back to article Now Microsoft 'actively investigates' Surface slab jailbreak tool

Microsoft is suddenly serious about tackling RT Jailbreak, a slick tool that unlocks Surface tablets using a hack publicised just days earlier. A spokesperson for Microsoft’s Trustworthy Computing Group, tasked with Windows security, told The Register that Redmond is “actively investigating” the RT Jailbreak Tool v1 cooked up …

COMMENTS

This topic is closed for new posts.
  1. Shane8
    Joke

    Its not a bug....its a feature™.

    Good ol' Micro$oft!

    1. Anonymous Coward
      Anonymous Coward

      Where there is one bug there will be many just like cockroaches.

    2. Mark Allread

      Fuck me, a joke from the 90s.

      1. Anonymous Coward
        Trollface

        90s Jokes

        Microsoft... Works ? LOLZ

      2. jake Silver badge

        @Mark Allread

        90s? It's used in the game "Zork", from the 1970s. I'm pretty certain I remember my Dad using it in the 1960s ...

  2. John Robson Silver badge

    It's not a security hole

    until it costs us money

    1. dogged
      Stop

      Re: It's not a security hole

      Hard to see how it can possibly cost money.

      Obviously, I'll be downvoted for appearing to "defend" Microsoft but this can't save them money in any way.

      Think it through -

      1. In order to run this jailbreak, you need to have a second machine with Visual Studio running a remote debugger session to the Windows RT device.

      2. There is no pre-compiled ARM software out there for WinRT. You'd have to write your own.

      3. Even if you did, the jailbreak does not - and cannot! - survive a boot. So one boot later, your imaginary software won't run unless you jailbreak the device again, using the VS remote debugger.

      4. The stuff Microsoft charges for is Windows Store apps, and you can already sideload those - in fact, MSDN specifies exactly how to do it. Not exactly a big money-saving secret.

      So, this article? Just more mudslinging. Or the author is technically illiterate and too lazy to check anything at all. Or both.

      1. Roger Greenwood
        Meh

        Re: It's not a security hole

        "does not - and cannot! - survive a boot."

        "and you can already sideload those"

        To my simple mind, that looks like a contradiction, so it could eventually turn into a security hole?

        Above all now MS need to feel trusted, but money never seems to be far away from their thinking.

        1. dogged

          @Roger Greenwood

          To my simple mind, that looks like a contradiction, so it could eventually turn into a security hole

          No. The "jailbreak" is for Windows Desktop applications, assuming there any compiled for ARM which there aren't. Store Apps is the new term for Metro apps and those can be sideloaded by developers for testing anyway. Anyone can get a free key to allow this from MSDN.

          So... no contradiction.

          And Silverburn, you can't rootkit a UEFI Secure Boot (no matter how much you want to or you claim that such a thing is mean to linux) and all RT devices must have Secure Boot enabled.

          1. Pookietoo

            Re: assuming there any compiled for ARM which there aren't

            There are several games, developer and admin tools available already, with more on the way.

      2. Silverburn

        Re: It's not a security hole

        1. In order to run this jailbreak, you need to have a second machine with Visual Studio running a remote debugger session to the Windows RT device.

        For now. But there's blood in the water, and progress will be made. Put the kettle on - won't be long.

        2. There is no pre-compiled ARM software out there for WinRT. You'd have to write your own.

        The first ones will be permanent rootkits (malicous or intentional), and they'll be on the blackmarket in 3...2...1...

        3. Even if you did, the jailbreak does not - and cannot! - survive a boot. So one boot later, your imaginary software won't run unless you jailbreak the device again, using the VS remote debugger.

        Won't really matter if you've loaded your rootkit from step 2

        4. The stuff Microsoft charges for is Windows Store apps, and you can already sideload those - in fact, MSDN specifies exactly how to do it. Not exactly a big money-saving secret.

        Once I've got my rootkit running, I'll sideload, download, diagonalload, throughload and circleload to my hearts content. You might want to clarify that you need an enterprise licences to officially sideload.

        1. Anonymous Coward
          Linux

          Re: It's not a security hole

          One of the things I hate most about Microsoft stuff, is all the bullshit you have to get up to - just to "do stuff" on it....

          Registry hacks, blah blah blah blah.......

          But I do like watching them flip from "Ahhhh ha ha ha - tis' a mere scratch.", and then go into panic mode as their holier than thou Naziware Cash Cow, starts looking like a walnut sitting twixt the vice jaws, a mere turn or three from being broken wide open.

          Welcome to the "Linux Surface" - runs all your DRM free, Open Source apps...

          But shit eh.... they might actually sell more of their Surface computers..... which is a lot better than almost none.

          Doh!

          But then again - they are too stupid to not leave well enough alone and will go out of their way to try and fuck that up as well.

          Linux - likes Microsofts hardware.

          1. Silverburn
            Thumb Up

            Re: It's not a security hole

            @ Oh4FS

            "twixt" - Illecebrous indeed.

