What a coincidence...
I'll opt out of using "Microsoft security" in any sentence that doesn't involve snickering, giggles, or outright howls of derisive laughter.
Microsoft is to security what flame throwers are to icecream cones.
Yet another top-tier PC maker seemingly isn't interested right now in Microsoft's vision of hardware-level security for Windows 11 systems. Dell won't include Microsoft's Pluton technology in most of its commercial PCs, telling The Register: "Pluton does not align with Dell's approach to hardware security and our most secure …
The only active use I have seen Microsoft make of security features is to further customer lock-in and to prevent any rival operating systems from installing. Forcing OEMs to lock down UEFI was clearly enough of a warning to manufacturers not to fall for that twice.
If they put half as much much money they put into wining and dining competence-free decision makers and anti-competitive efforts into really securing Windows I think most ransomware gangs would already be out of business.
No, DRM in the usual sense is only part of it. It's also about restricting what software you can run on your own computer, making that software more opaque and more difficult to replace, and limiting your ability to use third-party data services. The end goal is the same one Microsoft have always had: total end-to-end control of and visibility into everything everyone does on any computer anywhere, with the ability to monetise all of it for themselves.
Ahem... isn't
"...total end-to-end control of and visibility into everything everyone does on any computer anywhere, with the ability to monetise all of it for themselves..."
what Apple has been doing right from the start?
Absolutely despicable practice, but Microsoft didn't invent the stuff.
Weirdly, most of what I have running on MacOS and iOS (whose most irritating feature is the messed up cAPitalisation, but I digress) speaks Open Standards and happily integrates with all sorts of backends .. unless, unsurprisingly, they're made by Microsoft which always seems to require extra hoops to jump through. Crapware like Exchange doesn't even talk caldav or carrdav.
Also, the music I buy from them is unlocked - they made that decision years ago.
Where it does still play to a maddening degree is their app stores which are country locked to the point that you cannot even buy something unless your means of payment are registered in that country which clearly demonstrates that their mindset is still firmly locked in that American box - Europeans travel and move much more across borders, but their App Stores have yet to catch up with that.
Never said Microsoft invented this, only that it's their goal. At the same time, you need to be careful about what "right from the start" means with respect to Apple. Pre-1997 Apple didn't look anything like modern Apple and did not share Microsoft's objectives. By the time Jobs returned via NeXT, Apple had become completely irrelevant and was more or less out of business. Only in the post-1997 (and really post-iPhone) era has Apple started to look and act more like Microsoft. By 1997, Microsoft had been an entrenched monopolist for almost 20 years and was firmly established as the standard-bearer for misbehaviour in the technology industry. So while I agree that Microsoft didn't invent this kind of behaviour or business objectives, it certainly preceded Apple to them by a considerable margin. That's just history, though; what matters is how they're behaving today.
If I'm not mistaking, Dell still has control of the firmware so it can activate this "feature" or not. Or make it opt-in for end-users.
Let's not forget, for a long time Dell was the only big PC manufacturer who was not afraid to offer Linux preinstalled on their PCs.
@AC "f I'm not mistaking, Dell still has control of the firmware so it can activate this "feature" or not. Or make it opt-in for end-users."
From article:-
"Reading between the lines: Dell isn't shipping PCs with processors featuring Pluton, and so it's not in a position, or interested in being in a position, to be onboard with the tech."
Dell can't activate what is not their as Pluton is not on the processors.
Worth stating that while vendors can turn Pluton on and off, via their own UEFI firmware interface, what's to say Pluton doesn't have another internal facing switch within the Intel processor itself (Intel's own management engine for instance) so in effect Intel's management engine can enable and disable Pluton at will (and importantly update the microcode), for its own purposes, separate from the UEFI firmware.
And if Pluton is anything like today's 2022-03 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5011487), that resulted in a kernel fault, and 'full on' meltdown this morning, I would actively avoid any new laptop with this technology on board. To those that haven't yet installed 2022-03 Cumulative Update, worth pausing updates if you can.
Microsoft's testing regime, is now pretty much "just throw it out there, see what sticks".
Clunky 'bag of rusty nails' Windows Update is more than enough, in terms of showing how bad Microsoft is at providing updates, we don't need another (lack of) Microsoft provided firmware to obsolete machines, in the same way they are doing with Windows 11.
