 250,000 infected Android smartphones and forcibly removing the malicious code. “It was sort of unreal, watching something like that unfold,” says Kytömäki, who makes dice simulator apps. Kill switches are a standard part of most smartphones, tablets, and e-readers. Google, Apple, and Amazon all have the ability to reach into devices to delete illicit content or edit code without users’ permission. It’s a powerful way to stop threats that spread quickly, but it’s also a privacy and security land mine.

With the rollout of the Windows 8 operating system expected later this year, millions of desktop and laptop PCs will get kill switches for the first time. Microsoft hasn’t spoken publicly about its reasons for including this capability in Windows 8 beyond a cryptic warning that it might be compelled to use it for legal or security reasons. The feature was publicized in a widely cited Computerworld article in December when Microsoft posted the terms of use for its new application store, a feature in Windows 8 that will allow users to download software from a Microsoft-controlled portal. Windows smartphones, like those of its competitors, have included kill switches for several years, though software deletion “is a last resort, and it’s uncommon,” says Todd Biggs, director of product management for Windows Phone Marketplace.

Microsoft declined to answer questions about the kill switch in Windows 8 other than to say it will only be able to remove or change applications downloaded through the new app store. Any software loaded from a flash drive, DVD, or directly from the Web will remain outside Microsoft’s control. Still, the kill switch is a tool that could help Microsoft prevent mass malware infections. “For most users, the ability to remotely remove apps is a good thing,” says Charlie Miller, a researcher with the security company Accuvant.

The history of kill switches on smartphones and e-readers suggests they’re double-edged swords for the companies that wield them. In 2009, Amazon reached into users’ Kindles to delete e-book copies of George Orwell’s 1984 and Animal Farm that had been sold by a publisher without the necessary rights. The ensuing backlash caused Amazon Chief Executive Officer Jeff Bezos to call the move “stupid, thoughtless, and painfully out of line with our principles.”

The reluctance of tech companies to set explicit policies for when they will and will not use kill switches contributes to the fear they’ll be abused. Civil rights and free speech advocates worry that tech companies could be pressured by governments to delete software or data for political reasons. “You have someone who has absolute control over my hard drive in ways I may have never anticipated or consented to,” says Eric Goldman, director of the High Tech Law Institute at Santa Clara University’s law school in California. “If they use that power wisely, they actually make my life better. We don’t know if they use the power wisely. In fact, we may never know when they use their power at all.”

Hiroshi Lockheimer, Google’s vice president of Android engineering, says the search company reserves the use of the kill switch for “really egregious, really obvious cases” of harmful content. Microsoft’s Biggs says the company has used the functionality in its smartphones only for “technical issues and content issues.” Apple declined to comment. Amazon did not respond to several messages.

Like many in his profession, Kevin Mahaffey, co-founder of the San Francisco startup Lookout, which makes security software for smartphones, expresses mixed emotions about the emergence of kill switches. “The remote removal tools are very much a response to the mistakes of the PC era,” he says. “Whether or not it’s an overcorrection, I think history will tell us. It can be done right, but we as an industry need to tread carefully. It’s easy to imagine several dystopian futures that can arise from this.”

One supporter is Janne Kytömäki, the Finn who discovered the Android malware outbreak. He says Google did the right thing by deleting the malware without users’ permission. “What was the alternative?” he says. “Leave those apps installed on 200,000 people’s mobiles? This is something that had to be done.”

Well, this feature for Windows 8 has to connect via a listening port, and once we know what port our systems are listening on for that system call, we can block access to it, besides Windows is just for games these days. Linux is where the future is, thank you Linus Torvalds.

One may ask, by what right do they have to monitor or do anything to your smart device without your consent.  This ability leaves the door open to them disabling a rival’s app or even hacking your phone for information as Microsoft used to do with online registrations before they were caught.  In that instance they scanned your computer, documents, programs, licences etc and sent a copy to their offices with your online registration.  Once you buy a smart device or computer no-one without a court order is legally entitled to access the contents of that device and especially from a remote country.

Truth be told, one never purchases Windows software to “own”, you pay for the right to use and you become a licensee by way of a access code/key.  Next time you click “accept”, take the time to read the 70-page document, otherwise know as the “End User License Aggreement”, you give up all rights to pretty much anything on the system. Hows that make you feel?

The bottom line: Kill switches can improve computer security, but they worry privacy and free speech advocates.

This entry was posted on Saturday, February 25th, 2012 at 20:19 by dsmith and is filed under Amazon, Android, Apple, Google, Malware, Microsoft, Smartphone, Windows, Windows 8. You can follow any responses to this entry through the RSS 2.0 feed.