Microsoft gearing to stop Linux, going beyond Mac lock-in

[EarlyMon]

Full story here -

http://m.zdnet.com/blog/open-source/microsoft-to-stop-linux-older-windows-from-running-on-windows-8-pcs/9589

What are they afraid of?

Why do they think they should have so much control of your hardware?

Does this finally make it clear, that corporate operating systems do not reflect anything more than domination by fear, uncertainty and doubt?

Read the article before explaining why this is ok, thanks in advance for that.

 

[SUroot]

What are they afraid of?

That ina free market, they are not the choice of many. I tell you what, they should be afraid. Whenever we buy a new, full sized laptop, often we are paying a premium for Windows Licences too. OEM's should have an option to buy it OS free.

Why do they think they should have so much control of your hardware

They shouldn't have any

Does this finally make it clear, that corporate operating systems do not reflect anything more than domination by fear, uncertainty and doubt?

Has it ever been unclear?

I'm sure there is evidence of this belief older than this, but here it goes anyway:

Read the article before explaining why this is ok, thanks in advance for that.

I read the first few lines, got angry, left. Doesnt matter though because itsNOT OK so I wont be explaining why it IS OK

 

[A.Nonymous]

The article is a bit misleading. It implies that Microsoft is implementing UEFI in order to block Linux. That's not true at all. They're implementing UEFI in order to prevent (or attempt to prevent) malware and root kits. The fact that it blocks Linux and other OSes is a side effect. The article should've reflected that.

 

[EarlyMon]

The article is a bit misleading. It implies that Microsoft is implementing UEFI in order to block Linux. That's not true at all. They're implementing UEFI in order to prevent (or attempt to prevent) malware and root kits. The fact that it blocks Linux and other OSes is a side effect. The article should've reflected that.

The article clearly reflected that this is a rehash of their failed attempt at lock in from the dot com days.

If you knew how malware works, you wouldn't actually believe what you said.

This is Microsoft trotting out the same old lock in attempt, that's an obvious fact, but thanks for your opinion, it wasn't disappointing. I am sure others may feel as you seem to.

 

[A.Nonymous]

Many root kits work by injecting software at the root level when the computer boots. You can remove the malware from inside the OS and it just re-spawns the next time it boots because the rootkit is there. The idea behind digital signing is that it keeps (theoretically) malware authors from injecting root kits at the boot level when the computer starts. Now, that does have the side effect of making it difficult to install Linux. I don't dispute that. But that is not Microsoft's intent. That's the part that is misleading. Their attempt to inject DRM in the dot-com days was exactly that. It was an attempt to inject DRM into the core of the OS. It also had the effect of blocking Linux, but that wasn't the intent of the action. The intent was to put DRM across the entire OS (which is completely bogus, but irrelevant to the discussion).

 

[EarlyMon]

It's completely relevant. Thanks for the attempt to shift the discussion to rootkits but I don't feel like playing.

What this means is plain and simple.

If you buy a pre-loaded Windows 8 machine, and it turns out you hate it as much as most of us did Vista, too bad, you can't install another version of Windows that you do like, much less Linux.

In terms you can relate to, Windows 8 is its own rootkit.

 

[A.Nonymous]

I never disputed that assertion was correct. What I disputed was the assertion that MS is doing this specifically to block Linux. That is incorrect. They are doing this to block malware. It has the side effect of blocking Linux.

 

[EarlyMon]

This was done to block Linux and to prevent Windows lovers from installing older versions of Windows if they don't like the Microsoft edict that from now on you'll take what you're given and you'll like it.

Fear of rootkits is the latest round of their favorite anti-competitive tactic, fear, uncertainty and doubt.

You fear the mighty rootkit, you are uncertain how widespread a problem it is now or will be in the future, but you doubt that this is bad because Microsoft is your friend.

Those of us immune to FUD see this for what it is.

An anti-competitive and consumer unfriendly Microsoft attack.

But that whole rootkit thing sure is scary.

Whatever did we do about rootkits before now? Something like disinfect the machine maybe?

Windows 8 is its own rootkit and you can't disinfect.

 

[karandpr]

Educate People .
Buy Hardware that supports disabling Secure Boot
Turn the market in favor of option with Secure Boot off .
Discourage people in buying Secure Boot options .
In the end Companies will give you the product ,people demand .

 

[A.Nonymous]

What did we do with rootkits? Disinfect the machine. Then spend hours repairing the damage the root kit did to the TCP/IP stack and other core components and eventually have to format/re-install despite all of that. I've never seen a system get a rootkit that was ever the same afterwards. Some needed to be reformatted/rebuilt immediately. Others developed weird, nagging problems that never went away until they had to be rebuilt. Some of these computers ran obscure proprietary software who's vendor's had long since gone out of business and rebuilding them was not an option and users had to deal with the nagging issues. If this prevents rootkits altogether (and it may not), then it's a very good thing for consumers and support techs. That's the reason MS is doing this. Customers have indicated they want a more secure OS.

