back to article You know who else hates Windows 8? Hackers

Microsoft's emphasis on the mobile nature of Windows 8 and its bold touch-friendly user interface may lead some to fear the software giant has taken its foot off the pedal in terms of security. However there are plenty of changes under the bonnet to merit an examination of the new operating system's defences. Judging by the …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Skeptical...

    "It is disappointing that Microsoft’s efforts to repair the hole in the chain of trust of the PC boot process ... is being met with skepticism and outright hostility"

    Disappointing? Scepticism should be exactly what is used for any feature which has the ability to reduce consumer choice and help control a monopolistic position.

    All large manufacturers, including (especially?) Microsoft, should be subject to a great deal investigation about their motives when such a fundamental change like this is introduced. It should be applauded, and not require blinkered acceptance.

    1. Arctic fox
      Headmaster

      Re:" It should be applauded, and not require blinkered acceptance."

      To be honest with you I did not get the impression from this article that "blinkered acceptance" was the issue here. It seemed to me, at any rate, a fairly careful assessment of the situation so far. If I have misunderstood something I would of course be obliged (no sarcasm or satire intended, I mean what I say and I have said what I meant) if you would point out where I have gone wrong.

      1. Anonymous Coward
        Anonymous Coward

        Re: It should be applauded, and not require blinkered acceptance."

        The post was about the quote and not the article - the fact that there was disappointment of scepticism. Scepticism should not be disappointing in any walk of life - it is perfectly healthy.

        1. Zmodem

          Re: It should be applauded, and not require blinkered acceptance."

          but if firefox etc atleast installed a "virtual" group like the system group, and wrote the cache files with logged in user and browser groups for security and windows folder files was inheriting permissions on all objects and subs, then if you add the brower group to the windows folder, any file downloaded as a browser cache wouldnt be able to write to the windows folder and load anything on boot

          1. El Andy
            WTF?

            Re: It should be applauded, and not require blinkered acceptance."

            Er, no. Security groups don't work like that on *any* mainstream OS, whether it be Windows, Mac OS or Linux. It might be nice if they could (although the resultant configuration would probably be too complex though, most developers seem to struggle enough writing applications that can't assume they have carte blanche access to the whole OS).

        2. Anonymous Coward
          Anonymous Coward

          Re: It should be applauded, and not require blinkered acceptance."

          "Scepticism should not be disappointing in any walk of life - it is perfectly healthy."

          It's not healthy when it's only pointed in one direction and never applied to things you like.

    2. Anonymous Coward
      Anonymous Coward

      Re: Skeptical...

      Blinkered acceptance or blinkered rejection?

      It very much seems to be the latter to me. MS have gone out of their way to make sure that keys are available to anyone who wants to sign their OS bootloader - something they didn't have to do, there were other key suppliers. MS have also specified in their documentation that safe boot must be able to be switched off and safeboot isn't even their technology. Yet a certain proportion of the FOSS community keep banging the "everything MS does is evil" drum, regardless of any evidence to the contrary.

      1. Anonymous Coward
        Anonymous Coward

        Re: Skeptical...

        The compromises in terms of ability to switch off etc were only specified after the sceptics voiced their concerns and to avoid anti-trust investigations.

        You can be that an MS of 10 years ago would have specified that the PCs must be locked to MS only.

        1. goretsky

          Re: Skeptical...

          Hello Anonymous Coward,

          I do not have a copy in front of me, but I believe that the ability to toggle Secure Boot has been a part of Section 27.1 or 27.2 of the UEFI specification for quite some time.

          Regards,

          Aryeh Goretsky

          1. Anonymous Coward
            Anonymous Coward

            Re: Skeptical...

            "I do not have a copy in front of me, but I believe that the ability to toggle Secure Boot has been a part of Section 27.1 or 27.2 of the UEFI specification for quite some time."

            You are prone to logical fallacies I see.

            I'm not sure that the specification states anywhere that the ability to toggle SecureBoot is part of the specification (rather than the specification allowing the ability to turn it on or off if desired) but just because something is part of a specification doesn't mean it has to be implemented. You might not realise this but Microsoft has stated that ARM devices MUST NOT allow the option to disable secure boot (their choice of that part of the specification). Also you may not realise that Microsoft made no mention of optional secure boot in the BUILD conference in September 2011 where it was first announced. It was only after people started questioning it (i.e. a bit of scepticism of their motives) that they stated that it must be optional.

            That's the good thing about having people question a corporation's motives it helps to ensure that they don't take their monopoly (or even a non-monopoly) for granted. It doesn't matter if it is Apple, Microsoft, Google, Red Hat, Ubuntu, Oxfam, Save the Children, your local church priest etc. Always be prepared to have some scepticism of their motives if something doesn't seem right.

            1. goretsky

              Re: Skeptical...

              Hello Anonymous Coward,

              It's quite possible I'm prone logical fallacies. I have, however, dealt with a few RFCs, specifications and the like from the IEEE, IETF, various trade associations and other organizations over the years so I'm used to seeing sections labeled MANDATORY, OPTIONAL, REQUIRED and so forth.

              If a widget (software, hardware, etc.) does not implement all of the functionality that's required as part of a specification, it typically does not get to claim that functionality, use the appropriate logo(s) on its packaging and so forth.

              I was aware of the UEFI requirements on ARM-based Windows RT devices while writing my white paper, however, because I did not have one to test with, nor, for that matter, were there any Windows-on-ARM tablets available that I'm aware of (aside from very old and underpowered Windows CE-based PDAs, which I do not think are modern enough to even be worth mentioning). The tablet space is very different from the PC space in that vendor lock-in is the norm rather than the exception, at least from looking at the dominant players like Apple and Android. Admittedly, a number of Android tablets can be rooted, but all the ones I have seen or used come with an operating system and software loaded, including some kind of appstore.

              In the case of UEFI firmware and Secure Boot on ARM, I did not feel it was worth discussing since the experience there is largely one of a closed ecosystem already.

              Regards,

              Aryeh Goretsky

      2. bluest.one

        Re: Skeptical...

        How does the saying go?

        Those who don't know their history are doomed to repeat it.

        Something like that. At any rate, anyone who knows anything about the history of Microsoft knows that they have gotten up to all sorts of underhand, nasty, sneaky, illegal, anticompetitive shenanigans. Repeatedly. Year after year. Screwing over everyone from their partners to the consumers.

        Anyone who knows anything about Microsoft's history knows not to trust them at all.

        Until its proven that secure boot isn't the anticompetitive scheme that it clearly can be, everyone should be on their guard.

        1. BitDr

          Re: Skeptical...

          "Until its proven that secure boot isn't the anticompetitive scheme that it clearly can be, everyone should be on their guard."

          And if it CAN be abused then it eventually WILL be abused.

          UEFI is a straight-jacket dressed up as a security blanket.

      3. Anonymous Coward
        Anonymous Coward

        Re: Skeptical...

        > RE: regardless of any evidence to the contrary.

        http://en.windows7sins.org/

        1. Anonymous Coward
          Anonymous Coward

          Re: Windows7sins

          Nice link if you want to read somebody just doing a pointless rant especially this bit

          'The new version of Microsoft's Windows operating system, Windows 7, has the same problem that Vista, XP, and all previous versions have had -- it's proprietary software'

          Tells you all you need to know doesn't it.

      4. Anonymous Coward
        Anonymous Coward

        Re: Skeptical...

        "MS have also specified in their documentation that safe boot must be able to be switched off"

        That goes against what I've read in the past, that the ability to be switched off was NOT a requirement of the specification. Now to get the specification you have to give them your name, company name, and email address, and then agree to this;

        "I understand that I may download and read the UEFI 2.0, 2.1, 2.2, 2.3, 2.3.1 specifications, and Shell Specification 2.0 without the requirement of a license, and doing so creates no obligations or commitments on my part. I further understand and acknowledge that any distribution, additional reproduction, implementation or other use of the specification requires a license, which can be obtained by executing the UEFI Adopters' Agreement.

        I understand that I may download and examine the UEFI 2.3 and 2.1 SCT materials without the requirement of a license, and doing so creates no obligations or commitments on my part. I further understand and acknowledge that any distribution, additional reproduction, running the test binaries or other use of the materials is not permitted except pursuant to my agreement to the terms and conditions of the license that can be obtained upon execution of the UEFI Adopters' Agreement."

        I especially like (not) that the license, along with it's terms and conditions, is obtained by executing the "Adopters Agreement" (the text to which appears to be not freely available). Agreements that you must accept in order to obtain access to a license that you then must also agree to; no warm fuzzy feeling there, looks like an NDA but you won't find out for certain until it's too late. I smell a trap.

        1. h4rm0ny

          Re: Skeptical...

