Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

mirosoft latest trick

«1

Comments

  • Registered Users, Registered Users 2 Posts: 5,238 ✭✭✭humbert


    I think Windows 8 is their tablet OS and most phones/tablets have this (HTC, iPhone).


    They or Intel were looking into processor level security some time back which worried me more but I haven't heard anything more about it?


  • Closed Accounts Posts: 664 ✭✭✭Galen


    UEFI secure booting http://mjg59.dreamwidth.org/5552.html
    http://www.itworld.com/it-managementstrategy/205255/windows-8-oem-specs-may-block-linux-booting

    microsoft tried this rubbish before with their 'trusted' chips. Windows 8 is for desktops and notebooks too.


  • Registered Users, Registered Users 2 Posts: 6,393 ✭✭✭AnCatDubh


    ah, so i can take it that there are no bugs or security holes in their software systems now that their attention is turning to signed driver chipy thingy :rolleyes:

    There are probably better things that they could spend their time on like where the real and present dangers may be are, or maybe they've that one cracked already

    ;)


  • Registered Users, Registered Users 2 Posts: 2,827 ✭✭✭bpb101


    i think the eu will step in , the only thing the eu could do right


  • Registered Users, Registered Users 2 Posts: 2,827 ✭✭✭bpb101


    Galen wrote: »
    Windows 8 is for desktops and notebooks too.
    ye i know , i just gave an example.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,827 ✭✭✭bpb101


    they made mirosoft let people browers

    but on what grounds?
    there locking your computer to their preferences...
    also people have a legal right to refuse a contract(the t's and c's u agree to when u first load any mircosoft os)


  • Registered Users, Registered Users 2 Posts: 2,827 ✭✭✭bpb101


    OSI wrote: »
    How is it stopping another OS from being put onto the laptop?

    It's stopping unsigned code from booting on the machine yes. And to be honest, I welcome this.

    There are viruses now that will lodge themselves in your BIOS code and overwrite your MBR every time you boot the machine, making detection and removal an utter bitch fest. By introducing this kind of code checking, this will be become vastly more difficult, if not near impossible.

    what if i want to make my own os , (i cant)
    but i have a right to develop on my personal computer


  • Registered Users, Registered Users 2 Posts: 14,048 ✭✭✭✭Johnboy1951


    Oh, and the simple conecpt of disabling secure boot in the UEFI!!!

    Do you have a reference indicating this is to be allowed?

    But, even if it is, then it will be totally impractical to dual boot with Windows, because Windows will not boot with secure boot turned off.

    There is a possibility, that something may be added to the motherboard which would automatically invoke secure boot when Windows is involved ...... and I guess we would all have to pay the MS price again!


  • Closed Accounts Posts: 709 ✭✭✭Robdude


    I don't understand why people are upset over this.

    UEFI is not a Microsoft thing. It's a replacement for BIOS. It has a lot of features - like Secure Boot. Secure Boot is not a Microsoft thing. Any OS can do it.

    All Microsoft is saying is, IF you want to be an OEM Vendor and have the Windows 8 Logo and ship with Windows 8 installed; you need to have Secure Boot turned on, by default.


  • Closed Accounts Posts: 664 ✭✭✭Galen


    http://mjg59.dreamwidth.org/5850.html
    UEFI secure booting (part 2)

    Sep. 23rd, 2011 07:57 am
    user.pngmjg59Microsoft have responded to suggestions that Windows 8 may make it difficult to boot alternative operating systems. What's interesting is that at no point do they contradict anything I've said. As things stand, Windows 8 certified systems will make it either more difficult or impossible to install alternative operating systems. But let's have some more background.