 

[EarlyMon]

Educate People .
Buy Hardware that supports disabling Secure Boot
Turn the market in favor of option with Secure Boot off .
Discourage people in buying Secure Boot options .
In the end Companies will give you the product ,people demand .

Exactly!

Lesson learned from the PPC to Intel transition on the Macs - pay attention to the firmware.

We once enjoyed Open Firmware on the Macs, but those days are gone, slipped quietly away in the night. A very bad thing.

I'm looking forward to Windows 8 innovations, but the installed reality has to match the promises.

Hardware lock down? No thank you.

 

[EarlyMon]

"If this prevents rootkits altogether (and it may not)... "

Yes, installing lock-down for a problem that a very small percentage have suffered and not being able to claim that it actually solves the problem sounds like a perfectly valid reason to have an industry re-engineer and re-design everything to me!

What could possibly go wrong?

One of us should charge for admission.

 

[EarlyMon]

PS - Image backup. Store secure. When rootkit strikes, reformat or replace hard drive, restore image.

The image backup and off-site secure storage business exists. I entrusted my business to one such firm.

For home images, I use a standalone USB drive. Plug in only when safe or needed.

You should have talked to me sooner. Solving rootkit problems doesn't require re-tooling an industry.

And how many PCs have you managed or been responsible for, lifetime total estimate? And how many had a rootkit problem? Of those, how many had a working anti-malware software with zero pirated software?

Kool Aide - it's not for everyone.

Hardware lock down is Kool Aide.

 

[karandpr]

Well .For companies and organizations who are going to use Windows,train staff to use Windows only and are not planning to change a computing device fr 5 years or so ,the secure boot option doesnt matter .They can use the Secure Boot enabled all the time .

For desktop and small offices who may or may not go the linux way ,they will use the old hardware with Win 7 (*cough *XP* cough) or just research well before making a purchase .

The important thing will be the Netbook ,Tablet and Ultrabook arena
x86 vs ARM
Windows 8's locked bootloaders: much ado about nothing, or the end of the world as we know it?

 

[EarlyMon]

I work in an industry that buys a lot of PCs. One day, the new lot came in with XP. In firm after firm, within a few months, word was out, stay at Win2k. Until XP SP2 came out.

When Vista hit, the rollback order was to XP.

Those are Windows centric, worldwide corporations who will never run anything else.

Tell their purchasing agents that they won't be able to rollback without new training for the IT department at minimum. Tell them that if they want that, the machines could cost more, in real expenses.

And then get the popcorn, because it will be a very big deal.

 

[A.Nonymous]

PS - Image backup. Store secure. When rootkit strikes, reformat or replace hard drive, restore image.

The image backup and off-site secure storage business exists. I entrusted my business to one such firm.

The vast majority of businesses don't use solutions like this. They are expensive to implement. Off site secure storage for images of 20-30 computers is expensive in terms of storage and bandwidth. On site secure storage for 20-30 computers is expensive in terms of storage space.

For home images, I use a standalone USB drive. Plug in only when safe or needed.

Enterprise users aren't going to do this. Most home users aren't going to do this. They should. I don't argue with you on that. The fact is they don't.

And how many PCs have you managed or been responsible for, lifetime total estimate? And how many had a rootkit problem? Of those, how many had a working anti-malware software with zero pirated software?

Currently I'm responsible for managing more than a hundred PCs in many, many different environments - manufacturing, medical, administrative type stuff, you name it. That's just me. We've got 60-70 networks that we touch at some point or another in the course of a year. 30-40 of them are regular clients that we touch at least once a month. They all have at least 5-10 computers including servers and most have many more than that. How many have had a rootkit problem? We get issues with rootkits at least every other week. Every time there's a zero day exploit we can get half a dozen to a dozen a day. All of them have working anti-virus software with current definitions. (Though you could argue that since they got infected the software really wasn't working.) None of them have pirated software on them. That is something we do not tolerate as it puts our entire company at risk.

 

[EarlyMon]

OK, you get 26 cases of this a year (every other week).

If you're the only one there, that's a 26% failure rate. If there are more of your sort, the percentage goes down.

26 cases a year must not cost as much as a better backup plan, evidently manual labor is cheaper.

How soon will the one to multiple hundreds of machines get replaced to solve this problem? Will that be an organizational update or an as needed, individual machine, basis?

How much will that cost?

Who will be accountable if it doesn't solve the problem?

And doesn't a zero day vulnerability imply that a zero day update practice is remaining in place when that alone is a high-risk practice?

Why should the rest of us pay for that firms questionable business practices?

