Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 10 to make the Secure Boot alt-OS lock out a reality


  • Please log in to reply
123 replies to this topic

#1 JohnC_21

JohnC_21

  • Members
  • 24,668 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 20 March 2015 - 05:14 PM

At its WinHEC hardware conference in Shenzhen, China, Microsoft talked about the hardware requirements for Windows 10. The precise final specs are not available yet, so all this is somewhat subject to change, but right now, Microsoft says that the switch to allow Secure Boot to be turned off is now optional. Hardware can be Designed for Windows 10 and can offer no way to opt out of the Secure Boot lock down.

The presentation is silent on whether OEMS can or should provide support for adding custom certificates.

 

 

So I guess that gets rid of the linux disk option for file recovery on a WIndows 10 OEM computer where SecureBoot cannot be disabled not to mention any chance of running a Windows 7 PE disk.

 

Article



BC AdBot (Login to Remove)

 


#2 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:03:09 AM

Posted 20 March 2015 - 06:25 PM

 

This all seemed to work, and the concerns that Linux and other operating systems would be locked out proved unfounded.

This time, however, they're not.

At its WinHEC hardware conference in Shenzhen, China, Microsoft talked about the hardware requirements for Windows 10. The precise final specs are not available yet, so all this is somewhat subject to change, but right now, Microsoft says that the switch to allow Secure Boot to be turned off is now optional. Hardware can be Designed for Windows 10 and can offer no way to opt out of the Secure Boot lock down.

http://arstechnica.com/information-technology/2015/03/windows-10-to-make-the-secure-boot-alt-os-lock-out-a-reality/

 

Windows Operating System.

A 64 bit update to a 32 bit extension and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprossessor, written by a 2 bit company that can't stand 1 bit of competition.

 

The world needs to wake up and tell Microsoft NO MORE, By not buying it's crappy overpriced insecure so called Operating System.


Edited by NickAu, 20 March 2015 - 06:28 PM.


#3 rp88

rp88

  • Members
  • 3,069 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:09 PM

Posted 21 March 2015 - 03:04 PM

This, therefore, is why ms is offering windows 10 for free. To wipe out competition. Nice quote in your definition of a windows operating system NickAu.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#4 yu gnomi

yu gnomi

  • Members
  • 532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago suburb
  • Local time:11:09 AM

Posted 21 March 2015 - 06:42 PM

Pretty sure the free offering of Win 10 is not aimed at Linux. MS wants as many people using 10 as possible to boost demand for it's mobile devices, counting on the cross-platform capability of 10 to be a selling point. If people have 10 on their desktop, why not have a phone that runs 10, and a tablet that runs 10, game system that runs 10, smart watch that runs 10, etc.

 

Linux isn't the sort of competition that MS will lose sleep over, it is a small percentage of desktop and laptop market.



#5 rp88

rp88

  • Members
  • 3,069 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:09 PM

Posted 22 March 2015 - 10:13 AM

Are this type of locked down machine on sale yet, or won't users wanting to set up dual boots have to worry about this until after windows 10 is released in spetember/october/november?
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#6 bluesmanuk

bluesmanuk

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 24 March 2015 - 06:16 PM

OEM's that do opt to lock things down though will soon find themselves being named and shamed, which will ultimately hurt reputations and sales.



#7 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:03:09 AM

Posted 24 March 2015 - 07:28 PM

 

OEM's that do opt to lock things down though will soon find themselves being named and shamed, which will ultimately hurt reputations and sales.

I can't see how it will bother them.  You will have a choice, Windows 10 or Windows 10, or you can buy a MAC. Something like this will hurt Linux.



#8 bluesmanuk

bluesmanuk

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 25 March 2015 - 12:20 AM

It would bother them if they were not selling as many as the savvy manufacturers that will give choice.

 

Macs are too expensive for most, so can't see that happening en mass.



#9 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:03:09 AM

Posted 25 March 2015 - 01:59 AM

 

It would bother them if they were not selling as many as the savvy manufacturers that will give choice.

The biggest problem is that MR and MRS Average have no idea what secure boot is and don't care as long as the PC works when they hit the on button all is good.



#10 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,018 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:12:09 PM

Posted 25 March 2015 - 02:10 AM

 

 

This all seemed to work, and the concerns that Linux and other operating systems would be locked out proved unfounded.

This time, however, they're not.

