Microsoft Taking Aggressive Steps Against Linux On ARM 675
New submitter Microlith writes "Microsoft has updated their WHQL certification requirements for Windows 8, and placed specific restrictions on ARM platforms that will make it impossible to install non-Microsoft operating systems on ARM devices, and make it impossible to turn off or customize such security. Choice quotes from the certification include from page 116, section 20: 'On an ARM system, it is forbidden to enable Custom Mode. Only Standard Mode may be enabled' — which prevents users from customizing their security, and in section 21: 'Disabling Secure MUST NOT be possible on ARM systems' to prevent you from booting any other OSes."
Sounds anti-competitve to me (Score:4, Insightful)
As much as i hate to say it, time to get the Feds involved, again.
Forget piddly sanctions, or even a "breakup". Shut them down once and for all.
Re:Sounds anti-competitve to me (Score:5, Insightful)
As much as i hate to say it, time to get the Feds involved, again.
Forget piddly sanctions, or even a "breakup". Shut them down once and for all.
If true....
I haven't had a chance to check the story fully yet - I read the MS pdf - but it doesn't actually say those measure will be applied to all devices. Being able to lock it, and locking it by default are not the same thing.
I suspect the story is true, and that MS will pull a security excuse - they've already managed to convince a lot of people that the internet is the OS, and that Google has the monopoly. And I've never seen any changes in the traditional MS approach to doing business - still no set price for their products and underhand incentives (and disincentives). Maybe if they pull the Sony/Apple appliance excuse the regulators (many of whom MS have hired since their last slap on the wrist) will look the other way.
As the Chinese would say "we live in interesting times".
Re:Sounds anti-competitve to me (Score:4, Insightful)
Apple/iOS too? Android manufacturers that still lock down their devices too?
I don't disagree with the idea that people should buy hardware and be able to install whatever the hell they want, but let's be fair here, this isn't something unique what Microsoft is doing here.. If there is going to be some sort of involvement by the government, I'd prefer for there to just be a general law where hardware should not restrict what kind of user-facing software is allowed to run on it, rather than targeting specific companies for being anti-competitive - which I think should only ever be done in the case of monopolies, which doesn't really apply to Microsoft in the mobile marketspace.
Re:Sounds anti-competitve to me (Score:4, Informative)
First off, show me the Tablet Monopoly that Microsoft Has. If Microsoft managed to increase their tablet market share 5 times more than it currently has, it still would be in the single digits.
Second, I don't see any reason why an OEM couldn't just release the same tablet with Android preinstalled instead of Windows 8. In fact, It would be severely stupid not to do it, especially since many of the Win8 tablet price rumors I've seen are at price points that are equal or more expensive than their better positioned and more established Tablet OS equivalents. The Touchpad Fire sale and the Amazon Kindle proved that people do not want to spend a ton of money on a tablet and people will just buy an iPad if your tablet comes close or is higher than Apple's price. If Windows 8 tablets violate both of these rules (which I can almost guarantee will happen). You won't need the feds to step in to stop a windows tablet monopoly from happening, Customer wallet's will do just fine.
Third, This is no different than Android having a locked bootloader. It will be cracked and people will install other OS'es on it.
Frankly, and this is coming from someone who is a Fan of Microsoft, Windows 8 is going to flop on tablets and it's going to piss off desktop users because it's so tablet focused it interferes with desktop useability. MS was much better off Focusing Windows 7 mobile in the tablet space, and use the courier as the platform to do it, but they decided to dick around some more while the competition sucked up market share like a vacuum, just like what happened to their smartphone market. It's too little, too late, and too expensive to compete in a marketplace with not one but two heavily established tablet OS'es.
Re:Sounds anti-competitve to me (Score:5, Informative)
As we've seen with their IP licensing scams, all those vendors with previous or existing Microsoft licensing contracts signed on the dotted line for "protection" covering Android. So even though they don't have a monopoly on phones nor tablets they wield power from their existing monopoly in the PC segment and can be seen to be using it in demanding features which exclude other OS's from being installed on the hardware. Especially when they are not consistent with that on the PC segment. And it's very public that some businesses and organizations put Linux on devices instead of Windows specifically for better security. Example, the recent DoD migration from Windows to Linux for drone controller systems.
This will require investigating by the DOJ and not just asking if Microsoft threatens anyone. They'll have to look at lots of email and other statements to build the picture of how Microsoft coerces companies into doing their bidding. I doubt they'll put in the effort though.
LoB
Re:Sounds anti-competitve to me (Score:5, Informative)
I can't, but I'll show you the desktop monopoly that they're leveraging.
They won't for the same reason they rarely, if ever, release PCs without Windows: they don't want to piss Microsoft off by seriously offering other options.
And that's why MS is pursuing their lawsuits against distributors of Android: to inflate the costs of Android higher and higher. I'm sure we'll see another round of lawsuits and a per-device royalty fee increase if Microsoft does manage to buy Nokia's patents.
Cracked, you mean like all the Motorola devices whose bootloader chain has never actually been cracked? Whereas Microsoft can readily ignore pressure, unlike HTC and ASUS, when people pitch a fit after finding out they locked down their bootloader chain. Not that locking down a platform is good in ANY case as it only serves the vendor, not the user.
Re:Sounds anti-competitve to me (Score:4, Informative)
First off, show me the Tablet Monopoly that Microsoft Has.