 

[IOWA]

I never disputed that assertion was correct. What I disputed was the assertion that MS is doing this specifically to block Linux. That is incorrect. They are doing this to block malware. It has the side effect of blocking Linux.

No, you're wrong.

Blocking other operating systems IS a key prospect for them, blocking malware is the side effect.

It's much like the politicians who claimed SOPA/PIPA was really about protecting people from piracy and "Child Porn" when really what it's about is protecting their antiquated business model.

Think about it. If they really wanted it JUST for malware, they would make it a requirement that it could be disabled by the user.

 

[Bob Maxey]

Full story here -

http://m.zdnet.com/blog/open-source/microsoft-to-stop-linux-older-windows-from-running-on-windows-8-pcs/9589

What are they afraid of?

Why do they think they should have so much control of your hardware?

Does this finally make it clear, that corporate operating systems do not reflect anything more than domination by fear, uncertainty and doubt?

Read the article before explaining why this is ok, thanks in advance for that.

I stopped trying to figure out MS some time ago (cough, Palladium, cough, cough) The article certainly makes you think about the company. With the SOPA and PIPA looming, it might be difficult to distribute hacks and cracks that would allow BIOS/UEFI circumvention. Or perhaps not, I need more coffee.

So Early, is this a possibility? MS will probably spend tons of cash to implement this mess; the hardware manufacturers will as well. If I distribute a crack that can somehow overwrite the BIOS/UEFI, do I need to find someone capable of baking me a cake with a file inside?

As I see it, MS will make manufacturers implement their word view and if they do not, MS might not allow a Gateway or IBM or Lennovo to distribute MS OS in any form.

I'm looking forward to Windows 8 innovations, but the installed reality has to match the promises.

Hardware lock down? No thank you.

I Jailbreak because I want my iPad on my terms. Apple hates us lawless types and for some odd reason, the LOC told Apple that jailbreaking was in no way an IP violation and we all benefit in that we can root. It is interesting that Toyota released a Scion Theme through Cydia and they pulled it when Apple complained.

Fortunately, as long as I have Internet access, email and Word, that is all I need. I hate the idea that you cannot freely install an OS like Linux because Microsoft thinks it is Apple. I do not seriously consider Linux because I am pleased with Winders.

It's completely relevant. Thanks for the attempt to shift the discussion to rootkits but I don't feel like playing.

What this means is plain and simple.

If you buy a pre-loaded Windows 8 machine, and it turns out you hate it as much as most of us did Vista, too bad, you can't install another version of Windows that you do like, much less Linux.

In terms you can relate to, Windows 8 is its own rootkit.

I guess the pressure will be off Apple. No longer will they be the company that wants to control the world; MS will have a place at the big table deep within Skynet's HQ.

 

[EarlyMon]

I stopped trying to figure out MS some time ago (cough, Palladium, cough, cough) The article certainly makes you think about the company. With the SOPA and PIPA looming, it might be difficult to distribute hacks and cracks that would allow BIOS/UEFI circumvention. Or perhaps not, I need more coffee.

So Early, is this a possibility? MS will probably spend tons of cash to implement this mess; the hardware manufacturers will as well. If I distribute a crack that can somehow overwrite the BIOS/UEFI, do I need to find someone capable of baking me a cake with a file inside?

As I see it, MS will make manufacturers implement their word view and if they do not, MS might not allow a Gateway or IBM or Lennovo to distribute MS OS in any form.

As you and I have seen all too often, there's the sales pitch and then there's the delivery.

The sales pitch is that you can configure the firmware to not require the digital signature on a PC and install what you like.


I predict that the delivery, either immediately or shortly thereafter, will be to remove that feature with FUD about how that only gets people in trouble or is a premium feature or whatever. Like charging more to put fewer ingredients in drinks.

On the mobile side, I've been on developer forums discussing bypassing encrypted bootloaders. Often, people will share observed responses in an effort to guess what's going on inside the black box.

I don't see how interested corporations would not leap at the possibility of site shutdown if given the chance.

When this goes through, everyone will be expected to line the streets and proclaim that the emperor is wearing such fine clothes. And thanks to FUD, many will believe it.

And when it's cracked like digital signatures for tempting targets always are, Microsoft will proclaim that they did everything that they could. And enough people will believe them that maybe we'll get even more legislation.

We'll certainly continue to get a steady stream of operating system updates with insufficient quality assurance and an on-going weakness to malware.

But heaven forbid we compare their actions to Apple, because, gosh, they are just so different. One is spelled with 9 letters you know.

 

[A.Nonymous]

OK, you get 26 cases of this a year (every other week).

If you're the only one there, that's a 26% failure rate. If there are more of your sort, the percentage goes down.

26 cases a year must not cost as much as a better backup plan, evidently manual labor is cheaper.

