Microsoft Outlines Windows Phone 7 Kill Switch 258
nk497 writes "Microsoft has outlined how it might use the little publicized 'kill switch' in Windows Phone 7 handsets. 'We don't really talk about it publicly because the focus is on testing of apps to make sure they're okay, but in the rare event that we need to, we have the tools to take action,' said Todd Biggs, director of product management for Windows Phone Marketplace. According to Biggs, Microsoft's strict testing of apps when they are submitted for inclusion in Marketplace should minimize kill switch use, but he explained how the company could remove apps from the marketplace or phones, when devices check-in to the system. 'We could unpublish it from the catalog so that it was no longer available, but if it was very rogue then we could remove applications from handsets — we don't want things to go that far, but we could.'"
I'm not as bothered as I should be (Score:5, Interesting)
Buying a mobile phone is already such an exercise in trust, I have a hard time worrying about a remote app kill switch.
Imagery (Score:2, Interesting)
Re:hmm (Score:2, Interesting)
Indeed. Plus Apple have never used it yet but Google have. So who are the bad guys?
Google has used it because the Android app store is not strictly regulated for entry. Google takes down malicious apps AFTER they've been made available to the world. So their use of the kill switch is actually a good thing.
Re:Remember, kids... (Score:5, Interesting)
You could always root/jailbreak your android/iphone and disable the kill switch.
Re:Nokia (Score:3, Interesting)
No, Nokia does not have a Kill Switch. However, in the event of a rogue app infestation on their smart-phones, Nokia is capable of pushing an app to excavate the offending app before initiating a self-distruct. This is done with the users permission and discretion via the pre-installed Software Update app.
Re:Another reason to keep my Blackberry? (Score:4, Interesting)
except with RIM all of your data flows through the Blackberry Internet Service so all they have to do is block it there. at least with apple and google there is no middle proxy between the carrier and the internet
Re:We should applaud Microsoft for security (Score:3, Interesting)
Note, I'm not talking about a "Jailbreak" option, because that'll never happen. I'm talking about a "Disable Killswitch" option.
Re:Thanks for the warning. (Score:1, Interesting)
Don't forget, users also don't want to care about security. If people had a computer/device with no accessible admin root privs, an App Store that would slap down a word processor, Web browser, and maybe a version of Solitaire, there would be few complaints from the Joe Sixpack gallery, especially with an app store that is popular. If Apple or Microsoft managed security for them, if/when their machine gets nailed, they could blame someone else, not their own lack of interest in basic sanitation.
I fear desktop computing will go down these lines of mobile computing, just because Apple and Microsoft [1] don't want to be blamed for security issues that are not their problem, Joe Sixpack has absolutely zero interest in zipping up his fly in regards to computer security, and there is pressure for more OS based DRM from the big software houses (whose dream is making the desktop as locked down as the console.)
[1]: Ironic that I have never encountered a single security issue with malware on Windows Mobile 6.5 and earlier, even though that platform on touch screen devices is completely open by default.
Define: Very Rogue (Score:4, Interesting)
We could unpublish it from the catalog so that it was no longer available, but if it was very rogue then we could remove applications from handsets - we don't want things to go that far, but we could
I wonder whether "very rogue" is anything like when Windows Genuine Advantage was classified as a security update, and pushed out with the rest of the critical patches.
~Loyal
Re:Before people start in on MS..... (Score:2, Interesting)
I believe the Apple iPhone kill switch isn't that comprehensive to begin with. Firstly, the "kill switch" was located in CoreLocation, so any app not using GPS would be ineffective. It was designed more to deny GPS services to rogue applications than anything as location data is considered extremely sensitive and private.
Of course, there's probably another more general kill switch around, but Apple seems reluctant to use it. They could easily prevent jailbreaking this way using the kill switch.
But it is a good point - either Apple's screening process is foolproof (for nearly 300,000 times?), or they really haven't bothered at all - preferring to remove apps from the marketplace than to forcibly remove apps.
Reversal of intent (Score:3, Interesting)
maybe you should reconsider who or what's "gone wrong"
GPL - which is the license used by the Linux kernel and a good deal of the userspace (generally Busybox, Dropbear, etc. Sometimes GNU on more featured Linux Phone OSes) - was explicitely designed to make sure that the *END USER* *always* remain 100% in control of the software he has. (Can use it, copy it, study it, modify it, remix it, whatever) No matter what intermediate the software has gone through on its way to the user.
