Microsoft 'Patch' Blocks Linux Installs On Locked-Down Windows RT Computers (fossbytes.com) 141
An anonymous Slashdot reader quotes a report from fossBytes:
Microsoft has released a security update that has patched a backdoor in Windows RT operating system [that] allowed users to install non-Redmond approved operating systems like Linux and Android on Windows RT tablets.
This vulnerability in ARM-powered, locked-down Windows devices was left by Redmond programmers during the development process. Exploiting this flaw, one was able to boot operating systems of his/her choice, including Android or GNU/Linux.
The Register points out that since Windows RT is "a dead-end operating system" which Microsoft has announced they'll stop developing, "mainstream support for Surface RT tablets runs out in 2017 and Windows RT 8.1 in 2018. This is why a means to bypass its boot mechanisms is highly sought."
The Register points out that since Windows RT is "a dead-end operating system" which Microsoft has announced they'll stop developing, "mainstream support for Surface RT tablets runs out in 2017 and Windows RT 8.1 in 2018. This is why a means to bypass its boot mechanisms is highly sought."
That's funny ... (Score:5, Funny)
... today I applied a patch to my credit card that blocks buying any locked down hardware from Microsoft. What a coincidence!
Re: (Score:2)
... today I applied a patch to my credit card that blocks buying any locked down hardware from Microsoft. What a coincidence!
Good thing too. It always amazes me when people who are supposed to be smart about technology buys a device for an unintended purposes and then cries when they can no longer use it that way. Everyone knew that Windows RT was meant to be locked down and at no time did Microsoft ever advertise that an alternative OS could be installed (Unlike Sony and the PS3).
An accidental/dev setting was left open and they closed it. Yes, it sucks for those who were using it this way. But hey, you knew that this could h
Confused (Score:1)
Why would anyone that knows how to install Linux on a tablet EVER buy a Microsoft tablet?
Re: (Score:3, Insightful)
I think it's because people like to re-purpose things. Reasonable hardware found in the bargain bin as companies dump unsupported tablets might be enticing to some. The real question is why MS would close off the bootloader when the hardware is EOL in a year or so? That's just cunty.
Re:Confused (Score:4, Insightful)
Re: (Score:3, Interesting)
How big of a security risk that poses to the user?
Let's be clear about this. It's not a remote exploit. It's not something "a hacker" could normally use. It might be useful as part of a blended remote attack (go in through somewhere else, take over system, write new system to disk), but there are plenty of other more dangerous vulnerabilities left to patch. Why do they choose this one?
This is only really a "security vulnerability" because it allows the person who paid for the device (consumer) to become the owner of the device (person with control). M
Re: Confused (Score:3)
Re:Confused (Score:5, Insightful)
Your entire starting point is wrong.
"Secure boot" isn't about security at all, it's an anti-competitive measure. Saying that this exploit is a security hole is like saying that any computer that doesn't run a locked down Windows installation or old enough to not have this "feature" is "insecure".
Bootkit deterrence that isn't anticompetitive (Score:2)
Say an OS publisher wants to add a feature to make installation of a boot-time rootkit, which runs the host OS in a virtual machine, obvious to a PC's user. How should this be achieved without appearing anticompetitive?
Re: (Score:2)
How should this be achieved without appearing anticompetitive?
Provide an On/Off switch to disable the feature. Either a physical DIP switch easily configured by the user by popping a cover, or a BIOS setting.
Re: (Score:2)
20 years of boot sector viruses would disagree with you.
Secure boot is most definitely about security. The problem is the implementation of it is locked down in an anti-competitive way. There should never be the ability for someone to control this. From the onset the ability to self-sign and install keys in the boot-loader should have been a must.
Re: (Score:1)
Boot sector viruses hasn't been a real problem since people stopped using floppies. But that's just a smokescreen.