We are not talking about tablet, unless you can show me tablets using UEFI. As far as I know, none use it (yet?).
Second, I don't see any reason why an OEM couldn't just release the same tablet with Android preinstalled instead of Windows 8.
Maybe because we aren't talking about tablets, but real computers, which are designed to run Windows?
In fact, It would be severely stupid not to do it
It would be severely stupid for OEM makers not to make computers that respect the specs of the OS that more than 90% of their customers is using.
Third, This is no different than Android having a locked bootloader. It will be cracked and people will install other OS'es on it.
Again, did you realize that we aren't talking about tablets, but about UEFI secure boot, which is going to replace (and in some case, is already replacing) your good old MBR by a (mostly, FAT) partition containing the bootloader? Maybe you should read this: http://lists.debian.org/debian-devel/2012/01/msg00168.html [debian.org]
Re:Sounds anti-competitve to me (Score:5, Insightful)
That's not how monopolies work. Or I guess I should say, that's not how anti-competitive leverage works.
Take manufacturer "X". X wants to sell laptops and desktops running Windows, servers running both Windows and various UNIX flavors, and tablets running Windows and maybe Android.
X, naturally, must purchase licenses for Windows in bulk from Microsoft. Possibly tens of thousands of licenses, or more if they're a very large manufacturer. You understand at this point that this is a significant expense.
So they come to Microsoft, who them sits down at a conference table and says, "So, you're going to make sure people can't use your tablets (and anything else that's running off ARM with UEFI) to boot anything but Windows, right?"
The X execs look at each other. "Hadn't thought about it."
"Well, we can give you a bigger discount if you do..."
The X execs now get to choose between turning down money or not turning down money. We'll leave the conclusion as an exercise for the reader.
Re:Sounds anti-competitve to me (Score:5, Insightful)
Won't happen. The anti-trust trial was nothing but a shake down. Before the anti-trust trial Microsoft gave almost nothing [opensecrets.org] in donations. They started contributing, and they got a slap on the wrist and allowed to continue anti-competetive behavior.
Re:Sounds anti-competitve to me (Score:5, Insightful)
I think the headline itself basically conveys the reason why the Feds should get involved. If you don't see it, fine, but it's hardly necessary for him to elaborate.
They don't want another N900. (Score:4, Interesting)
MS is fine with all those junk-grade tablets, just that they don't want something like the N900 to pop up. They were able to kill that by all-but acquiring Nokia and making sure Elop would kill the N9.
So take your "not target market" or "find a device that suits you" complaints and stuff them, tyvm.
Time for another slapdown (Score:5, Insightful)
Seems these criminals have forgotten the last lesson in not behaving anti-competitively already. Time to fine them a few billions to make them remember.
Re:Time for another slapdown (Score:4, Insightful)
Time to fine them a few billions to make them remember.
On a state level, perhaps. But on a user level, this sounds like their old "we-are-your-only-option-deal-with-it" behavior: they seem to be stuck in the 90's- can't they see that users can simply turn their back on them nowadays? Users that they have never respected?
Microsoft is treading on thinner ice than ever.
How is this not anti-competitive? (Score:5, Insightful)
Making it impossible to dual-boot your ARM device. Security for the boot sector is one thing, making it impossible to install another OS by choice is something else.
Par for the course... (Score:5, Interesting)
There are plenty of phone/tablet devices with measures to explicitly prevent other OSes from being put in place. Telling is that the 'OS' in PC world is considered software and in the phone/tablet world they have sucessfully got people calling it 'firmware'. This market is trying to blur the division between the platform and the OS to significant success. Every 'OS' vendor is expected to compete by getting a partner to release hardware around the OS. That means less room for startups or grass-roots OS creation, only certain Android hardware devices are a viable target.
That market is a plethora of monolithic devices with no configurability in hardware or software. This is a huge step back from the state of x86 systems where so much is socketed and mixing and matching is possible by the consumer thanks to rigorous standards in place to make it all possible. The 'primary' targeted OS runs as well as the primary OS on any of these devices, and while an alternative OS may fail to integrate properly with the device (Linux-Vendor ACPI was a sore spot for eternity, better now), the user can make the tradeoffs if they choose.
How many heads does Microsoft have? (Score:4, Interesting)
News about Microsoft can get conflicting, on one day you get a massive push for right stuff like open source and other good practices, and then you get stuff like this that sounds like the Microsoft of old.
I am wondering, how many divisions exist within Microsoft? I mean divisions capable of giving such conflictive news. I can't help but feel a part (probably formed of younger staff or management) is trying to do the right thing while other part (probably formed of old-school people from the times of anti-trust) is adhering to their old self. If this were to be the case, I hope the former ends up having more control of the company, really. I kinda hate to have to hate Microsoft at this point.
Short Corporate Memory (Score:3)
The legal process needs revisiting. The same sort of charges can be brought. Perhaps, if found guilty, this time it could be concluded properly with the criminal being punished and prevented from committing the same crimes yet again.
Re:Short Corporate Memory (Score:5, Insightful)
They are in despair. They are too late in mobile market. They start to understand that, but they still have this strong hand mentality. They tried it with Windows Mobile - nope, didn't worked. They are tried with lot of different concepts - also wasted. Now the same with ARM notebooks/tablets.