          "That goes against what I've read in the past, that the ability to be switched off was NOT a requirement of the specification. Now to get the specification you have to give them your name, company name, and email address, and then agree to this;"

          You're looking in the wrong place. Look at MS's requirements to PC makers to get the W8 certification:

          MS Requirements.

          These are open to all and free. Look around page 118. You'll see that MS demand that Secure Boot be able to be disabled by the user on all x86 devices. By implication, that means that the UEFI specification must say that Secure Boot can be disabled.

    3. Zmodem

      Re: Skeptical...

      most applications dont install group policies, and most admins wont set them up if they did

      you run mozilla in a mozilla group, and disallow writing to the windows install folder to stop activex etc malware when browsing, along with outlook

    4. henrydddd
      Linux

      Re: Skeptical...

      "but it does have a feature called Secure Boot that Microsoft has wielded with gusto" in hopes that Linux or any other competing operating system would go away

    5. RICHTO
      Mushroom

      Re: Skeptical...

      Don't worry - im sure Linux will be quick to copy these new features - just like so many other security features that were in Windows first - like proper ACLs for instance.

      1. Jan 0 Silver badge

        Re: Skeptical...

        Errm, I remember proper ACLs back in 1980s' Primos and VMS, but I don't think they were in 'Windows'.

      2. Goat Jam
        Thumb Up

        Hey RICHTO

        Is it your mission in life to make yourself look like a complete and utter twat in front of the maximum amount of people?

        If so, then keep up the good work, you're doing great!

      3. Stoneshop
        FAIL

        Re: Skeptical...

        in Windows first - like proper ACLs for instance.

        After they had been in VMS for over a decade already, and in the Unixes as well.

        1. El Andy

          Re: Skeptical...

          After they had been in VMS for over a decade already, and in the Unixes as well

          Most Unixes are still encumbered to some degree with the rather clunkly 9-bit permission set, with all of it's inherent limitations. Proper ACL support is a lot less common and where it does exist often has to be fudged a bit to work with applications that only know the "traditional" method.

          1. Anonymous Coward
            Anonymous Coward

            Re: Skeptical...

            > Proper ACL support is a lot less common and where it does exist often has to be fudged ...

            I was using "proper" ACL support back in the early 1990s and it used more than the 9 bit permission set (actually it is 12 bit because you have the SUID, SGID, and sticky bits). You could specify user access to a file without using the 9 bit permissions.

            > ... a bit to work with applications that only know the "traditional" method.

            The application doesn't control what files it has access to, that is a function of the OS. The application will simply try and access a file with no knowledge of how ACL is implemented. The OS will either allow or deny access.

            1. Badvok
              Mushroom

              Re: Skeptical...

              Downvote of AC:10:50 because of claim to have been "using "proper" ACL support back in the early 1990s" but then obviously has never written anything that creates a file with anything other than default permissions or that changes file permissions in any way.

          2. Stoneshop

            Re: Skeptical...

            @El Andy

            Applications, except those explicitely written to deal with protections and ACLs (such as managing them, etc.), do not need to know, and should not need know about what way file permissions are implemented. They ask the OS: "I would like to read this file" and the OS says "Okay, here's a handle", or "Can I write to this file, prettyplease?" and the OS responds "No, sod off". Calls to modify the permissions or ownership on the file are also done via the OS, who then checks ACLs as present and allows or denies the call.

          3. Anonymous Coward
            Anonymous Coward

            Re: Skeptical...

            Please elucidate on what a proper ACL is, I'm keen to learn.

      4. Anonymous Coward
        Anonymous Coward

        RICHTO

        Netware had a far better ACL system than NT - the system that NT copied...

      5. Anonymous Coward
        Anonymous Coward

        Re: Skeptical...

        Hmmm... I think you will find that "proper ACLs" were not invented by Redmond.

    6. Anonymous Coward
      Anonymous Coward

      Re: Skeptical...

      skepticism

      1:

      an attitude of doubt or a disposition to incredulity either in general or toward a particular object

      2

      a : the doctrine that true knowledge or knowledge in a particular area is uncertain

      b : the method of suspended judgment, systematic doubt, or criticism characteristic of skeptics

      3: doubt concerning basic religious principles (as immortality, providence, and revelation)

      So if he's disappointed to be met with skepticism what would he have been happy to be met with? A Psychic Sally audience?

    7. goretsky

      Re: Skeptical...

      Hello Anonymous Coward,

      I do not really see the move towards Secure Boot as reducing consumer choice. After all, there is nothing which prevents other companies from setting up their own signing authorities, and, of course, other operating system vendors can certainly approach BIOS/UEFI firmware developers and motherboard manufacturers about including their keys. As a matter of fact, it is kind of disappointing that other operating system vendors have not stepped forward to do so.

      If you are actually interested in increasing the range of supported operating systems, I would strongly suggest contacting the developer(s) of your favorite distribution(s) and asking them to add support for Secure Boot functionality.

      Regards,

      Aryeh Goretsky

  2. Anonymous Coward
    Anonymous Coward

    AGAIN:

    Signed UEFI boot and TPM are about CONTROL, not SECURITY. Which is bad news for those who thought they owned the hardware they paid for.

    These things "protect" you from the freedom to tinker, in the faint hope that this will also discourage people who have strong financial incentives to bypass, break, moot, or otherwise subvert such measures. And the reason? A legacy of years and years of neglecting their own code on the part of the vendor. In that, it's as much security theatre as what happens on airports. Then again, executives tend to be frequent fliers. Coincidence?

    1. Anonymous Coward
      Anonymous Coward

      Re: AGAIN:

      If it bothers you that much do you know what you can do? Just turn it off, it really is that simple

      1. John LS
        FAIL

        Re: AGAIN:

        If only it was that easy

        1. Anonymous Coward
          Pirate

          Re: AGAIN:

          give it 6 to 12 months....It will be.....

        2. SaveMefromeejits
          Stop

          Re: AGAIN:

          In order to gain Windows Hardware Certification there is a requirement ("System.Fundamentals.Firmware.UEFISecureBootSystem" section 18) that makes it mandatory to be able to turn secure boot off, If it can't be turned off, it isn't certified (which is the whole point in the first place)

          Quit spreading fud, if you don't like it, turn it off, install whatever you like.

      2. James Loughner
        FAIL

        Re: AGAIN:

        Try it sometime. Some BIOS do not allow you to and all RT hardware don't allow it.

        1. Anonymous Coward
          Anonymous Coward

          Re: AGAIN:

          You can't get a "made for Windows 8" sticker, if you can't switch off safeboot. I'd guess that the hardware manufacturers want the sticker far more than they want to not allow safeboot to be switched off. Also the manufacturers of the uEFI code for the hardware manufacturers say that safeboot should be switchable.

        2. Charles 9

          Re: AGAIN:

          x86 UEFIs are REQUIRED to provide the off switch or they're not Windows 8 compliant. As for RT, those are tablets, complete ecosystems, and not meant to be viewed separately. Even Android a pain in the butt to tinker. Sure there CyanogenMod, but a look under the hood reveals that many of the ones for various phones and such have incomplete support or spates of bugs.

          1. Christian Berger

            The only reason why we didn't get "secure boot" yet...

            ...was the FUD which was there before. This has caused Microsoft to back away from their original plans 10 years ago to completely lock the BIOS. Now they have the 2 fig leaves of making it possible to turn it off and to issue signatures for Bootloaders.

            Now what will happen will be a few Microsoft sponsored security researchers praising "Secure Boot" and/or showing that disabling it creates such "huge" security problems. Then after a year or so Windows 9 will require it to be on at all times. Ohh and of course there will be no foreign signatures since those will be seen as evil.

        3. midcapwarrior

          Re: AGAIN:

          Then don't buy an RT.

          Problem solved.

        4. goretsky

          Re: AGAIN:

          Hello James,

          At the time I wrote the white paper, I only had a limited number of systems that had UEFI firmware to test with, but all of them supported toggling between BIOS and UEFI firmware functionality. Given that hardware changes tend to occur slowly over time (I just bought a motherboard with a PS/2 port earlier this year!) and the need for compatibility with legacy hardware and software for years or even decades after it has been released I do not expect this to change.

          Regards,

          Aryeh Goretsky

    2. Anonymous Coward
      Anonymous Coward

      "Quit spreading FUD!" says the chorus of astroturfers.

      Guys, all reactions saying "you can turn it off" are misguided.

      But since you raised it, I'll address that counter too: The reality is that the competition now faces having to instruct the hapless user into doing extradoubleplus scary things in the bios before they can have a go at a non-redmondian OS. This is not a problem for the geek/nerd/it bod/whatever, but is for too many others. That written-off enterprisely locked-down desktops don't come with the appropriate key and are thus worth that much less as objects to tinker with. That it's just that much more hassle is not alleviated by being able to turn it off. So "just turn it off" is a "beware of the leppard" argument.

