Submitted by After the walled garden coming to the desktop operating system world, we’re currently witnessing another potential nail in the coffin of the relatively open world of desktop and laptop computing. Microsoft has revealed [.pptx] that as part of its Windows 8 logo program, OEMs must implement UEFI secure boot. This could potentially complicate the installation of other operating systems, like Windows 7, XP, and Linux.
Linux developer Matthew Garrett, who works for Red Hat, first talked about this issue on his blog today. He has done work on EFI, so he knows what he’s talking about. The issue is that the secure boot technology that’s part of EFI and which is mandatory for Windows 8’s logo program, requires signing keys integrated into the firmware.
It goes further than merely installing an operating system, though. One or more signing keys can be installed into the firmware; executables and drivers need to be signed by these keys, or else they won’t load. On top of that, another set of keys (Pkek) takes care of the communication between operating system and firmware. The operating system can then add signing keys to a blacklist and a whitelist. Since there’s no central authority which issues these keys, OEMs will have to sign stuff themselves if a key is installed.
“This impacts both software and hardware vendors,” Garrett explains, “An OS vendor cannot boot their software on a system unless it’s signed with a key that’s included in the system firmware. A hardware vendor cannot run their hardware inside the EFI environment unless their drivers are signed with a key that’s included in the system firmware. If you install a new graphics card that either has unsigned drivers, or drivers that are signed with a key that’s not in your system firmware, you’ll get no graphics support in the firmware.”
Microsoft requires OEMs that want to be part of the logo program for Windows 8 to have secure boot enabled. According to Garrett, there are two ways for Microsoft to handle this. “The two alternatives here are for Windows to be signed with a Microsoft key and for the public part of that key to be included with all systems, or alternatively for each OEM to include their own key and sign the pre-installed versions of Windows,” Garrett states, “The second approach would make it impossible to run boxed copies of Windows on Windows logo hardware, and also impossible to install new versions of Windows unless your OEM provided a new signed copy. The former seems more likely.”
This means Linux, or any other unsigned operating system, will not run on your computer. There are several problems here when it comes to Linux. First, we’d need a non-GPL bootloader (Lilo perhaps?). Second, Garrett indicates that the Linux world is moving towards using the Linux kernel itself as a bootloader. This means kernels will have to be signed, making it virtually impossible to compile your own kernel. Self-signing would still require each key to be included by all OEMs.
For now, it’s hard to tell if this secure boot thing will be an option we can turn off, or if OEMs will – like they do with BIOS features all the damn time – disable the option of turning it off. In any case, I must say that I’m very, very worried that the horrible, anti-user situation of smartphones will permeate into the world of desktop and laptop computers.
The problem here is that governments the world over will be filled with glee over the fact that we would no longer be able to run the software of our choosing – at least, not easily. This means more control, something the, for instance, entertainment industry will love to death. I mean, someone has to think of the children.
I have a hard time believing the combined power of Apple and Microsoft – both strong supporters of these kinds of anti-user features – will not be able to convince and buy governments the world over into not doing anything about this.
It would appear that despite his extremist views over the years, Richard Stallman is more and more starting to look like a true visionary. The fact that he had the foresight to think about hypothetical issues like this decades ago is pretty remarkable.
For now, I am worried, although not yet freaking out. In the end, this would also pose major headaches to other hardware and software vendors, and I’m hoping Microsoft and its OEMs will not antagonise them too much. For all it’s worth, though, be sure to check the UEFI implementations of the motherboards and laptops you buy for an option to turn secure boot off.
What happens if you don’t buy a computer from an OEM? Like, if you just buy the parts online and put it together yourself.
And for the record, I don’t believe it is government’s place to tell these companies that they shouldn’t be allowed to lock down these devices. However, I also don’t think they should be telling consumers that we’re not allowed to jailbreak them either.
@WorknMan: When’s the last time you built your own laptop though?
Edited 2011-09-22 01:58 UTC
Plenty of stores selling laptops without EOM Windows, at least around these parts.
Six months ago. Where do you live?
Putting parts together doesn’t work well for laptops, which are slowly becoming dominant. Also, it would restrict alternatives OSs to a geeks-only market : no more installing a lightweight linux distro on a friend’s old computer which cannot run windows anymore, or using old desktops as home servers…
I agree, but what you say will be true in the (not so) distant future: time will pass before tomorrow’s Windows 8 compliant PC becomes an old computer needing a lightweight distro.
On the bright side, there’s a huge investment in old/’legacy’ software which people will want to run, including non-8 versions of Windows. By ‘people’ I mean ‘people with money’ — businesses, banks, public administration, the military — the kind which matters to MS. There will be a switch. I bet MS doesn’t want another huge antitrust lawsuit, either. They might get away with this crap on ARM but definitely not on x86/commodity ground.
*sigh* My question was merely academic in nature. I asked what would happen if you built your own computer, and the answer I got was ‘it doesn’t matter for laptops’, when I wasn’t talking about laptops
Ehm, I bet you meant to reply to Neolander, not me. Anyway, to answer your question: I can buy a locally assembled laptop at about 70% the price of e.g. its Dell equivalent. It won’t be exactly DYI but for most parts there’re long lists to choose from.
That wasn’t the question either, lol. The article says that MS would require OEMs to implement secure boot, but what I asked is what happens if you build your own PC and there technically is no OEM? In that case, who does the signature for the secure booting?
My guess is the motherboard manufacturer. In any case a DYI PC isn’t a candidate for a ‘Windows 8 Certified’ sticker.
The question is, if you want to build it (we’ve built and use workstations and servers here – as many others do at very many places – that serve us way more than any pre-built one), would you be able to find highend motherboards with bioses that lets you do what you want.
If we’re talking about servers, most likely yes. Window’s does not have the dominance in the server market that it has in the workstation market. Most serious server hardware either gives you a choice of OS or comes without OS.
They will turn the temperature up just a little with every new product they release.
They learned from the trusted computing backlash.
At first there will be an option to turn off secure boot. It will only make booting other OSes annoying, because you need to enable and disable it for stock Windows 8 every time. But with Windows 9 in three years it will be mandatory that this option is removed.
Mandatory TPMs(sans user control) are next.
Treacherous computing was just a decade too early.
Yeah, and Vista won’t let you play your MP3s. Why don’t we put the crystal ball aside for now and just stick to the facts?
“I have a hard time believing the combined power of Apple and Microsoft – both strong supporters of these kinds of anti-user features”
Can’t tell if trolling… Anti-user? That doesn’t even compute.
“Anti-user” is any feature that is part of a product that is there only because it benefits the vendor, not the user.
http://en.wikipedia.org/wiki/Damaged_good
“In economics, a damaged good (sometimes termed “crippleware” or product with “anti-features”) is a good that has been deliberately limited in performance, quality or utility, typically for marketing reasons as part of a strategy of product differentiation.”
Microsoft’s “Geuniune Advantage” euphamism is an absolute classic example. This did absolutely nothing for users except lock some of them out and require some people to purchase new copies of software they had already bought.
Here is another example of a different flavour:
http://www.osnews.com/comments/25175
Microsoft’s “Windows 7 Starter” is a similar (although not as drastic) example where Microsoft take a reasonable OS and then go out of their way to cripple it. It actually costs Microsoft more to produce such a version which has the express aim to give users less functionality.
Anti-user. QED.
Edited 2011-09-21 23:39 UTC
Hi,
Whether or not it’s anti-user depends on who has the keys.
If the owner of the computer (e.g. the end-user) has full control over which keys are installed, then it’s a “pro-user” feature as it allows them to run any OS they like while also making it hard for things like boot-time rootkits and viruses; and may possibly even help to prevent theft (e.g. if your laptop gets stolen, then maybe nobody will be able to access your data without your password; even if they attempt to replace the OS). This is the best case scenario – a scenario where (for e.g.) Linux could also use secure boot to benefit the end user.
If the owner of the computer (e.g. the end-user) doesn’t have any control over which OSs are allowed and which aren’t, then it’s anti-user (and I’ll be boycotting and recommending everyone else does too).
It’s worth pointing out that “UEFI Secure Boot” could be used either way – to benefit the owner/user, or in spite of the owner/user. I’m hoping it will be used in a good way (e.g. to avoid the need for a layer of “DeepSAFE” McAfee bloat) and not in a bad way.
– Brendan
My post made no claim if UEFI Secure Boot was or was not an “anti-user” feature.
The author of the lead article, kragil, introduced the term “anti-user” with these paragraphs:
“For now, it’s hard to tell if this secure boot thing will be an option we can turn off, or if OEMs will – like they do with BIOS features all the damn time – disable the option of turning it off. In any case, I must say that I’m very, very worried that the horrible, anti-user situation of smartphones will permeate into the world of desktop and laptop computers.
The problem here is that governments the world over will be filled with glee over the fact that we would no longer be able to run the software of our choosing – at least, not easily. This means more control, something the, for instance, entertainment industry will love to death. I mean, someone has to think of the children.
I have a hard time believing the combined power of Apple and Microsoft – both strong supporters of these kinds of anti-user features – will not be able to convince and buy governments the world over into not doing anything about this.
It would appear that despite his extremist views over the years, Richard Stallman is more and more starting to look like a true visionary. The fact that he had the foresight to think about hypothetical issues like this decades ago is pretty remarkable.”
My post was intended only to explain what was meant by the term “anti-user”. It is not a term that “does not compute”.
FWIW, I think the original article was actually a pretty decent clue as to what was meant by the term, and what was wrong (from a user’s perspective) with UEFI secure boot, but there you go.
BTW, the whole concept of UEFI secure boot is defeated if ordinary users have keys. If ordinary users have keys, rootkit authors will have keys also.
http://www.osnews.com/permalink?490295
Edited 2011-09-22 03:18 UTC
Brenden,
“Whether or not it’s anti-user depends on who has the keys.”
Precisely.
Some people here are assuming that the keys must be hard coded into the bios such that only operating systems approved by the vendors can be run. I really don’t know if that is the intentions of UEFI secure boot or not…if it is, well users are screwed. Not only won’t we have control, but now the security of our own computers becomes dependent upon third parties who control the master keys.
Ideally this feature should be designed to work for users rather than against us. All keys could be manageable through the bios on powerup, and then remain locked after boot so they cannot be tampered with later on. Then we could use our own individual/corporate key to sign the keys of whichever OS vendors we want to trust on our computers or lans.
Of course, for normal users, this would all be setup at the factory…but at least the control over which operating systems are allowed to run lies with us as users rather than the manufacturer or microsoft.
Also there is another risk, that even if users can manage their own keys, a powerful vendor might coerce users to delete keys of it’s competitors in order to load itself. Therefor I’d hope that this feature is designed in such a way that the list of approved keys can be kept secret from discriminatory operating systems.
According to Red Hat’s Matthew Garret, the keys are stored as part of the system firmware.
http://mjg59.dreamwidth.org/5552.html
“if we self-sign, it’s still necessary to get our keys included by every OEM.”
This says that user’s don’t have the ability to say what OSes they wish to boot, but rather the OEMs determine which vendor’s OS the hardware can boot by including the OS vendor’s key in the system firmware.
