General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsWhy this "secure boot" from Microsoft is a load of bullcrap...
...and was made only to keep people from installing other OSs on their machines. Or from using their perfectly functioning, perfectly licensed copies of Win XP or 7. An anti-customer idea they saw Apple doing and just LOVED. Hell, even Apple is slightly more friendly with you installing other OSs on Macs. (But I'll keep avoiding them too nonetheless.)
Secure, my ass.
Give Microsoft the finger. Use Linux. (Or a BSD Unix if that's more your fancy.)
http://www.securityweek.com/microsoft-unauthorized-certificate-was-used-sign-flame-malware
[font size="-1"]By Mike Lennon on June 04, 2012[/font]
Microsoft: Techniques Used By Flame Could Be Used By Less Sophisticated Attackers to Launch Widespread Attacks
On Sunday, Microsoft reached out to customers and notified the public that it had discovered unauthorized digital certificates that chain up to a Microsoft sub-certification authority issued under the Microsoft Root Authority.
Interestingly, there is a direct connection between this discovery and the recently discovered Flame malware (also known as Flamer and sKyWIper). While many have said the enterprise threat posed by Flame is minimal, Microsoft is now warning that some of the techniques used by components of Flame could be leveraged by less sophisticated attackers to conduct more widespread attacks, namely in malware using unauthorized certificates in order to appear to be legitimate software coming from Microsoft.
Microsoft certification authority signing certificates added to the Untrusted Certificate StoreWhile these security issues are not Flame-specific, and could be used in other forms of unrelated malware, Microsoft was able to identify components of the Flame malware that had been signed with a certificate that ultimately chained up to the Microsoft Root Authority.
We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft, Microsoft Security Response Centers Jonathan Ness wrote in a blog post. We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft. Specifically, our Terminal Server Licensing Service, which allowed customers to authorize Remote Desktop services in their enterprise, used that older algorithm and provided certificates with the ability to sign code, thus permitting code to be signed as if it came from Microsoft.
More at link.
AverageJoe90
(10,745 posts)Would this update really prevent me from booting Linux?
Occulus
(20,599 posts)And yes, that is exactly what it will do.
joshcryer
(62,269 posts)It can still be turned off in the BIOS.
2ndAmForComputers
(3,527 posts)I expect worse in the future. That is, unless there's backlash enough right now.
joshcryer
(62,269 posts)I'm not saying we shouldn't worry, of course, I'm just saying that in the end I don't think MS wins this one. I think a bunch of Dell's will have the option turned on as per MS's requirement, but I think that the drive will be to push back against it and MS may, and I stress may here, have an anti-trust lawsuit to deal with. They'll claim that since the user can turn it off it's no big deal but there should be an argument that the default behavior is still going to hurt other OS's.
2ndAmForComputers
(3,527 posts)I'm trying here to make my tiny contribution toward that end, as you see.
Zalatix
(8,994 posts)Egalitarian Thug
(12,448 posts)no sequoia-sized holes into the OS, no need for a Cray supercomputer to boot up and slog along, no "I'm sorry but the only thing you can do is wipe your whole system and start over again.", and this box is 6 years old and runs everything I throw at it.
Oh, and this is something many of you might like, it's all free.
AverageJoe90
(10,745 posts)I'm running Ubuntu 11.04 myself. I do still have Windows Vista, and will probably get Win 7 for gaming when I get my next computer, but Ubuntu's too good not to toss out.....which is why I'm staying away from Win 8 if it really does prohibit you from dual-booting.
Egalitarian Thug
(12,448 posts)and I have to say that they've done an admirable job, doubly so because nobody's developing it just to get rich. I got the notice for 12.04 LTS, but haven't moved yet.
I inherited a valid copy of Win7 and intend to install it someday, But really it's just for games and the hardware reqs are so steep, I might just end up buying a Playstation for gaming (I just can't get the hang of the controllers).
madokie
(51,076 posts)and this machine is 10 years old and it'll still do anything I want to do with a computer. no anti-anything on here either and I've yet to have a problem.
fuck ms
Egalitarian Thug
(12,448 posts)joshcryer
(62,269 posts)Far be it for a corporation not disallow users from doing something which could hurt their bottom line.
Egalitarian Thug
(12,448 posts)slackmaster
(60,567 posts)IDemo
(16,926 posts)Many companies and most of those like me stubbornly clinging to desktop PC's will make Win-7 the next XP, running it for ten years or more.
slackmaster
(60,567 posts)I run other OSs as VMs, very well indeed.
IDemo
(16,926 posts)And the XP partition is for someone here who isn't quite ready to try something new.
Unless you've a need to run a server, what does WS2003 do for a user that XP or Win7 wouldn't?
slackmaster
(60,567 posts)But my Windows 2000 virtual machine can print on it just fine.
I don't know. I'm used to 2003 and it's rock-solid stable. The most stable Windows platform I have ever used. My system typically runs for several months without any need for a reboot.
CK_John
(10,005 posts)EOTE
(13,409 posts)BIOS are almost always integrated into motherboards, so that's where you'll see this technology.
Warren Stupidity
(48,181 posts)Your post is a bit alarmist. First microsoft's requirements only apply to win8 and are only mandatory on ARM tablets, on other hardware UEFI secure boot is optional - as in you can turn it off and install anything. If you leave it on then you can only installed signed OS's. The linux community is also supporting the UEFI standard for secure boot, so you will be able to install signed linux distros on any platform with UEFI secure boot enabled, even ARM tablets.
The Industrial Strength Flame Malware, most likely a government issued computer virus, does indeed compromise code signing keys. Doing so has weakened an organized effort to lock malware root kits out of new hardware, an effort supported by the linux community. If you want to go off on somebody, might I suggest the Israeli/US intelligence agencies that put this crap out there?
2ndAmForComputers
(3,527 posts)Which demands backing up.
If you're talking about the recent news of Red Had grudgingly acquiring a key, that can only be considered "support" in Pravda-level spin.