Outrage and Lies

I saw a video posted on John C. Dvorak’s site entitled “Log into Cars.gov and Turn Your Computer Over to Obama” yesterday. I didn’t think much of it but I see it’s making the rounds now so I thought I’d comment.

In the video Glenn Beck says when you visit the cars.gov web site provides a disclaimer stating that once on the site your computer becomes federal property. Once I saw this I headed over to the site to check it out and couldn’t find the said disclaimer. I figured the site owners probably removed it once this aired due to public outcry but I’ve since discovered it only applies to the dealer’s site. Here is the text of the disclaimer:

his application provides access to the DoT CARS system. When logged on to the CARS system, your computer is considered a Federal computer system and is the property of the United States Government. It is for authorized use only. Users (authorized or unauthorized) have no explicit or implicit expectation of privacy.

Any or all uses of this system and all files on this system may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to authorized CARS, DoT, and law enforcement personnel, as well as authorized officials of other agencies, both domestic and foreign. By using this system, the user consents to such interception, monitoring, recording, copying, auditing, inspection, and disclosure at the discretion CARS or the DoT personnel.

That is a pretty severe disclaimer. In essence it states that certain people have unrestricted access to your system and its files. I agree that this in itself is outrageous but further in the video is where the lies come in.

Mr. Beck goes on a tirade about the government having all sorts of evil software that can infect your system and turn it over to government control. Further he implies that if you go to that website the government will probably upload this software onto your system (at least that’s how I understood what he was saying). This of course if after a series of hysteric disclaimers saying people shouldn’t go to the website on their computer.

This is pure lies and hysteria. Let me sum it up in three words computer aren’t magic. A properly secured computer system will not allow remote entities to place software on the said system. The only way to place software on a system remotely is either through administrator tools which restrict access to system administrators (if properly setup) or through security holes. Many malicious software engineers use the later to upload things like worms, which are self replicating software packages that use vulnerabilities found in operating systems to install itself on un-patched systems. The key world there is un-patched. Once a security hole is discovered the operating system manufacturers are usually very quick to get out a patch which fixes the vulnerability. This is what Windows Update does and why Microsoft is so insistent that people either run it or set it to run and install patches automatically.

Furthermore most worms doesn’t come out until the patch has been released. This is because of two reasons. First most people don’t know about the vulnerabilities as security advisors who find them usually keep quiet until the patch is released. The second reason is most malicious hackers (there are good hackers to hence I’m designating the bad ones as malicious) take the patch and reverse engineer it to understand the exploit and then write their worm based off of that newly learned understanding.

But we’re dealing with the government which plays by different rules. Some people believe the government has backdoors in every operating system on the planet or at least in corporate backed operating systems such as Microsoft Windows and Apple Mac OS. Here again we have two points. the first is if they already have these back doors why the Hell would they tell you that your computer is federal property when visiting their dealer site as that would potentially tip people off that they have access to the machines files? But the second point is why would any corporation be willing to place those back doors in their systems?

First off people will say money. Their understanding is the companies will put in back doors for the government because the government is willing to pay them for it. This argument doesn’t hold water because no operating system is totally autonomous. There are security experts combing through modern operating systems, especially Microsoft Windows, looking for previously unknown means of compromising the system’s security. We are not talking about a couple experts but thousands. These people are paid by finding these vulnerabilities and reporting them to the operating system manufacturers and generally will release the details of the discovered exploit after a patch is released to increase their portfolio.

See a security expert whom hasn’t discovered anything isn’t much of an expert while one who has published exploits has some clout and hence is more likely to get a job. Now here is where money for the operating system producers comes in. With each security hole likely being published and certainly being eventually patched people get a feel for the number of security exploits that have been found in each operating system. People don’t want to trust a system they don’t feel is secure, which is why Microsoft has had such an issue getting more people to adopt or at least not dump Windows for secure systems. To this effect operating system producers have been putting tons of time and money into making their systems more secure and have done quite a good job of it.

Now with how little people trust Windows to be secure just imagine if people found out they placed a back door for the federal government in their system? This applies to all operating system producers but since Microsoft is the largest I’m using them as an example. I can guarantee that within minutes of this being discovered and announced (which it would be either via discovery or through a whistle blower at Microsoft) major companies would be hauling in their entire IT staff for an emergency meeting on how to deal with this security threat. The only conceivable outcome of that meeting would be to dump Windows for something more security and probably not corporately controlled such as Linux of FreeBSD. Microsoft would in essence lose thousands if not millions of Windows licensees within the period of time required to move critical systems over to another operating system. Hence it’s not in Microsoft’s, or any other company who produces an operating system’s, best interest to create a back door for anybody in their system.

I’m sorry for the extent of this post but people need to realize that computers aren’t magic. They are designed systems created for human use by mostly paranoid developers.

Now this doesn’t mean don’t be paranoid when using a computer and visiting a web site. There are plenty of exploits out there that can take control of systems, although fully patched systems are generally pretty safe. But don’t let people like Mr. Beck make you believe that your systems is going to be fully exploited and taken over by the federal government because you visiting a website. Honestly the government wouldn’t gain enough to justify the risk of it being revealed that they are breaking into citizens’ computers without any warrant or due process.

Further Research

A good write up about the disclaimer only applying to dealers and the ramifications of that.