Dell seems to have come to the same conclusion, Pluton is not a selling point, it's an active reason for consumers to avoid Dell products, if this feature is permanently enabled by default. Commendable that Dell have taken the side of their customers and used some due diligence.
Pluton is a massive 'power grab', and should be resisted at all costs, there are better ways to do security where you remain in control, and if Microsoft get this wrong, and history shows they will, it will be outside your control and nothing you can do when the shit hits the fan.
Basically, another attack vector, along with the borked Intel Management Engine, in the same way 'Extensible' has started to be seen in terms of the UEFI.
@AC Just two small problems with your post.
Intel cannot have a secret way to turn on Pluton on their processors because Pluton is not on their processors.
Dell not enabling Pluton does not mean they have come to any conclusions. Neither is it worthy of the commendation that Dell have taken the side of their customers.
Because Dell can't activate what is not there and Pluton is not on the processors.
OK, I have jumped the gun a little, projecting this scenario, in terms of right now.
Have to say, I took Intel's announcement, "Intel's 12th Gen platforms do not support Pluton," within the context of Intel's custom dynamic mix'n'match fabrication plans, going forward, based on vendors needs, in a subtly different way in what it didn't say. 'Does not support Pluton', doesn't say it couldn't. After all, Pluton is essentially an updatable, modifiable software based implementation controlled and updated by Microsoft, based on a form of Linux.
12th-generation Core family code-named Alder Lake, Intel has stated (according to reports) that it is using its own Platform Trust Technology for Alder Lake. What Intel didn't make clear is whether the coprocessor was present and dormant on the die (or could be added with mix'n'match fabrication processes for certain vendors), and/or just not implemented in terms of software.
In much the same way that Apple had never spoken about the hardware/software virtualisation* + internal bus within the M1 Processor that allowed multiple chip dies to be fused together to form the M1 Ultra before yesterday. So what else have Apple not talked about regarding the M1, because there is clearly a narrative developing there with hiding things.
None of this offers an reassurance in terms of security. because much of it is hidden from view, and anything that operates below the radar can be used to circumvent Democracy in all its forms. That's the key message people should take from this, it's no different to having 'malware' operating on their terms, malware controlled by the those providing the technologies here.
*(so it's seen as a single processor/single continuous memory architecture, it appears to implementing core technologies similar to Tidalscale to do this). It will be interesting to see if they have licenced those technologies//patents or working around them.
@AC "OK, I have jumped the gun a little, projecting this scenario, in terms of right now."
Yes just a little, but you are right Intel could easily add Pluton to their next processor after all they helped develop it.
"Microsoft launched to much fanfare its Pluton security layer for PCs in 2020 after developing it with Intel, AMD, and Qualcomm."
But it is very unlikely Intel have a Pluton coprocessor present and dormant on the die as they have gone with their own TPM coprocessor on Alder Lake.
But as said, there are several ways to interpret what has been said so far, and if we are talking Microsoft Windows and PC's then for all that matters in terms of numbers, Intel is the only game (processor) in town.
So discussing how the Pluton could potentially have an internal interface (used by the processor, looking ahead - Intel) and an external interface accessible by vendors, is valid comment. Everything else is a distraction about whether it's there or not, currently within the die or not.
We just don't know if Pluton does or doesn't (have such an dual interface), and that's my point. How can it be seen as 'security' and not seen as more specifically DRM, (as it is used for in the XBOX), when we haven't a clue what's going on below the radar, in terms of what Pluton is doing, or importantly if extended, what it has the potential to do. In effect, Pluton is a moving target, that can morph into anything it wants to be.
Zero Trust, remember, and that includes Microsoft and others.
Just look at the ominous Windows 10/Windows 11 'Microsoft Health Tools', it acts essentially like malware.
Go on, try to uninstall it from the control panel and every time you do, it is reinstalled again and again by Windows Update. Effectively it's the new form of the previous GetWindowsX 'malware' with the all the full screen nags and the forced upgrades, that were surreptitiously carried out.
No one forgets clicking the 'Red X', that meant you'd accepted an upgrade from 7 to 10.