They don't understand that it is too late. People has seen tomorrow without Microsoft. Tablet competition is very strong out there. What is your killer feature? Office? Who needs that? Email, web - it's all there, it's everywhere.
Simple Solution (Score:4, Insightful)
Tablet makers offer ARM tablets without WHQL Certification preloaded with Linux or Android.
I mean they don't need to install Windows 8 on the things when there's perfectly good alternatives around, and it seems like adhering to a document more than 150 pages long is a time wasting PITA when you can simply go to a competitor and be done with it.
Re:Simple Solution (Score:4, Informative)
Tablet makers offer ARM tablets without WHQL Certification preloaded with Linux or Android.
They dont even have to be preloaded with either. They can be preloaded with Windows 8 .. just not WHQL certified.
..there was a big stink about that too, because Intel's shitty integrated video got certified but was incapable of the glitzy shit Vista promoted (we all remember that, right?)
WHQL certification means something only when upgrading to a new version of Windows is a selling point... for instance when Vista was just around the corner many manufacturers started selling computers certified to run Vista, even though it wasnt available yet...
We are talking about if the manufacturer can legally put a sticker on the box, not their capability to install Windows 8.
Re:Simple Solution (Score:5, Insightful)
Re: (Score:3)
Of course one of the biggest markets the EU will simply stomp all over this requirement, it will then be up to the US to challenge anti-competitive practices or show how corrupt it has become.
Basically everyone with half a brain will order non-arm PCs because of course you have the whole server market where Linux dominates.
So M$ under the Uncle Fester is taking a shot at it anyhow, his last bit of idiotic defiance before walking (with a bit of shoving and pushing) out the door. It seems like he is tryi
Microsoft doesn't get it... (Score:5, Interesting)
Microsoft thinks that people LOVE Windows. That's why they created Windows CE, and that was a massive failure. People want to run their x86 software on the computer, and last time I checked Windows 8 ARM can not run x86 software, so your software collection is junk all of a sudden.
If you give most people a choice between Linux vs Windows, they will choose Windows. If you give them a choice between Windows that wont run their apps, and Linux that wont run their apps but at least already has a large library of software, then they will Choose Linux.
Re: (Score:3)
I'll bet that Microsoft already have realised that and already have a "working" solution (think x86 emulator + WINE-like layer) waiting in the wings so everyone can run (slowly) win86 binaries on ARM from day 1.
Re:Microsoft doesn't get it... (Score:5, Insightful)
Lol, no, they won't. They'll try linux once, get a set of instructions that tell them to open a terminal $sudo, stop reading, and go back to Windows. On the desktop anyway.
But we're talking about phones, and 'gadgets' slates etc. Have you ever used WP7? It's nifty. It's definitely different than the iOS clone that Android is. I don't have a WP7 device of my own, but I can certainly see the appeal, I've played with a few of them and they feel very different than anything else, and they are pretty neat, live tiles is a good concept, as would be the xbox integration if I ever used my xBox. I'm not sure 'better' or 'worse' applies, but the market is new enough there's room for designed differently, which it is, and people who like this design rather than the iOS style will like it.
Believe it or not, people outside the /. bubble hate linux. Well that's not quite true, they actually hate things that break, and windows and linux both break for mostly the same reasons: bad drivers, bad hardware, and software problems users know nothing about. But they at least know more about Windows, and have better free support for windows from friends than there is for Linux, and instructions for how to solve problems on window are written for idiots.
People like to bitch about windows because it's fashionable, and because it tends to produce obfuscated error messages. But every piece of software does that, including Linux. Windows on ARM is for gadgets, not desktops, so you're buying all new software from somewhere, if you want it for your gadget. Now, are you going to buy software you know, that's a recompile from the x86, or software you don't?
here comes another round of litigation (Score:5, Interesting)
Microsoft will get dragged through the courts for anti-competitive behaviour once again. You'd think they'd have learnt their lesson from the whole IE bundling thing that cost them very serious money.
Even if the US gov is corrupt enough to let this slide, there's no way Microsoft will get away with this in the EU or anywhere else.
Re: (Score:3, Insightful)
Sadly, Apple manages to get away with this.
Re:here comes another round of litigation (Score:4, Insightful)
Slow down cowboy, I think he's referring to the tablet and mobile market, in which Apple does have a large market share and they have:
* Restricted users from installing other OSes? Check.
* Bundled their own apps? Check.
* Restricted users from installing apps whose functionality overlaps with the bundled apps? Check.
* Restricted app developers from using advertising providers that aren't Apple? Check.
The list goes on, and on. The iOS developer agreement is a hideous, monstrous, terrible blight on the software world and should never have happened. But Apple has gone further in embracing lock-in and bundling and anti-competitive practices with iOS than Microsoft has *ever* gone with Windows. If you produce an app and Apple decides to make that part of the core functionality in the next version, they'll take your toy, kick sand in your face and eject you from the app store. Only the immense amount of pressure of some very large companies lobbying Apple for leniency on particular apps has caused them to yield on *certain things* and they are very particular about what those things are.
I will go without a phone (Score:3)
If the only choices are Apple and Microsoft.
Re:I will go without a phone (Score:4, Informative)
Why are you talking about phones? We're talking about UEFI here, which will be used for your next PC hardware... Will you do without a computer as well?
If by "PC hardware" you're referring to x86-based machines, the offending Microsoft document [microsoft.com] says:
So, just as they mandate "can't allow tweaking" for ARM, they appear to be mandating "can allow tweaking" for non-ARM.