The issue with "secure boot" is control, and it has always been. Looking at how this scheme is set up it fucking obvious, you have to be blind, deaf and helplessly retarded to think the "secure boot" scheme primarily ever really had anything with "security" to do. It's a scam, plain and simple. It's a devious scheme to appropriate the pc and turn it into a closed platform like a console.
Everythi
Re: (Score:2)
The issue with "secure boot" is control, and it has always been.
The manufacturer defines the level of control and in pretty much every instance the user is free to completely turn the feature off if they wish (is there any PC hardware that doesn't have this?). In fact for a time Microsoft even mandated that no PC could declare itself Windows Certified without the ability to turn it off.
It's a devious scheme to appropriate the pc and turn it into a closed platform like a console.
By who? The manufacturers are the ones that dictate whether it can be turned off or not, take Dell for instance - they sell their XPS [dell.com], Inspiron [dell.com] and Precision [dell.com] lines with Ubuntu as an optio
Re: Confused (Score:2)
Surgace tablet, I'm not sure why. Surface Pro, on the other hand, is pretty good hardware. I installed Debian on mine (Surface Pro 3).
Re: Confused (Score:5, Insightful)
The Surface was an attempt to imitate the business success of the iPad. The OS may be different, but the business model is a clone: Don't just sell the hardware, run the ecosystem as well. That way every sale becomes a continuing revenue stream. It's something that Microsoft wants desperately, because their revenue has always been tied to the upgrade process and customers are getting increasingly fed up of replacing their OS every three years - just look how long killing off XP took!
Re: (Score:2)
The end of the netbook (Score:2)
From about 2009 through mid-2012, 10" Linux laptops were available. But in late 2012, manufacturers discontinued 10" laptops [slashdot.org]. The commonly suggested workaround was to buy a tablet and a clip-on keyboard. At the time, the Surface Pro was three times the price of the 10" laptops it replaced.
(Nowadays the workaround is to buy a Chromebook, put it in developer mode, and make sure nobody else touches it so that it doesn't get accidentally factory restored.)
Re: (Score:2)
Sure they were ideal for a *very* small niche but for most people their workflow was better served by a tablet or an ultrabook.
When netbooks disappeared, Ultrabook laptops replaced them for thrice the price. Coincidence?
Art on pressure-sensitive screen (Score:2, Interesting)
A friend of mine bought a Surface Pro because it was the most suitable for art work, with the pressure-sensitive screen. This is slightly interesting because Apple has traditionally been the choice of graphic artists, and Apple is strong in tablets. But not tablets for graphic artists.
Re: (Score:1)
Re: Microsoft. Spyware. Garbage. Same. (Score:2)
actually. they were a highly socialist party.
part of the confusion in calling parties left/right wing.
is the us and uk use left/right wing to indicate how much a party targets its policies to looking after the lower classes (left) and upper classes (right).
and europe uses left/right wing to indicate how authoritarian parties are in implementing policies for the lower classes, since they mostly executed all the upper classes over the years.
Re: (Score:3)
Why do you think the Nazi party wasn't socialist?
Re: (Score:2)
Why do you think the Nazi party wasn't socialist?
The Nazi Party was an interesting mix. It had the word socialist in it's name, and no doubt. However it was actually fascist in nature. As opposed to the government owning business, it relied on corporatism. This is a very important distinction. The only people that do not believe that it was a far right wing movement are those that see the word "Socialist" ,and think Rush told me that socialists are liberal, so the Nasties were a liberal group."
Re: (Score:2)
It had the word socialist in it's name... However it was actually fascist in nature
Using the color of socialism to implement policies that secure power for a select few privileged individuals while dismantling the freedom of the rest of the population is not actually all that dissimilar to the actions of modern socialists...
So 21st century American corporatism is socialism? Who knew?
Re: (Score:2)
>
Political parties change over time.
Exactly, some of the worst racists in America were Democrats. These were people in the south who were still incensed over the great war of Northern Aggression. Known collectively as the "Dixiecrats", they held sway over many matters in the south, including racial segregation.