      But really, what the spec says now is besides the point. That it might say something quite different come next version is also besides the point. Think about it.

      I said it before, I'll say it again, for it doesn't get much simpler: This misfeature is about control. But they're selling this misfeature as something to help with security. So the salestalk is misleading. It doesn't help with security because, as usual, given enough incentive, people will bypass that control. It's already happening. So the bottom line is a loss of freedom for the average person and actually more power to the crook, because his services subverting the control are now worth that much more.

      You are right that with an extra not in the spec it'd be that much worse. But we all know redmond, so this is merely a compromise for the time being. Knowing them we cannot afford to hope they'll never change the requirements. In fact, they do exactly that just about every release of their OS anyway.

      Nonetheless, this situation is bad enough, and the point was exactly that the extra hassle doesn't buy us what we are promised it would buy. The ability to "turn it off" doesn't change that. That is all.

      1. h4rm0ny

        Re: "Quit spreading FUD!" says the chorus of astroturfers.

        "The reality is that the competition now faces having to instruct the hapless user into doing extradoubleplus scary things in the bios before they can have a go at a non-redmondian OS. "

        If Linux has now reached the point that disabling a "BIOS" option (clue: UEFI is not BIOS) is seen as "extradoubleplus scary", then it's dumbing down is complete. It's pretty much the same as swapping the boot device is and we all managed that for many years. Good grief.

        1. Anonymous Coward
          Anonymous Coward

          Re: "Quit spreading FUD!" says the chorus of astroturfers.

          > If Linux has now reached the point that disabling a "BIOS" option is seen as "extradoubleplus scary", then it's dumbing down is complete.

          For years I have given people "Live" CD/DVD versions of linux to try on their old (and occasionally new) computers and laptops. They have never had a problem trying them out because it was a simple case of booting from the media without changing anything. If they liked it then they could install it.

          With UEFI they can not even try it out without making changes and for a large proportion of people interrupting the boot process to change any setting is a scary thing. I even know several technically competent people who could diagnose and fix most computer problems you have but who will avoid touching anything in the BIOS (and if it is pre-boot they will see UEFI as BIOS).

          Linux has come a long way from the early days when you had to jump through hoops to get it to install and boot to today when you stick a disk in, say yes to everything and it is done. UEFI will now make that impossible.

        2. BitDr

          Re: "Quit spreading FUD!" says the chorus of astroturfers.

          The ignorance of the consumer is being used to control/ensnare them, walls are being built around them and they can't see it because they see most geeks as frothing-at-the-mouth zealots who talk down to them, usually in tongues they don't understand. Meanwhile the Redmonds of the world offer a glib smile, a warm handshake, a shoulder to lean on, and some nice hot coco just before leading them to their newly-decorated cell and locking them inside.

          The man with the smile and handshake will win every time over the rude zealot, he knows this, and he knows that just calling something "security feature" will help him immensely; especially if he controls it and requires it be enabled and others require it disabled. The psychology at work here is more important to the Redomnds of this world than any actual security provided; that lock in can be attained at some future date is just icing on the cake, that hardware manufacturers might have to bend to your will is cherries on the icing.

      2. Anonymous Coward
        Anonymous Coward

        Re: "Quit spreading FUD!" says the chorus of astroturfers.

        "This is not a problem for the geek/nerd/it bod/whatever, but is for too many others."

        Those too many others are the ones who generally aren't interested in non-Redmondian OSs. (Not capitalising proper names is childish, by the way.) Doesn't matter to them how difficult it is to turn off because they're not going to need to. You can probably tell by the way your mates stop talking to you about computers rather than say, "Wow! You're right! I must switch to Linux! Thank you for enlightening me, oh Tech God!"

        "... given enough incentive, people will bypass that control."

        Locks can be bypassed. Don't ever use them. Who's being disingenuous now?

        "So the bottom line is a loss of freedom for the average person and actually more power to the crook, because his services subverting the control are now worth that much more."

        And you think this sort of statement isn't FUD?

        "Nonetheless, this situation is bad enough, and the point was exactly that the extra hassle doesn't buy us what we are promised it would buy. The ability to "turn it off" doesn't change that. That is all."

        You haven't proved the point.. Please keep your word with regard to the last sentence.

        1. Anonymous Coward
          Anonymous Coward

          Re: The disinguinity of locks

          Well, who gets to keep the keys of, say, the lock(s) on your front door?

          The too many others may or may not be interested in anything but micros~1's offerings, but that still is no excuse for micros~1 to grab control over hardware they don't own. "Aw, you don't need that, guv, lemme hold on to the full power of your computer for you, and here's windows 8, have fun!" Which is what they're doing.

          As we've seen with micros~1 "accidentally" forgetting the EU-mandated browser choice screen, even such a simple hurdle has a real effect on third parties. Of course, it's indirect so it's easy to claim there's nothing to see here. But that's not quite the case, however much you'd rather it would.

          Asking questions risks getting answered; a simple "do shut up", however oblique, wouldn't help against you so it doesn't against me, thank you. Still and all, I can't make you take your fingers out of your ears. That's a relief, innit?

  3. Cirdan
    Happy

    Yocate my kernel pool!

    Llocate my llamas in your kernel pool!. They are dirty llamas and need a good scrubbing.

    Por favor.

    (OK, maybe I was reading it too closely...)

  4. Annihilator
    Boffin

    Windows Defender

    Didn't that become Microsoft Security Essentials?

    1. jason 7

      Re: Windows Defender

      I was under the impression that Windows Defender is the full version of MS Security Essentials due to it not allowing me to install it (MSE) when I put the beta on.

      It looks the same. If it is the same then it blows a few of these so called 'experts' out of the water really.

      I still also install EMET3.0 on max settings.

      1. jason 7
        Facepalm

        Re: Windows Defender

        In fact I just checked the MSE pages and it is indeed the same application that we all know and love.

        Experts eh?

    2. goretsky

      Re: Windows Defender

      Hello Annihilator,

      Yes. In Microsoft Windows 8, Windows Defender has the equivalent functionality that Microsoft Security Essentials did under Windows 7 and other prior versions of Windows that it supported.

      Regards,

      Aryeh Goretsky

  5. Anonymous Coward
    Windows

    So what ?

    From a sysadmin POV I think the changes are indeed quite exciting. That is; all except for the locked down boot process of course. MS Security Essentials is IMO quite a decent virus scanner. I've tried the lots, from Avira to AVG and even tried a commercial Avast license for a year (which I ended up throwing away because the firewall in their security suite sometimes actually gobbled up so much resources to check my traffic that it would bring my whole PC to a grinding halt, what a POS....). And eventually I ended up with security essentials too; it. just. works.

    But here's the thing, and what triggers my "so what?" above: Do you really think the end users care? All they will see is a (IMO:) totally broken and unfamiliar interface. And when they don't feel comfortable with the interface and the way it works then it doesn't matter how much more secure Win8 allegedly is; chances are high that folks will start turning to other solutions. Like, you know, putting Win7 onto their new PC or maybe even XP....

    1. EvilGav 1

      Re: So what ?

      We've had the "Start" menu for ~20 years now, but the one we have in 7 is nothing like the one we had in 95 - not least because it no longer has "Start" emblazoned on it.

      Prior to 95 we had the mixture of Win 3.11 and MS-Dos, which was even more fun.

      Having upgraded to Windows 8 at the weekend (on 5 year old hardware no less), I simply don't see what the complaints are all about. Is it different? Yep. So what? In the ~20 years since the "easy" Start interface was introduced, has everyone forgotten how to learn something new? Has societies intelligence dropped that far that having a new GUI will make the world fall in?

      No, everyone will get used to it and move on. Or else they'll take the oppurtunity to switch to Linux or OS X, both of which also have completely different GUI front-ends and their own inherent idiosyncracies.

      It took me an hour or two to get used to it. That's it.

  6. Boris the Cockroach Silver badge
    Devil

    I bet

    3 w00t cookies that the first exploit for windows 8 will be.... <cue drum roll> A variant of the buffer overrun, where the managers have said "skip the bounds checking, it takes too long"

  7. keith 9
    FAIL

    Yawn!

    http://www.h-online.com/security/news/item/Trojan-bargain-with-Windows-8-support-1740800.html

  8. Anonymous Coward
    Anonymous Coward

    Anti-virus

    Microsoft make quite good OS' but Linux and Mac are both Unix variants, so don't suffer those problems. They also don't need to be rebooted very often and are secure.

    1. koolholio
      WTF?

