[NTLUG:Discuss] HIPPA compliance -vs- M$ - Simulating M$ responses
Steve Baker
sjbaker1 at airmail.net
Tue Jun 3 00:15:11 CDT 2003
Richard Geoffrion wrote:
> Has anyone here seen or heard of any product that can run on a proxy server
> or some iptables filter proccess that can strip or clean the data that is
> returned to Microsoft during Microsoft inquiries? (whatever it is they do)
I think the problem here is rather fundamental. M$ rely on this frequent
exchange of data with their customer's machines in order to quell the flood
of piracy of their software. If the details of the data exchanged were made
public - then it would be quite easy to fake M$'s returned data in some way
and circumvent the anti-piracy mechanisms.
Hence, you aren't likely to find this out by legal means. Since our pal the
DMCA means that figuring it out yourself is (probably) illegal, I don't see
any way to distinguish data that M$ demanded from something you might need
to strip.
In fact, there is no way to know that M$ themselves aren't demanding data of
all sorts from your machine - and that uncertainty isn't allowed under HIPPA.
I don't think you can be HIPPA compliant and run M$ OS's in a small-ish
organization. Period.
> I'd hate to just block ALL access to Microsoft.com....but I could do it.
But isn't it the case that modern Windoze machines check back with the Borg
collective on some kind of regular basis - and that there are 'consequences'
if they can't get through. We hear stories of laptops being unplugged from
their docking stations and taken offline - then when the OS is rebooted, it
sees a big change in hardware setup - so it tries to talk to M$ HQ and when
it fails, it assumes it's been pirated and comes up in some deliberately
crippled mode.
Blocking that traffic might well be a breach of your EULA on some of these
machines also. Aren't there clauses in the EULA now that require you
to allow M$ entry into your system for security update reasons? That
too would be a HIPPA issue because some future update could just as
easily start routing that handshake stuff to a different domain.
---------------------------- Steve Baker -------------------------
HomeEmail: <sjbaker1 at airmail.net> WorkEmail: <sjbaker at link.com>
HomePage : http://www.sjbaker.org
Projects : http://plib.sf.net http://tuxaqfh.sf.net
http://tuxkart.sf.net http://prettypoly.sf.net
-----BEGIN GEEK CODE BLOCK-----
GCS d-- s:+ a+ C++++$ UL+++$ P--- L++++$ E--- W+++ N o+ K? w--- !O M- V-- PS++ PE- Y-- PGP-- t+ 5 X R+++ tv b++ DI++ D G+ e++ h--(-) r+++ y++++
-----END GEEK CODE BLOCK-----
More information about the Discuss
mailing list