Linked by Thom Holwerda on Wed 21st Sep 2011 22:06 UTC, submitted by kragil
Windows After the walled garden coming to the desktop operating system world, we're currently witnessing another potential nail in the coffin of the relatively open world of desktop and laptop computing. Microsoft has revealed [.pptx] that as part of its Windows 8 logo program, OEMs must implement UEFI secure boot. This could potentially complicate the installation of other operating systems, like Windows 7, XP, and Linux.
Permalink for comment 490396
To read all comments associated with this story, please click here.
RE[2]: Comment by OSbunny
by malxau on Thu 22nd Sep 2011 20:08 UTC in reply to "RE: Comment by OSbunny"
malxau
Member since:
2005-12-04

"If you want to hide malicious code you can do it in open source as well. There was that news a few months ago about openbsd having malicious code. Don't know whether it was true or not but the possibility remains.


Quote please. AFAIK the track record is that malware has never been distributed to users via open source repositories. The only way it happens is to distribute modified code binary-only executables to Windows users.
"

Do you remember this? I believe the code was distributed over CVS, but never made it into a release.

http://www.theregister.co.uk/2003/11/07/linux_kernel_backdoor_block...

Or when debian ran valgrind on openssl and shipped a broken version for years before it was detected, resulting in piles of compromised keys? The code was there for all to see.

http://blogs.fsfe.org/tonnerre/archives/24

As a paranoid afterthought, note we only know about these when they're detected. We don't know about the ones that are too good - which may be zero or may be large. We have no way to know.

I think as everyone else is saying, it's difficult, but not impossible. The code just needs to look correct even when it's not. That's a high bar, but it can be met. There's even a competition over who can do it well:

http://underhanded.xcott.com/

Reply Parent Score: 3