Computer "health certificate" plan indistinguishable from Denial Of Service attack.

Ray Dillinger bear at
Wed Oct 6 14:13:36 EDT 2010

Microsoft is sending up a test balloon on a plan to 'quarantine' 
computers from accessing the Internet unless they produce a 'health
certificate'  to "ensure that software patches are applied, a firewall
is installed and configured correctly, an antivirus program with current
signatures is running, and the machine is not currently infected with
known malware."

Apparently in a nod to the fact that on technical grounds this is
effectively impossible, the representative goes on to say 

"Relevant legal frameworks would also be needed."

as though that would make lawbreakers stop spoofing it.  Existing 
malware already spoofs antivirus software to display current patches,
in order to prevent itself from being uninstalled.

It is hard to count the number of untestable and/or flat out wrong
assumptions built into this idea, and harder still to enumerate all the
ways it could go wrong.

The article is available at:


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list