"...today's 2022-03 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5011487), that resulted in a kernel fault, "
Interesting, my sister has just bought a Windows (spit) laptop and as I was trying to do something with it the other day it stopped me in my tracks and demanded that I update it. I had no option but to agree so walked away from the thing as it did "The magic" (quote from the initial setup). So it looks like it did get that KB.
If it has bricked the laptop it might allow me to nuke the OS and put a decent one on instead, PCLinuxOS in this case. So although there might be wailing and gnashing of teeth in the short term this update may be a blessing in diguise.
My own precaution is image, image, image.
Windows, touching wood, has worked fine for me. Updated with no problems and so forth.
But Macrium Reflect is on permanent duty. Imaged to a second internal HDD before update. And another image to an external USB HDD just in case. And a drawer in another room of the house with a couple of redundant HDDs that happen to contain backups and...more images.
Do I use Windows? yes. Most people do. Do I trust Microsoft? Just about as far as I could throw an elephant.
>Do I use Windows? yes. Most people do. Do I trust Microsoft? Just about as far as I could throw an elephant.
Well said. Unfortunately, at a time of war, I trust an AC telling us not to install a security update due to an otherwise unreported "kernel fault, and 'full on' meltdown" about as far as I can throw the other elephants.
"How would dell opt in to using pluton security? Start fabbing their own custom intel chips with a pluton proceesor added?"
You're forgetting, Intel has announced a mix n' match policy regarding fabricating key technologies and custom fabrication, aimed at vendors like Dell. But given everything is about price and margins for vendors, I don't hold up much hope, it's going to be baked in going forward for the masses.
"The big concern among users is the presence of a Microsoft chip in a PC, and the concept of "chip-to-cloud security," which could help the software maker exert more control of systems across the entire stack."
Exactly. The purpose of Pluton, like the purpose of TPMs, is not primarily to increase the security of the computer owner's data. It's to transfer control of the computer and the data it processes away from the owner to third parties of the manufacturer's choosing. That might be themselves or their corporate partners or the media industry. Unsurprisingly, the people who buy computers prefer to have control of their own assets.
"AMD Ryzen 6000 processors will include Pluton as it's present in those AMD chips, though the feature will be disabled by default. AMD has provided an option for users to turn the feature on and off."
Just as it should be. I just hope it doesn't add too much to the cost of AMD chips.
I also hope that the evil empire doesn't find a way to subvert it so that it is always on, if the PC has Windows installed, so that it prevents you from wiping the disk and installing a useful OS.
"AMD Ryzen 6000 processors will include Pluton as it's present in those AMD chips, though the feature will be disabled by default. AMD has provided an option for users to turn the feature on and off."
There are plenty of nefarious ways of turning on a capability that exists but is 'disabled by default'. It doesn't take much to add hardware that sniffs a register or a data-line waiting for a key-pattern that triggers turning on a hidden capability. It's basically a variant of malware traffic signalling techniques on networks: MITRE: Traffic Signalling
You might not even need to add hardware: firmware running in a TPM (which could be distributed as an opaque, encrypted BLOB) can easily be programmed to do things on receipt of a magic pattern in what would otherwise be a legitimate datastream being processed.
This is why open firmware and open hardware is important.
I have is that pluton can be updated (via windows update)
So its only a matter of time before the malware creators find a way of updating pluton themselves... and then baking that into an email attatchment.
If pluton was a 'burn it once' type device that cannot be altered from external software , then it maybe a good idea.
Until that point..... it sounds more like a m$ power grab than any 'security' for my PC
Oh and preventing linux from being installed unless the distro has a m$ supplied key(for a suitable price)
None of this offers any reassurance in terms of security, because much of it is hidden from view (and controlled by a single vendor), and anything that operates below the radar can be used to circumvent Democracy in all its forms.
That's the key message people should take from this, it's no different to having 'malware' operating on their terms, malware controlled by the those providing the technologies here. Again, it should be seen for what it is, a massive 'power grab'.
"Microsoft and our partners are giving customers the flexibility and choice to configure Pluton to meet their specific needs. Microsoft is committed to working with partners and customers in the coming months and years to continue to bolster security with Pluton," the spokesperson said.
Given the ever-increasing snooping prevalent in Windows, data as currency, "user is the product" approach by MS and others, I think we need to remind every Windows user that they no longer count as "the customer" in Microsoft's eyes.Microsoft's customers, are those who pay the greedy fucks to spy on us.