flat assembler
Message board for the users of flat assembler.

Index > Windows > Windows 8 has a kill switch

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17344
Location: In your JS exploiting you and your system
revolution
Are you happy about MS being able to delete and alter things on your system without your permission?
With the rollout of the Windows 8 operating system expected later this year, millions of desktop and laptop PCs will get kill switches for the first time. Microsoft hasn’t spoken publicly about its reasons for including this capability in Windows 8 beyond a cryptic warning that it might be compelled to use it for legal or security reasons.
Post 27 Feb 2012, 02:02
View user's profile Send private message Visit poster's website Reply with quote
Alphonso



Joined: 16 Jan 2007
Posts: 294
Alphonso
Quote:
Microsoft declined to answer questions about the kill switch in Windows 8 other than to say it will only be able to remove or change applications downloaded through the new app store. Any software loaded from a flash drive, DVD, or directly from the Web will remain outside Microsoft’s control.

Doesn't seem that big a deal.

Have you tried 8 yet? From what I have seen so far I'm not sure that I'll be using the "app store" anyway.
Post 27 Feb 2012, 04:39
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17344
Location: In your JS exploiting you and your system
revolution
Alphonso wrote:
Doesn't seem that big a deal.

Have you tried 8 yet? From what I have seen so far I'm not sure that I'll be using the "app store" anyway.
I'm not convinced this the the proper way to examine it. I get a bad feeling when companies feel they have a right to meddle with end user's equipment. Apple already does it, Amazon with the Kindle, Google with the Android and now MS want to get a piece of the Big-Brother-is-in-control pie.

It is already bad enough with the introduction in Vista's of signed driver enforcement. This removes control from the user and places it in the hands of some USA corporation where the user has no say about what is allowed or not. I find it hard to justify turning over my trust to a faceless corporation that is only concerned about its own profit.

If only Linux/Unix/BSD/whatever was in a position to be competitive I would switch immediately. But, alas, almost all of our customers and suppliers insist on using Windows only compatible programs, file formats and equipment. Not to say I blame our customers/suppliers, since MS is the only way that most of the things they want to do can be done. But once MS feel empowered enough to give themselves the right to meddle then I get concerned that this will only get worse in the future.

FWIW: No, I haven't tried W8. I shall be avoiding it for as long as possible. Although I do expect I will eventually be forced to use it sometime in the future. Sad The interface looks awful; too simplistic and dumbed down. Doing anything more than content consumption or online shopping appears to be out of the sphere of the intended purpose.
Post 27 Feb 2012, 05:29
View user's profile Send private message Visit poster's website Reply with quote
Alphonso



Joined: 16 Jan 2007
Posts: 294
Alphonso
revolution wrote:
It is already bad enough with the introduction in Vista's of signed driver enforcement. This removes control from the user and places it in the hands of some USA corporation where the user has no say about what is allowed or not.
Yes, it can be a nuisance having to self-sign and run under testsigning, even more of a nuisance if you want to share.

As for control, what would happen if the MS kernel certificate was revoked or any other software requiring chaining to a root CA.

Maybe some people out there need big brother to protect them.

Just a personal opinion, I'm not happy or unhappy, it's just the way it is.
Post 27 Feb 2012, 06:27
View user's profile Send private message Reply with quote
madmatt



Joined: 07 Oct 2003
Posts: 1045
Location: Michigan, USA
madmatt
revolution wrote:
Are you happy about MS being able to delete and alter things on your system without your permission?
With the rollout of the Windows 8 operating system expected later this year, millions of desktop and laptop PCs will get kill switches for the first time. Microsoft hasn’t spoken publicly about its reasons for including this capability in Windows 8 beyond a cryptic warning that it might be compelled to use it for legal or security reasons.


We WILL be notified when they use this each and every time right?

Quote:
FWIW: No, I haven't tried W8. I shall be avoiding it for as long as possible. Although I do expect I will eventually be forced to use it sometime in the future. The interface looks awful; too simplistic and dumbed down. Doing anything more than content consumption or online shopping appears to be out of the sphere of the intended purpose.


I agree, OS's seem to be designed for your average teenager (including ubuntu's latest), can we get back to OS's for adults!

_________________
Gimme a sledge hammer! I'LL FIX IT!
Post 27 Feb 2012, 12:40
View user's profile Send private message Reply with quote
JohnFound



Joined: 16 Jun 2003
Posts: 3502
Location: Bulgaria
JohnFound
The only versions of Windows I ever used are Win95; Win98 and WinXP. I hope until I am forced to use Win8, the Reactos will be released at least in Beta. Very Happy
Post 27 Feb 2012, 13:06
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
shutdownall



Joined: 02 Apr 2010
Posts: 518
Location: Munich
shutdownall
revolution wrote:
I'm not convinced this the the proper way to examine it. I get a bad feeling when companies feel they have a right to meddle with end user's equipment. Apple already does it, Amazon with the Kindle, Google with the Android and now MS want to get a piece of the Big-Brother-is-in-control pie.