      Re: Anti-virus

      Ironic how Microsoft Release Labs took out a contract with ESET, and I think you'd find the basis of Microsoft security essentials is actually a dulled down version of the ESET heuristics engine! with a different set of signatures.

      Comical misconception regarding unix / linux and OS variants, since ESET also covers linux, unix, mac and java mobile devices!...

      Notice unix is also different from linux.

      1. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        Re: Anti-virus

        "Notice unix is also different from linux."

        Only when Unix vendors sue. When they fold, it goes back to being Unix-like, Unix-based, whatever sounds cool to the person saying it.

      3. goretsky

        Re: Anti-virus

        Hello Koolholio,

        Microsoft obtains licenses of anti-malware software from most companies. This is simply to scan their own files for false-positive alarms before release (and periodically afterwards, I suppose) so that their mutual customers do not have to deal with the problems that come from having core business software mistakenly identified as a threat.

        As far as I know, the expertise behind Microsoft Security Essentials/Forefront/Windows Defender were developed through acquisitions of GIANT Company Software and GeCAD Software as well as through hiring a lot of very skilled people from the anti-malware community. No one from ESET has been hired by Microsoft that I'm aware of, though. A few have gone the other way, though. :)

        Regards,

        Aryeh Goretsky

    2. Robinson

      Re: Anti-virus

      The uptime on my work windows 7 PC is measured in weeks (with no UPS and occasional power cuts, it has to go down sometimes). My home PC would be the same or better. Windows 7 and 8 hardly ever need to be re-booted. They aren't much different from Linux in that respect.

      1. jonathanb Silver badge

        Re: Anti-virus

        I generally go about 4-5 weeks between reboots, as patch tuesday usually requires a reboot to install the updates.

    3. RICHTO
      Mushroom

      Re: Anti-virus

      Sounds nice doesnt it, but unfortunately not true. Windows 7 ~ 200 vulnerabilities, OS-X ~ 1700 vulnerabilities, SUSE 10 ~ 3700 vulnerabilities. See secunia.org/

      Windows has had fewer vulnerabilities that were on average less critical and were fixed faster than enterprise Linux distributions every year since 2003....

      For reference even Windows XP only has about 450 known vulnerabiliites.

      1. Anonymous Coward
        Anonymous Coward

        Re: Anti-virus

        And of course on Secunia.org also see these disclaimers:

        -------------------------

        PLEASE NOTE: The statistics provided should NOT be used to compare the overall security of products against one another. It is IMPORTANT to understand what the below comments mean when using the statistics, especially when using the statistics to compare the vulnerability aspects of different products.

        It should also be noted that some operating systems (e.g. certain Linux distributions) bundle together a large number of software packages, and are therefore affected by vulnerabilities, which do not affect other operating systems (e.g. Microsoft Windows) that don't bundle together a similar amount of software packages.

        -------------------------

        Also note that the actual numbers for Windows XP Professional is

        Secunia Advisories: 403 (unpatched 44 - 11%)

        Vulnerabilities: 555

        While SuSE 10 and 10.1 bundled together reaches ~2700 (that's probably where the 3700 came from) advisories and vulnerabilities when counted together, in SuSE 10.1 there are no unpatched Secunia advisories. There are no patched information on SuSE 10.

        Statistics and reports are very forgiving when numbers are taken out of context and compared to other numbers. Please put your apples and oranges in seperate baskets.

        1. Anonymous Coward
          Anonymous Coward

          Re: Anti-virus

          Oops... Sorry, I got the wrong Windows OS. We were talking Windows 7, not Windows XP, in that case, the numbers are:

          Secunia Advisories: 119 (unpatched 5 - 4%)

          Vulnerabilities: 228

          A lot better than Windows XP, but of course Secunia only started in on Windows 7 in 2010, which means 3 years instead of 9.

    4. El Andy
      Boffin

      Re: Anti-virus

      Linux and Mac are both Unix variants, so don't suffer those problems.

      Really? Do people still believe that? If you do, I suggest you ponder very hard on where the name rootkit comes from? Hint: Windows doesn't have a user named root

    5. BlinkenLights

      Re: Anti-virus

      The main problem now is with clueless users, and it sounds like you are one of those.

  9. Christian Berger

    That's not why hackers dislike Windows 8

    The reason is more that you cannot actually do anything with Windows 8. It only comes with that weird PowerShell which is incompatible to the rest of the world. You need to install Cygwin, it doesn't have ssh by default, and the versions which have at least a bit of use cost a lot of money.

    Windows is, particularly in it's newer versions, absolutely useless to anybody who actually wants to properly work with a computer. It's a toy for DAUs.

    As for security, there is no actual new security in the system. Think of Secure Boot. A potential attacker would simply get his modified bootloader an modified kernel signed by Microsoft, either via economic/legal pressure or through illegal means. If anything it prevents people to replace parts of their system for ones they trust.

    You will still be able to compromise Windows machines by setting up a website promising "free porn" if someone just downloads and executes a certain piece of software.

    1. RICHTO
      Mushroom

      Re: That's not why hackers dislike Windows 8

      I have never needed to install Cygwin on Windows. If I want to run legacy applications / platforms I just use Virtual Server or Hyper-V.

      Powershell is more powerful and flexible than any standard UNIX or Linux shell code.

      You clearly havnt bothered to find out how the signing process works.

      You would likely find it easier to compromise other OSs before Windows via that method - this is similar to the Pwn to Own contest - and OS-X looses before Windows prettty much every year...

      1. Anonymous Coward
        Anonymous Coward

        Re: That's not why hackers dislike Windows 8

        "Powershell is more powerful & flexible than any standard UNIX or Linux shell code".

        Rarely, even amongst the comments on El Reg, has such total crap been presented.

        Name just one thing you can do with PS that you can't do with a standard UNIX/Linux equivalent.

        1. h4rm0ny

          Re: That's not why hackers dislike Windows 8

          "Name just one thing you can do with PS that you can't do with a standard UNIX/Linux equivalent."

          Powershell has in-built support for digitally signed executables. I.e. it can refuse to run an executable if the signature does not check out. To do the same in Bash, I would (I think) have to write a bash script that pre-calculated and looked up the signature first. Essentially an executable launcher script. It's kind of an extra security layer on top of file permissions.

          The pipe in Powershell is subtly different to that in Bash which probably wouldn't be apparent immediately but has some nice utility. The Bash pipe just passes bare output onto the next process (creating a separate process as it does so). Powershell is actually passing objects which can be queried as such. So not only can the receiving process that you pipe your output to query the type of input for verification that it's sensible, it enables you to pass complex structures to the next process. So I can have a process that spits out objects and pipes them to the next process which handles their attributes (or even calls methods on those objects). Whereas doing the same with Bash would involve a big mess of Awk to generate something functionaly equivalent where it were possible at all.

          For a lot of usage, Powershell and Bash (I haven't compared to other shells because I don't really know them and Bash is what people use), are going to be the same. Richto is correct to say that Powershell is more powerful and flexible than Bash. It could equally then be asked what can Bash do that Powershell cannot? But OS vs. OS flamewars are not helpful. Quite frankly, I doubt that we would see Powershell if there had not been the UNIX shells to study, consider and emulate. Every OS moves things forward bit by bit and that's good for all of us. It's not wrong that MS have taken the UNIX shell concepts and made some improvements on them. Other OS's will probably do the same in turn. Personally, I've started to use Python or PHP as a scripting language on Linux these days. (PHP where Python isn't available). Things move on.

          1. Christian Berger

            Re: That's not why hackers dislike Windows 8

            So how much code does it take to read an object of a pipe in power shell? How much code does it take in Pascal, or Fortran, or Cobol?

            Then think how much software supports the power shell?

            The beauty of the Unix shell is that it is programming language agnostic. I can read the data with scanf in C or readln in Pascal without any extra work. It simply works with the standard input facility in your programming language. Nothing needs to be ported.

            1. h4rm0ny

              Re: That's not why hackers dislike Windows 8

              "So how much code does it take to read an object of a pipe in power shell? How much code does it take in Pascal, or Fortran, or Cobol? Then think how much software supports the power shell?"

              "object of a pipe"? The objects are what is passed. I honestly don't know what you're trying to say. Are you trying to say that Bash is better because there is less source code than in powershell or that the binaries are smaller? Quite possibly as powershell does some things that Bash cannot. But it's a strange criteria to assess things on else you might as well say that Bash is inferior to the Bourne shell because it's larger, even though it's a lot more capable. And really, why are you trying to find reasons why Bash is better than Powershell in the first place? You should look at two things and work out which is most suited to a purpose, not decide and then look at them to find ways to make them fit your conclusion. Or are you trying to say that you could emulate the object passing in Bash. I don't believe you can - not in any short, elegant or flexible way.