If OEM’s historical record of lack of supporting Linux via ACPI is any indication, this isn’t going to happen. Linux simply won’t be bootable by any hardware with UEFI Secure boot enabled.
Edited 2011-09-22 05:59 UTC
lemur2,
“According to Red Hat’s Matthew Garret, the keys are stored as part of the system firmware.”
I am really afraid that you and he may be right. The feature may be deliberately designed to work against the owner.
In theory, a bootloader that loads linux directly or can chainload into grub will probably be signed (although not necessarily the version you want). It’s asinine that linux would have to boot through proprietary/locked software.
http://www.techpowerup.com/152439/Windows-8-Secure-Boot-Designed-to…
“The extension of Microsoft’s OS monopoly to hardware would be a disaster, with increased lock-in, decreased consumer choice and lack of space to innovate.”
Edit: it’s not just linux either, all BSDs and other independent platforms would be at a loss too. There is no way independent OS developers will be able to get their keys signed by all the manufacturers.
Edited 2011-09-22 06:24 UTC
Hi,
First, UEFI is unlike a normal BIOS in that you can have “UEFI applications” (e.g. various tools and utilities); and the “Secure Boot” stuff applies to *ALL* executables, including UEFI drivers, UEFI applications and UEFI boot loaders. This means that the firmware can have a utility that allows the user to manage keys, and the firmware may be supplied with one key for that utility (and any keys needed for supplied device drivers) and nothing else. In that case the end-user would need to add keys for Windows8 (if the OEM didn’t already do it) and/or anything else they want to allow (or disallow).
Secondly, there’s a blacklist. If the firmware refused to execute anything that isn’t in it’s whitelist, then there’d be no point having a blacklist. It’s possible that if the executable is in the whitelist then it’s allowed to execute, if the executable is in the blacklist it’s refused, and if the executable is not on either list the firmware pops up a (password protected?) “Unknown executable, allow/disallow?” prompt.
Third, there’s no central authority for keys. This means that anyone can use any key, and build scripts for open source boot loaders (e.g. GRUB2, elilo) could just generate a certificate using a randomly generated key. The end user would need to add the key to their whitelist; either manually (via. some utility) or semi-automatically (if there’s some sort of “allow/disallow” prompt). It’s not like you have to pay a company like DigiNotor for each public key, and not like open source boot loaders would be forced to have a specific key (and forced to do something to prevent root-kit authors from finding out what their key is).
Basically all I’m saying is that nobody knows how it’s going to implemented by firmware authors and/or OEMs; and therefore it’s too early to determine if it’s a good thing or a bad thing.
I still hope it’s going to be a good thing, and that open source boot loaders (and open source OSs) will be able to use it to protect users from malicious code.
Of course I’m sceptical too; and not just because UEFI Secure Boot could be implemented badly by firmware authors and OEMs. There’s an unfortunate tendency in certain open source projects (e.g. GRUB) to assume that anything intended to improve security (TPM, drive encryption, etc) is inherently “evil”; and based on these incorrect assumptions the projects deny the end user the ability (dare I say “deny the freedom”) to choose to use something that improves their own security if they want to.
– Brendan
Well then, linux pros will become firmware-hacking pros as well. What man has put together, man can pull apart.
Solution: Create a non-free, open source signed bootable CD whose only function is to insert new keys into the UEFI. That one CD can be signed, and each machine owner can generate their own private key (easily automated) and as part of the install process, the software is signed with the key specific to that person, no keys public to leak, and yet everyone has the keys needed to modify the hardware and hopefully this can comply with GPL3.
Install goes like this:
1: Run special key maker CD, which inserts the key into the chip and puts it on a flash drive.
2: Run the installer which grabs the key from the flash drive and signs the install.
3: Pull out the USB drive so that malware can’t grab it.
When you want to tweak the boot loader, or install something that needs to be signed, you plug in the flash drive just during that install’s signing process. Physical security to reduce the window of opportunity for malware to get your key.
I think what is meant is ‘anti-a users just like me’.
I don’t know much or care much about UEFI secure boot in Windows 8 and clearly it’s possible to facilitate the installation of alternative operating systems via UEFI as Apple did with the Mac but ‘anti-user’?
It’s worth remembering that 99% of users want stuff that works out of the box, they don’t want to be system integrators, they don’t want to tinker, they don’t want to figure out how everything works. They just want computers that work, that don’t fuck up and that let them get on and do stuff.
It’s like cars. Most normal people want cars so they can drive about and do stuff, stuff not to do with cars but normal stuff. A very small minority of people actually like to tinker with cars, they don’t want cars just to drive about, they want to play around with their inner workings. So if a car company came out with a new car and said ‘our new design is proved to be 10 times more reliable than current car designs but it involves sealing the engine compartment so you cannot get at the engine with seeing a professional mechanic’ consumers would lap it up. And they would be right to lap it up as it would meet their needs better.
Consumers that want computers and devices to just work and don’t want to tinker with them are not stupid, they are clever. They are clever because they have correctly identified their needs and correctly identified what they are not interested in. Who needs to know how a phone works to want to gossip on the phone or make the next world changing deal on a phone? The requirement to know how a technology works in order to use it is a sign of an immature technology. Progress means taking away that work overhead so you can use technology to just do all the other stuff that makes up human culture.
Tony Swash,
“I don’t know much or care much about UEFI secure boot in Windows 8 and clearly it’s possible to facilitate the installation of alternative operating systems via UEFI as Apple did with the Mac but ‘anti-user’?
It’s worth remembering that 99% of users want stuff that works out of the box, they don’t want to be system integrators…”
I think we all get this. But the question is why was it engineered to take power away from the owners? This is not a necessary element of secure boot. Even if 99% of users never need to touch it, why prohibit them from doing so if they want to use it with their own code? That’s the problem that we/I have.
The problem is that Apple fanatics tend to be blind to issues beyond the needs of Apple users. The kind of control we hand over to private entities we have ZERO control over, entities which have very close ties to what I consider to be an immoral, inhumane, and barbaric regime (the US one, no matter the party or president in power) is something I do not find particularly comforting.
Not that it WILL affect me in any way, but the POSSIBILITY should make any true democrat [the ideology, not the party] nervous.
Okay, I have a question, if this can be done in a civilized manner. I’ve no problem with people calling us Americans barbarians and such. It’s true, we took this land forcibly from the Native Americans and built it up with slavery, exploiting Chinese workers so and so forth.
What I don’t understand is why these lectures come so often from Europeans, when everything we learned about violence and oppression, we learned from them. Millenia of wars, colonialism and brutality towards each other and people across the planet seems to have been forgotten rather quickly.
That’s not what I’m referring to.
Oh you won’t hear me excuse the Dutch past. We were the worst slave traders, we’ve done terrible things to the people of Indonesia back when it was our colony, and so on. However, that’s not what I’m referring to.
I’m referring to the intense poverty in the US nobody seems to give a shit about as long as the rich few can remain rich. I’m referring to the death penalty. I’m referring to the insanely high homicide, drug abuse, and crime rates. I’m referring to the offensive wars in Iraq and Afghanistan, which lead to the deaths of hundreds of thousands of people.
Let that sink in for a while: your government caused the deaths of hundreds of thousands of people. Not 500 years ago, not 100 years ago, not even 60 years ago – but right now. Pointing to the insane things the Dutch have done up until we finally became civilised does not negate this.
Then there’s Guantanamo Bay, widespread disregard for civil and constitutional rights, utterly corrupt Congress and administration… The list goes on.
I have absolutely zero issues with Americans as a people – quite the opposite in fact. Every American I’ve ever met – no exceptions – has been nothing but kind and awesome. In fact, I’d rather hang out with the average American than with the average Dutchman. Without a doubt.
Funny how this (let’s be civilized now) pops up when criticism towards the lands over the big water happen to arise. Criticism is a two way street, and somebody at one end has made plenty of criticism towards everyone and dog, getting some in return shouldn’t feel overly uncivilized.
You think we’ve criticized the Europeans more than they criticize us?
Personally I think it’s because Microsoft has always had a monopolistic business model, since they achieved a monopoly position in relation to Windows and Office everything they have done has been about defending and extending that monopoly. It’s what has made them so bad at innovating. Microsoft knows, deep down inside, that if it’s core products had to compete on a level playing field against just as viable alternatives that they would fail.
Consumers actually tend to stay further away from cars that can’t be serviced at a low enough cost after their warranty expires. And the majority of the world’s population does not drive a new car(3 or less y/o).
People are very well aware of maintenance issues…
If the car manufacturer came out and said: “We will not allow access to the engine, but you get a 20 year warranty on the car”; then consumers would snatch it.
Computer maintenance is less of a normal thing, like changing worn out belts in a car, but still…
Actually, we have the situation he describes now: manufacturers have for more than a decade now been manufacturing cars where it is very hard, if not impossible, for an ordinary consumer to change the oil: the filter is out of reach; “protective covers” have been screwed onto the bottoms of cars, etc. And never mind the use of computers within cars, that make it impossible to hand-tune the way people used to.
Yet people don’t avoid these cars: they buy them, then take them to mechanics, and pay the fees gladly, in no small part because they’re more reliable: today’s cars last a *lot* longer than cars of a half-century ago. Whether they’re more reliable because it’s impossible for Jim Bob to change his own oil is not clear to me, but they guy has a point.
What you said, I implied. But it’s not about the things being further away, it’s about having to go to an “authorized service”. Have you seen the prices these thieves charge?
Most people don’t service their cars, but they do appreciate the ability to bring it to a service that is cheaper and, probably, geographically closer. Even the ECU can be tuned by an unauthorized technician*.
With these encryption and signature schemes, there is no
* – I know first hand, since I made a lot of software and hardware to get the actual access to the parameters of different ECU and other automotive electronics.
Say what you will about RMS and label him as an extremist all you want, but the man has consistently been proven right over the years. “The Right to Read” (Kindle, e-books, DRM, remote book deletions), GPLv3 and software patents being the next big battleground (witness the current mobile patent wars), treacherous computing (current crop of smartphones, Apple and now apprently Microsoft), and these are just off the top of my head.
This new move of Microsoft shouldn’t really be all that surprising though, they’ve been trying to push this sort of architecture for years. In the past it’s been known as Palladium, which then morphed into the Next Generation Secure Computing Base when the former name accrued too much bad press, and now we have this, which as far as I can tell has no name at all (always learning, Microsoft…)
Yep, just keep on rewarding these companies with your money, I’m sure nothing bad will happen.
If you want to hide malicious code you can do it in open source as well. There was that news a few months ago about openbsd having malicious code. Don’t know whether it was true or not but the possibility remains.
Anyway I don’t see MS succeeding in forcing motherboard manufacturers to disallow Linux installation.
Quote please. AFAIK the track record is that malware has never been distributed to users via open source repositories. The only way it happens is to distribute modified code binary-only executables to Windows users.
Actually, you can’t hide malware in the source code of open source software which is developed in collaboration by a number of independent programmers. The more people involved, the more impossible it becomes. If you want to inject malware, it has to be done AFTER taking the source code from the development project but BEFORE distributing binaries to end users, this is the only remotely possible point of injection. Even then, if the users can get the source and also the bianries and they can compile the source for themselves and check it, then even that possible point of injection is no longer possible.