The article talks about restriction of that function to software loaded via the app store only. Wink
Post 27 Feb 2012, 23:10
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17344
Location: In your JS exploiting you and your system
revolution
That function should not exist at all, regardless of whatever restrictions they initially decide to impose on it.
Post 27 Feb 2012, 23:27
View user's profile Send private message Visit poster's website Reply with quote
Coty



Joined: 17 May 2010
Posts: 546
Location: ␀
Coty
shutdownall wrote:
The article talks about restriction of that function to software loaded via the app store only. Wink

So, if I buy an app from there store, with my money, they can change it? But, If I pirate it I'm free to go?

They say "Oh! it only goes this far!"

But does it really? I mean, they now have a backdoor into my system, how much would it take for the to gain full control?
Post 28 Feb 2012, 01:54
View user's profile Send private message Send e-mail Visit poster's website AIM Address Reply with quote
Alphonso



Joined: 16 Jan 2007
Posts: 294
Alphonso
lol,

http://www.theverge.com/2011/12/6/2616731/microsoft-windows-store-pricing-149-70-80-percent

Is it really in their interest to delete the good stuff while taking a 20%-30% cut on the price of the applications? Seems to me this has the opportunity to make huge revenues for MS in which case it would be in their least interests to upset the users. Wink

madmatt wrote:
I agree, OS's seem to be designed for your average teenager (including ubuntu's latest), can we get back to OS's for adults!
Maybe it's catering for the majority. Wink
Post 28 Feb 2012, 03:41
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17344
Location: In your JS exploiting you and your system
revolution
This is somewhat related:

Windows 8 ARM devices won't have the option to switch off Secure Boot

So if you buy an ARM based device with W8 then forget about booting another OS, ever. It's W8 for life! Long live W8. Rolling Eyes MS is definitely taking away user choice and instead pandering to big-media to offer a "secure" device that users will want so that they can watch and listen to only authorised content. The sad part is that many people seem so happy to accept it. And it is being sold as the "to protect you from malware" thing, while in reality it is more likely the first step to MS controlling everything you do with it.

So, it looks like just another company acting like Apple. I've never cared about Apple because they are so small in comparison, but once the dominant OS takes that stance then I get concerned that societal pressures will force so many (like myself) into either accepting it or going out of business. Lack of choice is not a good thing IMO. I've previously criticised Linux for having far too much choice, but having no choice at all is an even worse situation.
Post 28 Feb 2012, 04:47
View user's profile Send private message Visit poster's website Reply with quote
Alphonso



Joined: 16 Jan 2007
Posts: 294
Alphonso
Actually one of the things about W8 is that it uses a semi hibernate when shutting down so that booting next time is quicker than a full reboot however if you have a dual boot or boot manager for multiple OS's that can mean having to boot W8 first then restart to select a different OS.

http://www.pcworld.com/businesscenter/article/242865/linux_foundation_secure_boot_need_not_be_a_problem.html

Are there any other ARM OS's that can run on ARM hardware for W8?

revolution wrote:
while in reality it is more likely the first step to MS controlling everything you do with it.
I don't know about being the first step, seems that might have been taken some time ago.


revolution wrote:
I get concerned that societal pressures will force so many (like myself) into either accepting it or going out of business.
Yep, you will likely have to put up with it.


revolution wrote:
Lack of choice is not a good thing IMO.
Lack of choice because people are more likely to write software for the dominant OS making the dominant OS even more popular.

It is IMO going to be very difficult to change that unless MS slips up badly and loses more than say 50% share of the market. With MS IMO being $$$ orientated that could then possibly snowball into liquidation for them. Big losses, loss of jobs, pay cuts, programmers moving on...
Post 28 Feb 2012, 05:56
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17344
Location: In your JS exploiting you and your system
revolution
Alphonso wrote:
Are there any other ARM OS's that can run on ARM hardware for W8?
Erm, of course. Linux for one. And anybody else who feels inclined to write one. But if you can't get a signing key then there would be no way to boot it, even if you wrote the entire OS yourself. Indeed, especially if you wrote it yourself, you would be unlikely to be able, or willing, to spend big money to obtain a key legally just to boot a hobby OS.

But any well funded hacker (like a government) could certainly get a signing key and do whatever they please with your hardware.
Post 28 Feb 2012, 06:10
View user's profile Send private message Visit poster's website Reply with quote
Alphonso



Joined: 16 Jan 2007
Posts: 294
Alphonso
I think if one is clever enough to write your own hobby OS then they are probably clever enough to remove the restriction from the BIOS. Of course sharing might be a problem.

Just my 2 cents.
Post 28 Feb 2012, 06:21
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17344
Location: In your JS exploiting you and your system
revolution
Alphonso wrote:
I think if one is clever enough to write your own hobby OS then they are probably clever enough to remove the restriction from the BIOS.
It is not that simple, unfortunately. The ARM SOCs don't have an external BIOS. They have internal ROM boot code. My testing with our ARM chips showed that in secure mode the ROM code cannot be bypassed. If you don't load in properly signed boot-up code then it just loops and does nothing. I tried for two days to see if I could trick it into booting some unsigned code but could find no way to do it. When the CPU is accessing the internal ROM code the external buses do not present the internal state to the outside world. I even shorted out all the buses and the CPU can still boot internally and ask for signed boot-up code on the serial port.