However, in the 60's, after the northern liberals desegregated the country, they were really pissed. Taking people who believe that the bible justifies slavery, and forcing them to share space with what they consider only 3/5ths of a
Re: (Score:2)
In the US, all tyranny is leftist; the govt' has control, and the people lose freedom..
I find by that definition, that the present day American Right wing is more leftist than the present day American left wing.
No M$ in MSNBC anymore (Score:3)
Microsoft no longer owns the Most Socialist Network on Basic Cable. It sold MSNBC TV to NBC in 2005 and MSNBC.com to NBC in 2012.
Re: (Score:3)
When using exploits becomes the only way to actually use a device that you paid for, something's really wrong. Mostly with your choice of devices.
Re: (Score:3)
As I recall, there's a sort of positive 'dead man's switch' in Qt, for example. The KDE project is heavily dependent on it and once Digia decided to sell the Qt project onwards, a clause to release all code under a FOSS license was included in the sale should the new owner go bankrupt or otherwise end the project. This gave the communities and companies currently using Qt a peace of mind.
Although it might sound a bit outlandish to suggest something like this to hardware, it might not be a bad idea at all! I
Yes... (Score:5, Insightful)
An exploit was being used for the install. They patched the exploit. If this is annoying to you, don't buy a system that you need to crack in order to install your chosen O/S.
Re:Yes... (Score:5, Interesting)
Re: (Score:1)
Rootkits.
Re: (Score:1, Insightful)
Because the same people would be howling about how Microsoft was keeping users unprotected by not patching a known security exploit.
Re: (Score:3, Insightful)
And *that* is a problem of their own making, since they, and apparently you, equate being able to install _anything_ other than the approved version of Windows as a "security-hole". Says more about you, Microsoft and whose "protection" you're concerned with, than the "risks" involved.
Re: (Score:2)
Microsoft thinks it makes them look bad. They also discount the system for marketing purposes and don't want people taking advantage. And because it's software and patchable, they can try to block this, something you can't really do with other products very easily (ie, the cue-cat).
Re: (Score:2, Insightful)
Re: (Score:1)
You are an idiot, and the reason the "PC" is dying.
It's not a security hole, it's not remotely exploitable, and in fact is no different than any old computer which actually let you install what ever system you wanted on it, rather than having it dictated to you by the manufacturer.
The only thing this patch "secures" is that the day Windows running on the device is no longer useful, nothing else gets on the device so it can continue to serve, but goes to the landfill/recycling centre.
Effectively what you're
Re: (Score:2)
Re: (Score:3)
That's the entire point of SecureBoot. A defense against root kits.
Then why isn't there a physical switch on the device to set it in a mode where the user can edit the list of operating systems that Secure Boot trusts?
Microsoft is not taking a feature away from you
Then what should the device be useful for once support runs out?
Re: (Score:2)
Re: (Score:2)
Then why isn't there a physical switch on the device to set it in a mode where the user can edit the list of operating systems that Secure Boot trusts?
You would have to ask the manufacturer, indeed this is certainly something any manufacturer of UEFI hardware could do.
Re: (Score:2)
Yes, but why bother to patch such an exploit in an OS that you've already killed off yourself? Why not open up the market to let people take advantage of the hardware rather than let it end up in the Landfill? The answer of course is, "because they're Microsoft, duh?", but what value did this add?
Because exploits are dangerous. I'm not saying that Microsoft should leave the abandoned hardware locked down to the point where it cannot be repurposed. But I am saying that you should not expect them to leave an exploit open for that reason. There should be a safe way to install a new OS without depending on an exploit. Now Surface RT tablets were always marketed as extremely locked down with a secure bootloader. If Microsoft chooses not to provide an unlock mechanism at EOL then that's a dick move.
Re: (Score:1)
Moral of the story - never trust any 'patch' from Microsoft...
