If any code signing mechanism that MS implement either

1. Only allows code signed off by MS to run.
2. Doesn't allow retro-active signing of existing code by existing code authors/owners/licence holders.
3. Doesn't permit machine owners to decide what code they can allow to run on their machines.

the software containing that mechanism will be deservedly still born.

As somebody else pointed out, whatever you think of MS, they aren't totally stupid.

If any code signing mechanism that MS implement either snip 3. Doesn't permit machine owners to decide what code they can allow to run on their machines. the software containing that mechanism will be deservedly still born

I'm not convinced of that; all it takes is marketing to create consumer acceptance, and Microsoft is a world leader in marketing.

Consider the average game console: they manufactuerer has certainly tried very hard to prevent anyone from running "unauthorized" software on those systems, and to a large degree, they've been successful.

The only reasons why the same sort of approach wouldn't work for a computer branded as a "workstation" rather than a "game console" are social rather than technical. If people can accept that game consoles only take software written by the manufactuer, they can probably be made to accept a similar idea for PCs as well.

Remember, Microsoft didn't make a fortune by being great at technology. They made a fortune, in part, by being great at marketing (and lots of other shady business practices, including antitrust violations). They've always been very good at manipulating social perceptions; their marketing for Windows 95 was so good that people who didn't even have computers were calling up the helplines asking how to use this great new product they'ld just purchased.

I'm not saying that Microsoft could pull it off; but if anyone can, it's them. Those guys could sell MS-Sand in the middle of a desert, and people would be lining up for miles around to buy it.

--
Ytrew

What convinces me that it wouldn't fly is that the main source of revenue for OSs are corporate customers. Corporates are mostly very conservative. If MS tell them that in order to upgrade their 1000s of workstations, they will also have to re-write every application they use; or apply in writing to MS (or any 3rd party body), to have their existing in-house and 3rd party applications 'signed off', the impact of the upgrade would just be too costly and too risky to contemplate.

Can you imagine every bank, government dept. etc., having to supply the source code of their proprietary and commercially sensitive applications to MS or some 3rd party clearing house organisation before they can run them? I'm very convinced that any such requirement would be death to the OS.

IMO, there would *have* to be some 'self-sign certification' option. Indeed, I would welcome a process that prevented an executable from running on my system until I had explicitly, manually, (with-no-possibility-for-programmable-override), authorised it. A minor inconvenience during the development cycle, but it would prevent the vast majority of viruses, trojans and spyware.

I essentially do this now for applications that attempt socket communications via my firewall. If it extended to all executables, that would be a good thing in my opinion--but only if *I* control what is allowed to run. And what not.

I agree that there are some worrying precedents for people accepting the diminution of there rights in consumer products--iPod is the latest, greatest, most worrying example--but I think that corporates are unlikely to surrender their rights quite so easily.

My take on DRM and similar technologies, and anything that purports to sell me something but then curtails my rights to use it as I see fit, is that I simply do not buy them. If everybody followed suit, they simply wouldn't get off the ground, but that is a forlorn hope in many areas of consumer products--game consoles, mp3 players, DVD players, mobile phones, ISP connections etc.

---

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

Lingua non convalesco, consenesco et abolesco. -- Rule 1 has a caveat! -- Who broke the cabal?

"Science is about questioning the status quo. Questioning authority".

In the absence of evidence, opinion is indistinguishable from prejudice.

Consider the average game console: they manufactuerer has certainly tried very hard to prevent anyone from running "unauthorized" software on those systems, and to a large degree, they've been successful.

I've never worked in a company that only ran "authorized" software on every machine. That is, every company I've ever worked for as an employee or a consultant has had at least one necessary application written by a third-party.

I don't know if any of that is true, either. But I'll say that Microsoft works for Microsoft, period. It does what's good for Microsoft, not what's good for its users, developers, or anyone else (as do most other big corporations - I'm not singling MS out for special treatment). So MS will do whatever it perceives to be in its best interests. If it thought it could keep the OS on the Internet, and force everyone to connect before being able to do anything (which, in fact, appears to be where it's trying to go), it will do it.

The upside of this is that, if enough people speak up, Microsoft can be influenced in its decisions as to what's best for it. If people let them know that they'll either not upgrade, or migrate to another platform, MS will do what it can to make those people just happy enough to stick with them.