              "The beauty of the Unix shell is that it is programming language agnostic. I can read the data with scanf in C or readln in Pascal without any extra work. It simply works with the standard input facility in your programming language. Nothing needs to be ported"

              Bash has its own scripting language. That's all that you can use to write a "Bash script". When you call an executable from a Bash script or from the CLI, you're running an executable. That much is the same as in Power Shell. It's no different in principle if I write a script in Bash that calls Python or some other program, than it is if I write a script in Power Shell that calls Python or some other program. You're not under the impression that you wouldn't be able to pass a string with Power Shell, are you? What exactly is it you think can't be done or requires "porting" for Power Shell. And why is that a major issue for most people? It makes as much sense as me saying Bash is inferior to Power Shell because Bash doesn't have native support for .NET. Different environments, different user bases and in both cases, little to do with the relative merits of the shells themselves.

              Seriously, where is this obsession with OS vs. OS and trying to prove Bash is better than Power Shell? A question was asked "name one thing that Power Shell can do that Bash can't". Well there are a number of things so I picked a couple of the more interesting. Now you just keep posting more and more bizarre stuff in an attempt to show Power Shell is inferior.

        2. El Andy

          Re: That's not why hackers dislike Windows 8

          Name just one thing you can do with PS that you can't do with a standard UNIX/Linux equivalent

          Pipe structured data from one command to the next without having to resort to intermediate text parsing?

      2. Anonymous Coward
        Facepalm

        Re: That's not why hackers dislike Windows 8

        My beef with PowerShell, regardless of how actually good the language is, is that it is often shoved in my face as the Microsoft answer to the Bourne shell common on Unix variants.

        The two are nothing alike. Bourne shell is popular for one reason, it is everywhere. Just about every Unix and Unix-clone you can think of, will come with some variant of the Bourne shell.

        This is why ./configure scripts are written in it. This is why I find myself installing msys or cygwin on Windows, because it is the one OS which doesn't include it.

        By all means, include a "better" script shell. But for heaven's sake include something that is backward compatible with what everyone else uses!

        1. h4rm0ny

          Re: That's not why hackers dislike Windows 8

          "My beef with PowerShell, regardless of how actually good the language is, is that it is often shoved in my face as the Microsoft answer to the Bourne shell common on Unix variants."

          How is it "shoved in your face"? It's not being installed on any Unix or Linux systems so far as I know so it's only superceding cmd.exe and batch files on Windows. If you're one of the very small fraction that install cygwin, well, Powershell doesn't magically appear in place of whatever other tools you've installed. You make it sound as if MS are installing it in place of Bash. (And you keep referring to Bourne shells. - Bourne was replaced with Bash a long time since). If by "shoved in your face" you mean that Windows users are saying there is now something equivalent on Windows, well I'm sorry to inform you, but they are right.

          "The two are nothing alike. Bourne shell is popular for one reason, it is everywhere. Just about every Unix and Unix-clone you can think of, will come with some variant of the Bourne shell."

          No. Bash is popular because it's a good tool. And again, what has popularity to do with comparing the features of Power Shell and Bash? You seem to just want to indulge in OS vs. OS wars. Which is just damaging and unprofitable.

          "By all means, include a "better" script shell. But for heaven's sake include something that is backward compatible with what everyone else uses!"

          If someone can manage Bash, they can manage Power Shell. There's very little to be gained by trying to make a shell environment on Windows 7 and 8 backwards compatible with a shell commonly used on a very different platform. It wouldn't even be possible without limiting Power Shell from some of its nicest features (e.g. the passing of fully typed objects through a pipe).

    2. goretsky

      Re: That's not why hackers dislike Windows 8

      Hello,

      PowerShell is a really interesting technology and one I wish I had time to go over in the white paper, along with IE10 and AppLocker. Unfortunately, the white paper was getting a bit long and I ran out of time on my self-imposed deadline of getting it done before Windows 8 was released to the public, so I had to skip a few things.

      One of the most interesting uses that I saw of PowerShell was the ability to provision a DirectAccess (an IPsec-like VPN connection) in one line. My previous job was at Linux-based embedded hardware systems manufacturer, and setting up IPsec connections was always difficult.

      Some of the most fascinating things that I saw with Windows 8 during my research were not security technologies but networking ones. Unfortunately, networking is not always a very user-facing technology and it is hard to get most consumers interested in things which happen below the GUI.

      Regards,

      Aryeh Goretsky

  10. Anonymous Coward
    Anonymous Coward

    Are you for real?

    'You will still be able to compromise Windows machines by setting up a website promising "free porn" if someone just downloads and executes a certain piece of software.'

    As you could if someone did exactly the same on any version of OSX, linux, unix, BSD etc. How come you think everything bar Windows is immune to idiots?

    1. Christian Berger
      Facepalm

      I could ask the same

      Because on Linux you don't install software by going to Google and typing "something free download", you go to your package manager, either graphically or by typing "apt-get install something" and it will install from secure sources you can even switch if you don't trust them.

      Actually it's not just idiots. At university I was preparing a project with one of my colleagues. I told him to install "netcat". He went to Google and typed in "netcat free download" and was about to install what he got on the first result. I mean what else can Windows users do? There is no package management. All there (now) is is a Windows Store, which will suffer from the same problem all stores suffer from.

      The way software is being distributed is the big problem on Windows. (and OSX, but that article is about Windows so excuse me for not mentioning it)

      1. dogged
        Meh

        Imaginary scenarios

        1. Assume MS had not bothered with a Windows Store.

        Commentards: THE PROBLEM IS PACKAGE MANAGEMENT AND THUS WINDOWS IN INSECURE

        2. Microsoft implements Windows Store, allows devs to submit Metro and Desktop applications or distribute on the web/via media as they so choose

        Commentards: LOL MS HAVE NO APPS THIS PLATFORM IS BAD LOL FAIL LOLZ0RZ

        3. Microsoft only allows distribution via Windows Store

        Commentards: LOCKED DOWN OH MY GOD THIS IS TERRIBLE WALLED GARDEN THEY HAVE KILLED EVERYTHING

        4. Microsoft implements Secure Boot as a security measure

        Commentards: OH MY GOD THEY'RE KILLING LINUX THOSE FUCKERS EVIL EVIL EVIL

        5. Microsoft does not bother with Secure Boot

        Commentards: WINDOWS IS INSECURE YOU CAN LOAD BOOTKITS LOL FAIL

        Really, it doesn't matter what MS do. Register commentards will hate it, whatever it is. They could announce that Windows 9 will be a linux window manager and all their software will be GPL2 and run only *nix and OSX, it wouldn't matter. It makes absolutely no difference whether a feature or action by MS is positive or negative because the Reg commentards will ALWAYS say it's negative.

        I only load the comments on MS articles to feel smug about knowing in advance exactly what I'm going to read these days.

        1. Christian Berger

          Re: Imaginary scenarios

          Well actually the pro-Appstore voices were from before we all learned how horribly bad appstores can be. And actually before Microsoft started its massive campaign promoting secure boot as a security feature, nobody even bothered with it. If people wanted it, they would have implemented it years ago. (e.g. via a PCI-card with its own BIOS ROM)

          But of course everybody will suspect anti-competitive behavior at Microsoft. That's simply because they have a good track record at it. Ever since Windows 3.x they used technical measures to harm competition in unfair ways. Back then Windows gave you a "nonfatal error message" when you ran Windows under DR-DOS instead of MS-DOS. The list goes on since then. If Microsoft was a "fair" company, nobody would complain.

          Actually Microsoft is in the unique position that they could actually advance the field of computing. They have research departments, they have money. They could invent a programming language which helps proving the correctness of code. (or at least certain aspects of that) Instead they ship out bad to mediocre software. The people with ambition are long gone, and todays Windows is pale to what it was supposed to be in the early 1990s when Microsoft got the designer of VMS to design the Windows NT kernel.

          1. Anonymous Coward
            Anonymous Coward

            Re: Imaginary scenarios

            "everybody will suspect anti-competitive behavior [sic] at Microsoft. That's simply because they have a good track record at it."

            Whereas Apple are of course famous for embracing competition in every form, aren't they? But because they don't have a convenient 'S' in their name (to substitute for a dollar sign) they're somehow considered wonderful and flawless.

            "...they could actually advance the field of computing. They have research departments, they have money."

            Have you looked at Microsoft's figures recently? They don't have the spare cash to make bold gestures just for the hell of it: they have to make a profit. Again if you want a firm with oodles of spare cash I'd suggest you lobby Apple. They're in a far better position to 'advance the field of computing'. I'm sure you'll have no trouble persuading them to do it instead...