          2. Gav
            Boffin

            Re: It's not a security hole

            " they might actually sell more of their Surface computers..... which is a lot better than almost none."

            No, it's a lot worse if their business model is sell Surface cheap, make heaps of profit on the apps.

        2. Anonymous Coward
          Anonymous Coward

          Re: It's not a security hole

          > Won't really matter if you've loaded your rootkit from step 2

          If the EFI BIOS implements SecureBoot correctly, the BIOS will not pass control to any rootkit that lacks proper signing. I believe Windows 8 RT certification requires SecureBoot be enabled on the device, although Windows 8 certification does not.

      3. Pookietoo

        Re: a second machine with Visual Studio running a remote debugger

        Nope, the packaged exploit is a standalone tool you simply run on the Rt device.

        1. Mark Allread

          Re: a second machine with Visual Studio running a remote debugger

          "..a standalone tool you simply run on the Rt device"

          Isn't that catch-22 though? In order to be able to run any app, you have to run this app... I can't see MS putting it into their app-store any time soon!

      4. AlbertH
        Linux

        Re: It's not a security hole - it's a financial disaster

        1. In order to run this jailbreak, you need to have a second machine with Visual Studio running a remote debugger session to the Windows RT device.

        Correct, but so what?

        2. There is no pre-compiled ARM software out there for WinRT. You'd have to write your own.

        Wrong. It's all over the 'net.

        3. Even if you did, the jailbreak does not - and cannot! - survive a boot. So one boot later, your imaginary software won't run unless you jailbreak the device again, using the VS remote debugger.

        Wrong. It can and does. You just have to apply two small patches.

        4. The stuff Microsoft charges for is Windows Store apps, and you can already sideload those - in fact, MSDN specifies exactly how to do it. Not exactly a big money-saving secret.

        Wrong. M$ are desperate to have an "App Store" like Apple and Android in their typical "me too" fashion. Their potential cash-cow has been bypassed, and they're really pissed about it. Once again M$ bungles.

        NO MS software or operating system has EVER worked properly. Their coding ineptitude and their money-grabbing tactics have both been exposed yet again!

        Game Over, Microsoft.

        1. Fatman
          Linux

          Re: Game Over, Microsoft

          That sounds like what I said some 5 years ago as I slid in a Live CD, and scraped WindblowZE from the hard drive of my 'puter.

          It was a good feeling, becoming one with the penguin.

          1. Rattus Rattus

            Re: becoming one with the penguin

            I became one with a penguin once. I am no longer allowed into any zoos.

  3. Anonymous Coward
    Thumb Up

    They should just leave it in...

    ...or have an on-off switch like Android devices, where the user can download what they want if they so choose.

    But yes, as John Robson points out, it'll cost them cash to allow people to bypass the crappy Windows Store.

    1. P. Lee

      Re: They should just leave it in...

      > But yes, as John Robson points out, it'll cost them cash to allow people to bypass the crappy Windows Store.

      Or Amazon decides to set up an RT shop...

  4. JaitcH
    Happy

    Another MS ...

    piece of super secure software.

    1. Anonymous Coward
      Anonymous Coward

      Re: Another MS ...

      Any examples of total and absolute 'super secure' systems?

      1. jake Silver badge

        @AC15:13 (was: Re: Another MS ...)

        A few commonly known variations I run include RS/400, OS/390, VMS and TOPS-10/20.

        1. P. Lee

          Re: @AC15:13 (was: Another MS ...)

          > A few commonly known variations I run include RS/400, OS/390, VMS and TOPS-10/20.

          Not really, which is why the banks don't put their mainframes directly on the internet.

          1. jake Silver badge

            @P. Lee (Was: Re: @AC15:13 (was: Another MS ...))

            Yes, really. Mainframes aren't directly coupled to "The Internet" (whatever that is!) because there is no need, not because they are vulnerable. The first rule of system security is "if you don't have to connect it, don't!".

            Note that many mainframes were connected directly to the internet during the NSFNet days ... I can't remember a major intrusion incident. Can you?

            As a side-note, I have an early 1990s Amdahl running Slackware S/390 in an LPAR that has been internet accessible for five or six years. Unfortunately, that particular project seems to have become moribund in 2010, so I'll probably take her off-line shortly. No intrusions to date, despite me actually allowing the cognizant to try.

  5. TiddlyPom
    FAIL

    Treacherous Computing

    This is Microsoft 'Trusted' (aka Treacherous - http://www.gnu.org/philosophy/can-you-trust.html) Computing taken to the next level. You cannot run ANYTHING on the computer unless it is approved by Microsoft. Luckily there are now alternatives and if Microsoft carries on like this then they will lose market share. I just hope that this happens (to some extent), their realize the folly of this approach and learn from their mistakes. Computers should be there to allow people to use them in whatever way they want to - not for companies (like Microsoft, Apple or other proprietary vendors) to take that choice away.

  6. Stumpy
    Joke

    It's obvious ...