Re: (Score:2)
Well, they sell it at a decent price. Because they sell a crappy operating system on it that can't really utilize all power of the hardware, so they lower the cost to match. Which means it can be in high demand by users who know how to crack it.
The patch should not matter much if you can buy a boxed system and put a new OS on it before the patch gets applied.
Re:Yes... (Score:4, Insightful)
Indeed. The first check when I do when I buy computing hardware something is whether I can install an OS of my choosing on it. For example, I will not even look at a phone that is hard or impossible to root, or a tablet or mainboard that does not allow me to switch "secure" boot off. When I buy it, it is _mine_ afterwards and a vendor that does not understand this is not going to make a sale to me, ever.
Re: (Score:2)
Real lawyers write in C++
That actually speaks volumes about the profession... And the language!
Why have I never heard of this? (Score:1)
Been looking for a solution for this for quite a while. Got two of these from work when they determined that they were dead end devices that we were not going to use. Now that I know it is there I can't seem to find the exploit. Search goes on.
It's just Microsoft being Microsoft (Score:5, Insightful)
It's just Microsoft being Microsoft, doing a typical dick move for no genuinely good reason.
"Oh dear, someone might be able to do something cool or useful with a product we're killing off? Fuck them."
Microsoft just can't help being dicks about stuff, no matter what it is.
Imagine the goodwill they could generate by just not being dicks at every goddamn opportunity, but nooooooo, we can't have that.
Re:It's just Microsoft being Microsoft (Score:4, Insightful)
Patching an exploit vector is now a bad thing?
Re: (Score:3)
Patching an exploit vector is now a bad thing?
Oh please, this wasn't done to "protect" anyone except Microsoft.
There aren't any reports of RT tablets being exploited in this manner that I can find, and the OS is a dead end as per Microsoft themselves. In 5 years there probably won't be a single one running anywhere in the world. But Microsoft found a way to screw anyone who wants to re-purpose the tablet AND they got to do it under the auspices of a "security patch", so it's a win-win for them.
Re: (Score:2)
Patching an exploit vector without giving the device's owner a way not to need the exploit vector is a bad thing.
Re: (Score:1)
Well. Glass windows are also an exploit vector. But most people would not like their landlord bricking them up.
Re: (Score:1)
How do you expect MS to sell their new POS if they can.t cripple the old one?
Re: (Score:3)
How do you expect MS to sell their new POS if they can.t cripple the old one?
Spot on. They know good and well that the hardware can keep operating for years.
Imagine if this idea takes hold in the auto industry? "Gee, the new car models came out, so my old model car got bricked by the manufacturer!" The only real difference is the amount of money involved.
This move by MS may just be class-action material, that is, if the US Department of (in)Justice and/or Congress/POTUS doesn't run interference for MS. Maybe MS can get some of that retroactive/ex post facto lawmaking goodness we've
Funny (Score:1)
Windows 10 (Score:1)
Re: (Score:1)
if it is a surface, all bets are off. remember that microsoft was the lead in pushing secure boot and uefi in order to curb piracy of their operating systems.
don't kid yourself, it was NOT to make a more 'secure' platform.. it's all about embedding your unique windows product key in the firmware (being able to lock the boot process to only microsoft-blessed code was icing on the cake). this allows them to lockdown each key to a specific motherboard. which for us meant an original 8.0 oem dell desktop won't
Re: (Score:1)
Yup, we are seeing and end to the open/modern computer. Everything moving forward is going to me more and more locked down and drivers harder to come by(for alternatives); presuming the system isn't locked down in the firmware(ugh).
I think now more than ever we are going to see people looking to jump ship, but with most Linux distributions being such bloated messes(relative to windows) and lack of various built-in wifi/bluetooth drivers(likely intels fault not sharing) in these laptop-tablet systems... It's
Re: (Score:1)
Just like sony... (Score:2, Insightful)
... with their "boot other" retroactively removed. Only, redmond never promised they'd offer. On the other hand, removing a way to blow new life into dead-end hardware still seems like kicking the customer when he's fallen and trying to get up. Next you know the same thing'll happen to peecees.