The UEFI specification is not actually from Microsoft. Microsoft are simply saying that UEFI secure boot is required if an OEM wishes to put a “Designed for Windows 8” sticker on their hardware.
Arguably, if something is indeed “Designed for Windows 8”, it is reasonable to expect that it can’t run anything but Windows 8.
For myself, I put together my own desktop machines. I typically buy an “upgrade” package which includes a motherboard, CPU, RAM and box. I add a blank hard disk drive, optical drive and graphics card, plug it all together, insert a Linux LiveCD into the optical drive, and away I go. Doing this has been quite a bit less expensive for me than buying store-bought machines of equivalent performance anyway. The problem here is that the days of such machines are arguably numbered.
It shouldn’t be a problem because the market is about to be flooded with a plethora of reasonable ARM tablets designed to run Android. E.g:
http://www.osnews.com/comments/25176
If you want to have a Linux desktop machine one of those can easily be adapted, just add a USB keyboard and mouse, HDMI monitor and USB external storage (or use a NAS device).
Edited 2011-09-22 01:40 UTC
Actually it is possible to include something in an open source project, but you’ll have to also modify the compiler and probably wait a few years to:
Thompson’s paper described a modified version of the Unix C compiler that would:
Put an invisible backdoor in the Unix login command when it noticed that the login program was being compiled, and as a twist
Also add this feature undetectably to future compiler versions upon their compilation as well.
http://en.wikipedia.org/wiki/Backdoor_%28computing%29
It is not very likely, but it possible
That was only possible because the Unix C compiler itself was not open source.
I repeat, it is not possible to put malware into a product using an open source development process.
BTW, Linux is not Unix. BSD is Unix, but Linux isn’t.
Edited 2011-09-22 09:54 UTC
You say “it is not possible” to add such a thing to an open source project.
That would be a bit naive.
It is like saying: it is not possible to be struck by lightning.
It is possible, just not very likely.
An “open source project” typically has dozens, sometimes hundreds, of independent developers, in countries all over the world, pouring over the code.
Useful malware would take many hundreds or thousands of lines of source code.
How exactly would you propose that a malicious individual hides hundreds or thousands of lines of code in plain sight as a submission to an open source project being worked on by dozens of others?
It is just not credible that this could happen.
More to the point, in over a decade of open source software development over thousands and thousands of projects, it never has happened.
The proof, as they say, is in the pudding.
I have to admit, I don’t remember it ever happening.
Most attempts have tried to abuse the version control system. With the current popularity of git (which has checks in place) that route is going to be a less likely in the future.
I don’t recall any attempt to corrupt the version control.
There have been a number of occasions when open source development servers have been hacked. Someone has guessed a password.
AFAIK, no-one has ever managed to get malicious code into the source codebase, even after they have managed to hack into the development server. Such an attempt to inject code would stand out like nobodies business.
It is just too hard to try to hide malicious source code in an open source project.
Such a thing has never been done. Not even close.
Actually, here is an example:
Someone did got into the BitKeeper servers and changed the code of the Linux kernel.
This is the part where he explains about the use of SHA-1 in the implementation of git:
http://www.youtube.com/watch?v=4XpnKHJAok8#t=55m13s
The BitKeeper break-in is part of the reason why git uses SHA-1. The part about the break-in is here:
http://www.youtube.com/watch?v=4XpnKHJAok8#t=59m16s
Here is a news site reporting on the incident:
http://linux.slashdot.org/story/03/11/06/058249/Linux-Kernel-Back-D…
Edited 2011-09-22 11:24 UTC
lemur2,
“I repeat, it is not possible to put malware into a product using an open source development process.”
I really don’t want to make a fuss here, but this is the kind of overstated claim that does not take into account all of the possibilities. Could you use less absolute terminology, or at least more qualifiers?
I absolutely think you need to come up with some way that it would be possible, or even remotely feasible, before you start having a “holier than thou” go at someone else.
The whole point of open source is that it is a collaboration, a meritocracy. Lots of solutions are proposed and tried, and the best solution, as agreed by consensus amongst the community of developers, is adopted.
You come along and make an absolutely outrageous claim that this process can be corrupted by malware, in plain sight of everyone. You make this claim despite the fact that amongst thousands of open source projects across many years, it never has happened.
Then somehow you think I am the one who should pull my head in?
Unbelievable! Unmitigated gall. Utter balderdash.
Edited 2011-09-22 10:31 UTC
lemur2,
“I absolutely think you need to come up with some way that it would be possible, or even remotely feasible, before you start having a ‘holier than thou’ go at someone else.
The whole point of open source is that it is a collaboration, a meritocracy. Lots of solutions are proposed and tried, and the best solution, as agreed by consensus amongst the community of developers, is adopted.
You come along and make an absolutely outrageous claim that this process can be corrupted by malware, in plain sight of everyone.
Then somehow you think I am the one who should pull my head in?
Unbelievable! Unmitigated gall. Utter balderdash.”
Holly crap!
Perhaps for massive projects like the Linux kernel. Not so for the tens of thousands of obscure projects where the majority of development takes place when the sole dev can steal away from his college courses and side job to hammer out a few lines of code over the weekend.
It takes less than a dozen LoC to pop up a link to the author’s “You’re system may be infected!!!” webpage (with included “Pay me $100 for a program to clean it up” link) in quite a few different programming languages. And not all malware is necessarily useful. It doesn’t take too many LoC to delete every file in the user’s home directory either.
Never say never. (Unless you’ve analyzed every open source project in existence yourself?) I certainly wouldn’t suggest that it’s likely that an open source project would be compromised. In fact, I feel much more comfortable using OSS software over closed source counterparts.
That’s still not grounds to make the even more outrageous to claim that “it is not possible to put malware into a product using an open source development process” though. Anything is possible. The aforementioned college student, who is the sole developer of his software (used by 500 people and code reviewed by no one) could decide that he hates the world and include a keylogger in his next update. Is it really that inconceivable?
As far as technical ease goes, it’s just as easy to put malware into an open source project as it is to put it into a closed source project. The open source case is just more likely to get caught if someone besides the malicious developer(s) is watching it. Again, I think OSS is awesome. But the phrase “not possible” was used incorrectly here. “Very unlikely without being caught” is better suited.
Back to the Windows 8 logo discussion… 😛
At first he said “AFAIK the track record is that malware has never been distributed to users via open source repositories”, there are people who review what is going to be included in repositories, and probably later.
Such a backdoor would require fairly complex and specialised code, in an open source compiler that would be noticed so you could need to be using a closed source compiler…
The only realistic way to “backdoor” open source code, is to introduce a very subtle exploitable bug…
A blatant backdoor will be found quickly, whereas a bug may slip by…
Similarly, if your backdoor is found then you have deniability if it looks like a software bug, but if its obviously a backdoor you will likely be named and shamed, as well as blocked from any future commits.
You would also need to be a competent developer, and to commit a significant amount of legitimate code to a project in order to build up a level of trust first. It wouldn’t be a simple quick attack, it would need to be planned and thought out well in advance.
And also note that all of the above also applies to closed source too, someone sufficiently motivated and funded could get someone hired by a software company to work on the target product. It’s also been my experience that code written by an employee comes under far less scrutiny than code from a new contributor to an open source project.
Nope.
You’ll be right if the logo says “Designed exclusively for Windows 8“.
But it’s not. And, though, one can expect it could run *something else*, too.
The exclusive semantic is what’s matter here.
And consumer should be able to know it’s not a versatile computer but a Windows 8 only computer he’s buying. And it should know it *before* doing it.
Otherwise, there’s valid legal ground to sue the seller whose hide you it was not a Personal *Computer* but a *Windows 8 device*.
Considering prior tracks of personal computers sales, consumer is legitimate to think that any device sold under this product family “name” is a versatile computer, not a lock-down computing device.
Edited 2011-09-22 13:48 UTC
Do you remember this? I believe the code was distributed over CVS, but never made it into a release.
http://www.theregister.co.uk/2003/11/07/linux_kernel_backdoor_block…
Or when debian ran valgrind on openssl and shipped a broken version for years before it was detected, resulting in piles of compromised keys? The code was there for all to see.
http://blogs.fsfe.org/tonnerre/archives/24
As a paranoid afterthought, note we only know about these when they’re detected. We don’t know about the ones that are too good – which may be zero or may be large. We have no way to know.
I think as everyone else is saying, it’s difficult, but not impossible. The code just needs to look correct even when it’s not. That’s a high bar, but it can be met. There’s even a competition over who can do it well:
http://underhanded.xcott.com/
I had not heard of that one, that is as subtle as it can get. Note that despite this attempt, my original statement is still correct, “the track record is that malware has never been distributed to users via open source repositories”.
This was a bug, an error, a mistake. It was not malware. Malware is where someone deliberately tries to put malicious code into the system for their benefit at users expense.
I repeat, AFAIK, “the track record is that malware has never been distributed to users via open source repositories”.
You have come up with just one unsuccessful attempt in over ten years of open source development, through countless versions, of many thousands of open source products.
One unsuccessful attempt. It was defeated by the very checks built in to open source development process, even as long ago as 2003. Now that open source development tools, such as git, have moved on from there, another such an attempt today would have considerably less chance of getting even as far as the one you identified from 2003.
Contrast this to the situation with closed source distribution on Windows, with literally hundreds of millions of Windows computers infected worldwide, and two million new pieces of Windows malware written every year.
It cannot be said definitively that an attempt to put malware into an open source product and get it shipped to users via open source repositories is absolutely impossible, but we can say that as far as anyone can determine (to a very high level of confidence), no such attempts have ever been successful.
One cannot prove a negative, but “the track record is that it has never been done” gets as close as you can, for all practical intents and purposes.
How do you know if it’s a mistake? As the competition link illustrates, a key point here is plausible deniability – when code is caught, it can be plausibly said to be a mistake rather than malicious. But we have no way to know when that’s really true; only the person who put it there knows their intention. A backdoor is planted in both cases, and we’re left guessing as to why, and who knew about it, and whether it was being actively exploited.
Put another way, if the Debian openssl maintainer was malicious, we can clearly see that no OSS safeguard would protect against large scale compromise of machines. Plausible code can be included and distributed without sufficient review to ensure that it’s secure.
No machines were compromised. The mistake that the Debian maintainer made reduced the security of machines by reducing the randomness of generated keys.
The machines were less secure than they should have been, but not insecure.
No one can guarantee that there is no unintentional bug in code. No one is claiming any such a thing anyway.
You are the one who is making the extraordinary claim that it is possible to put intentional malware into an open source product and then have it distributed to end users using the repository system, yet you have absolutely zero instances when this has ever happened.
Put up or shut up.
Edited 2011-09-23 00:05 UTC
lemur2,
“No one can guarantee that there is no unintentional bug in code. No one is claiming any such a thing anyway.”
No one can guarantee that there is no intentional bug in code either. The difference between intentional bugs and unintentional bugs is…intent. Well intentioned programmers succeed in getting exploitable bugs into OSS every now and then, yet you make it sound like it is impossible for maligned programmers to do the exact same thing? Why?
How do we distinguish between deliberate vulnerabilities or accidental ones? Can you supply a test which differentiates between these cases?
