Linked by Thom Holwerda on Wed 21st Sep 2011 22:06 UTC, submitted by kragil
Windows After the walled garden coming to the desktop operating system world, we're currently witnessing another potential nail in the coffin of the relatively open world of desktop and laptop computing. Microsoft has revealed [.pptx] that as part of its Windows 8 logo program, OEMs must implement UEFI secure boot. This could potentially complicate the installation of other operating systems, like Windows 7, XP, and Linux.
Permalink for comment 490344
To read all comments associated with this story, please click here.
RE[3]: Comment by OSbunny
by bert64 on Thu 22nd Sep 2011 10:33 UTC in reply to "RE[2]: Comment by OSbunny"
bert64
Member since:
2007-04-23

Such a backdoor would require fairly complex and specialised code, in an open source compiler that would be noticed so you could need to be using a closed source compiler...

The only realistic way to "backdoor" open source code, is to introduce a very subtle exploitable bug...
A blatant backdoor will be found quickly, whereas a bug may slip by...
Similarly, if your backdoor is found then you have deniability if it looks like a software bug, but if its obviously a backdoor you will likely be named and shamed, as well as blocked from any future commits.

You would also need to be a competent developer, and to commit a significant amount of legitimate code to a project in order to build up a level of trust first. It wouldn't be a simple quick attack, it would need to be planned and thought out well in advance.

And also note that all of the above also applies to closed source too, someone sufficiently motivated and funded could get someone hired by a software company to work on the target product. It's also been my experience that code written by an employee comes under far less scrutiny than code from a new contributor to an open source project.

Reply Parent Score: 6