    We became aware of this issue in early August. Since then, we at Red Hat have been discussing the problem with other Linux vendors, hardware vendors and BIOS vendors. We've been making sure that we understood the ramifications of the policy in order to avoid saying anything that wasn't backed up by facts. These are the facts:
    • Windows 8 certification requires that hardware ship with UEFI secure boot enabled.
    • Windows 8 certification does not require that the user be able to disable UEFI secure boot, and we've already been informed by hardware vendors that some hardware will not have this option.
    • Windows 8 certification does not require that the system ship with any keys other than Microsoft's.
    • A system that ships with UEFI secure boot enabled and only includes Microsoft's signing keys will only securely boot Microsoft operating systems.

    Microsoft have a dominant position in the desktop operating system market. Despite Apple's huge comeback over the past decade, their worldwide share of the desktop market is below 5%. Linux is far below that. Microsoft own well over 90% of the market. Competition in that market is tough, and vendors will take every break they can get. That includes the Windows logo program, in which Microsoft give incentives to vendors to sell hardware that meets their certification requirements. Vendors who choose not to follow the certification requirements will be at a disadvantage in the marketplace. So while it's up to vendors to choose whether or not to follow the certification requirements, Microsoft's dominant position means that they'd be losing sales by doing so.

    Why is this a problem? Because there's no central certification authority for UEFI signing keys. Microsoft can require that hardware vendors include their keys. Their competition can't. A system that ships with Microsoft's signing keys and no others will be unable to perform secure boot of any operating system other than Microsoft's. No other vendor has the same position of power over the hardware vendors. Red Hat is unable to ensure that every OEM carries their signing key. Nor is Canonical. Nor is Nvidia, or AMD or any other PC component manufacturer. Microsoft's influence here is greater than even Intel's.

    What does this mean for the end user? Microsoft claim that the customer is in control of their PC. That's true, if by "customer" they mean "hardware manufacturer". The end user is not guaranteed the ability to install extra signing keys in order to securely boot the operating system of their choice. The end user is not guaranteed the ability to disable this functionality. The end user is not guaranteed that their system will include the signing keys that would be required for them to swap their graphics card for one from another vendor, or replace their network card and still be able to netboot, or install a newer SATA controller and have it recognise their hard drive in the firmware. The end user is no longer in control of their PC.

    If Microsoft were serious about giving the end user control, they'd be mandating that systems ship without any keys installed. The user would then have the ability to make an informed and conscious decision to limit the flexibility of their system and install the keys. The user would be told what they'd be gaining and what they'd be giving up.

    The final irony? If the user has no control over the installed keys, the user has no way to indicate that they don't trust Microsoft products. They can prevent their system booting malware. They can prevent their system booting Red Hat, Ubuntu, FreeBSD, OS X or any other operating system. But they can't prevent their system from running Windows 8.

    Microsoft's rebuttal is entirely factually accurate. But it's also misleading. The truth is that Microsoft's move removes control from the end user and places it in the hands of Microsoft and the hardware vendors. The truth is that it makes it more difficult to run anything other than Windows. The truth is that UEFI secure boot is a valuable and worthwhile feature that Microsoft are misusing to gain tighter control over the market. And the truth is that Microsoft haven't even attempted to argue otherwise.




  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,827 ✭✭✭bpb101


    Robdude wrote: »
    I don't understand why people are upset over this.

    UEFI is not a Microsoft thing. It's a replacement for BIOS. It has a lot of features - like Secure Boot. Secure Boot is not a Microsoft thing. Any OS can do it.

    All Microsoft is saying is, IF you want to be an OEM Vendor and have the Windows 8 Logo and ship with Windows 8 installed; you need to have Secure Boot turned on, by default.

    but they should have this optional and be turned off by default ,


  • Closed Accounts Posts: 709 ✭✭✭Robdude


    But why?

    I realize there is no perfect source, but using the numbers at : http://www.w3schools.com/browsers/browsers_os.asp

    Windows - 85.1%
    Linux - 5.2%
    Mac - 8.2%
    Mobile - 0.9%

    Mac users are not buying OEM Windows Machines.
    Mobile users are not buying OEM Windows Machines.
    A percentage of Linux users are not buying OEM Windows Machines.