Who cares (Score:3, Interesting)
Whew (Score:4, Insightful)
Timing is great for comming up with an open phone (Score:5, Interesting)
Micorosft is finaly realising their dream of creating a TCPA compilant plataform, iOS and Android aren't getting any more open and the smartphone market is finaly big. Everything is good now for somebody to pull a "PC" on phones.
Create an extensible standard for ARM (we are near there already), sell a basic machine folowing that standard, then, sell extended versions. Make sure to publish the drivers with your Linux kernel (get them in the main tree if possible), and laugh while developers adopt your architecture.
Once you have the developers, getting users is just a matter of time. Be sure to use your first mover advantage wisely, and sell the company before the market get completely comodityzed.
Good thing there's another mobile architecture... (Score:5, Informative)
Intel's new Medfield Atom [cnet.com] will run Android phones and tablets, Tizen [tizen.org] devices, Win 8 tablets and (if MSFT get's their head screwed on correctly) Win Phone. Since the underlying firmeware environment in the medfield platforms is driven by Intel's reference design, MSFT will not be able to dictate whether other OSes can boot any more than they can in the rest of the x86 world. (Assuming OEMs will be smart enough to let customers control UEFI authentication)
I'm not woried about it (Score:4, Interesting)
Everything is hackable. Hardware is the new frontier.
There will be so much interest in Microsoft's private keys that they will be the prime target. They will need to have different keys for all devices just to maintain moderate security and that won't stop hardware hacking.
Let me repeat, the only way to defeat crackers is monetize the industry and give them a big cut of the action. Crackers against crackers. They design the system and if it's cracked their percentage goes to paying off the cracker. You end up with DRM companies trying to crack each others systems.
Re:Well... (Score:5, Informative)
Don't you mean iOS? My mac isn't locked down in the least, and in fact is more open than windows.
Re: (Score:3, Informative)
http://www.apple.com/opensource/ [apple.com]
Here's the source code to all the open source software in MacOSX, along with any patches they did to the source.
http://opensource.apple.com/release/mac-os-x-107/ [apple.com]
Here the sources for a bunch of the core system components, including the kernel.
Where's the source code for the Windows 7 kernel again?
good luck compiling it (Score:5, Informative)
as anyone who has actually tried to build that pile of ass knows, the apple 'open source' project is complete horse shit. they use an incredibly obfuscated build system that makes it impossible for anyone except Apple to actually compile their projects.
that is why there are no open source operating systems based off the Darwin Kernel, except for the highly alpha-level PureDarwin , and the completely abandoned OpenDarwin -- here we are ten years after OsX, and PureDarwin only recently announced "The dawn of network and audio support" in their OS.
GNU Hurd and Haiku are both farther along the way to being usable Operating Systems than any open system based on Darwin.
Re:good luck compiling it (Score:4, Insightful)
While what you say is true about how difficult it is to compile a recent Darwin system (Apple stopped providing bootable Darwin images somewhere around 10.4 or 10.5), I think the greater reason for the lack of an alternative Darwin OS is that no one really cares. Once you've done the work to get Darwin compiled, X running, and KDE running, you might as well have saved your time and installed Debian, FreeBSD, or any other free unix system.
Re:Well... (Score:5, Insightful)
I really hate to side with the Mac user, but he's right... his Mac *is* far more open than Windows, and has *far* more support from Apple in installing an alternative OS than Microsoft ever gives.
That, however, is because Apple is a hardware vendor, and they throw the OS in on the side. Microsoft is an OS vendor. It's not in Microsoft's interest to allow you to install something different, but it *is* in Apple's interest to give you that option.
iOS != OSX. They have a similar core, and come from the same people, but they serve entirely different purposes.
Re:Well... (Score:4, Insightful)
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Insightful)
The trick to being a good shill is to not have your diatribe prewritten to post as soon as the story goes from red to green.
It's a little too blatant otherwise.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Insightful)
Well, it worked for his first shill post in the other MS story, it was basically first post and still at +4, it was added up pretty instantly so I assume they also have a bunch of shill accounts to mod it up.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Informative)
What they do is not secret: http://waggeneredstrom.com/about/approach [waggeneredstrom.com]
Monitoring conversations, including those that take place with social media, is part of our daily routine; our products can be used as early warning systems, helping clients with rapid response and crisis management.
Microsoft are No 3 on their client list
http://waggeneredstrom.com/clients [waggeneredstrom.com]
DavidSell ByOhTek antitithenai, Bonch, Dtech and others are psuedonyms/sockpuppets used by the team to "guide" discussions.
Comment removed (Score:4, Interesting)
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Insightful)
Couple 'o Points:
1.- After seeing how badly Google has been getting pwned with Android malware the LAST thing MSFT wants is to be the easily pwned OS in this new market, and 2.- the REAL reason I'm willing to bet my last buck they are doing this....ready? PIRACY.
1. Android's malware woes weren't all (or even mostly) tied to the boot sector, so this makes no sense.
2. Err, how on Earth is locking the boot sector going to stop piracy? I may be missing something here, but seriously? Not seeing it.
As for the rest, I largely agree, except for one bit:
There is ONE nice thing though, after this shit bombs we'll be getting Win 8 pads at Touchpad prices and if you end up with a $500 winPad for the firesale prices the touchpad went for are you REALLY gonna give a shit what it runs?
