Linked by Elv13 on Sun 17th Jun 2012 10:35 UTC
Hardware, Embedded Systems "The UEFI secure boot mechanism has been the source of a great deal of concern in the free software community, and for good reason: it could easily be a mechanism by which we lose control over our own systems. Recently, Red Hat's Matthew Garrett described how the Fedora distribution planned to handle secure boot in the Fedora 18 release. That posting has inspired a great deal of concern and criticism, though, arguably, about the wrong things."
Thread beginning with comment 522492
To read all comments associated with this story, please click here.
About time for more secure OS's
by jefro on Sun 17th Jun 2012 15:52 UTC
jefro
Member since:
2007-04-13

The free community doesn't always need to get what they want for free. MS and other companies do pay real people to have real jobs and have real lives. For years everyone has claimed that MS get more secure. When they do it they get hammered. If opensourced people want to they can re-write an openbios and one could load it.

The solution is to fix it not to cry about it. An openbios that can be locked is a solution.

The real solution is what DEC used to have. A write protect switch on the drive. We never had any issue with them as long as no one pressed that button.

Reply Score: -5

the_trapper Member since:
2005-07-07

This isn't about getting things for free, or about making Windows more secure, it's about Microsoft making yet another anti-competitive move. Look at their entire history and if you honestly think that this is all about computer bootloader security, I've got a bridge to sell you. Bootsector viruses are almost a non-issue today. Maybe back in the sneaker-net days of the late eighties and early nineties where floppy-disk boot sector viruses were a huge problem, something like this would've been very helpful. However, today, if you encounter a virus that can attach itself to your boot process, it can also attach itself to other software much higher up the stack with just as much utility to an attacker.

What makes more sense to you, that they are locking the bootloaders to protect against an almost non-existent security threat, or that they are finally so terrified of competition with Linux and Android that they are trying to lock them out?

Reply Parent Score: 14

ephracis Member since:
2007-09-23

I think the real target is Android or any OS that can replace Windows on tablets. Making it a hassle to install Linux on your desktop is just a bonus.

Reply Parent Score: 6

lucas_maximus Member since:
2009-08-18

Actually boot sector viruses are making a come back.

Reply Parent Score: 3

justsayin Member since:
2012-06-18

The free community doesn't always need to get what they want for free. MS and other companies do pay real people to have real jobs and have real lives. For years everyone has claimed that MS get more secure. When they do it they get hammered. If opensourced people want to they can re-write an openbios and one could load it.

The solution is to fix it not to cry about it. An openbios that can be locked is a solution.

The real solution is what DEC used to have. A write protect switch on the drive. We never had any issue with them as long as no one pressed that button.



I registered an account just to reply to your comment. The "Free" in "Free Software" stands for "Freedom", not price. It's not about getting what we want or don't want without paying any money. It's about not enjoying freedoms over the computing device we own.

You should take a look at https://www.fsf.org/campaigns/secure-boot-vs-restricted-boot to see why there's this campaign from the free software community against secure boot.

Reply Parent Score: 2

lucas_maximus Member since:
2009-08-18

Nobody cares outside of RMS and his fanatics.

Reply Parent Score: 0

jefro Member since:
2007-04-13

Why can't anyone fix an issue? Instead it is easier to cry foul.
"
The solution is to fix it not to cry about it. An openbios that can be locked is a solution.
"
So get off your silly notions about what free is and either pay to get a fix or have someone or yourself fix the issue.

The issue is around us every day. Only task a 9 year old to know about rootkits, virus's and malware. Every major OS company knows how dangerous the whole issue it. They can't simply not rely on software to fix the problem. We as in both MS and other OS users need to have more secure systems.

There is NO FREEDOM while under the threat of hackers. That is not free to me at all. My credit, my personal medical history, my entire life now resides on computers that are subject to attack. Sure if you are a 24 YO that doesn't have any money or job you many not care but I do.

Get secure to quit talking.

Reply Parent Score: 0

WereCatf Member since:
2006-02-15

The free community doesn't always need to get what they want for free. MS and other companies do pay real people to have real jobs and have real lives. For years everyone has claimed that MS get more secure. When they do it they get hammered. If opensourced people want to they can re-write an openbios and one could load it.


Way to misunderstand everything. I wonder which rock you've been living under.

You see, SecureBoot is controlled by a single entity with absolute power over it, there is no standardized way of creating keys when needed and no design committee to oversee its development. Since it is controlled by a single entity Microsoft can simply refuse to accept requests for keys on a whim. This is a clearly anti-competitive move designed to make using non-Windows operating systems much more difficult.

There is nothing wrong per se in trying to protect a system against boot sector viruses, but it should be made in such a way that there is a documented path for creating new keys via some form of a standards body consisting of multiple entities, and there should similarly be a clearly documented standardized way of disabling SecureBoot. Why a standards body then, you ask? Well, so that multiple entities can strutinize the proposals, to point out flaws and possible improvements that a single entity managing it would possibly miss, and to ensure cross-platform compatibility and end-user benefit.

The solution is to fix it not to cry about it. An openbios that can be locked is a solution.


No, it is not. You cannot e.g. expect IT personnel to install Openbios on every single device they may have to fix.

The real solution is what DEC used to have. A write protect switch on the drive. We never had any issue with them as long as no one pressed that button.


How would that protect against boot-sector viruses? If the write switch is off then it protects against no viruses, and if it is on the whole disk can only be used for reading stuff, ie. it would be inherently useless, ergo everyone would just keep it switched off -> no protection.

Reply Parent Score: 6

quackalist Member since:
2007-08-27

OK, I'll come clean, it was me that pressed that button. Just couldn't help myself.

Reply Parent Score: 1

Soulbender Member since:
2005-08-18

Except secure boot doesn't solve any real security problem. It's obviously just a move by MS to stifle current and future competition.

MS and other companies do pay real people to have real jobs and have real lives.


WHY WON"T SOMEONE THINK OF THE CHILDREN...errr...JOBS?!?!

Edited 2012-06-18 03:31 UTC

Reply Parent Score: 4

gilboa Member since:
2005-07-06

MS and other companies do pay real people to have real jobs and have real lives.


I wonder if I should tag this comment:
-1 irrelevant.
-1 incorrect.
-1 troll.

What the **** does a locked boot loader with no user-controlled off switch (E.g. on ARM) have to do with MS' paying real money to their employees?

Newsflash! There are number [1] of [2] multi-billion [3] companies [4] that use / contribute to [5] open [6] source [7], and Gee, they, too, have real employees earning real paychecks.
(And trust me, this list is *very* partial)

- Gilboa
[1] http://finance.yahoo.com/q?s=ibm&ql=1
[2] http://finance.yahoo.com/q?s=GOOG
[3] http://finance.yahoo.com/q?s=INTC
[4] http://finance.yahoo.com/q?s=ORCL
[5] http://finance.yahoo.com/q?s=SSNLF
[6] http://finance.yahoo.com/q?s=VMW
[7] http://finance.yahoo.com/q?s=RHT&ql=0

Edited 2012-06-18 10:20 UTC

Reply Parent Score: 9