    Let's assume 90% of Linux users *are* buying OEM machines. In my experience, it's lower. People who run Linux are very particular about their hardware and also go to great lengths to avoid supporting Microsoft.

    This impacts, optimistically, 5% of people purchasing OEM Windows Machines
    95% of customers would be better off with the option turned on.

    Why 'should' 95% of people either have to go through extra configuration or miss out on available security features because 5% of people don't want to have to go through extra configuration hassles?

    Would you also require Linux shops to have this security feature disabled by default on all machines they sell?


  • Registered Users, Registered Users 2 Posts: 2,827 ✭✭✭bpb101


    i accept that linux has a small minority and in this occanion mac are excluded
    but it the same as your phone, being block to vodafone


  • Registered Users, Registered Users 2 Posts: 2,827 ✭✭✭bpb101


    http://www.omgubuntu.co.uk/2011/09/microsoft-attempt-address-windows-8-linux-worries/

    mircosoft say that they want manufactures to disable , disabling secure boot. for a some cert


  • Registered Users, Registered Users 2 Posts: 1,823 ✭✭✭EvilMonkey


    Microsoft get enough criticism for having security features disabled by default. Now people are complaining when they look for one to be turned on.
    I cant see this stopping anyone capable of installing Linux from doing so.


  • Closed Accounts Posts: 5,082 ✭✭✭Pygmalion


    EvilMonkey wrote: »
    I cant see this stopping anyone capable of installing Linux from doing so.

    As I understand it the hardware will refuse to run a bootloader that hasn't been signed with a per-device key.
    If you don't get that key then it would require, at the very least, some kind of hardware hack to get it working, even if GRUB and Linux add support for it.

    Enabling an opt-out software security feature in the OS and requiring devices to have locked down hardware aren't the same thing.


  • Registered Users, Registered Users 2 Posts: 2,827 ✭✭✭bpb101


    added a poll , to see what everybody thinks on wheather it will go through or not


  • Closed Accounts Posts: 5,082 ✭✭✭Pygmalion


    What about a "Yes, but with the bootloader key printed on the PC case" option?
    That seems to be the sensible way for this to go, allows modifying bootloader but only with physical access, and key could be removed in a business environment.


  • Registered Users, Registered Users 2 Posts: 1,889 ✭✭✭evercloserunion


    OSI wrote: »
    On what grounds?

    If they were to intervene, it would most likely be on competition grounds, ie Microsoft using this to foreclose the market to competitors.


  • Closed Accounts Posts: 664 ✭✭✭Galen




  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,827 ✭✭✭bpb101


    "Galen http://www.theregister.co.uk/2011/09...ut_row_latest/"


    i dont see how the signing keys for every linux would work.
    there are thousands(over statement to raise a point ) of linux's being released every few weeks (including alphas and betas )
    will they have to do a bios release every day , and will they continue to do these updates years later , decades later ???


  • Registered Users, Registered Users 2 Posts: 2,370 ✭✭✭Knasher


    OSI wrote: »
    How is it stopping another OS from being put onto the laptop?

    It's stopping unsigned code from booting on the machine yes. And to be honest, I welcome this.

    There are viruses now that will lodge themselves in your BIOS code and overwrite your MBR every time you boot the machine, making detection and removal an utter bitch fest. By introducing this kind of code checking, this will be become vastly more difficult, if not near impossible.

    I agree in principle, the secure boot feature is a good idea and should be included, but only if it can be disabled by the user. My worry though stems from the view I think Microsoft is taking.

    Currently one of the principle methods of Windows piracy involves loading something before handing off to the Windows kernel, which tricks it into thinking it is running on an OEM system. (Just FYI I've done work in a security field, hence why I'm familiar with how it is done, I did buy my copy of Windows) This method has been in use since Vista and AFAIK Microsoft still haven't found a way to close it. Secure boot would make this sort of piracy impossible, but only if Microsoft get their OEMs to not have the ability to disable the feature or load their own keys.