The fact that Android on the HP TouchPad was hurriedly pushed out and then widely broadcast says otherwise. The reason? An unsupported OS/arch means no new applications, no updates for existing ones (after awhile), and you;re basically stuck with something that becomes obsolete faster. Seems like a total waste of hardware after awhile.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:4, Insightful)
Its not like MSFT is gonna sell jack shit when it comes to Windows 8 on ARM anyway because the whole damned selling point of Windows is WINDOWS PROGRAMS which are all x86. Has everyone forgotten WinNT on Alpha and MIPS? Remember how quick and how hard that shit bombed? Why would you want Windows if you can't run Windows programs?
Ahhhh, but you forget... Windows isn't about programs anymore, it's about apps. And all the hot developer action on Windows these days involves building apps for the Metro UI -- which, not coincidentally, is the Windows Phone and Windows 8 ARM UI. It's even the Xbox UI now. A Windows 8 ARM tablet isn't going to resemble a Windows PC as much as it's going to resemble an iPad that runs a Microsoft OS. The bonus is that you'll be able to take the same programs you run on your Windows 8 tablet and run them in the Metro Start screen on your Windows 8 PC.
I know, it doesn't sound particularly appealing to me, either, but that's how it is.
Re: (Score:3, Insightful)
Wrong question. The right question is why does MS want this to be posted.
ARM? (Score:5, Funny)
The right question is why Microsoft is interested in Adjustable Rate Mortgages in the first place.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:4, Informative)
Considering your astroturf account is only 140 users ahead of OP astroturf account, I dont trust what you have to say either.
Be gone astroturfers.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:4, Informative)
a) His points are wrong, and rather obviously so, see rest of thread
b) He (and you) are obviously paid by MS to spread this FUD here
c) You are doing this so incompetently, even a young child can see it
d) After your purpose has been revealed, you keep at it, confirming the suspicion
Despicable and pathetic. Is MS to stingy to pay for good liars?
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Informative)
a) OP's points are still wrong. You don't need to lock the hardware to one OS in order to prevent malware. Car analogy? No problem: It's like saying that the tire rims must be welded onto the wheels in order to prevent tire slashing. The OS (tires) can still be compromised no matter what you do to the underlying hardware, so the whole argument becomes one great big false premise.
b) there's no way to tell for certain, but it does happen a lot: http://waggeneredstrom.com/clients [waggeneredstrom.com]
c) Dude did do it incompetently. He's not a subscriber, yet there's a whole novella waiting mere moments after the story is posted publicly. His posting history also shows an incredibly strong pro-Microsoft bias, even to the point of nonsense at times.
d) see c)
As for the rest? Certainly you don't need WHQL certification to run drivers on Windows - but Joe Public will see a buttload of bells and alarms warning him if he tries to install it.
There are no major security reasons for doing it - period. Once someone has physical access, it's game-over anyway - no matter how hard you think you can lock it down.
HTH a little. /P
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:4, Informative)
You missed the part where they demand to disable adding other keys/turning off secure boot by user - and they're only demanding it for ARM, x86 is free to have it. That's what's the article talking about, not the secure boot itself.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:4, Informative)
You don't need to lock the hardware to one OS in order to prevent malware
Yes, actually you pretty much do
That doesn't change the fact that doing so makes the device more secure.
Limiting secure boot to single certificate and single OS does not add any more security. If secure boot storage is not available after passing control to verified boot loader - which is pretty much a requirement for it to be secure - it doesn't matter how many keys are in there. Disallowing manual disable - note that it is also something not available to any software after secure boot finished its job - also doesn't make device more secure.
Do try harder.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Informative)
His premise is entirely wrong. There are a number of ways to ensure the security of the boot sector from the software layer, locking it to one OS doesn't increase security beyond the fact that only one OS's flaws will be exploitable.
It's really a ridiculous attempt at justifying locking in a subset of arm chips to MS only.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Insightful)
And why not bitch at Apple for locking down OS X and iPhone's too?
But... WE DO BITCH AT APPLE FOR LOCKING DOWN OS X AND IPHONE TOO.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Informative)
OS X doesn't stop you installing other operating systems. OS X even comes with a tool that will resize your existing partition, provide space for another OS, and Apple computers have a graphical boot menu out of the box for selecting the OS to boot.
I'm not sure about iOS devices. The older iPods didn't actively stop you from installing other operating systems (they just didn't support it, which is fair enough). If the new iPods / iPhones do lock the bootloader and prevent you from installing something else, then that would be something worth complaining about, although there are enough other reasons for wanting to avoid Apple's locked-down consumer product lines that it's probably quite low on the list.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Informative)
That's because Apple is a hardware company foremost. It works the other way with them. They don't want you installing their software on other hardware and work to prevent it. Microsoft is being forced into attacking linux on ARM in this way because they can't really compete against them any other way on that platform and they are desperate not to start losing market share even if they maintain their monopoly on pc architecture. MS knows that once linux really starts to take hold anywhere at all they are in danger everywhere.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:4, Interesting)
MS knows that once linux really starts to take hold anywhere at all they are in danger everywhere.