        2. Anonymous Coward
          Anonymous Coward

          oh my god this commentard thing contradicts itself all the time its like it has multiple personalities or something lol

        3. Anonymous Coward
          Anonymous Coward

          Re: Imaginary scenarios

          "I only load the comments on MS articles to feel smug about knowing in advance exactly what I'm going to read these days."

          Nicely put on all points. With regard to what I've quoted - I was beginning to wonder whether I was the only one!

      2. RICHTO
        Mushroom

        Re: I could ask the same

        But you can visit a website with Linux and be compromised via Flash or Java vulnerabilities...There have been many kernel exploits that could then be leveraged...

        The way software is distributed and the capbilities of the installer are far more advanced than anything on Linux - for instance package streaming. If you want to lock down software installs you can use App Locker, or you can block unsigned applications.

  11. Anonymous Coward
    Anonymous Coward

    Re: UEFI bootloader

    UEFI might be required for new Windows 8 systems to be fully certified, but what about upgrades?

    I've ordered a Windows 8 upgrade license/DVD to test out (not arrived yet).

    You may upgrade from XP, Vista or Windows 7.

    There is no way the majority of XP or Vista systems have a UEFI BIOS.

    So, in the case of upgrades, things should be different (I hope!).

    1. dogged

      Re: UEFI bootloader

      It is. UEFI is only required for a brand new PC.

    2. goretsky

      Re: UEFI bootloader

      Hello Anonymous Coward,

      As Dogged noted, the requirement for UEFI to be enabled on Windows 8 is only for new installations of the 64-bit version, and not upgrades. Additionally, many computer manufacturers have shipped existing systems where UEFI support is somewhat... problematic, shall we say, and they have been suggesting that customers leave their firmware in BIOS mode when upgrading to Windows 8.

      Regards,

      Aryeh Goretsky

    3. h4rm0ny

      Re: UEFI bootloader

      "So, in the case of upgrades, things should be different (I hope!)."

      They are. The WIndows 8 certification is essentially the sticker that OEMs can put on their machines or their websites saying: 'approved for Windows 8' or words to that effect. It's not actually required for a machine to run Windows 8, it's just required if you want to say you have MS's blessing on your new machine. Just like you could download and install Vista on an old machine, but even if it runs, an OEM wouldn't be allowed to market something with the same specs as a "Vista machine" because they'd be below what MS specifies.

  12. koolholio
    Stop

    Real reasons why hackers hate Windows 8

    1) Too reminiscent of windows phone with its 'metro' UI, oh wait, we cant name it that, but it gave the company publicity...

    2) The over-optimisation for 'mobile' devices, the fundamental 'tough calls' Microsoft made, and the bottom line...

    3) The idiocity being spewed that its the next amazing advancement like no other.

    It's nothing special, but expect more problems as its changed the goalposts, Which has only really inflated the purely cosmetic value.,.

    Resell the same **** over and over again, anything unusual of microsoft?

    IBM-DOS, MS-DOS, 9x, NT, Embedded DOS - Self explainatory!

  13. tempemeaty

    UEFI or not to UEFI...why?

    It's because Microsoft can't secure it's own OS's and the hardware industry is acquiescent to being under Monopolysoft's control. If not for that then we wouldn't be having this debate or even a excuse for a UEFI scheme at this time.

    1. Anonymous Coward
      Anonymous Coward

      Re: UEFI or not to UEFI...why?

      "... hardware industry is acquiescent to being under Monopolysoft's control. If not for that then we wouldn't be having this debate or even a excuse for a UEFI scheme at this time."

      Funny how nobody really points fingers at hardware manufacturers. Maybe what people here should be doing is not buy anything wirh UEFI. As is so often stated, Linux runs great on old hardware, so you've got time to wait until the loss in sales forces manufacturers to rethink and start producing hardware not so tied to MS.

  14. koolholio
    Mushroom

    First vuln for Windows 8 already patched

    Microsoft Windows TrueType Font Engine CVE-2012-0159 Remote Code Execution Vulnerability.

    LOLZ! Enough said, the OS can be "secure" which doesnt mean alot when the apps/updates installed arent "secure"...

    1. RICHTO
      Mushroom

      Re: First vuln for Windows 8 already patched

      Wrong - that vulnerabiity does not apply to Windows 8 RTM.

  15. Robinson
    Thumb Down

    Two things:

    (1) I've used Microsoft Security Essentials for years now and it's brilliant. Totally non-intrusive. high performance, free and AS GOOD AS the paid for versions (don't trust rankings just from googling). I have McAfee at work and it's TERRIBLE for machine performance. So why does this article say MSE is good for a "free" anti-virus? The only difference I can see between MSE and paid-for is the exchange of money and some processes on your machine that are going to eat the CPU, memory and disk performance.

    (2) I've had Windows 8 for a few days now and I can say it's pretty good. I spend 99.9% of my time at the desktop and the experience is almost exactly the same as Windows 7, except for quite a few improvements like the new Task Manager, copy file progress dialog and so on. At £25 for the upgrade it was a bargain.

    1. slooth

      Re: Two things:

      "I spend 99.9% of my time at the desktop and the experience is almost exactly the same as Windows 7"....

      Maybe you should get out more and have a life.

    2. goretsky

      Re: Two things:

      Hello Robinson,

      If you have not read the white paper, here is what I actually wrote in it:

      <i>"Windows Defender as included with Windows 8 is a good product and does, in fact, provide a decent level of protection, especially when compared against other free anti-malware programs. However, Windows Defender does not contain many of the advanced features and functions of paid-for solutions, such as a high level of granularity for threat detection, task scheduling, centralized management and reporting and so forth. As with other free anti-malware programs, support options for Windows Defender are limited."</i>

      It is <b>not</b> an issue with detection, but rather lack of functionality. Now, admittedly, most home users do <b>not</b> have a need for centralized management or support, but such features are pretty much requirements in the business world.

      I hope that explains things for you.

      Regards,

      Aryeh Goretsky

  16. This post has been deleted by its author

  17. Flocke Kroes Silver badge

    UEFI could have provided some security

    If I could wipe all the keys and install one of my own, then I could be confident that only kernels I sign can be booted. As it currently stands, the manufacturers install Microsoft's key, and whatever other keys they choose or are legally required to boot CIA signed malware.

    1. Anonymous Coward
      Anonymous Coward

      Re: UEFI could have provided some security

      But MS has been so good to allow us to have MS built in to the firmware's security, or to turn it off. How nice of them. Now you want to have a feature that you, a mere user, can use as you see fit AND have it turned on at the same time? You ungrateful bastard.

      1. h4rm0ny

        Re: UEFI could have provided some security

        "But MS has been so good to allow us to have MS built in to the firmware's security, or to turn it off. How nice of them. Now you want to have a feature that you, a mere user, can use as you see fit AND have it turned on at the same time? You ungrateful bastard."

        How exactly are you supposed to sign an OS without the private key. And if the private key is public, how is the security of Secure Boot not compromised?

        1. Anonymous Coward
          Anonymous Coward

          Re: UEFI could have provided some security

          Firmware accepts public key (for checking) from user via keyboard or other device but NOT via other software running on the machine. It is the user's key, or a vendor's as appropriate.

          A private key would exist elsewhere, in possession of whoever signed the bootloader.

          This is exactly the same as having a single vendor's key built in (as is the case) only less sinister.

  18. Anonymous Coward
    Alert

    Secure Boot

    On paper, Secure Boot looks mostly okay, and Microsoft seem to be reaching out to the open-source community to allow people to install other OSes.

    Thumbs up to this. That said, I have to wonder whether the remedy is worse than the complaint.

    The UEFI kernel itself is BSD-licensed code. So for the first time in many years, you'll have boot firmware on consumer personal computers that is actually based on open-source code. But have a look at the code, specifically look at how much code there is in the UEFI firmware.

    This was a point brought up by Matthew Garrett in his speech at LCA2012. The upshot is that we can expect that some UEFI firmware images will likely have exploitable bugs that will render "Secure" boot, insecure.

    Moreover, secure bootloaders really should be seen as the very last line of defence. If something is tampering with your boot sector at the higher layers of the operating system, You Are Doing It Wrong!

    This is what should happen when something tries to do anything with the boot sector:

    stuartl@vk4msl-mb ~ $ dd if=/dev/zero of=/dev/sda

    dd: opening `/dev/sda': Permission denied

    See that? "Permission denied". Now, if I re-try that as root, then yes, it'll work, and I can kiss goodbye my GUID partition table, ReFIT, MacOS X boot-loader and lots of other stuff. The key is to limit what has access to root privileges, and to lock down those components that do so that Bad Stuff doesn't happen.

    1. RICHTO
      Mushroom

      Re: Secure Boot

      But that is what happens - unless you have 'root' access as administrator.