    Given what Microsoft have to gain from this, and the fact that most legit non-Linux users won't even notice, I would be very surprised if Microsoft doesn't exploit this. I'd be surprised if Microsoft doesn't start encouraging the OEMs not to include the ability to disable or modify secure boot.


  • Registered Users, Registered Users 2 Posts: 2,827 ✭✭✭bpb101


    people new to linux will be highly less lightly to use linux if they have to go to the end of the earth to install linux ,
    f u ck this ideas of it is for your security it is to stop people changing os to linux based ,(or at lease part of )


  • Registered Users, Registered Users 2 Posts: 59 ✭✭speedbird834


    I won't go through hoops to dual boot if it does happen. Not that I would like to be forced to use windows on a day to day basis - it will probably drive me to switch to mac.


  • Registered Users, Registered Users 2 Posts: 2,827 ✭✭✭bpb101


    I won't go through hoops to dual boot if it does happen. Not that I would like to be forced to use windows on a day to day basis - it will probably drive me to switch to mac.
    but for people who want a computer , but cant afford a mac
    it is trying to force people away from linux


  • Closed Accounts Posts: 664 ✭✭✭Galen


    Besides ****ing it up for Linux users like myself, how long until Microsoft goes back to it's old complacent ways - it's no wonder that their developers are pissed.


  • Posts: 0 [Deleted User]


    bpb101 wrote: »
    people new to linux will be highly less lightly to use linux if they have to go to the end of the earth to install linux ,
    f u ck this ideas of it is for your security it is to stop people changing os to linux based ,(or at lease part of )

    If anything I'd say it's being done to stop people using SLIC loaders to bypass activation.


  • Registered Users, Registered Users 2 Posts: 2,827 ✭✭✭bpb101


    Karsini wrote: »
    If anything I'd say it's being done to stop people using SLIC loaders to bypass activation.
    i dont see this begin used (invented ) only for the consumer
    there some other reason , mabey it because o the activation


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,827 ✭✭✭bpb101


    how will you reinatall window .
    example of what i mean is:

    i build a pc , and put 8 on it
    and supprize , supprize i get a virus , i need to reformat , how do i?
    it wont allow me to because it a something trying to run from boot

    or will it just detect 8

    another problem
    what if i want to run a raid (is raid on the boot system already ,not quite sure on how to enable raid , never need it )on it , that from boot , so what the story

    or what the stroy with a linux pc and window 8 on a SECONDARY os .
    in which linux was installed FIRST



    any thoughts


  • Registered Users, Registered Users 2 Posts: 2,370 ✭✭✭Knasher


    bpb101 wrote: »
    how will you reinatall window .
    The process on the DVD will be signed with the same keys as the actual Windows kernel. So it won't make a difference from a reinstalling point of view. One thing you won't be able to do is install older versions of Windows if you want to for whatever as obviously those kernels wouldn't be signed.
    bpb101 wrote: »
    or what the stroy with a linux pc and window 8 on a SECONDARY os .
    in which linux was installed FIRST
    any thoughts
    Well the assumption is that you are able to install Linux at all. Which won't be the case for all laptops. If you are able to install Linux, then there shouldn't be an issue with dual booting with Windows 8. Remember this is a UEFI feature, so it is in the core of the PC and restricts what it will hand off to, it isn't something Windows needs in place before it will boot.

    It wouldn't surprise me, if this thing goes ahead, that somebody figures out a flaw in the Windows boot process and uses it to substitute a Linux loader for a Windows one. Essentially you would be loading a part of Windows before interrupting it to switch to Linux. Not sure what the legality of that would be though.