I'm not so sure, the majority of Linux geeks have windows installed aswell. I reckon the real way to success would be to embrace linux, hell they should provide there own version and make dual booting easy. Then majority of people will use windows most of the time, but the semi geeks won't feel too trapped and the hardcores still get exposer. If MS wants market share silly lock downs won't get them there, making a compelling new device with the great functions and features will; something like installing the kinect inside a phone maybe.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:4, Interesting)
I don't think they fear Linux geeks. I think they are terminally afraid average people could realize how bad and how far behind Windows actually is in comparison to the alternatives.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:4, Interesting)
I am one of those dual booting geeks that you speak of. I can tell you that I spend a very, very limited amount of time on windows. Usually to play a game or to set up some device with windows only device setup. The reality is that for me, and a lot of people (not everyone) windows is an environment that forces it's users to follow a paradigm that may or may not fit anyone's personal needs. My wife is still not sure about moving to windows 7 because the library file system thing is confusing to her, and she doesn't want to deal with it. Our home server and home security, media centre and desktop systems are all Linux. She uses all of them and has no problem understanding how they work. She has remote access to all that from her laptop or her cell phone. If something doesn't make sense to her, I change it until she likes it. That's Linux.
Now after having said all of that, I want to say. I don't work in software, or IT. I can code in bash, python, javascript, (html, css.. is that really coding?). I have met quite a few teenage kids that can do much of that. People like me are not really that much of an exception any more. People who can install and customise Linux, whether it be Ubuntu or Android are even less of an exception. Apple and MS pander to people who don't want to, or cannot understand the system they use beyond the interface. Those people are getting fewer and fewer.
MS has a reason be afraid. Android is creating a whole new segment of super users, that (even if they don't know it) are learning Linux.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Informative)
Linux is already taking hold in pretty much every market except desktops...
Servers
Phones (Android, also WebOS/Meego)
HPC (see the top500 list)
Embedded devices like routers, set top boxes, televisions, voip phones etc...
Many people these days have more linux devices in their house than they do windows, and don't even realise it.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Informative)
If the new iPods / iPhones do lock the bootloader and prevent you from installing something else, then that would be something worth complaining about
They do. As do many (probably even the majority) of Android devices. And Symbian devices. And bloody well anything that runs on ARM! The number of locked ARM devices vastly outnumbers the number that are unlocked, or even have the ability to be officially unlocked. Should unlocked ARM devices be the norm? Yes. Is Microsoft's position the norm among every device and OS manufacturer? Also yes.
Also interesting to note is that the updated document specifically requires that UEFI Secure Boot settings can be modified by the end user, contrary to previous hooh-hah.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Informative)
Also interesting to note is that the updated document specifically requires that UEFI Secure Boot settings can be modified by the end user, contrary to previous hooh-hah.
What updated document? This is the text:
MANDATORY: Enable/Disable Secure Boot.
On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of Pkpriv. Programmatic disabling of Secure Boot either during Boot Services or after exiting EFI Boot Services MUST NOT be possible. Disabling Secure MUST NOT be possible on ARM systems.
Nothing else applies to ARM system. It. Must. Not. Be. Possible. Ever. In any way.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Insightful)
They do. As do many (probably even the majority) of Android devices. And Symbian devices. And bloody well anything that runs on ARM! The number of locked ARM devices vastly outnumbers the number that are unlocked, or even have the ability to be officially unlocked. Should unlocked ARM devices be the norm? Yes. Is Microsoft's position the norm among every device and OS manufacturer? Also yes.
Number one Android devices manufacturer is Samsung, which didn't ever bother to lock their bootloaders. Quite the opposite, they contribute to CyanogenMod and ever hired its top developer. Maybe it's one of the reasons they are number one?
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Informative)
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Insightful)
You are forgetting one of the 10 commandments of propaganda: If you repeat it enough times, people will believe it is true.
And, as a bonus, you'll slowly drive anyone that actually has some grasp of the truth slowly bat-shit crazy thanks to the gas lighting effect; which makes them, and therefor their position, unattractive.
Re: (Score:3)
You are forgetting one of the 10 commandments of propaganda. If you repeat it enough times, people will believe it is true.
It's good thing, then, that you are repeating this to him.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:4, Informative)
I don't understand if you're a troll, a shill, or simply an idiot. Microsoft is imposing this overly restrictive and anti-competitive measures on ARM hardware, in order for it to have WHQL certification, and you pretend to believe it is to stop malware? Really?
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:4, Informative)
He is a shill. Despicable. Just look at the posting time of the article and his comment. This was obviously pre-written.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:4, Insightful)
even Android manufacturers lock down their devices with similar technologies because it makes the devices secure. Why is[SIC] Microsoft allowed to do the same
That's the difference right there. Phone manufacturers lock down their devices. Android doesn't require it. Microsoft is dictating to the manufacturer that they must lock it down. They probably would anyway, so I don't why Microsoft feels compelled to tell them what to do. Hopefully, they will just backlash and not bother with MS.
/. bitches about Windows security and then when MS does something they bitch about that. No Linux fan ever said MS should lock down hardware, they say MS should control what the software that runs under MS OS should be able to do, not lock down the hardware. A shill is not to be taken at face value.
And it's not a valid comment. The OP posits that
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Informative)
It does not make sense. You can always allow the user to add another key, and you can give clear warning when they do. Preventing the user from adding another key is not a security feature. Period.