“You are the one who is making the extraordinary claim that it is POSSIBLE to put intentional malware into an open source product and then have it distributed to end users using the repository system,” (my emphasis)
It’s not likely, but it’s certainly not impossible.
“yet you have absolutely zero instances when this has ever happened.”
There are around 30K packages in Ubuntu, have they closely vetted each one for intentional vulnerabilities? Unless someone was caught red handed, how would we know?
It would not be *technically impossible* for a maintainer in possession of the signing key to deliberately sign malware either and distribute it in a targeted attack such that no one other than the victim would see evidence of the attack. Repositories work because we trust the character of its maintainers.
As an example: If an evil entity wanted to, they could create a new linux distro complete with it’s own repository. This is certainly possible. Then, using the exact same technology other distros use, they could then distribute malware via that repository. Do you admit that there is nothing about the repository technology itself which makes malware impossible? Isn’t the only difference here the integrity of the maintainers?
These are all legitimate questions, I’d be grateful for legitimate answers.
Edited 2011-09-23 01:22 UTC
This is getting way off topic, but the legitimate answer is to look at what actually happens.
Hundreds of millions of Windows PCs are compromised by trojan malware deliberately introduced into Windows executables and then distributed to unsuspecting users via channels that said users normally use.
In contrast, open source developers typically form groups to collaborate on products for their mutual benefit, with no other common ties other than their own self-interest in the integrity of the product, putting in thousands of hours work which necessarily involves pouring all over the code submitted by colleagues. The ONLY imaginable opportunity to inject malware in semi-secret would be after the source code is taken from the development server, compiled, tested and signed by a repository maintainer, and placed into the repository for distribution. The repository, however, requires both binary code and source code to be made available, so the repository maintainer could only get away with injecting intentional malware by having the binary not match the source code. However, downstream recipients of the code can compile it themselves, and check it against the binary, so such a ruse (if it was ever attempted) would easily be discovered.
So in effect we are talking about a scenario roughly equivalent to a bank robber attempting to rob a bank by submitting a withdrawal slip with his/her real, verifiable signature on it.
So no, we don’t have to trust only the integrity of repository maintainers. We can absolutely rely simply on repository maintainers following their own best self-interest, a not incriminating themselves to all the world.
Have a think to yourself just how silly your suggestions really are in the real world, and then perhaps you might come to a realisation as to why they have never eventuated.
You are the one who is making the extraordinary claim that it is possible to put intentional malware into an open source product and then have it distributed to end users using the repository system, yet you have absolutely zero instances when this has ever happened.
Put up or shut up.
Edited 2011-09-23 01:49 UTC
lemur2,
You maintain that it is not possible at all. I highlighted some avenues that are within the realm of possibilities. You did not say “it’s better than windows”, or “it’s as likely as a bank robber leaving a signed withdraw slip at the scene”.
It *is* possible, just not likely. So please, I beg of you, try to lighten up with the absolute truths and be a little more open minded.
It is possible that I could win the lottery and become a millionaire, you can’t prove to me that it isn’t possible.
However, I am numerate, and I can appreciate numbers and scale, and I can make realistic estimates of probability. The conclusion I have reached is that buying a lottery ticket is the rough equivalent, for all practical intents and purposes, of voluntary taxation. It is wildly possible, however, that someone might one day buy me a lottery ticket as a present, despite the fact that I have expressed my dislike of lotteries.
Since I don’t buy any lottery tickets, and I’ve never actually held one in any lottery to date, most people would understand what I mean when I say that it isn’t possible that I will win the lottery. It isn’t strictly and absolutely true, but for all practical intents and purposes, it is a perfectly reasonable statement for me to make.
I repeat, you are the one making the outrageous claims. The burden of proof is on you.
Edited 2011-09-23 02:34 UTC
lemur2,
I am very glad you backed away from the no malware statement being absolutely true, however what’s with this “I repeat, you are the one making the outrageous claims. The burden of proof is on you.”?
What claims do you think I am making beyond the claim that open source malware is possible?
Note that I did not say “likely”.
What is the point you are trying to establish?
I could insist that it is possible that the Sun will go nova tomorrow, or that it is possible that an ELE will happen within the next ten years, and I would be right. But what would be the point?
Such things are wildly, astronomically improbable, and for all practical intents most people would understand what was meant if someone stood up and claimed that they won’t happen.
Why are you trying to insist that they might happen? In absolute bizzaro world they might, but so too might the sun blow up. We ignore insignificant probabilities because they have no bearing on what we are going to do. We can effectively ignore it, and we do.
The “burden of proof is on you” in effect means that in order to make any effective point, you need to establish why we shouldn’t just ignore astronomically improbable scenarios, such as the possibility of the sun blowing up tomorrow.
PS: I haven’t backed down on anything, BTW, I have always said that you can’t prove a negative. Nice try, but it isn’t going to wash.
Edited 2011-09-23 03:18 UTC
lemur2,
“for all practical intents most people would understand what was meant if someone stood up and claimed that they won’t happen.”
Ok, but if you knew it wasn’t an absolute truth, why did you become angry when when myself and others pointed this out? You could have just said it’s highly improbable, and nobody would have confronted you about it.
“Why are you trying to insist that they might happen?”
Merely to counter the claim that it can’t happen.
“you need to establish why we shouldn’t just ignore astronomically improbable scenarios, such as the possibility of the sun blowing up tomorrow. ”
I don’t think OSS malware is astronomically improbable. OSS bugs can and do go unnoticed for years. It is unlikely, yet possible, that some are intentional. People in positions of power are corruptible. Do you recall the San Fransisco sysadmin who held the city’s networks hostage? That’s not likely to happen, but it’s possible.
http://www.technewsworld.com/rsstory/63813.html
The possibility of something happening isn’t logically dependent upon it having happened before. Looking at repository maintainers, what makes it astronomically impossible for them to abuse their trust?
I would still like you to go back and answer the individual questions I asked in this post:
http://www.osnews.com/thread?490428
“PS: I haven’t backed down on anything, BTW, I have always said that you can’t prove a negative. Nice try, but it isn’t going to wash.”
Then can you explain to me why, in the next quote, you are trying to make factual statements about negative claims without proof?
“More to the point, in over a decade of open source software development over thousands and thousands of projects, it never has happened. The proof, as they say, is in the pudding.”
Give it a rest already. The ONLY reason you would point out an astronomical improbability is to try to imply that it wasn’t astronomically improbable, and that we should be worried about it.
“We ignore insignificant probabilities because they have no bearing on what we are going to do. We can effectively ignore it, and we do.” Says it all, really.
The only reason that I can think of that you would fret so over astronomical improbabilities is, err … nope, I’ve got nothing. Perhaps you just want to get a rise? Perhaps you are desperate to find any kind of teeny tiny smear against open source that you possibly can?
I don’t know, I have never understood your kind of irrational anti-people behaviour.
The probability is not astronomical, it’s quite terrestrial. The unreal IRC server was hacked and had it’s distribution tarballs include a trojan. These were then forwarded through (at least, I believe) the ArchLinux repositories.
You use ArchLinux, do you not?
saynte,
This is the problem:
http://en.wikipedia.org/wiki/Narcissistic_rage_and_narcissistic_inj…
It’s not the wisest thing to get involved in these discussions with little possibility of closure. But oh well, we all have our vices. I pass the baton to you, I’m going to bed.
Edited 2011-09-23 05:34 UTC
In this case, the source code of the open source project was not compromised. Someone tacked on malware to the source code, compiled it, and replaced the valid tarball with the resulting compromised tarball on a single hacked server. ArchLinux picked up the compromised binary tarball and distributed it without checking.
ArchLinux does not employ digital signatures, not even checksums. It doesn’t really employ accepted repository distribution practices. The Arch repository maintainer was entirely too trusting here, and he got burned badly from laziness.
Anyway, because the code is not signed, Arch Linux effectively relies on its repository maintainers and userbase checking and compiling stuff for themselves. Their process is quite lax. There is some talk about improving this, but AFAIK it hasn’t happened yet.
But why wasn’t it picked up by the Arch porcess, lax as it is? Well, we are talking about an IRC server program. IRC servers are very few and far between, they are becoming very rare indeed. The particular IRC server software is the most popular on Windows, but it is very rare indeed on Linux. There can’t be more than about 20 Linux machines worldwide running this particular program. In all probability, none of them run Arch.
The malware very probably wasn’t discovered because no-one had installed it.
After this incident, I only run Arch now too have a look at it. When Arch improve their process and can demonstrate package signing, I may consider it once again for real use.
As it stands, the astronomical improbability of there being undetected malware in an Arch Linux package that I might actually run is regrettably more probable than the astronomical improbability of there being undetected malware in the same package on a distribution that has a real repository distribution mechanism, with package signing, and an actual userbase for the package.
http://linuxblog.darkduck.com/2011/09/users-voted-for-best-kde-base…
In my case, for now, that means Kubuntu or OpenSuse.
Edited 2011-09-23 05:35 UTC
The source code WAS compromised, it was a trojan in the source, not a binary. Like most distributions, ArchLinux works from source packages, not binaries, whenever possible.
OK … looking in to it, the source code inside a tarbal was compromised on one hacked server.
It wasn’t hacked at the open source project where it was visible to the developers working on it.
The point remains that it was very probably not discovered because no-one had ever installed it.
Therefore AFAIK, it remains true, despite this incident, that there is no documented case of any user’s system ever getting malware from open source distribution via repositories.
This is true AFAIK even for the slack Arch Linux means of distribution.
Edited 2011-09-23 06:12 UTC
It doesn’t matter how they got it, the modified code was included in Gentoo and other distributions.
Trojans are hard to find in programs because they are HIDDEN. It’s not like you get a splash-screen saying: “I’m carrying a back-door” when you fire up the daemon.
Here are some anecdotes from people were affected:
http://pdw.weinstein.org/2010/06/damn-script-kiddies-get-off-my-law…
http://famousphil.com/blog/2010/06/unrealircd-3-2-8-1-hits-a-trojan…
It affected people, it went through repositories. This “put up or shut up” stuff you like to spout is hilarious when in the end you’re forced to feel like such a fool. Better luck next time.
The best part is that you knew about this incident before,
http://www.osnews.com/thread?430310 yet you insisted on this entire show.
So, now I’m just wondering if your current tirade is based on stupidity or malice?
I must say, that was impressive. I thought that no-one was caught by that, but there you go. You found two Linux systems affected by malware trojans in the twenty-year history of Linux. Congratulations.
Did you know that the UnrealIRCd daemon program was not available in Debian/Ubuntu repositories? The reason, apparently, was that the project did not follow acceptable security process. For example, they did not sign packages, and did not even provide checksums for them.
As a consequence, use of the UnrealIRCd daemon was very infrequent on Linux systems.
Even so, and despite the known poor security, a few minor Linux distributions did provide UnrealIRCd for distribution. They did get caught out by this malware. And so, it appears, some very few systems did actually have it installed.
Amazing! What are the odds? That is staggering! I wouldn’t have thought it was possible.
It just goes to show I suppose that use of Linux must be far more widespread than is normally reported.
It also goes to show that if you pay absolutely no heed to open source processes, then mere use of open source isn’t going to save you from malware.