Tin foil hat time: Now we know why you can run "ubuntu apps" on windows. Once peecees are locked down the only way to run your fave linux software is if it's an "ubuntu app" and hey, you can run those under windows, r
Re: (Score:2)
... with their "boot other" retroactively removed. Only, redmond never promised they'd offer. On the other hand, removing a way to blow new life into dead-end hardware still seems like kicking the customer when he's fallen and trying to get up. Next you know the same thing'll happen to peecees.
Tin foil hat time: Now we know why you can run "ubuntu apps" on windows. Once peecees are locked down the only way to run your fave linux software is if it's an "ubuntu app" and hey, you can run those under windows, right? No need to install anything else, see? Or something to that slimy tune.
Don't buy locked-down anything, people. On principle. Tell your friends and family too.
It doesn't matter if they never promised to offer that feature, they did in fact offer it. So, removing it after the device has been purchased is a valid consumer complaint. Car analogy - car manufacturers don't promise the top speed one can drive their vehicles, but if they apply a software update that suddenly throttles the vehicle to a max speed of 70, people would rightly be upset, even if that is the legal speed limit.
Manufacturers warrant a product for a particular use, but that doesn't mean the purc
simple solution (Score:1)
A class action lawsuit, forcing MS to buy back these dead devices, all of them, at full retail. This would be the American way.
Re: (Score:2)
That will not work, Microsoft is protected by the DOJ. They have Government deals.
Sony was under that false impression, too.
Re: (Score:2)
If a particular statute provides no private right of action, the DOJ can control the courts by refusing to even open a case.
Re: (Score:2)
Unity is meant as a game engine.
Reflash back to factory ? (Score:2)
Re: (Score:2)
No, not many things use actual EEPROMs these days - they're expensive and not (easily) field reprogrammable - most devices use flash to store their initial OS "ROM" and subsequent updates simply reflashes new ROM image to the flash.
The Windows Subsystem for Linux (Score:3)
Does Windows RT have The Windows Subsystem for Linux (WSL)?
If so (and I assume not, but haven't looked) then you can run native Debian binaries right from CMD.EXE
Re: (Score:2)
Does Windows RT have The Windows Subsystem for Linux (WSL)?
No. Windows RT is a build based on Windows 8.1 for ARM architectures which has since been effectively abandoned. The WSL wasn't ported to Windows 8, and definitely not for Windows RT.
These tablets are a great example of Microsoft following the Samsung line of thinking. They aren't even able to upgrade to Windows 10 which is the only Windows version Microsoft has any interest in. They are a very good example of built in obsolescence depending on vendor support and a good reason to avoid not only Windows RT d
What do you care Microsoft you dumped RT (Score:1)
Not sure why Microsoft would even care at this point? Why block owners of these RT devices trying to install a OS that is still supported? I give Microsoft the benefit of doubt here and its possible the patch just had the side effect of doing this. Nobody should really expect a device to support anything people want to install on it. You want Android buy a Android device, you want Linux on something it's hit or miss if the device can support it. Kind of like installing a Chevy engine in a Ford. Neither comp
New Microsoft, Same as the Old Microsoft (Score:2)
âoeThis is an enormously important decision for Microsoft, allowing it to offer its well-known and trusted database to an expanded set of customersâ, said Al Gillen, group vice president, enterprise infrastructure, at IDC. âoeBy taking this key product to Linux Microsoft is proving its commitment to being a cross platform solution provider. This gives customers choice and reduces the concerns for lock-in. We would expect this will also accelerate the overall adoption of SQL Server.â
http://blogs.microsoft.com/blo... [microsoft.com]
Didn't Sony just lose a lawsuit over this? (Score:2)
Didn't Sony just lose a lawsuit over the same thing? Why would Microsoft think it could get away with it? Whether the "flaw" was intentional or not, if people purchased an RT tablet with that feature enabled so that they could install another OS, then removing that feature cripples it from the intended purpose. Furthermore, since support from Microsoft on the devices is about to expire, what would be the reason to do this other than to force consumers to upgrade to a new device? While that might be a val
Re: (Score:2)
I am going to use a hammer on my RT! (Score:1)
Re: (Score:3, Insightful)
It's this kind of infantile misunderstanding of security that will eventually be the undoing of technology. Purchasing of hardware is independent of security - if I own a device I have every right to do with it what I choose, even if that means installing DOS. The manufacturer is not obliged to PROVIDE that support, but every block they put in my WAY should be CRIMINAL. If you purchase a house, you have every right to remove whatever locks and security measures are placed there "for your security", and y
Re: (Score:2)
This is probably the legal situation in Europe. Unfortunately, we in the UK, have voted to be shoved right up the arse of the USA.