But I guess you are paid to post this nonsense here.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Insightful)
Ah, the argumentation flowchart is revealed:
1. This is necessary for security
--> direct lie
2. MS does not have a monopoly on ARM
--> not relevant
3. Everybody else is doing it.
--> not relevant and not true
What next? MS really should have paid for some professionals here, not you clowns.
Re: (Score:3)
Just in your small mind. I guess you were part of the team that created this pathetic strategy after all.
If Ubuntu did that, they would be receiving the same flak you now do, rather obviously. But they are neither stupid nor greedy enough to go that way, unlike you MS folks.
Also note that you now admit that it is about locking the device to MS, while you denied that earlier.
You are new to this, aren't you? Advice: At least use different IDs to make it not that blatantly obvious.
Re: (Score:3, Informative)
Last I checked, Google didn't produce any Android devices (yet).
Google didn't demand to lock the bootloader as a part of Android branding certification as well, which is why there's plenty of unlocked Android devices available.
Please shill harder.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Interesting)
I too am struck by the timing of the initial post, and the similarity of your id to that party's id... it does indeed suggest you're engaged in paid astroturfing for Microsoft.
The response to your 'question': Google doesn't lock down their devices; they leave that choice entirely to the manufacturers, some of whom choose to lock down, others who choose not to (e.g. Samsung, and Google itself).
If Google had as long and detailed a history of being as anti-competetive as Microsoft, they'd garner just as much hate as Microsoft. But Google is much better than Microsoft, both in this case and in longterm overall behavior.
Slashdot, can we have a system where people can be tagged as shills, not just per-comment but as a lingering account attribute?
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Insightful)
This has nothing to do with preventing the user from adding another OS key to their device. That is the thinly-veiled anti-competitive truth behind this. Also note that on x86, the user _is_ allowed to add another OS key. How is that?
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Insightful)
Your argument is bogus. We are talking UEFI here. Why would something be acceptable or even desired on x86, yet on ARM it suddenly is necessary to do the same thing differently? Right, for business reasons, i.e. locking out the competition! And that is exactly what MS is trying to do here. Again.
Face it, you prepared "argumentation" strategy for spinning this is not working.
Re: (Score:3)
That's not fixing the problem, that's fixing the symptom.
Fixing the problem: Determine how it's subverting the master boot record and FIX that.
Fixing the symptom: Lock down the master boot record to prevent writing, including installing other OSes.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Informative)
Nonsense. Rather obviously so.
Seems "everybody else is doing it" is really the last stance in your astroturfing strategy. This does not invalidate that MS is doing something blatantly anti-competitive here with zero technical reasons and zero security benefit. Allowing the user to add OS keys to the device they own and paid for is not a security risk, just a business risk. And that is why MS does not want that and pays you clowns to try to spin it differently.
Not his only first post (Score:3, Informative)
http://it.slashdot.org/story/12/01/13/1953230/microsoft-trustworthy-computing-turns-10 [slashdot.org]
There's probably more, but I only went looking in his recent history. So this isn't his only post dropped at the moment an article goes live. Sure smells like astroturf to me. And you can't use the "subscriber preview" argument, either, since there's no "*" after his username.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Insightful)
The security we (Linux users) always wanted was supposed to be on software level, not on hardware level.
Doing anything like this on hardware level is definately anti-competitive.
Re: (Score:3, Insightful)
Leveraging your monopoly in one area to attempt to dominate another much? This is an attempt by Microsoft to use the power they have over hardware manufacturers and computer distributors via their Desktop PC monopoly to force out the current players in the Tablet market. Abuse of a monopoly position pure and simple.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Informative)
That's just it shill-boy.
They're not "simply going to another market".
They're adding stipulations to their credentialing process that REQUIRE hardware vendors to essentially lock out all forms of user choice for alternate OSes on their platform.
So if WidgetCo wants to sell their ARM-Widget 6000 with Windows on there, they have to lock the platform to the point where you CAN'T load the ARM-Widget 6000 with Android or another OS.
Essentially they're forcing hardware vendors to make an irrevocable choice about which market they're going to service instead of allowing them to service any/all of them.
That's quite clearly abuse.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Interesting)
That worked for them with netbooks.
Re: (Score:3)
Microsoft's OS's have minimal market share on ARM-based device.
So now it will have a monopoly on all ARM-based devices marketed as capable of running Windows 8. Or does that mean that the "universal computer" is not universal anymore, and you will have to buy a MS-ARM machine to run Windows and a Linux-ARM to run Andoid?
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:4, Insightful)
This is a rather pathetic attempt at misdirection. Of course the strategy is to claim this is about malware. But guess what, when you look under the hood you find that it is not. There is absolutely no reason to block the installation of another OS, except direct anti-competitiveness. If it was just to prevent the user from easily open their system, there would be other options.
Your argument that there are other ARM devices is also completely bogus, and so obviously I am not even going to explain.
You are a Microsoft shill, nothing else.
Re: (Score:3)
Boot-loader protection and forbidding the device owner to disable said protection and booting another OS are quite obviously two very different things.
You really need to brush up on your skills, for a professional liar, you are pathetic.
Re: (Score:3, Insightful)
Incorrect. Look at measures on products like the Chromebook for example. I'd love to see how you bypass a user-configurable HARDWARE jumper/switch.
Lies, lies, lies. MS are always full of lies.