The reason it wasn’t included in Debian was not about security process, see here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515130
Basically it was deemed dead and of low quality, so the conversation kind of died.
Btw, you look foolish because you basically scream at people for “obvious” things, that in the end you’re wrong about. You really can’t handle that you’re wrong, and it’s just kind of interesting to watch you wriggle around in the conversation, dialing back, and shifting onto stating inconsequential things like: it wasn’t used that much! This is what Alfman meant about toning down the absolute terminology you are fond of using.
Thanks though, your little show you put on in the comments can be my daily-smile for today
.
If someone creates a repository without controlling what he puts into, it can be infected, yes 🙂 .
The key is going to repositories like the ones of Debian or Ubuntu/Kubuntu. They review software and related aspects before adding the software in their repository, so they have a history without malware since their start, many years ago.
Edited 2011-09-23 16:38 UTC
Oh I’m not disputing the system works very well, just that it is flawless
.
saynte,
“Oh I’m not disputing the system works very well, just that it is flawless
.”
Pretty much like we’ve been saying from the get-go. I’m very glad this topic finally has some closure!
Of course now that MS is adopting it’s own managed software repositories for metro, we’re going to need to compare the merits between the microsoft and linux models.
I’m looking forward to hearing more about the windows repositories. I particularly want to know if users will have any control over apps or if this is going to be DRMed up the wazoo. My knee-jerk reaction is extremely fearful: microsoft is putting the final nails in the coffin of the PC as an open platform. Just as apple has been doing with their stuff, microsoft will play the role of gatekeeper to the desktop. If they pull this off, this turning point will signify the beginning of the dark ages for computing.
Actually, I recall hearing a while ago about CoApp, some Microsoft endorsed/sponsored effort to make it easier to get open source software onto Windows machines through a package management system.
I’m not sure how active it is now, but it seems to be still alive, somewhat. So even if the Metro package system doesn’t provide what we’d like, CoApp may still be a side-avenue (but who knows?).
I don’t know exactly what you think you proved.
The one instance you did uncover in twenty years of Linux was a situation where a couple of Linux distributions, namely Gentoo and Arch, were NOT using the GPG signed repository distribution mechanisms employed by the more mainstream Linux distributions such as Debian, Ubuntu, OpenSuSe, RedHat, Mandriva and others.
The joke is on you.
I proved that the following statement you made was false:
I showed you it wasn’t extraordinary, that it was quite possible, that it happened, and that it happened in a repository you used to use (used at the time?).
The general open-source distribution mechanisms tend to be quite secure, but they’re not infallible (ie, human error, which you seem to disregard). You’ll get into more trouble with this false sense of security than you would with a little dose of humility/reality.
It comes down to what was meant by “the repository system”. I meant the system whereby source code is reviewed, adjusted for a particular distribution, compiled and tested by repository maintainers, and then both the source code and the resulting binary are digitally signed using the repository private key. The corresponding repository public key is distributed with the Linux installation media (typically a LiveCD) and subsequently used by the package managers to verify the integrity of downloaded packages before they are installed on end users systems.
Neither of the Linux distributions which did succumb to the UnrealIRCd trojan use that system. Both of those distributions use methods which are little better than the haphazard methods used for Windows. The fact that this event is the only example of a trojan finding its way on to end users Linux systems that you could find, and the fact that it occurred only on Linux distributions which did NOT use the repository and package manager secure distribution methods attests to my point rather than yours.
Once again, the joke is on you.
Edited 2011-09-25 23:37 UTC
Oh come now lemur2. We all know you exaggerate badly, you know you do too. saynte caught you out on it, don’t be a sore looser.
Not a bit of it. It is actually a very contentious point that Arch DOESN’T use a secure means of distribution, and the maintainer responsible at Arch was profusely apologetic that he had obtained the soruce code from amirror instead of from the main development server.
If you don’t follow the actual practices that have been established as the trustworthy means to distribute open source packages, and you get burned by it, and no repository which does use the secure practices does get burned by it, then doesn’t that simply add to the evidence of trustworthiness for the repositories and methods that haven’t been compromised?
It has been established that there ARE people out there who see a reason to compromise open source packages, where they can, as a means to distribute malware. If it can be done, apparently, it will be done. They haven’t yet managed to do it for the trustworthy methods.
If you think all packages in Debian/Ubuntu/Fedora get a code audit before inclusion, you’re out to lunch. The hack in UnrealIRCd was tiny, just a few lines to include call to ‘system’! If the Ubuntu people happened to have snagged the trojan’d source code, do you think they would have found that hack?
I still think my point is valid, even in that system that you describe (which isn’t used for example, in Debian, and I assume Ubuntu: http://wiki.debian.org/SecureApt, they don’t do per-package signing of source/binaries) it is susceptible to human error, like most systems.
I don’t think your point is valid, but I am too polite to try to disparage you, even though by now I am surely justified if I chose to do so (on the theory that what is good for the goose is good for the gander). I will merely say why I don’t believe you are correct.
The point is this: the open source project itself is where the “auditing” is done. The team which collaborates and together authors an open source product effectively cross-check themselves. It is extremely difficult to “inject” deliberately malicious code into that environment. For a cross-platform open source product, such as VLC for example, or even UnrealIRCd, the open source develpment project itself won’t contain malware.
Here is the VLC team:
http://www.videolan.org/videolan/team/
OK, that team effectively cross-checks and audits themselves, so that VLC source code, direct at the VLC project itself, won’t contain malware. It would be spotted by the development team as soon as a rogue person tried to inject it.
OK, then, given that the source code at the very development source doesn’t contain malware, the trick then is to have a reliable set of methods to get it from that original development source to installed on end user’s systems without being compromised en-route. It needs to be set up that it is in the best interests of everyone involved in the handling of the code to ensure that the integrity of the code is not corrupted. Every step involved needs to be visible, in plain sight of everybody.
Debian, Ubuntu, Fedora, OpenSuse, Mandriva and a considerable number of other repositories do have such methods in place. Arch, Gentoo and various means of distributing Windows executables don’t. Projects such as VLC do provide means to check the integrity of the source code tarballs. UnrealIRCd doesn’t. (The fact that UnrealIRCd didn’t provide checksums for source tarballs was one of the reasons why Debian/Ubuntu didn’t put it in their repositories).
Get it now?
Edited 2011-09-26 07:08 UTC
Okay, so the open-source project is where the auditing is done: what does it matter if the host where the source is available is compromised?
You seem to be insinuating that I don’t understand something, I do: I understand the system. I just do not agree with the evaluation that it is virtually impervious to attack.
Do you have a citation for that? I didn’t see it in the old Debian request-for-package discussion.
Don’t you see that when you need to add qualifications to your original statements, it means that they were not totally true?
This is exactly what I said in my first post, if you’d only back off the absolute claims from the get go, then they wouldn’t be wrong nearly as often. Although I’m tempted to think that you already know this, and maybe there is a lawyer in you who enjoys defending indefensible statements.
I think you need to take a step back and listen to yourself. Quit dealing in absolutes and I’m confident this silly line of discussion will evaporate in no time.
Yes, most of us, myself included, are content to ignore them. But we do not deny that they exist. You do when you say it is “not possible” for OSS to be compromised by malware.
It’s because you have repeatedly made absolute assertions that say those improbabilities are impossibilities.
Not at all. I am simply ignoring an astronomically improbable possibility, just as I do when every day I fail to fret over the possibility that the sun might blow up.
Not at all. I have just rounded the probability to the fourteenth decimal place, and as a result my approximation, good enough for discussion here, was zero.
IOW, you are, apparently, an incurable pedant. That criticism, coming from me, is more scathing than you can possibly imagine.
Edited 2011-09-23 06:15 UTC
Oh heavens to Betsy! I don’t think I shall ever recover! 😀
“IOW”, find someone else to have your little semantics competition with. Your comments just snuck below OSS malware infections on my list of things to pay attention to.
Edited 2011-09-23 06:54 UTC
It’s a lot harder though.
Except that was completely bogus. The code’s been audited and no such backdoor was found. Just because you can make a rumour about something doesn’t mean it’s probable.
Reading through the background (linked) articles, I’m not sure if I fully understand the various keys and what they do.
However, it seems that the firmware would not load a non-signed OS at boot time. If this is correct, then would this block experimenting with other OSes via LiveCDs or USB Drives? Would this also block the Hakintosh initiative?
I can appreciate the need for greater security. However, not at the expense of my freedom of choosing the OS I wish to boot.
As I understand it, you won’t be able to boot any OS which isn’t signed with a key compatible to what is stored in the UEFI firmware.
Which media is booted from is not important … Linux LiveCDs or LiveUSBs would not boot (unless signed). Somehow I can’t see compatible signing keys being given to Linux projects such as Ubuntu or OpenSuSe.
Any device which you can boot from is affected. The only way to boot an unsigned OS is to disable “secure boot”… when possible.
Edited 2011-09-22 07:32 UTC
If this stays as an option in the bios that we can turn off, or if the linux community get their own software signed in a practical manor, then there is a very, very good side to this.
This good side is SECURITY. If the operating system cannot be modified, then you can’t get a root kit, which means that the operating system can, in theory, still stop malware. In the days of large corporations seemingly being hacked into every few weeks… this type of security is bound to become common place for both windows and linux machines, even well controlled servers.
I imagine it will take a while for the kinks to be worked out (they are still working on that with phones), but in the end, I imagine IT support will NEED to have the option to turn off any secure boot options to fix computers efficiently.
It is not a problem of the linux community, it is a problem that whoever makes the UEFI hardware won’t give out signing keys to anybody and everybody. They will put only a certain number of keys in the UEFI ROMs, and the only OSes which will boot will be those signed with a matching key.
If they then give signing keys out to everybody who wanted to compile a new kernel, then root-kit authors could sign their root kits, and we are back to square one. They may as well not have the whole secure boot thing in the first place. It only makes sense if the signing keys are kept as secrets.
Edited 2011-09-22 02:09 UTC
Or the UEFI industry could move to using a Certificate Authority like most current code signing systems do.
They could also allow you to load certificates from a USB drive for self signed code, making it harder for a malware author to put their certificate in the UEFI but making it fairly painless for a user to handle.
I’m not sure if this would work, or not. How would it still be impossible for a blackhat author to self-sign their malware rootkit?
If it can work, and it could be possible to make it fairly painless for a user to boot self-signed code, and the industry doesn’t do it … then the concerns expressed by the author of the original article would be shown to have been completely valid, would they not?
The CAs is actually what they are using.
The question is obviously, what happends when a CA makes a mess of it.
they could always add an option to generate your OWN key or passphrase for signing Open Source software right in the bios. It wouldn’t really effect Microsoft because it could be a different format or something and you’d have to generate it so it wouldn’t be one of their keys. Then they could have an open source program to sign the stuff to run on it.
I’d be trivial to implement, that is what the Open Source people should be going for.
Except the OS can be modified, at least in its current form. If you can install an antivirus which checks and alters every file you open, you can install a rootkit.
Yes, everyone is convinced about the advantages.
It has actually been possible for years already on many CPUs.
TPM is just a requirement now.
But the downsides could also be great if people are not allowed to control their own computers anymore.