  • Registered Users, Registered Users 2 Posts: 2,827 ✭✭✭bpb101


    Knasher mention that old windows wont be able to be installed , which makes sense , but what happens if 8 is something simular to window vista and a lot of people used xp for many more years than windows wanted ie. people buy 8 , find out its sh-it and turn back to 7


  • Registered Users, Registered Users 2 Posts: 2,827 ✭✭✭bpb101




  • Registered Users, Registered Users 2 Posts: 2,827 ✭✭✭bpb101


    as window 8 draws closer Microsoft announces their requirements to OEM's
    and omg ubuntu talk more on the secure boot

    http://www.omgubuntu.co.uk/2012/01/microsoft-to-prevent-linux-booting-on-arm-hardware/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+d0od+%28OMG!+Ubuntu!%29


  • Closed Accounts Posts: 664 ✭✭✭Galen


    Microsoft to Prevent Linux Booting on ARM Hardware? http://bit.ly/AvC6S1


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 5,949 ✭✭✭A Primal Nut


    From article on OP's post.
    For the roll out of Windows 8 Microsoft want to see Secure Boot enabled on all devices shipping with their name on by default.

    So it will still be possible to disable Secure Boot is how I understand it. Much ado about nothing.


  • Registered Users, Registered Users 2 Posts: 2,827 ✭✭✭bpb101


    From article on OP's post.



    So it will still be possible to disable Secure Boot is how I understand it. Much ado about nothing.

    ON ARM -hardware it is a requirement , at the time of OP details were unsecured
    but it seams it will be an option to disable the secure boot on other hardware.


  • Registered Users, Registered Users 2 Posts: 14,048 ✭✭✭✭Johnboy1951


    So MS decided that they needed secure boot to be managed on PC hardware for their previous OSs ....... but on ARM devices they want it locked down so it cannot be disabled ..... thus preventing alternate OSs from being installed on those devices.

    They seem to be gearing up for a contest in the ARM sector ....


  • Registered Users, Registered Users 2 Posts: 2,827 ✭✭✭bpb101


    i say a big problem for this "great idea" is not just the people who are mad and just prefer and os became it free and simple better, what about RAID

    Im not well up on RAID but as far a know you install that similarly to an os(as in not as a program but outside the current os)

    would this not be a major problem for companies who want do a backup for on server ? (on arm-hw)


  • Registered Users, Registered Users 2 Posts: 14,048 ✭✭✭✭Johnboy1951


    The question in my mind is ........ will the devices that MS decides it would like to have its OS made available on (and there is no need to go into how the importance of MS to any manufacturer can cause the manufacturer to comply with MS wishes) be acceptable to EU regulators ==== after all there will be an artificial block/hindrence placed on such devices to prevent any non approved OS being installed?

    I hope the manufacturers who must, for commercial reasons, comply with the MS 'wish' at least make it a trivial matter to by-pass this restriction ...... maybe by placing an on-board link, similar to what we presently see on motherboards to clear cmos BIOS.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 14,048 ✭✭✭✭Johnboy1951


    OSI wrote: »
    I really cannot see the EU have any issue with this development. You don't see them jumping on the backs of HTC, Samsung or Apple for locking their device to their approved OS's do you?

    Neither would I have a problem if MS manufactured their own hardware and placed their software on it.

    That is what Apple etc do ....


  • Registered Users, Registered Users 2 Posts: 2,827 ✭✭✭bpb101


    i fail to see how they legally just block out a larger majority of computer users because they don't like windows operating system.

    There must be some law that forbids this stupidity

    Just realy think what there doing for a minute in plain english

    They want to forbid the use of another operating system and their bullying manufacturers into doing this ...


  • Registered Users, Registered Users 2 Posts: 2,028 ✭✭✭d31b0y


    Yes, but it's all under the guise of security and protecting the consumer.

    At the end of the day they are including a security feature and one which WILL stop BIOS hacks and other nasties out there.

    The only thing that disappoints me is that they are forcing it on ARM infrastructure. But that truly is a make or break move for them. Either manufacturers will back them and run with Windows 8 or they will jump ship and go with an open source alternative.

    Tablets will still exist with Android and other OS's. Hypothetically speaking, if you were in the market for a new touch-screen device and you found one with Windows 8 on it, would that make you want to buy it? It would certainly have to be a fantastic OS for me to consider it over the alternatives. And, in that case, if it was such a fantastic OS would you really want to flash a different OS onto it?