    Until someone actually went out and bought a Surface tablet they didn't have to worry. Now that they've actually *sold* one they're taking a much firmer line ...

  7. Crisp

    No Microsoft.

    Once I've bought the hardware. It's mine, and I'll run whatever I like on it.

    Likewise, once I've bought the software, it's mine to use any way I feel like.

    1. Zaphod.Beeblebrox
      Black Helicopters

      Re: No Microsoft.

      The windmill is over that way -->

      Tilt away man!

  8. Bob 18

    More Irrelevance

    With its late-to-market products commanding miniscule market share, it is doubtful whether MS will ever become relevant in the tablet space. This is just one more reason they will fail. Anyone who wants freedom to install any software they like will be Android. Anyone who doesn't care will buy Apple.

    1. AlbertH
      Linux

      Re: More Irrelevance

      With its late-to-market products commanding miniscule market share, it is doubtful whether MS will ever become relevant in the tablet space

      Yep - another "Zune"!!!

  9. sisk

    Appropriate action?

    Appropriate action would be realizing that people with the desire and know how to jailbreak their devices will do it and not standing in their way. That's a fight that can't be won (or, at any rate, hasn't yet been won by any manufacturer). Better to reap the consumer goodwill that comes from applauding the minds that can do it than to play the expensive whack-a-mole game of trying to prevent jailbreaks.

    Alas, it seems that less enlightened minds have overruled the smart people in Redmond who understand this rather simple concept.

  10. peter 45
    Pirate

    Wow

    Its almost as if Microsoft still think it still belongs to them even after I bought it.

    hay Microsoft. I paid for it. Mine now and I will jailbreak it if I want to.

    1. AlbertH
      FAIL

      Re: Wow

      Its almost as if Microsoft still think it still belongs to them even after I bought it.

      The EULA actually suggests that they do. Like their "operating systems" - you can't buy them (even if you'd ever want to), you can only lease the right to use them. Their software remains "their" property. It's now going the same way with "their" hardware.....

      1. peter 45
        Happy

        Re: Wow

        EULA? Oh noes . Well that's just stopped me right in my tracks.

  11. Mark Allread
    Happy

    Doing this protects the developers

    It's the same with the Playstation. As soon as you can sideload programs onto it, then you can run pirated or hacked software, obtained from elsewhere. Developers want to make sure that everyone running their app has bought or obtained it from the right place, not from a bloke in the pub. Honestly, some of you with your "orwellian" conspiracy theories ought to be ashamed.

    1. sisk

      Re: Doing this protects the developers

      And the people who want to do it will do it. You can't stop jailbreaking. You can slow it down for a month or two, but in the end the people who want to do it will always find a way, so why waste time and money fighting it? Fighting jailbreaking is just like adding DRM: utterly pointless. They're fighting a battle that simply can't be won.

      Forget the conspiracy theories. How about a little common sense. If you dump a wad of money into closing the hole used to jailbreak your device only to have another one being exploited next week what have you accomplished? You've wasted money and probably raised your prices to compensate for it and annoyed a not-insignificant portion of the market.

  12. John Tserkezis

    It's about the money.

    Microsoft would rather people download and install authorised, and cryptographically signed, software specifically built for touch-driven computers from its official Windows Store outlet.

    Microsoft would rather people download PAID FOR, and DRM CONTROLLED software specifically built for touch-driven computers from its official Windows Store outlet.

    There, fixed it. It's always about the money.

    Where's the almighty dollar icon when you need it?

  13. Mike 16 Silver badge

    About those Windmills

    ISTR Cervantes was actually making a point with them. The windmills in his vicinity were run as government monopolies, with home-milling forbidden, so that taxes could be levied on all grain, even that used by the farmer and his family. The fact that the monopolistic millers could now charge exorbitant rates for the milling itself, and were all "connected" to the rulers, was, I'm sure, a mere unintended consequence.

  14. David Strum
    Holmes

    Win 8 is really not that good! Has anyone else sensed it?

    I’ve just installed Win8 on my great-not-so-rubbish-once-highend-PC-because-6-months-is-old, and it really looks out of place and rather retro. It looks and feels like XP when you remove all the eye-candy and set the graphics for max performance. It’s horrid! I can’t believe I liked it! Maybe it was because I initially installed it on a Laptop; an old Inspiron 6400 – whooo hoo; and I got the graphics working too! I prefer Win7 actually, it looks more inviting rather than the drab-austere feel to Win8. I think this OS is the lean twin of Vista. It's at the opposite end of its flabby-slug-like sibling, very fast, but inordinately drab. I’ve got a GTX 570 and expected a bit more eye-candy from this pallet-challenged Ballmer attempt at “The Latest.” Win 8 is really not that good! Has anyone else sensed it?

    1. xerocred

      Re: Win 8 is really not that good! Has anyone else sensed it?

      +10 for pallet-challenged

This topic is closed for new posts.

Other stories you might like