If I’m able to load my own key in the BIOS… euh.. UEFI firmware then that is fine.
But who will garantee that the same thing is true in 5 or 10 years ?
Of course the OS can be modified. How else would you be able to do a windows update or install a servicepack that fixes kernel problems and exploits? It is just a matter of time before that security layer is broken and windows clients is as infected as they ever were before. The only side to this that makes sense for me is the argument of locking other OS’es out and securing the microsoft monopoly for a while longer.
Once it is backwards engineered (as that is legal in all countries) though it is fair game for all, and considering the number of hackers on x86 compared to code-monkeys that hacks on consoles, i would bet a legal backwards engineering effort would be set up fast and succeed in a rather short time.
In other words, i do not worry too much.
I’m confident hat most OEMs will provide an option in the BIOS to disable this, at least for desktops or laptops. I think competitive pressures will force them. Probably, some OEM’s will initially, and some won’t, requiring users to be check whether it’s supported before purchase, but eventually all OEMs will add it.
I’m not so confident for tablets, though.
And I’m confident OEMs will make you give up your warranty rights if you disable secure boot. This could be like HTC unlocking bootloaders on their devices but voiding your warranty if you choose to do so.
Except HTC are quite happy you rooting the device these days …
To my uneducated mind, this sounds like the issue that people are having with some Motorola Android devices. They have locked bootloaders that don’t permit any firmware not signed by Motorola to be installed. Is this approximately what Microsoft is looking to do now?
Looks like this “walled garden” concept has nothing to OS security, but rather with vendor security.
“They have locked bootloaders that don’t permit any firmware not signed by Motorola to be installed. Is this approximately what Microsoft is looking to do now?”
Microsoft already does this with win vista/7 kernels. The owner is not free to install independent drivers without buying a one or two year signing key. It seems to be a deliberate attack against OSS in the windows kernel. Just after I was beginning to learn how to write kernel drivers, microsoft banned us from installing our own drivers on our own computers. They’ve hard-coded private keys.
“Looks like this ‘walled garden’ concept has nothing to OS security, but rather with vendor security.”
Technically, it has alot more to do with bootloader security than OS security, windows will have the same flaws as before.
It prevents unauthorized bootloaders from running. However in the context of a real attack, the installation of a malicious bootloader that secure boot would help protect against suggests that the system has already been compromised elsewhere. So secure boot would be of limited security value here.
They actually tried something similar before with TCM/Palladium, which may provide insight into what they are trying to accomplish… DRM.
As much as MS might want to block out linux, I cannot imagine any scenario where microsoft would not face serious legal repercussions if they tried. So, if I may speculate, this is about extending the kernel driver enforcement all the way back to the bootloader so that kernel jailbreaking software like this cannot work:
http://www.softpedia.com/get/Tweak/Video-Tweak/Driver-Signature-Enf…
Maybe it will break those loaders used to bypass windows activation schemes? That alone would be of great benefit for microsoft, specially in the bottom server side of the market…
Wait…WHAT? Are you saying that I, the owner of the OS copy and the owner of the physical hardware, can not install whatever drivers I want? On my own hardware? For real? What in the holy hell? Oceania and The Party has nothing on Microsoft….
Soulbender,
“Wait…WHAT? Are you saying that I, the owner of the OS copy and the owner of the physical hardware, can not install whatever drivers I want? On my own hardware? For real? What in the holy hell? Oceania and The Party has nothing on Microsoft….”
Yep.
http://www.ditii.com/2007/02/10/disabling-mandatory-kernel-mode-and…
I provided this next link earlier, which automatically switches the vista/7 kernels to a test mode that does not enforce software signatures. However this mode forcefully disables all access to DRM restricted APIs/hardware.
http://www.softpedia.com/get/Tweak/Video-Tweak/Driver-Signature-Enf…
There have been other ways to jailbreak the windows vista/7 kernels over the years, some involving privilege escalation, leaked keys, bootloader modifications. None of these were long term solutions, because microsoft continually disabled them (and our drivers cease to load).
Some open source supporters even purchased their own driver signing keys and created a tool that allows OSS users to load drivers as they please, their key was promptly blacklisted by microsoft, despite the fact that the tool was not malware and worked exactly as advertised.
http://www.zdnet.com/blog/security/vista-kernel-tampering-tool-rele…
That’s insane. I knew there was a good reason I don’t use Windows 7. Well, that and the fact that Windows 7 provides nothing whatsoever that I need.
It should be obvious that giving MS the benefit of doubt regarding this secure boot thing is not a good idea. At all.
Soulbender,
Most users aren’t affected, but for those who are..it’s devastating. A whole lot of alternative file systems were effectively banned in vista, which was my interest in writing windows drivers prior the lockdown.
OpenAFS, a fairly popular distributed network FS, had one clever yet insane workaround for windows clients. They enable the user to map drives by implementing a virtual SMB server running on the local host which acts as a translating proxy between the windows SMB stack and remote AFS nodes. Now of course such a thing can be made to work, but it’s restrictions like this that make windows intolerable. It’s my computer, let me do as I damn well please.
Edited 2011-09-22 21:10 UTC
Well, not just Motorola Android devices, but several different kinds of Android devices. And do you know what? Pretty much every one of them get rooted anyway.
From my point of view, it’s a good safety measure on PCs, since 99% of people would never try to boot another OS anyway. Just give people an option to unlock if they want, and make it so that you need physical access to the PC, and make it just hard enough to find so nobody could/would do it on accident.
WorknMan,
“From my point of view, it’s a good safety measure on PCs, since 99% of people would never try to boot another OS anyway.”
Can you explain why you think it’s a good safety measure? Unless I’ve missed something, there would only be two ways to boot a malicious bootloader/OS:
1. The system is already compromised and rooted such that the attacker was able to overwrite the bootloader/OS. In this case, chances are very high that the attacker can do whatever he pleases already with or without secure boot.
2. The user boots from external bootable media like a cd/thumbdrive.
If secure boot is going to prevent 99% of bootable media from booting anyways (seeing as most of us won’t be able to get them signed), then I question the need for disabling external booting via secure boot instead of simply disabling external booting outright by default?
“Just give people an option to unlock if they want, and make it so that you need physical access to the PC, and make it just hard enough to find so nobody could/would do it on accident.”
I agree that the ability to disable secure boot would be one option. Better yet would be to allow owners to control the keys on their own systems such that they could actually use secureboot with alternative operating systems. There is no reason for this feature to be hard coded for use by microsoft/manufacturers (other than to shift control to them).
Edited 2011-09-22 07:31 UTC
This should not be something that is configured by the manufacturer or software vendor…
It should be up to the purchaser of the hardware, be it an end user or a corporation, to load their trusted keys into the firmware.
If the keys are provided by someone else then it does little to help corporate security, as an attacker could just boot their own copy of a signed OS.
Similarly, using CAs is not a good idea, look at the recent hacks against various CAs…
Corporations should maintain their own internal CA, and keep the private key secure, that way their workstations would only be able to load software signed by the corporate key. Remember any given corporation will decide what software it wants to run, and won’t be happy having that dictated by a third party who holds the signing keys.
Changing the key should require the setting of a hardware jumper, and the execution of an EFI based key management tool signed by one of the currently trusted keys.
Yes this would provide a method to brick hardware if you lose the keys or load an invalid one, and since the devices are under user control there would always be a way round it even if that required hardware mods.
This is what you do to your appliance when you don’t want people hacking it.
This is NOT what you do for your traditional, flexible, personal computer. This sounds like a bridge too far for Microsoft to go. I do expect such stuff from Apple.
The keys will be leaked, eventually. In which case, from a security perspective, the gains will be zero. And this will be just another obstacle for end-users.
Could someone in the know explain the ‘Windows Logo Programme’? It’s in my limited understanding that signed bootloaders is a prerequisite for showing the ‘Windows compatible’ logo, not a prerequisite for getting an OEM licence to put Windows on your products.
Someone please correct me if I’m wrong.
Also, I hate this attitude of ‘it’ll be hacked anyway’. It took years for the current crop of consoles to be reliably compromised (not counting Wii) , there’s plenty of phones that still haven’t been cracked, even after years on the market and there’s plenty of DRM’d media that hasn’t been cracked. It’s not a sure thing, not even close and the extra barriers to entry this presents, even if cracked, could prove enough to just about kill enthusiast computing.
Icaria,
“Also, I hate this attitude of ‘it’ll be hacked anyway’.”
Forcing manufacturers to include anti-features is wrong whether or not it’s hackable.
“even if cracked, could prove enough to just about kill enthusiast computing.”
And this is really where I have a problem with it. Instead of making computers more open and accessible for everyone, this secure boot severely discourages independent development and innovation.
* I’m running with the assumption that Matthew Garret is correct that owners will not be in possession of their own keys.
There will be an option to disable this feature otherwise the EU will be all over Microsoft like a plague.
Why after Microsoft? It will be OEMs who implement this feature. If they are too lazy to allow disabling or they void warranty if user does then it is hardly MS fault.
If MS says there can´t be an option to disable this then it would leave OEMs without much choice.
Remember, MS did this when it forbid OEMs to bundle 3rd party web browsers; it was a condition to retain OEM status.
And they had an anti-trust ruling against it.
A ruling which took years, during which time they continued doing damage… By the time the ruling came about there were further delays while they negotiated the punishment (which is stupid btw, punishment should simply be assigned and they have to accept it, no negotiation).
Punishment negotiation is normal even for Criminal Law,
http://www.hse.gov.uk/enforce/enforcementguide/court/sentencing-hea…
Luckily I don’t live in draconian countries where things are decided willy nilly.
And they were still punished …
If you guys don’t like it I suggest that you actually contact your representatives, rather than inform me (who can’t do anything about) that you don’t think it was insufficient.
Also IE didn’t actually need to bundle IE4 to destroy netscape … http://news.cnet.com/2100-1001-203884.html
1 million downloads of IE4 in 4 days (3rd October 1997 is a Friday, the article says the release was on the previous Tuesday).
The EU also made them produce a version of Windows XP that didn’t bundle Media player (that nobody purchased) and the browser screen ballot screen, that Opera cried and screamed about to get the IE symbol removed and hardly anyone outside of Germany use Opera.
Anyway,
Secure boot is going to have to be optional because there are still lots of PCs capable of running Windows 8 that are still using BIOS. So I am pretty sure dual booting will still be an option in the future.
Also why would people buy a Windows 8 Certified machine to run Linux/OpenBSD/Android etc. on it? Sounds a bit silly to me.
Also what is there to stop someone booting linux using the Windows Bootloader (which I have done since Win2k)?
Edited 2011-09-22 13:09 UTC
“The EU also made them produce a version of Windows XP that didn’t bundle Media player (that nobody purchased) and the browser screen ballot screen, that Opera cried and screamed about to get the IE symbol removed and hardly anyone outside of Germany use Opera.”
Two misstakes there 1. The version of windows you are refering to was actually A LOT more expensive than the “real” deal over here atleast and also not available for purchase almost anywhere.
2. Opera is widely used in the eastern bloc (former warsaw pact countries) for example check browser statistics for Opera in Ukraine where it is installed by default on most government computers and is very popular in gernel usage due to the “low bandwidth” mode that Opera has available.
