Linked by Thom Holwerda on Fri 23rd Sep 2011 22:22 UTC, submitted by kragil
The story about how secure boot for Windows 8, part of UEFI, will hinder the use of non-signed binaries and operating systems, like Linux, has registered at Redmond as well. The company posted about it on the Building Windows 8 blog - but didn't take any of the worries away. In fact, Red Hat's Matthew Garrett, who originally broke this story, has some more information - worst of which is that Red Hat has received confirmation from hardware vendors that some of them will not allow you to disable secure boot.
Thread beginning with comment 490693
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2010-06-19
Look, you seem to be under at least a couple of misapprehensions.
- The firmware will only boot code that has been signed using the right keys.
- The private signing keys have (theoretically) not been compromised.
- Unless the malware has those keys, there is simply no way for the malware to write anything to the boot sector that UEFI will boot.
- The malware also cannot write over UEFI, itself (theoretically).
There is merit to the security argument. Of course, to even get to the security argument, you have to grant that Windows is going to be compromised and that a substantial amount of malware is going to target the boot sector.
Also, you're contradicting yourself: either the tech is sufficient to create a walled garden (ie. it's secure), or it's not. If it's not secure, then people can get past the signing mechanisms in exactly the same way that you propose that malware could.
Edited 2011-09-25 09:07 UTC
Member since:2005-07-06
Also, you're contradicting yourself: either the tech is sufficient to create a walled garden (ie. it's secure), or it's not. If it's not secure, then people can get past the signing mechanisms in exactly the same way that you propose that malware could.
OK.
For the 15'th time, I not claiming that it's impossible to secure the boot environment - I am saying that securing the boot environment has zero, 0, NULL effect on the security of the system as it cannot prevent a *OS* or *USER* level vulnerability (or plain stupidity) from compromising the OS and/or the user file.
How could I possibly make my point clearer?
- Gilboa
News
Linked by Thom Holwerda on 06/17/13 17:58 UTC
"The Internet is one of the most transformative technologies of our lifetimes. But for 2 out of every 3 people on earth, a fast, affordable Internet connection is still out of reach. And this is far from being a solved problem. There are many terrestrial challenges to Internet connectivity - jungles, archipelagos, mountains. There are also major cost challenges. Right now, for example, in most of the countries in the southern hemisphere, the cost of an Internet connection is more than a month's income. Solving these problems isn't simply a question of time: it requires looking at the problem of access from new angles. So today we're unveiling our latest moonshot from Google[x]: balloon-powered Internet access." Insane.
Linked by Thom Holwerda on 06/17/13 17:52 UTC
"MineAssemble is a tiny bootable Minecraft clone written partly in x86 assembly. I made it first and foremost because a university assignment required me to implement a game in assembly for a computer systems course. Because I had never implemented anything more complex than a 'Hello World' bootloader before, I decided I wanted to learn about writing my own kernel code at the same time. Note that the goal of this project was not to write highly efficient hand-optimized assembly code, but rather to have fun and write code that balances readability and speed. This is primarily accomplished by proper commenting and consistent code structuring." Just cool.
Linked by Thom Holwerda on 06/14/13 21:03 UTC
Jon Rubinstein, former CEO of Palm: "Well, I'm not sure I would have sold the company to HP. That's for sure. Talk about a waste. Not that I had any choice because when you sell a company you don't get to decide that. Obviously, the board and shareholders decide that. If we had known they were just going to shut it down and never really give it a chance to flourish, what would have been the point of selling the company? I think the deal we had with Verizon really hurt us, but who knew that at the time? These things are all hindsight."
Linked by Thom Holwerda on 06/14/13 20:46 UTC
"And so it is with Dell's Alienware X51 R2, a small form factor gaming PC in console digs. It's shaped similar to Microsoft's Xbox 360 Slim, and though it's slightly larger than either a 360 or PlayStation 3, the X51 R2 would be right at home in a living room setting nestled next to a large screen TV. Indeed, it's adept at running Steam's Big Picture mode, and if your primary objective is to play games in the living room, go ahead and consider the X51 R2 a hybrid game console." This is obviously not the only machine like this - still, these are very valid console alternatives even for those that don't like being hunched over with a cramped WASD-claw. Also, PC gamers among us: could you get away with the $699 model for gaming?
Linked by Thom Holwerda on 06/14/13 17:32 UTC
From Bloomberg: "Microsoft, the world's largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process. That information can be used to protect government computers and to access the computers of terrorists or military foes." The lid has officially been blown off.
Linked by Thom Holwerda on 06/14/13 11:39 UTC
"The key takeaway we've reached (after two less than 24 hours playing with the iOS 7 Beta release) is this - every App must consider even basic updates to its UI to survive in a post-iOS 6 world." Great. Telling developers to update their entire application - user interface and behaviour alike - to target a look and behaviour that isn't final yet. Seems like potential for a lot of wasted work here.
Linked by Thom Holwerda on 06/14/13 11:32 UTC
"Overall the app is really basic, and designed for on the go editing. Microsoft says it's not planning to create an iPad version, noting that tablet users can utilize the Office Web Apps instead. We'd like to see some additional options for editing, including more clear options for text formatting and the ability to insert and change images, but it's a solid attempt for something you're only really going to use for editing in emergencies." A resounding meh can be heard from all over the world.
Linked by Thom Holwerda on 06/13/13 19:39 UTC
"Today, most people are using modern browsers that support the majority of the latest web technologies. Better yet, the usage of legacy browsers is declining significantly and newer browsers stay up to date automatically, which means the leading edge has become mainstream. Given these factors we've decided to retire Chrome Frame, and will cease support and updates for the product in January 2014." Eh.
Linked by Thom Holwerda on 06/13/13 14:45 UTC
The Next Web: "First of all, many of the new icons were primarily designed by members of Apple's marketing and communications department, not the app design teams. From what we've heard, SVP of Design Jony Ive (also now Apple's head of Human Interaction) brought the print and web marketing design team in to set the look and color palette of the stock app icons. They then handed those off to the app design teams who did their own work on the 'interiors', with those palettes as a guide. We've also been hearing that there wasn't a whole lot of communication between the various teams behind say, Mail and Safari. And that there were multiple teams inside each group that were competing with various designs, leading to what some see as inconsistencies in icon design. Those may well be hammered out in days ahead." What. Reminds me of how Microsoft does (used to do?) things.
Linked by Thom Holwerda on 06/13/13 11:43 UTC
"The German Parliament, the Bundestag, has introduced a joint motion against software patents. The resolution urges the German government to take steps to limit the granting of patents on computer programs. In the resolution, the Parliament says that patents on software restrict developers from exercising their copyright privileges, including the right to distribute their programs as Free Software. They promote the creation of monopolies in the software market, and hurt innovation and job creation." After New Zealand, we now have one of the most powerful economies in the world moving to ban software patents for all the reasons smart people have been outlining for years. also: "The government should also push to ensure that software is covered by copyright alone, and that patent offices (including the European Patent Office) stop granting patents on software." Germany is not a country the EU can ignore. Very good news, this.More News »
Sponsored Links
Member since:
2005-07-06
I'm not sure I see the connection.
You claimed that having secure boot *improves* the security of the OS, I (easily) disproved it by pointing the having secure drivers and boot sector is *completely* irrelevant once the OS itself is compromised - either by abusing an OS exploit or by (ab)using end-user stupidity.
In the long term secure boot can and will only be used to create a walled garden around the Windows eco-system; nothing more, nothing less.
- Gilboa