Re: (Score:3)
If user can disable it, then computer program can too
No, it can't Users can physically manipulate the device and do whatever they want - use a different firmware boot oprion inaccessible after the boot, swap PROM chips in sockets, etc., whereas computer programs can (in this context) only rewrite non-volatile memories, and even then, only those that the OS (running in a privileged mode) allows them to overwrite. If the previous sentence isn't true, then the OS is buggy by definition and has to be replaced. No change to the HW or firmware is necessary.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Interesting)
The fact that you think that disabling "custom boot" on ARM makes Windows more secure is yet another indication that there is really no understanding of security in the Windows world. And Linux users haven't been "asking for" Microsoft to do anything; we don't really care. We just keep pointing out that Microsoft doesn't seem to understand security.
Yes, the fact that Microsoft's operating systems are such a failure on ARM: Microsoft is in effect subsidizing hardware in order to give their operating system a chance in the market on ARM; without such subsidies, they wouldn't have a chance. But it is just those subsidies that make the hardware attractive for Linux. In contrast, iPhone and iPod are unattractive targets for alternative operating systems because iOS is successful and Apple charges a premium for their devices.
Locking down the boot loader in that way doesn't improve security and only has one conceivable purpose: to keep out other operating systems, and it is a necesssary part of an attempt by Microsoft to gain market share for their otherwise unattractive operating systems by subsidizing the hardware.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:5, Insightful)
The boot sector can be locked down by allowing the user to add keys manually. There is no need at all to tie it to a specific OS. Rather obvious and already in the spec.
Go away, nobody believes you.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:4, Informative)
If it would have had been only a security feature, there would be an SD-card in the device storing encryption keys for approved OS software manufactures. The SD-card could in this case be made read only and if the user wants to disable any tampering, he could glue it in the slot. A user could add additional approved keys (even his own keys) by placing the card with write enabled in another machine.
In this case, it would have only been about security. As it stands now the MS rules is to lock out competitors from the market.
Re:MS Taking Aggressive Steps Against MALWARE On A (Score:4, Funny)
Rubbish.
If it was about preventing malware on ARM it would allow installation of any operating system [i]except[/i] windows.
Re:grrrr (Score:4, Insightful)
Are you really that naive? Boot-sector viruses are not that common. If you have a reasonable secure OS you can just prevent the virus access to it. There is absolutely no reason to prevent booting of another OS, requiring the user to add another key manually is quite enough. And all this is quite clear and known to MS.
It's bullshit (Score:5, Insightful)
Plain and simple, bullshit. It's a smoke screen. When malware manages to infect boot sector or equivalent, the attack comes from within the OS. Microsoft has every capability of treating writes to the boot area and EFI configuration as special and performing their own security checks to prevent 'unauthorized' writes to that area (going even beyond their permissions to also require signed code). It still regretably break things like Ubuntu's in-windows installer, but I would accept that wasn't their goal and I think the tradeoff is more defensible. Malware because the computer boots off removeable media 'accidentally' is pretty unlikely in EFI case (where OS forces the firmware to skip all that and go straight to boot loader unless user takes action). Attacks where someone maliciously mangles a system they have complete control of is not even a blip on the radar of malware (it may happen, but certainly nothing worth breaking an entire industry over). Incidentally, 'boot sector' type infections are relatively rare in the scheme of MS malware, most malware doesn't bother to infect the boot area, and still they are all over MS platforms.
Also keep in mind, MS is the *only* party who gets to control those keys. The users are not allowed to add new trusted keys. The hardware vendors are not allowed to put another vendor's keys instead of Microsoft's. The vendor *must* use MS key or no one's at all, they are forbidden from using the facility to the benefit of someone like Red Hat for example. The vendor gets in trouble with MS if they use the facility in a way that would prevent MS code from running. How the *hell* is that possibly considered right in the context of 'just improving their security'?
Re:grrrr (Score:4, Insightful)
IIS has an 18% market share and something like 90% of successful breakins to web servers are done against IIS servers. Roughly 80% of the webserver market is running linux.
When's the last time you saw google get hacked? They run a custom OS built on top of linux. Facebook runs linux on their servers. All of the top supercomputers in the world run linux, 80% of the top 500 run linux. I don't remember the last time anyone ever said a supercomputer was hacked, do you?
If you want to point out these rootkits and exploits, feel free to show me them. I would be amazed that any major exploit for a linux OS would not have been patched quickly.
The only real way of breaking into a linux system that I know of is to have physical access to the computer or to have a bad sysadmin.
Re:Entirely predictable (Score:5, Insightful)
>> if you buy a Windows device
What is a windows device exactly? Microsoft marketing dept have invented this concept that Windows is somehow hardware. Its not. Windows is an OS. No more.
I buy computers (not Windows devices, or apple devices). I need them to do the things I want. Its my property. I can and should be able to do what I like with it.
Re: (Score:3)
Ok, ya, its innocent. I have this bridge to sell you too.
Oh, and personally, no i don't boot with a windows CD to fix my computers, regardless of what OS they might be running at the time.
No this is turning Microsoft into Apple (Score:4, Insightful)
They probably hope to increase their stock market value by copying Apple's lock down on their devices.
Next you will get an Microsoft Appstore and a Microsoft VM, but you will have to pay Microsoft money to run linux on that VM.
Ah yes, and development tools will be forbidden, unless you pay for a developer license from Microsoft.
All in the name of security, while viruses and trojans will just install themselves in userspace as normal apps, or might even hack into the OS irreversibly through bugs.