I remember it being exactly the same price for XP … however I could be wrong (not the first time).
I did however looked at the Windows 7 N version … and the prices are more or less the same according to results on google shopping.
So at least now it seems they are the in the same price range.
Personally though nobody has done anything about iTunes and iPods/iPhones … but the EU felt it needed to do something about Windows Media player?
I appreciate that … but globally that isn’t the case.
I know it is popular in the Ukraine … my Girl’s home country.
My main point is that Globally it didn’t really help any browser to gain anything IMO .. TBH it just confused normal users (such as my stepmother and father) who were perfectly happy using IE (I had a phone call while at work and had to google what the hell it was about).
I work with devs most of the day … and the most used browser (outside of my team) is IE. We have Oracle, SAP devs, Network and Server teams … and only the web team use browsers that aren’t IE.
Even the Electronic Media department are quite happy using IE even though anyone in our company can install any browser they wish (admin permissions are quite lax … won’t be after Win7 rollout). Most of them have Firefox and Chrome installed but just use IE …
The thing that gets me is the constant Microsoft Bashing by people who don’t really have a clue IMO.
Edited 2011-09-22 19:09 UTC
People will not buy a “Windows 8 Certified” machine to run Linux/*BSD/Android/etc on, but people will buy a computer that meets their wants/needs that is in their price range that happens to be “Windows 8 Certified”. Just as not everyone likes to tinker with open-source OS/apps, not everyone that tinkers with open-source OS/apps likes to tinker with hardware.
As far as using the Windows boot-loader, it could get replaced with one that checks for “properly” signed code.
Microsoft are saying that OEMs will only be allowed to display a “Made for Windows 8” sticker if UEFI Secure boot is enabled.
http://www.readwriteweb.com/enterprise/2011/09/windows-8-spells-tro…
“Microsoft is trying to lock down system firmware to prevent malware and pirated copies of Windows. Unfortunately, this may have some undesirable side effects for Linux users and anyone else that wants to boot an operating system not officially blessed by Microsoft and OEMs. This poses a problem for hobbyists and large organizations alike.
This was discovered by Linux developer Matthew Garrett, who’s been doing a lot of work with EFI booting in general for his day job. Recent UEFI specifications have allowed for “secure boot” that requires an OS to have a signed key in system firmware to work.
Microsoft is requiring that OEMs ship client systems with the secure boot enabled to get the Windows 8 logo. Of course, all major OEMs are going to want the Windows 8 logo. ”
Edited 2011-09-22 10:02 UTC
So they finally came up with something to counter bypassing of windows activation with the “SLIC in bootloader” trick…
Sadly (for us), it seems they are going after a fly with an ICBM.
Is it maybe possible to chain-load other operating systems via’s Microsoft’s own UEFI boot loader? When multiple versions of Windows are installed on the same machine, they share one UEFI boot entry, then their own boot loader allows you to choose between versions of Windows, just as one install of GRUB can be configured to boot many operating systems.
For MBR/BIOS systems, Microsoft’s loader has been configured to load a number of operating systems other than Windows (look to EasyBCD). But I think that just chain-loads other boot loaders like GRUB. If Microsoft’s loader still uses UEFI’s boot services, then chain-loading will be just as difficult/impossible as loading directly.
If we put aside user lock-in and think about it as a security issue, then the possibility of booting alternative operating systems with Microsoft’s own boot loader seems unlikely (it’d be easier to attack a user by reconfiguring their loader from within Windows).
If this is implemented as expected, the only way I see installing Linux is if we somehow make Linux mimic Windows because Microsoft’s boot loader will be the only one available.
I don’t know. I have a similar feelings as the article’s author. I’m worried but not panicked. These things tend to work out. Worst-case scenario, retail PCs with Windows pre-installed will be locked-in to Windows. The enthusiast community will still be able to be their own machines.
For my open-source/fun computing needs, I’m thinking about switching to something like Trim-Slice or a PandaBoard. As ARM continues its journey towards competing with x86, more stuff like this will become available and viable desktop replacements. But, yes, the days of renewing the life of old Windows machines with a free operating system might be numbered.
I have tried to install win 8 developer edition and it
will not install on any of my many machines they all run
some version of linux or bsd and win2k or winxp.
It’s good that this topic is being debated and discussed in articles, forums, comment sections, etc., but I think we also need to consider that a more direct approach might be the key: write to the manufacturers and let them know this isn’t cool. E-mail your favourite laptop vendor(s) and let them know you will not be a happy camper if they limit your freedom of choice.
Maybe it’ll work, maybe it won’t, but at least you can say you tried.
It can go also Apple way – Windows 8 will have some bootcamp equivalent for allowing boot another OS. It will be marketed as huge user friendly feature 😀
And you have always been able to boot another OS using Windows … called Boot.ini in the WinNT/2k/XP days and not BootMgr
.
It hasn’t always been so easy on Macs … I remember it being a mare on my iBook.
We gotta fight for our freedom, cause if not we will lose it seems.. Gov. and the big companies would definitely want us with no other choice than their products and their ways of doing things..
Stallman is not as crazy as it seems I believe..
Thank you Thom for writing about these things.
I go for danger + freedom instead of safe slavery any day.
OH FFS,
It is only on Machines that are Windows 8 Certified … why would one buy a computer if one intends to run Linux/OpenBSD/Haiku etc .. if it is certified only for Windows?
I have a computer that has a WEI of 6.7 … that has a BIOS … do you really think I can’t boot Windows 8 on the same machine, Or Microsoft won’t sell me a version of Windows 8 I can use?
The article on OSNEWS by Thom is reactionary to get you guys to panic … you do it so predictably it is almost sad.
Find an economical laptop that does not have the Windows logo?
If you are buying non-standard it is always going to be more expensive … just how markets work.
I have a Bicycle with a mix of 1970s French Tech … pretty much most components are French Standard which no longer exists (everybody used the British ISO in the end) .. getting parts were expensive because I have to buy short run production replicas (luckily not often) … they are 2 or 3 times price of the same British ISO kit.
That’s the point. Standards are indended to open up opportunities not the other way around.
As with Win8 certified computers for linux think about:
1. your gf sick with windows on her Laptop wanting some alternative
2. old computers getting linux treatment to extend their life
3. old computers used as thin terminals
4. specialized distros (router, music) booted from a CD.
5. a company offering android for dissadisfied user of win8 tablets (that’s esp. problematic as changing anything in bios would be a no-go for end-users)
I could go on and on.
First, there are places and market segments where people cannot buy hardware that’s not Windows certified. Second, hardly anyone knows for sure what OS they will intend to run on their computer during its lifetime. The vast majority of Linux users tried and installed Linux on their Windows PC first (for many reasons, like when the hardware gets too old for new Windows, when they have problems with the Windows OS and some experienced user installs Linux for them, or simply because they want to try another OS). Even if people buy a Windows PC, they may want to change the OS later. It happens too often, so now with this move, Microsoft makes sure people will dismiss that dangerous (dangerous to Microsoft) thought, especially when Windows 8 with its dual interface is so controversial yet critical to their success in the future, with the emerging competition, so they need to make sure people will get stuck with them whether they like their new OS or not.
Learn 2 Paragraph
Edited 2011-09-23 07:16 UTC
I know “how 2 paragraph” (i.e. when it actually makes sense). Judging from your posts here, it’s you who has a serious problem understanding what a paragraph is (no, a paragraph does not equal sentence).
It’s enough that Microsoft imposes Windows tax on users ( http://en.wikipedia.org/wiki/Windows_refund ) while claiming that one can get refunds. Now they want to brazenly impose even more.
Nice video on the subject of “trusted computing” in general:
http://www.youtube.com/watch?v=UnXU7z2_6Jg
Edited 2011-09-22 18:33 UTC
Oh not this Window Tax bullshit.
Basically a lot of Laptops and Desktops would not be as cheap if they didn’t have a Windows License and all the crap ware … If you don’t want the crap ware …
Either uninstall it … which isn’t hard.
Or for the cleanest install, download an ISO of the same version of Windows via (Bit torrent) that is installed and do a clean install with your legit key.
If you want to install whatever just do so … you aren’t losing anything.
I am pretty sure Dell get Windows Licenses for like $4 or something that is less than a cup of over priced coffee over here.
I think a lot of people have to get real IMO.
> Basically a lot of Laptops and Desktops would not be
> as cheap if they didn’t have a Windows License
Completely the opposite. Hardware would be cheaper if not Windows tax.
> If you want to install whatever just do so … you aren’t losing anything.
Except the price of Windows which in general is above $100 in US.
> I am pretty sure Dell get Windows Licenses for like $4 or something
You can’t be sure of something Dell never revealed to the public. Indirect methods indicate amounts much bigger than $4 as practice shows.
> I think a lot of people have to get real IMO.
Yes, to be real is to be against monopoly of crooks which MS are.
> Either uninstall it … which isn’t hard.
Microsoft wants to prevent you even from this now with this secured boot nonsense.
Edited 2011-09-22 19:28 UTC
Many OEMs have said that their hardware is as cheap as it is because of the bundled software and the fact that Microsoft gives them OEM discounts.
It like standard stuff. I usually buy my laptop (which are usually dell) from guys that repackage the OS without the crap or give me install media.
In ever other walk of life … people getting ripped because they didn’t know their shit goes unnoticed … but in the Computer world … nerds think it is a holy war.
As I said you guys need to get real about a lot of things …
Recent Conversation between a Bloke and a Linux fanboy in my office
Bloke – “I bought this on iTunes and my girlfriend can’t play it on <other Mp3 player>”
LF – “iTunes has DRM”
Bloke – “??”
LF – “It stops you playing it on other things”
Bloke – “Well that makes sense since it is Apple’s make”
Seriously people just expect this. It is exactly the same as Henry hoover bags not working on My cheap ass Argos hoover.
I should have done my research … luckily my flat is small and I don’t hoover often.
BTW hoover in England = Vacuum Cleaner.
Edited 2011-09-22 19:34 UTC
Brainwashed people can expect that to live behind barbed wires and electrical fences is a norm. Normal people don’t expect that, believe me.
Your example is strange. If he expected that to happen, why did he try giving it to his girlfriend? Or was it she asking him? At least one of them is surely normal, intuitively expecting to play the media where they want. I.e. DRM is not a natural thing.
> Many OEMs have said that their hardware is as cheap as
> it is because of the bundled software and the fact
> that Microsoft gives them OEM discounts.
You mean cheaper than if they wouldn’t get those discounts (read bribes from MS for them to support MS monopoly). But of course not as cheap as without Windows tax at all.
Oh lets not try to make Operating Systems the same as actually enslaving people … that is mental
Actually Enslaving people is actually horrible in every way imaginable, and comparing that to whether you can choose Windows or Linux to browse the internet … is just unbelievable.
It is quite obvious … he bought a song on an iPod an tried copying to her really cheap mp3 player … it didn’t work .. when it was explained it was because the mp3 was meant to work only on his iPod he said “makes sense”
For him it was like saying “why won’t my DVD work in my Cd player”
For the Linux guy it was pretty much a “war” situation for him.
Bribes … do you actually think people/companies need to be bribed to support having a decent OS, Linux is a bag of bolts and always have been.
