Re: Well it's "Trusted Computing" all over again
I don't know what is worse some days. The people who post confident assertions when they clearly don't know what they're talking about, or the people who mod them up because the poster speaks authoritatively.
There are basic errors in your post.
>>1. It will bring _no_ benefit to security, as it'll be working in the wrong places. For example you will still be able to exploit a browser to steal cookies and such or install any form of spyware/adware
It is a tool that verifies the software you have installed matches an approved version. Do you also object to signed packages on GNU/Linux? Someone who doesn't understand that there is a security benefit to being able to verify software has no business talking on the subject of security. And your operating principle of 'unless something solves all types of security problems then it provides no benefit' is stunningly flawed.
Also, the browser steals cookies? Okay. :D
>>"In fact certain players in the field will probably even get their malware propperly signed"
Modern malware goes through huge numbers of variations for all sorts of reasons, including getting past anti-virus scanners. If you have to get something signed for every small variation of your malware, that's a staggering limitation. In fact, just getting one version of your malware through instantly becomes much harder as you have to have an account to register it with. Once something you submit is flagged as malware that entire account and every other piece of malware you used it for is effectively scorched. Good luck routinely creating thousands of accounts, getting them approved and then passing off tiny variations in malware with each of them.
And it's fairly easy to recognize malware. Or rather I should say that there are groups that are extremely good at this. Most malware gets about because it's not picked up as malware by people's systems. You can put it up on some compromised site and trick people into installing it because they're ignorant of what it is. But with this turned on, you have to trick Microsoft's QC team into believing it's innocent. And that's a lot harder than tricking some average end-user.
And then of course there's the fact that once something is recognized as malware, its signature gets revoked. This process can happen extremely quickly meaning it's perfectly likely that by the time the malware actually reaches you personally, it's already reached someone else and it got flagged.
>>"No malware today actually accesses the hardware since that would be rather stupi"
Cough Stuxnet Cough. Plus there are entire families of trojans that infect the bootstack which, whether you call it accessing the hardware or not, is happening below the level of the OS which is what is relevant. Anyway, this is another of your basic errors. This security measure isn't protecting the hardware, it is hardware-based. A fundamental difference you have not grasped.
>>"2. As a side effect it'll limit the software you can run on those machines"
That's not a side-effect. That's what the technology does.
>>"For example FOSS will probably not run on such a machine as it will eventually not run any unsigned code"
FOSS software can be signed just the same as proprietary or closed source software. The process is no different. And for the minority who actually compile it themself rather than download a binary (kids today!), this doesn't affect that as the very fact that you're compiling your own code means you have a bypass on this system.
>>"There should be laws against this sort of thing"
Against what? Having an optional whitelist of software you can turn on?
>>"and actually in Germany that would clash with your basic right of "Integrity and Confidality of Information Processing Equipment"."
Complete and utter rubbish.