I'm not saying it is impossible, but it would require a lot of time and effort do discover the weakness (if there is one) and then be able to leverage that in some way to reverse engineer the public signing keys. Probably the easiest, and cheapest, way would be to simply bribe the holder of the keys to tell you what they are.
Post 28 Feb 2012, 06:39
View user's profile Send private message Visit poster's website Reply with quote
Alphonso



Joined: 16 Jan 2007
Posts: 294
Alphonso
Ah, okay. I'm not familiar with ARM as you have probably noticed but there did seem to be posts suggesting the OEM could provide enable/disable option for secure boot and MS suggesting it should not be made an option to the end user, just enabled. If there is a big demand for non Windows on ARM I would think the OEM's would be cutting their own throats by doing such a thing.

Is the ROM OTP or can you read/write it? If it were me I'd probably look at it from that side rather than messing with keys, i.e. allow non secure booting.
Post 28 Feb 2012, 08:07
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17344
Location: In your JS exploiting you and your system
revolution
Alphonso wrote:
Is the ROM OTP or can you read/write it? If it were me I'd probably look at it from that side rather than messing with keys, i.e. allow non secure booting.
The ROM is precisely that, R.O.M. The contents are set at chip fabrication time. It cannot be read or executed unless the chip is running is secure mode. To use the TPM language, it is curtained memory. But even so, reading ROM data with some sort of signed, but compromised or buggy, boot loader still won't help you. Even reading the public keys out and dumping them somewhere still won't help you. You need the private key for signing and that is not even stored anywhere in the chip.

The chip makers (not the OEMs) make different versions of their chips, GP and Secure. The GP chips are not secure (general purpose) and these chips MS would not qualify for use so that only leaves the Secure chips, and then it is up the the manufacturer if they allow some override procedure to place the chip into setup mode (or maybe even unsecure mode). If no such procedure exists then nothing* short of popping the lid and meddling with probes and things will allow you to boot unsigned code.

*I suppose factoring the public key might also be a potential vector, and it is certainly the most useful if it can be achieved. But it is unlikely that would be possible with current mathematics knowledge. There would need to be some very major breakthroughs in theory to pull it off.
Post 28 Feb 2012, 08:44
View user's profile Send private message Visit poster's website Reply with quote
shutdownall



Joined: 02 Apr 2010
Posts: 518
Location: Munich
shutdownall
revolution wrote:

So if you buy an ARM based device with W8 then forget about booting another OS, ever. It's W8 for life! Long live W8. Rolling Eyes MS is definitely taking away user choice and instead pandering to big-media to offer a "secure" device that users will want so that they can watch and listen to only authorised content.

I don't think that UEFI secure boot works like Microsoft want. Okay now they make requirements for their new OS and want to be secure boot as default on motherboards. So other OS won't be able to be installed on those motherboards without changing something (what the general user not want to nor does have know how for that).

But till now there is no mainboard producer which supports Microsoft's requirements regarding secure boot. So the last word is not spoken in this film. Microsoft can want many things, if nobody supports it they can not do nothing than produce own Microsoft PC's. But this won't happen.


revolution wrote:

So, it looks like just another company acting like Apple.

This is not new and in the past Microsoft tried to benefit from their market position to distribute own browser, own media player and so on. But in fact in the EU they paid for their mistakes. I think since the beginning of the 90s they payed about 1 billion EUR, and fine is increasing in every case more and more. So if Microsoft really can convince pc producing companies to support their secure boot, they have to pay a significant high price for this. And EU commissars are watching about it. Be sure. Wink
Post 28 Feb 2012, 16:39
View user's profile Send private message Send e-mail Reply with quote
shutdownall



Joined: 02 Apr 2010
Posts: 518
Location: Munich
shutdownall
Coty wrote:

But does it really? I mean, they now have a backdoor into my system, how much would it take for the to gain full control?


Every OS developper can have backdoors in his system and I am sure Microsoft has and had many many years before. So I think this is a fact and not a fiction. Razz
Post 28 Feb 2012, 16:40
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17344
Location: In your JS exploiting you and your system
revolution
shutdownall wrote:

I don't think that UEFI secure boot works like Microsoft want. Okay now they make requirements for their new OS and want to be secure boot as default on motherboards. So other OS won't be able to be installed on those motherboards without changing something (what the general user not want to nor does have know how for that).

But till now there is no mainboard producer which supports Microsoft's requirements regarding secure boot. So the last word is not spoken in this film. Microsoft can want many things, if nobody supports it they can not do nothing than produce own Microsoft PC's. But this won't happen.
ARM does not use UEFI, and they are SOCs not motherboards. There are many such SOCs that can do precisely what MS want. I've been using such SOCs for the last three years.
Post 28 Feb 2012, 21:53
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.