Linked by Thom Holwerda on Sat 29th Dec 2012 16:37 UTC
Linux It's sad that we need this, but alas - Matthew Garret has made a list of Linux distributions that boot on Windows 8 PCs with Secure Boot enabled. Tellingly enough, the list is short. Very short. Can someone hack this nonsense into oblivion please?
Thread beginning with comment 546639
To read all comments associated with this story, please click here.
All this fuss for what?
by chekr on Sun 30th Dec 2012 06:21 UTC
chekr
Member since:
2005-11-05

Just like Red Hat did, any distro can get a cert from VeriSign for 99USD. They can sign binaries with that cert until the cows come home and they will work with SecurerBoot PC's.

This is not some Microsoft conspiracy as the tin-foil hat brigade would have you believe. This is a great move to allow a trusted chain of execution on consumer PC's, used correctly it will drastically reduce the risk we face from malware.

Stop whinging, if somehow your distro cant afford $99, make a donation.

Secure Boot is one of the best things to happen to desktop security in years, we should thank Microsoft for forcing the hand of vendors who otherwise would continue to have it optional and turned off by default.

Reply Score: -2

RE: All this fuss for what?
by WereCatf on Sun 30th Dec 2012 07:27 in reply to "All this fuss for what?"
WereCatf Member since:
2006-02-15

This is a great move to allow a trusted chain of execution on consumer PC's, used correctly it will drastically reduce the risk we face from malware.


Oh, really? How will Secure Boot affect any of the most wide-spread malware packages at all? I mean, those do not modify the kernel or MBR in any way, so Secure Boot doesn't stop them or limit them in the least. And if Secure Boot doesn't affect the things that pose the greatest threat to end-users then what good is it for?

Reply Parent Score: 7

RE[2]: All this fuss for what?
by Drumhellar on Mon 31st Dec 2012 01:35 in reply to "RE: All this fuss for what?"
Drumhellar Member since:
2005-07-12

Just because it doesn't stop all malware doesn't mean it isn't a good thing. Despite what a lot of people seem to think, rootkits still exist in the wild. I mean, look at Stuxnet for a high-profile one in recent news.

They exist for Windows 7 64-bit even. I just recently came across one while cleaning somebody else's computer. SecureBoot would prevent these.

Reply Parent Score: 1

RE: All this fuss for what?
by Soulbender on Sun 30th Dec 2012 12:09 in reply to "All this fuss for what?"
Soulbender Member since:
2005-08-18

This is a great move to allow a trusted chain of execution on consumer PC's, used correctly it will drastically reduce the risk we face from malware.


Wow, really? Will it prevent malware running as my user from harvesting my data? Will it prevent malware running as my user from participate in a botnet? Will it prevent social engineering?
No? Fat lot of good it does, then.

Reply Parent Score: 8

RE[2]: All this fuss for what?
by Doc Pain on Mon 31st Dec 2012 02:10 in reply to "RE: All this fuss for what?"
Doc Pain Member since:
2006-10-08

"This is a great move to allow a trusted chain of execution on consumer PC's, used correctly it will drastically reduce the risk we face from malware.


Wow, really? Will it prevent malware running as my user from harvesting my data? Will it prevent malware running as my user from participate in a botnet? Will it prevent social engineering?
No? Fat lot of good it does, then.
"

But it says "secure" on the box! So it's secure! You don't want to disable it, or you'll catch a virus! :-)

No, honestly: "Secure Boot" emphasizes security during the boot process only. If it would protect against common malware, virus infections, social engineering and human stupidity, it would require a different name, and as repeated in the article several times, "signed by Microsoft". :-)

Of course it adds some protection that may even be useful in MICROS~1 land, but remember that not everyone is using "Windows" or wants to use it, or even wants to deal with it (even if it's just for the purpose of getting rid of the restrictions it implies). The best way would of course be to have an option to revert the UEFI "back to normal" as "Secure Boot" isn't needed to perform an OS boot in the first place. Deals between MICROS~1 (with their idea of how "security" should work) and OEMs will probably prevent such a simple solution...

Reply Parent Score: 4