How soon will the one to multiple hundreds of machines get replaced to solve this problem? Will that be an organizational update or an as needed, individual machine, basis?

How much will that cost?

Who will be accountable if it doesn't solve the problem?

And doesn't a zero day vulnerability imply that a zero day update practice is remaining in place when that alone is a high-risk practice?

Why should the rest of us pay for that firms questionable business practices?

I looked through my paperwork. I actually had 50 incidents of removing a virus since May of last year. Now, some of those are no doubt call backs where I or some other tech screwed up. Some of those are probably cases where I started work and had to come back at a later date to finish it. So, let's say only 25 of those are cases in the past 7 months. Stretch that out over a year and it's close to 50 cases. That's just me. There 4 other techs in the office. Let's say that my load of 50 is extremely high and they only did half of that. That's 4 techs with 25 incidents a year. So there are 150 incidents total across our clients. It takes at least an hour to remove an infection and often times 4-5 if you have to build the computer from scratch. It's at least 150 man hours that are wasted not to mention lost productivity from the people who actually use the computers.

A zero-day vulnerability simply implies that a vulnerability has been found/exploited in the wild before a patch for it has been found. It's not uncommon for us to have 5-10 malware infected machines (some worse than others) on days like that.

Think about it. If they really wanted it JUST for malware, they would make it a requirement that it could be disabled by the user.

Actually they wouldn't. Windows is designed for idiots. They're not going to require users to have the ability to to disable what they consider an essential security feature.

 

[Bob Maxey]

Actually they wouldn't. Windows is designed for idiots. They're not going to require users to have the ability to to disable what they consider an essential security feature.

And Apple is designed for upper class idiots with too much money and Linux is designed for tech heads and Ubuntu is designed for poor idiots that hate Apple/Microsoft and want something the looks cool but is often just as perplexing as OSX and Windows.

Windows is designed to get crap done!

Next year is the year of Unix. Or perhaps DR. Dos will make a come back with a cool GUI and a few cool games. Real men run Unix; Ubuntu is for you mother, New Bees that feel the need to be cool and braggarts.

I jest. Smiley

No sir, 2012 is the year of WinStep Extreme; a place where I can look cool without learning much.

Actually they wouldn't. Windows is designed for idiots. They're not going to require users to have the ability to to disable what they consider an essential security feature.

The iPad is also designed for idiots. Well, perhaps not, but close.

The Apple Sandbox prevents applications from "talking" to and with each other. This is why you cannot easily upload something from your iPad to the web. Safari is generally isolated from other parts. The sandbox is why it is impossible to catch a cold or the flu. It also points to some of the problems that occur when a manufacturer locks something down.

But we have Jailbreaking and that removes the restrictions imposed by Apple. Perhaps we will have to Root or Jailbreak our new computers?

I wonder about the legalities. Didn't Microsoft go to court because they "forced" us to use IE? Perhaps it is not the same thing, but in a courtroom, you do not need to be right, just more engaging. And you do not need to know anything except how to perform in public.

 

[9to5cynic]

A couple of questions:

1) How long til MS gets another anti-trust lawsuit?
2) How long til someone much smarter than myself writes some code to undo this nonsense?

will only securely boot Microsoft operating systems.

does this mean that other OS's can be insecurely booted?

Microsoft

 

[saptech]

The ability to disable secure boot on x86 is only half an answer, we (the legitimate owners) also need the ability to authorize/revoke the platform keys. Hard-coding microsoft keys will make alternative operating systems second class citizens on new platforms.

"Ask Bill why the string in [MS-DOS] function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that." - Dr. Gary Kildall.

 

[argedion]

When ever you give a Corporation as much power as you have given Microsoft then it is always in their best interest to maintain that power at any and all given times. Just ask a company named Caldera oh wait never mind they went out of business. I personally think when I buy a computer it should come as I want it and not how someone thinks it should be. If I want to run Linux on it then It should be no problem for me to do so. After all its my computer or is it? I do have consumer rights don't I? I should have the right to determine what condition the computer and all its hardware and software.

Freedom is nothing to be taken lightly. It is the community's responsibility to find the exploits that root kits use and close them. How many rootkits affect Linux Systems? How many affect Unix Systems? If the only target is MS Windows then who is to say it wasn't MS Windows that created such kits as to "Justify" the actions on which they are taking now. Microsoft has always been the big bully in the Computer world. Now they are trying desperately to stop users from using alternatives. Why? well it boils down to this MONEY. Microsoft has lost a lot of business do to the success of the android phone and tablet. In other words Microsoft is loosing its grip on the tech world and is unwilling to change anything to make the program more open. Proprietary systems are useful to a point Just not really for everyday computing.

Linux, Freebsd, Solaris, and others will always find way to exploit the weakness of such bullies and end the end WE WILL CRUSH THE LIKES OF MICROSOFT.