Kill switches are exactly designed in the opposite direction : No matter what, the application store owner (Google, Apple, Microsoft) has always the last word in deciding what is OK or not to run under their device.
That's objectively a contradiction between the original intent of the software, and the way the software is used. It's "gone wrong" no matter how many sheeple don't care.
(Expect a future GPLv4 to explicitely require that the end-user can override such killswitches.)
Sometimes the lone wolf everyone disagrees with isn't the revolutionary hero of legend he thinks he is.
Other times, the lone wolf is the only guy with enough foresight to pay attention to a tendency building up, that nobody else bother to notice until it's too late. And then what everybody complains about is only the consequence of their oversight.
(Ob xkcd [xkcd.com] ref)
(See the problems that IE6 and XP are causing now, even to microsoft themselves. Back then, people complaining about the risk of lock-in were probably considered silly crazy lone wolfs too)
Re:We should applaud Microsoft for security (Score:3, Interesting)
On the other hand, if you acknowledge that remote kill is sometimes necessary then 2, 3 and potentially 5 are counterproductive.
Presumably, the users installed and want the application in question because it is installed on their phone, and the negative effects are not noticable, or they would have uninstalled the application themselves. Think of reasons Microsoft might (legitimately) want to remote kill an application: Something that is stealing identities, violating privacy, etc; something that is causing harm, either to the handset itself, the networks it runs on or other hosts (botnet/DDOS style, intentional or otherwise). Honestly that's all I can think of. Even your example of PHI (which I had to look up by the way!) doesn't necessarily make sense, unless companies have their own killswitches or Microsoft plans on doing it on their behalf, and the kills can be device-targeted -- any of which might be true, but I didn't see evidence of it from the article. Ether way, if somebody is trying to kill an app with PHI on your phone it's probably because you are no longer employed there; it's not like you'd be in surgery with your patient and go to look up anesthesia allergies and find the information is no longer on your phone.
In either case I'm not sure "nahhh, I'll keep it" is a valid option. If you're harming somebody else, your opinion on whether or not to keep such an app is irrelevant. If you're harming your own hardware, the only reason I can see that you would keep it anyway is you don't believe it -- essentially punishing lack of technical expertise or naiveté ("I don't SEE my phone hardware melting..."). Similar with some sort of privacy-violating trojan. "This fart app is so cool that I don't care if it's trying to steal my bank login details!" isn't something I would consider valid. I mean, they would definitely DESERVE whatever happened to them but it isn't a case I would design the feature around.
#4 is similar to what they're doing, except that "sync" is "checks in automatically for updates" and thus not requiring user intervention. Any user intervention that is required simply brings us back of the points above.
Your concerns about security are valid and is something that definitely needs to be addressed in the feature planning stage, but I don't think it is an impossible problem to solve. Beyond that, if you don't trust Microsoft to only use the feature for valid reasons then you should probably buy a phone with another operating system.
Re:I'm not as bothered as I should be (Score:4, Interesting)
All those years of bitching about Windows and saying "This isn't normal!" and being right. At some undefinable point, the bizarre alien weirdness became old enough and accepted enough to pass as "normal." The facts changed underneath me.
Damn you, AC, for pointing that out. Another little part of me just died. Fuck you. Fuck you with a chainsaw, for being right.
[Deep breath] Ok, so Windows is [choke] ..
Nnn..
Nnnnn..
Fuck you.
Windows is nnnn
Fuck.
Windows is normal.
It's normal, like how dog shit sometimes appearing in the back hall of the house is normal, now that I've had this puppy for 8 months. It wasn't normal and then, one day, it was normal. Ok, I get it. You bastard. AC, did I mention "fuck you?" I just wanna make sure we're clear on this: fuck you for implying Windows is normal and being right. Probably right. Right under protest. Fuck you.)
So .. if that OS is that way (you know what I mean), even so: Windows users have the option of not installing (or removing if preloaded) AV software, don't they? Isn't the owner still ultimately empowered to take on the job of cleaning up their malware?
(I'm still in shock. Tomorrow we might have to fight about the N word applying to that OS. I gotta gather my wits here. If someone wants to step in and explain how that AC just tricked me, go for it,)