Re: (Score:1)
A secure but useless tablet is not something that most people want, especially when they (at least, in theory) own the hardware and (very rightfully) want to control it.
If they cared about their customers being able to do what they want to and being able to control the device, they would provide mechanisms to do just that independent of the exploit. Instead, they treat the hardware like they own it, and refuse you administrative access. This trend is very disturbing, since it essentially means they own th
Re: (Score:2)
Not really, since they sold hardware locked-down that they've already announced to no longer be supporting soonish. Meaning that they now are also slamming the door on third-party improvements and will, once support stops, leave you with an unfixable security risk.
This is exactly the argument that is persuasive to me, at least.
As it is, this smacks of what happened to all the PlaysForSure (not!) devices and vendors when MS abandoned THAT platform. Everyone was left with a bunch of USELESS tech, which was SUPPOSED to force those people into the (later also abandoned) Zune "ecosystem".
And we all know the end of THAT story...
Re: (Score:2)
Not really, since they sold hardware locked-down that they've already announced to no longer be supporting soonish. Meaning that they now are also slamming the door on third-party improvements and will, once support stops, leave you with an unfixable security risk.
Which is industry-standard these days. I'm not saying that's a good thing but it's exactly what you get from any iPhone or iPad that is out of support or any bootloader-locked Android device that is out of support or devices like the HP TouchPad or Palm Pre.
Re:This is like blocking software from rooting pho (Score:5, Insightful)
That is bullshit which has long since been discredited. In the real world, the only thing a locked-down boot-loader like this accomplishes is to restrict what the user can do, it does not protect against malware as there are numerous other vectors.
Re: (Score:1)
False. It protects against a very specific form of malware that is incidentally also very difficult to remove once it appears. We have a long history of malware affecting the boot processes before the OS even begins loading. The fact that Windows has more holes than a pasta strainer doesn't change that secure boot can eliminate an entire family of malware.
Re: (Score:2)
> It protects against a very specific form of malware
If the "malware" is considered to be "unsigned software accessing anything without permission by an upstream paid key holder", then yes. It becomes clear that the entire Trusted Computing stack is designed for DRM. Security against a few forms of attack is a consequence, not the purpose of the software.
Re: (Score:1)
And the answer is not buying a phone (or tablet) without root access.
Obviously that requires some research before buying, with questions such as:
-Does the device have a locked boot loader?
-If yes, can the customer unlock it? By an "officially" supported method?
Re: (Score:2)
And the answer is not buying a phone (or tablet) without root access.
Netbooks had root access because they were capable of running desktop operating systems. Netbooks disappeared in 2012, around the time Surface came out. Coincidence?
Re: (Score:1)
Re: (Score:2)
So, who is in charge of propaganda at MS these days?
Goebbels, of course.
Re: (Score:2)
The cost of disposing of e-waste distracts the public from PURCHASING and CONSUMING.