Most software supports Windows … therefore it is a damn good bet to run Windows if you are supplying computer hardware.
Also the OEM price you see online isn’t what they pay, I am a nobody at work and I have asked for discounts from Microsoft, and I just get them… and I don’t work for a OEM vendor. I mean I get a discount of VS2010 ultimate of 90% by just calling the right person.
It ultimately depends on who you ask at Microsoft as to whether you get a discount … it mainly to do with your relationship with the supplier. However with Microsoft you have to be very specific as to what you want from them when trying to get discount.
I asked JetBrains that supply ReSharper for a discount because we are a charity … as I got 50% off without any haggling. My email was “do you do a discount for charities on the corp version?”
Seriously big companies don’t pay what you see online for Microsoft software prices. If I got 50% off by asking nicely, imagine what Dell gets.
Edited 2011-09-22 20:01 UTC
Whatever they pay, they still inflate the price because of that. I don’t really care about how much they pay, I care about having a choice not to be affected by this bundling.
You see, you are disproving your own point (which was seriously people just expect this.). He knew it was iPod (i.e. Apple), still he expected to copy the song to other device because it’s a natural thing to expect. Only after he started to dwell on it more, he agreed that since it’s Apple, that won’t work. But normal expectation – it should work. So when it doesn’t work – it’s not a norm. That was my point.
Edited 2011-09-22 20:06 UTC
No we care about getting shit done.
I explained to you but you ignored that I can get discounts from MS.
It is quite simple … it works for us. If you don’t f–king like that too f–king bad. I don’t really care how much you value freedom … It it called a “deal” and it has been done since the start of time … get a clue would you.
I am not disproving my own point. The point was that nobody unless us geeks really give a shit. He bascially said “oh wait I bought some apple shit and it didn’t work with some TESCO shit … well okay fair enought”.
Thus the Hoover example. but you didn’t quite catch on.
Edited 2011-09-22 22:13 UTC
Haha. May be you do, but I don’t have any deals with MS and I don’t get any discounts from them, as most people as well. We pay more for the obvious reason of the Windows tax. As simple as it gets. And why can’t we voice our opposition for this ridiculous claim of money for something that isn’t used? This bundling is really illegal no matter what discounts you are talking about.
Regarding the DRM – I was saying that it’s unnatural and against normal expectations of freedom. Not sure if you argued with that or not, your example was only supporting what I said.
Edited 2011-09-22 23:50 UTC
Why are you buying something that says “Windows XP/Vista/7/8 Certified” if you have have no intention of using Windows … WHY??
Vote with your wallet.
Oh here we are again. Pretend not to understand the point.
I don’t support it (not that it matters) … It is just that normal people just don’t really care and never will. They got real things to worry about, like Children and Bills … not a pretend freedom fight against a company that supplies Computer Software.
Edited 2011-09-23 06:57 UTC
Because it’s cheaper. Just as an example: I can get an entry level laptop on Newegg for $330 USD. It has a 2 GHz dual-core Sandy Bridge-based Pentium CPU, 2GB RAM and a 320GB hard drive. Can you tell me where I might find a Linux or sans-OS laptop of equivalent specs for the same price? (It actually should be cheaper since no Windows license would be included.)
http://www.osnews.com/permalink?490462
If you guys are so up in arms about it, as I said you can vote with your wallet.
Unless MS actually *pay* them that will still add to the cost. A discounted price is still a cost, it doesn’t reduce the cost of your manufacturing and assembly process.
Bundled software could help reducing the price somewhat but then again, I see plenty of cheap hardware that comes with no OS and consequently no bundled apps.
lol It’s a good thing you added that. You say Hoover, and I immediately think either Herbert or J. Edgar.
There is a company in my country that advertises a base price for its computers which does not include the price of the OS. AFAIK Pioneer Computers buys component parts from Asian countries and then assembles the computers in Australia. This is the page for its inexpensive Notebook Computers $149-$699
http://pioneercomputers.com.au/products/products.asp?c1=3&c2=12
If you look at the detailed price breakdown of the cheapest Windows 7 machine, you see this:
http://pioneercomputers.com.au/products/configure.asp?c1=3&c2=12&id…
The base price is $349. Any option to have Windows installed will cost extra.
Microsoft Windows XP Professional [+$169]
Microsoft Windows XP Home Edition with Recovery CD [+$39]
Microsoft Windows 7 Home Premium (32/64 Bit) [+$99]
Microsoft Windows 7 Professional (32/64 Bit) [+$169]
Microsoft Windows 7 Ultimate Upgrade/Full Version (64 Bit) [+$199]
There are other options:
Upgrade Windows from 32 bit to 64 bit
Ubuntu Linux OS Pre-loaded. Great freeware.
Multi Boot OS Set up, Up to 4 Operating Systems [+$49]
Ubuntu is the only option for which you can buy the machine at its base price of $349. Ubuntu comes with LibreOffice installed, BTW. Every option for Windows comes with a Windows tax. The minimum Windows 7 tax is $99, the full version Windows 7 tax is $199. Microsoft Office 2010 Home and Business Edition is +$253.
A machine with Windows 7 Home Premium plus Microsoft Office 2010 Home and Business Edition, offering almost the same level of functionality as the Ubuntu option at $349, would cost an additional $352. It would cost $701 total for the Windows 7 Home Premium + Microsoft Office 2010 Home and Business Edition, compared to the base price of $349.
More than twice the price.
Microsoft wanting to put UEFI secure boot into OEM ROMs would mean that Pioneer Computers could not offer its customers the inexpensive option (the $349 Ubuntu option, without any Windows tax).
Edited 2011-09-23 00:10 UTC
It’s very disappointing (but not surprising), the way that Windows 8 is shaping up.
The secure boot thing. The “only apps from the Windows Store” thing.
( Thom mentions that he’s “fairly sure the relevant registry key” (to bypass installing apps via the store) “will be easily toggled for us geeks.”
Hopefully so, but I wonder how long that access would last. Not long at all, I’m thinking. It’d be very easily removed by MS, should the mood take them.
When I first saw the look and feel of Windows 8, I was *really* interested (and this from a Linuxhead).
It looked really nice, really clean. Sadly, MS seem to be reverting to their old ways, with the “secure boot” and Windows store stuff. That has **completely** killed my interest in Windows 8.
Edited 2011-09-22 22:26 UTC
None of us should be shocked by this development.
This is nothing short of hijacking your computer hardware in an attempt to prevent users from using anything but future versions of Windows.
There is a work-around. While not the best, it is an option. If/when this lock-down is fully implemented, I can envision people purchasing additional hard drives (or flash drives) for laptops and mobile devices that allow quick remove-replacement of storage media.
The bothersome part of this situation is h/w ownership. Imagine purchasing an oven. Now imagine its impossible to cook anything but beef and pies of a particular store in that oven (it’s an abstract example, so just work with me here). You didn’t know this at the time and the oven came with steaks and pies from, “Bill’s Beef & Pies.” Now that you have your oven in your house, you’ve enjoyed some steaks & pies that came with it. Now you want to cook a chicken dinner for your family because chickens are free and you’ve heard that they’re really good (friends & coworkers are always raving how they love chickens because there are so many recipes for them). The oven fails to turn on since it isn’t beef (from Bill’s) in the oven. You call the store and they finally tell you that the oven only works for beef and pies from Bill’s Store; nothing else will allow the oven to turn on.
Would you put up with that? Of course not.
The alternative is to have two ovens. One for pies & beef from Bill’s Store and another for everything else.
But for similar FUD at the introduction of TPM, all should be shocked at the massive amount of FUD brought about by an OS vendor utilizing a firmware standard to help guard against rootkits.
http://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os…
Edited 2011-09-23 01:32 UTC
Pelly,
“Imagine purchasing an oven. Now imagine its impossible to cook anything but beef and pies of a particular store in that oven…Would you put up with that? Of course not.”
It’s a silly little example. But you know what, if Bill Gates had a monopoly on cattle and that’s all the major stores sold, then it’s entirely possible that consumers would end up buying ovens that are designed exclusively for Bill’s goods.
Consumers wouldn’t consider any other ovens because none of them can cook Bill’s Beef which they have to order in stores.
…Now back to reality…
I don’t want to eat Bill’s beef, it makes me sick. I read that there are hundreds of millions of cases worldwide where other people have become sick from eating Bill’s Beef.
The Bill’s Beef cookers break down all the time, they are horribly slow, and normally they are covered in obnoxious advertising, and the cheapest ones cost twice as much as they should.
Fortunately, I can buy ovens that will cook a wonderful array of other nutritious meals, unlike Bill’s Beef ovens, which won’t even turn on if I try to cook my meals in such ovens.
Because Bill’s Beef has outrageous control of the market, I have to dig around to find an alternative oven, but I can do it.
You can bet your bottom dollar that I am going to loudly protest if Bill’s Beef Company tries to take my other oven options off the market. I won’t stand for such bulls**t.
Edited 2011-09-23 01:59 UTC
http://www.winrumors.com/microsoft-clears-up-linux-confusion-over-w…
It is an “option” that OEMs are required to include if the OEMs wish to put a “designed for Windows 8” sticker on their hardware.
No UEFI Secure boot, no “designed for Windows 8” sticker.
Optional. Sure.
+1. Microsoft tries to wash hands as usual. Same garbage argument as in case of Windows tax, when MS says that manufacturers aren’t forced to bundle anything, and if they do – refund can be claimed. In reality not only the vast majority bundle – to get a refund is close to impossible in most cases.
Same thing here. Microsoft will claim that OEM can give an option to disable the “secured” boot, but in reality OEMs won’t do it and there will be no normal way for users to do it.
Edited 2011-09-23 04:18 UTC
Malware stats from groups like McAfee make clear bootloader attacks are rare. Security issues occur AFTER you’re in Windows, not outside of Windows.
According to MS’s blog post — “Who is in control? At the end of the day, the customer is in control of their PC.”
Baloney.
(See MS blog post here — https://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os…)
They say the truth in the same post (they can’t easily say outright lies), but they obscure it with tons of demagogy.
They write:
That’s it. It means OEMs are in control, and not users. And Microsoft is happy to control OEMs as they already do – with rebates and other similar stuff.
Edited 2011-09-23 05:15 UTC
Heh, that MSDN blog censors out comments which prove how ridiculous their arguments are. Somehow I didn’t expect from MS anything better anyway.
<removed, duplicate link>
Edited 2011-09-23 09:09 UTC
http://www.coreboot.org/
There’s no way they can stop you from running Coreboot on compatible motherboards without preventing themselves from pushing BIOS/UEFI updates.
Maybe the AmigaONE / ARESONE computers suddenly become more interesting 🙂
Am i the only one wishing right now that all evolution in the IT industry stopped, and no new equipment is produced anymore?
Mandatory secure boot, Cinavia, DRM in games that requires an always on internet connection, movies that can be “licensed“ through streaming services but not bought, plus whatever else the corps think of next.
The only hope is that there will be a major backlash by consumers and a turn towards open devices, like the turn to USB hardware media players that happened after Bluray players and the PS3 got infected with Cinavia. In plain english, users will be divided between the free world (users running open devices) and the enslaved world (users running locked devices). Trust me.