      1. Anonymous Coward
        Anonymous Coward

        Re: Secure Boot

        So what you're saying is that Windows does react as I said it should — denying write access to the boot sector.

        Could someone then enlighten me why we need secure boot? Surely if the OS is secure, it will be impossible for something to write to the boot sector?

        If something has penetrated that far into the OS, I'm not sure what protecting the boot sector would achieve, the OS is already hosed in this case. Secure boot would just make the machine completely unbootable in the process.

        This is my point: Secure Boot is a solution looking for a problem.

        1. h4rm0ny

          Re: Secure Boot

          "This is my point: Secure Boot is a solution looking for a problem"

          There are whole families of malware that work by infecting the boot process and which Secure Boot protects against.

          "Surely if the OS is secure, it will be impossible for something to write to the boot sector?"

          If you make it impossible to write to the boot sector, how do you ever install or upgrade your OS? I note that you are replying to Richto's comment about Win8 RTM being immune to the exploit "CVE-2012-0159". I'm not sure how you got from that to never being able to write to the boot sector from within the OS.

        2. El Andy

          Re: Secure Boot

          Could someone then enlighten me why we need secure boot? Surely if the OS is secure, it will be impossible for something to write to the boot sector?

          The problem it aims to solve is "How do you recover a system that has been compromised?" Regardless of what OS you run, if a vulnerability is exploited and some very low-level hypervisor-like rootkit gets installed you need some way to detect it and subsequently clean it up. You can't even rely on a format-and-reinstall approach because there are rootkits in existence today that can fake enough of the boot process to circumvent that. Enter Secure Boot, which prevents such malware from taking effect.

          Obviously it's better if you never get compromised in the first place, but good defense-in-depth strategies have to assume that you might and work on putting additional protection in place to limit the damage that can be done, even by something which has managed to get root/Administrator access.

          1. Charles 9

            Re: Secure Boot

            "You can't even rely on a format-and-reinstall approach because there are rootkits in existence today that can fake enough of the boot process to circumvent that."

            Not even the "Nuke 'em from orbit" approach, where the drive's formatted from a an OS on a different boot device, say a USB stick or the DVD installer?

        3. goretsky

          Re: Secure Boot

          Hello,

          Secure Boot helps protect the computer against bootkits and rootkits before the operating system and anti-malware software has fully initialized and had a chance to set up security. This is covered in detail in the white paper. :)

          Regards,

          Aryeh Goretsky

          1. Charles 9

            Re: Secure Boot

            So what happens when the malware authors turn their attention to the EFI itself? Talks of developing EFI malware have been floating around for years.

        4. RICHTO
          Mushroom

          Re: Secure Boot

          Correct - Secure Boot will completely stop the machine booting a compromised OS. At which point you can boot into System Recovery and replace the compromised files.

          What the problem? Seems like a great solution to me.

          1. Anonymous Coward
            Coat

            Re: Secure Boot

            Yes, and naturally, because of the superior security of Windows 8… even though the boot sector, not normally accessible to userland applications, has been compromised, the system recovery data will still be magically intact and bootable.

            Now someone please help me up off the floor, I can barely stand from laughing so hard.

            1. h4rm0ny

              Re: Secure Boot

              "Yes, and naturally, because of the superior security of Windows 8… even though the boot sector, not normally accessible to userland applications, has been compromised, the system recovery data will still be magically intact and bootable.

              Now someone please help me up off the floor, I can barely stand from laughing so hard"

              You obviously don't understand Secure Boot or you would have realized that anything from the recovery data will be subject to the same checks. Think about it - if the OS cannot alter the keys in UEFI, then how could code running from the recovery partition which is (to UEFI) just another OS?

              Before you laugh so hard, you should familiarize yourself with how this works.

              1. Anonymous Coward
                Anonymous Coward

                Re: Secure Boot

                Yes, it will be subject to the same checks. It is probably subject to the same infection that the main OS is subject to, and thus, will be completely useless for recovery purposes.

                Upshot: OS is completely hosed, boot-sector and recovery data included. The only data that is safe is that which is stored on media that is read-only or inaccessible at the time of infection.

                My point: Anything that has managed to bypass the security of Windows, to infect the boot sector, will have likely bypassed the same security to infect other areas of Windows as well. Thus the entire OS is suspect from the boot sector, kernel, core system libraries, user applications, the lot. One could quite rightly argue that on a machine that dual boots, the other OSes are similarly hosed.

                Secure Boot prevents you from booting this infected OS. It does not help you recover without the use of some external media. In fact, it's hard to see how it makes that situation any better than what we have now, other than the fact that the external media must also be signed to boot.

                It's just adding complexity where, IMO, it isn't needed. The good news though for those who think of it as a total wank; on x86 hardware it is supposedly possible to disable it. What I don't know, is if there is a standard consistent way, across all manufacturers of computing equipment, to disable it … or is it going to be like herding proverbial cats towards a common interface for this?

                1. h4rm0ny

                  Re: Secure Boot

                  "Yes, it will be subject to the same checks. It is probably subject to the same infection that the main OS is subject to, and thus, will be completely useless for recovery purposes."

                  I'm not sure whether you genuinely think that anything which doesn't provide 100% bullet-proof security is therefore not worth having at all, or if you're just trying to find reasons to dislike Secure Boot, but based on your other posts I'm afraid I'm assuming the latter. Yes, it is theoretically possible that a recovery partition will also be infected. But you obviously don't work in the anti-virus industry or have much familiarity with modern malware. The days where people wrote a virus to brick your computer more or less ended in the 1980s. The point of modern malware is to get hold of sensitive details or to subvert your computer resources for another party's use. Neither of which are achieved by infecting the recovery partition. Aside from this requiring an additional layer of penetration and in addition to the need to infect the recovery partition opening up several new ways of detecting and combatting malware, it forces malware writers to take a different approach because their aims are not achieved by infecting the Recovery Partition (assuming there is one).

                  Pretty much the whole of the rest of your comment hinges on you being incorrect on the value of Secure Boot, so I'm not going into it except for the following:

                  "What I don't know, is if there is a standard consistent way, across all manufacturers of computing equipment, to disable it … or is it going to be like herding proverbial cats towards a common interface for this?"

                  Have you never used UEFI? It's like BIOS but friendlier. If you can manage to swap a boot device in BIOS, I have little doubt you'll struggle toggling an option saying "Secure Boot: Enabled" to "Secure Boot: Disabled."

  19. Anonymous Coward
    Anonymous Coward

    I find myself using my Android phone for all my secure stuff. So the security of my Windows machine is good enough with the supplied stock software.

  20. Anonymous Coward
    Anonymous Coward

    New proof-of-concept bootkit targets UEFI

    "Developed by ITSEC, the new bootkit is able to attack the UEFI firmware and its basic security features, possibly showing a new avenue for cyber-criminals and malware writers focused on creating “invisible” malware to hijack computers, steal user’s data and remotely-manage botnets." link

    1. Christian Berger

      Re: New proof-of-concept bootkit targets UEFI

      Now, does it need "root" or hardware access to be installed? If yes, why should an attacker bother with that. If he has root access he already won.

      The "invisibility", which is pointless as it's common sense to boot virus scanners from a separate removable disk, doesn't bring much advantage to the attacker.

      1. h4rm0ny

        Re: New proof-of-concept bootkit targets UEFI

        "Now, does it need "root" or hardware access to be installed? If yes, why should an attacker bother with that. If he has root access he already won."

        Because the attacker wants the malware to persist on the system and therefore it must be installed somewhere that it can be run and run again. The attacker does not want to trick the user into granting privileges (for a trojan) or have the visitor visit an exploit containing site every time that they want to subvert the purpose of the PC. You may only get one shot at the PC so you use that access to install your malware.

        "The "invisibility", which is pointless as it's common sense to boot virus scanners from a separate removable disk, doesn't bring much advantage to the attacker."

        It's not common at all to launch virus scanners from a separate removable disk, it's so massively inconvenient to most users that it also wouldn't be done and unless you're actually booting from the separate removable disk, then you only have the boot processes word that it is launching the anti-virus software on the other disk correctly. And if you are booting from the removable disk then who is to say that this wont get infected? All you have done is put your boot partition somewhere less convenient and gained nothing.

  21. John Savard

    Disappointed?

    While UEFI is not a fatal block to installing Linux on a PC, computer manufacturers should have told Microsoft in no uncertain terms that while the basic technology to prevent boot sector viruses and the like is a good thing, no version of it would go into production that was not 100% operating-system-neutral, that didn't put Windows and any other operating system offered for x86 computers on an absolutely equal footing.