    Similarities can be drawn between this and Apple's iOS. You can only run Apple software on Apple hardware (generally speaking) and this is going to bring MS down the same path.

    Don't get me wrong though, I hate the whole idea of Secure Boot and I think it should be panned completely but it will either turn out to be a very clever move by MS or a very stupid and short sighted one. Only time can tell.


  • Registered Users, Registered Users 2 Posts: 2,827 ✭✭✭bpb101


    I Dont think this will STOP hackers , may limit to just the os until they crack the bios by making windows install to the bios or something
    d31b0y wrote: »

    At the end of the day they are including a security feature and one which WILL stop BIOS hacks and other nasties out there.

    ill agree with 1 thing here
    d31b0y wrote: »
    Only time can tell.


  • Registered Users, Registered Users 2 Posts: 2,028 ✭✭✭d31b0y


    I think you may have read my post wrong, I should have been clearer. It will stop any current and similar future BIOS attacks because the code has to be signed before it will run.

    I won't pretend to know the ins and outs and I am not naïve. I know it's only a matter of time before there are some sort bypasses in place. But isn't that the case with every system out there?

    Don't get me wrong, I am completely against what they are doing and I hope it fails.


  • Registered Users, Registered Users 2 Posts: 2,827 ✭✭✭bpb101


    d31b0y wrote: »
    It will stop any current and similar future BIOS attacks because the code has to be signed before it will run.
    sorry i thought you meant all , As in never again

    Im not the best up on it myself as the information is quite vague
    what is ARM-hardware- i got its hardware developed by arm but i never see it advertised on pcs and why will this secure boot only compulsory to be enabled on ARM?


  • Closed Accounts Posts: 664 ✭✭✭Galen


    Fortunately Samsung android phones are not locked and gradually HTC is unlocking theirs after they finally came to their senses.


  • Registered Users, Registered Users 2 Posts: 8,824 ✭✭✭ShooterSF


    Knasher wrote: »
    I agree in principle, the secure boot feature is a good idea and should be included, but only if it can be disabled by the user. My worry though stems from the view I think Microsoft is taking.

    Currently one of the principle methods of Windows piracy involves loading something before handing off to the Windows kernel, which tricks it into thinking it is running on an OEM system. (Just FYI I've done work in a security field, hence why I'm familiar with how it is done, I did buy my copy of Windows) This method has been in use since Vista and AFAIK Microsoft still haven't found a way to close it. Secure boot would make this sort of piracy impossible, but only if Microsoft get their OEMs to not have the ability to disable the feature or load their own keys.

    Given what Microsoft have to gain from this, and the fact that most legit non-Linux users won't even notice, I would be very surprised if Microsoft doesn't exploit this. I'd be surprised if Microsoft doesn't start encouraging the OEMs not to include the ability to disable or modify secure boot.

    But the only machines with it switched on will come with a genuine copy of Windows installed and any site that offers pirated versions of the following OS will just need an extra paragraph explaining how to turn secure boot off first.
    I do agree that in theory windows piracy probably ranks higher on their concern list than people switching to linux (sadly). But it stops neither.
    I guess the problem is the worry that with very little effort and under the guise of security laptop manufacturers could start to lock down what OS you install quite easily if they chose to do so and Microsoft may become more hardline on the issue in the future when this method fails to prevent Windows 9 being pirated....


  • Registered Users, Registered Users 2 Posts: 2,827 ✭✭✭bpb101




  • Registered Users, Registered Users 2 Posts: 955 ✭✭✭Scruffles


    bpb101 wrote: »
    very interesting news indeed.

    if people dont want the latest windows,they coud try buying the hardware from a store which doesnt preinstall OSs,upgrading laptops in near future and am planning to do that with mine,disgusting that we are forced to pay towards microsoft in the first place when we dont want to.


  • Advertisement
Advertisement