    As that did not happen, government intervention will now be required. But Linux doesn't make profits with which to pay for an antitrust lawsuit. And OS/2 isn't being actively promoted as a commercial product, although a German firm still sells it under another name - and the commercial OS companies can presumably get the UEFI keys too... bare-metal hypervisors, like ESXi from VMware, I presume, aren't locked out (or turning off UEFI is no issue for them because hypervisors don't get directly attacked).

    1. h4rm0ny

      Re: Disappointed?

      "While UEFI is not a fatal block to installing Linux on a PC, computer manufacturers should have told Microsoft in no uncertain terms that while the basic technology to prevent boot sector viruses and the like is a good thing, no version of it would go into production that was not 100% operating-system-neutral, that didn't put Windows and any other operating system offered for x86 computers on an absolutely equal footing."

      There are a number of fundamental misconceptions in the above. Firstly, UEFI is not the same thing as Secure Boot, any more than Car is the same thing as Steering Wheel. UEFI is a replacement for BIOS. Secure Boot is one of many features that the UEFI spec supports. UEFI is not a block to Linux. It actually provides features that Linux already takes advantage of, such as GUID Partition Table. This fundamental misunderstanding in your post makes me strongly want to tell you that you need to go back and read more about this stuff before you comment.

      Another big misconception in the above is that Microsoft is responsible for UEFI. The UEFI Forum is made up of all the major hardware manufacturers and some OS representatives such as MS. UEFI comes from Lenovo, Samsung, Apple, HP, Toshiba, AMD, Intel and all these hardware manufacturers. Microsoft are merely one of the first to make use of Secure Boot. No Linux distribution is really taking advantage of it but they should. (Red Hat and Ubuntu are using it for their boot loader, but not more than that). Secure Boot is useful and contrary to your post, it is OS neutral. Any OS producer could go to any hardware manufacturer and get their software signed. Red Hat has gone to Microsoft to get signed because Microsoft will do it cheaper for them. Also, MS have required Secure Boot to be disableable by the user on x86 as a condition for Win8 certification. You may not like this, but MS's requirement protects Linux against being closed off.

      "As that did not happen, government intervention will now be required."

      Your initial argument is based on misunderstandings, so the above conclusion is not shown.

      "But Linux doesn't make profits with which to pay for an antitrust lawsuit."

      An antitrust suit would fail because it would be groundless. Secondly, Red Hat has an annual revenue of $1.1bn, I have no idea how much SuSE's owners make. Linux is profitable.

      "bare-metal hypervisors, like ESXi from VMware, I presume, aren't locked out (or turning off UEFI is no issue for them because hypervisors don't get directly attacked)."

      Both parts of the above show a serious lack of understanding of how either Secure Boot or hypervisors or both, work. Seriously, and politely, you don't have the knowledge to be commenting on this and should do some more reading on how it all works.

      1. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        Re: Disappointed?

        "The UEFI Forum is made up of all the major hardware manufacturers and some OS representatives such as MS."

        Relationship between MS and manufacturers poisons the Forum.

        "Any OS producer could go to any hardware manufacturer and get their software signed. Red Hat has gone to Microsoft to get signed because Microsoft will do it cheaper for them."

        When you say this, it sounds positive to you?

        1. h4rm0ny

          Re: Disappointed?

          "Relationship between MS and manufacturers poisons the Forum."

          Well at this point, you're just insisting on your case whatever the evidence. Even if MS wasn't on the forum with a dozen major-league hardware players, you'd insist that a commercial relationship made MS the shadowy controller behind it all. Presumably you also consider HTML poisoned because MS are on the W3C, renounce Javascript. I bet you even think Linux is poisoned since Microsoft have contributed to the kernel - I mean it doesn't matter how small MS's role in something is, if they're outnumbered and out-market capped by all those hardware manufacturers, they're on the forum so it's poisoned.

          Honestly - someone says MS produce UEFI. I point out that it's actually an open project of numerous hardware manufacturers, but no - MS have poisoned them all.

          "When you say this, it sounds positive to you?"

          Yes it does. I want to see Red Hat and other distributions maintain security parity with Windows. Competition is good. If MS are willing to sell their signing services to Red Hat for cheaper than it would cost Red Hat to manage all the infrastructure and process themself, that is a good thing.

          1. Anonymous Coward
            Anonymous Coward

            Re: Disappointed?

            "Well at this point, you're just insisting on your case whatever the evidence. Even if MS wasn't on the forum with a dozen major-league hardware players, you'd insist that a commercial relationship made MS the shadowy controller behind it all."

            I suppose its just conspiracy nuts who think that PC manufacturers make machines to MS' spec so they can get a little sticker on them.

            The thing about MS poisoning the forum is that it effectively means there are only a small number of interests in it, mainly MS and Apple. Having them at the wheel, the future is in safe hands, right?

            "Presumably you also consider HTML poisoned because MS are on the W3C, renounce Javascript. I bet you even think Linux is poisoned since Microsoft have contributed to the kernel - I mean it doesn't matter how small MS's role in something is, if they're outnumbered and out-market capped by all those hardware manufacturers, they're on the forum so it's poisoned."

            This is just a bizarre derailment.

            "Yes it does. I want to see Red Hat and other distributions maintain security parity with Windows. Competition is good."

            I agree.

            "If MS are willing to sell their signing services to Red Hat for cheaper than it would cost Red Hat to manage all the infrastructure and process themself, that is a good thing."

            "Willing" could easily be replaced by "in a position to" here and you would still be happy with it. Yes there is a custom mode that allows a user to install their own key - but the specification of how that is done is not actually there at all. The only reason it's not as locked down on x86 or amd64 as it is on arm is that the US and European authorities are paying attention to Microsoft in one market and not the other. When the company telling hardware vendors what to do skates on the edge of the law I suppose that is a good thing, compared to what would happen without the law. Kind of like how not being kicked in the balls particularly hard is a good thing. Note that what they've done with ARM is exactly what Apple does with its locked down iThings, except they've managed to make it a spec which other manufacturers will follow, effectively meaning that Microsoft and any manufacturer who makes Windows ARM devices a single entity in that market of exactly the same type as Apple.

            Red Hat has decided, for ill or good I don't know, that it is in its interest to get its distro installed on UEFI machines using Standard mode. So they at least do see a problem with the spec as it stands, otherwise Custom would not be a problem. Or maybe they just couldn't be arsed to manage their own keys, as you suggest.

        2. Charles 9

          Re: Disappointed?

          "Relationship between MS and manufacturers poisons the Forum."

          Apple is part of the group and COMPETES with Microsoft. What now?

          1. Anonymous Coward
            Anonymous Coward

            Re: Disappointed?

            Apple has its own reasons for a Secure Boot that turns the user into the used, just as MS and its slaves partners do. Remember that Apple has no interest in putting its software on other hardware, so the two companies are allied against consumers on this matter.

      3. RICHTO
        Mushroom

        Re: Disappointed?

        "You may not like this, but MS's requirement protects Linux against being closed off." - it also makes sure it can still run Windows 7 as would be required by many corporates in the short term ;-)

  22. Synja

    I still don't get...

    If a vulnerability such as the plaintext within encrypted container password/picture thing on Windows 8... requires local administrator rights to access, and isn't actually useful for anything local... why is that such a major problem?

  23. kwv-dc

    Absolutely shocking: in the MS store in Pentagon City, not a single device from ANY OEM or MS has 4G or even 3G !!!!

    A stunning failure for a company trying to leap-frog Apple !!!!

    An absolute failure of corporate strategic planning.

    How does Ballmer fire himself? Look in a mirror, Mr. Ballmer and mouth the words "your fired."

    1. RICHTO
      Mushroom

      Had the Windows Phones sold out again then?

  24. andy 45
    Paris Hilton

    Paris says:

    All this extra security is fine...as long as it doesnt mean that MS will start deleting vital keygens from my PC off their own back, and out of my control...

  25. This post has been deleted by its author

  26. Ant Evans

    Optional

    Upgraded my home server on the basis of this article and so far it has been painless - but only once I had downloaded Classic Shell.

    Beware the tiles - background user processes that come with a payload of unwanted network activity and around 20 new firewall holes. You will need to kill them off.

    I do not recommend, and am not using, UEFI boot, having been at the wrong end of it already on Linux. It is very ugly when it doesn't work, and some BIOSs have a broken implementation - Phoenix, I'm looking at you. You may be able to avoid it by partitioning with MBR instead of GPT - this used to work on Windows 6.1.

    Performance is unchanged. Compatibility is good. OpenCL broke, but it was easy to fix. VirtualBox requires v4.2. Windows retains its advantages as a permissive hypervisor, ideal for home use.

    1. RICHTO
      Mushroom

      Re: Optional

      Just install native Hyper-V to run it all on. No need for Windows as the underlying OS.

This topic is closed for new posts.

Other stories you might like