At its WinHEC hardware conference in Shenzhen, China, Microsoft talked about the hardware requirements for Windows 10. The precise final specs are not available yet, so all this is somewhat subject to change, but right now, Microsoft says that the switch to allow Secure Boot to be turned off is now optional. Hardware can be Designed for Windows 10 and can offer no way to opt out of the Secure Boot lock down.

http://arstechnica.com/information-technology/2015/03/windows-10-to-make-the-secure-boot-alt-os-lock-out-a-reality/

 

Windows Operating System.

A 64 bit update to a 32 bit extension and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprossessor, written by a 2 bit company that can't stand 1 bit of competition.

 

The world needs to wake up and tell Microsoft NO MORE, By not buying it's crappy overpriced insecure so called Operating System.

 

 

Should have known this was going to happen, but won't on computers that are already out there with Windows 7 or 8.1 installed, because the option for Windows 7 was that Secure Boot had to be disabled, and those with current 8.1 systems, even if purchased yesterday, still has the 'disable Secure Boot' option.  

 

You know, this all brings us back to a Topic that was in the Speak Easy, where many laughed off the content all as comical effort (or conspiracy against Microsoft). The bits & pieces of comedy were placed in there for users to read on, to keep them interested. Now that it's coming true, no one can say they weren't warned, that same article was likely re-posted in every nook & cranny there was. Yet one place where it was censored (my link and post references removed) was on the Dell Hardware Forum, being an OEM, is it a wonder? Chances are, someone there seen it as undercutting their efforts to keep their customers 'secure', that is, if one can call sitting in a solitary confinement cell with their hands shackled to their waists 'secure', my answer is they're misfiring on some cylinders. 

 

There was a reason why Windows 8.1 brought new meaning to WinPE, meaning that 8.1 is often & widely considered the Windows Prison Edition, and I'll let the author take over from here. Hopefully by now, consumers realizes it's not a joke, as Windows 7 computers are selling as well as when introduced, retailers cannot keep up with demand. 

 

http://www.freeyourselffrommicrosoftandthensa.org/02-superbugs-and-cyber-wars/2-4-uefi-the-microsoft-nsa-kill-switch

 

Yes, at the call of the head of the NSA, Microsoft has the authority to disable the functions of a native equipped UEFI PC with Windows 8.1 installed, and Secure Boot still enabled. That's exactly why it should be disabled ASAP after purchase. For starters, having Secure Boot is no guarantee of not becoming infected, if it were, more consumers would embrace the idea, even though they're still chained down. All that Secure Boot is doing is what the security apps should be doing & many has the option to enable protection at boot, whereas the normal is like 15 seconds after boot that the security becomes enabled. 

 

That said, Secure Boot only benefits Microsoft (& the NSA), it's not meant to be a replacement for having both active anti-virus & anti-malware software load at boot. Therefore, it's expendable. Am really surprised that the ACLU & other groups haven't pounced on this, as well as other groups actively collecting signatures to make this practice illegal. 

 

Not the Windows OS, but the computer, is the consumers personal property. The OS is licensed, not sold, and only runs on the hard drive of the computer. One should be able to disable Secure Boot, and install the OS of their choosing on it. 

 

Consumers who are Windows 10 testers should leave lots of feedback that Secure Boot is a rotten & dirty idea, and scrapped in future builds. That kill switch can reach users in all places of the globe, where there is Internet access, if desired they can fly above the heads of many, fooling them into thinking they have 'free wireless', and their computer gets bricked. 

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#11 JohnC_21

JohnC_21
  • Topic Starter

  • Members
  • 24,668 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 25 March 2015 - 08:41 AM

Do you thing for one moment that even if Microsoft says it's optional, they will not be pressuring the OEM's to make SecureBoot not optional especially if Microsoft sets a low price on Windows 10, I don't know about here in the U.S. but I think in Europe, Microsoft and the OEM's would have a hard time pushing this through. And yes, Secure Boot is pretty much useless when you see all the people with infected Windows 8 computers.

 

Fortunately, for the enthusiast, you could still build a computer and not have to worry about the nonsense.

 

But, would it not be possible for the big distros to have their own certificates. I know you were able to put a SecureBoot Certificate on the hard drive using FatDog. Not sure if this is still available or not. Still the person had to disable SecureBoot to install the certificate as a workaround to get it to boot on a Dell

 

http://distro.ibiblio.org/fatdog/web/faqs/secure-boot.html



#12 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,018 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:12:09 PM

Posted 25 March 2015 - 10:40 PM

JohnC_21. thanks for your link, it's bookmarked! :thumbup2:

 

I'm a Dell owner also. Yes, Microsoft has a much harder time in cramming these ideas down the EU consumer's throats, whereas in the US, they fairly do much as they please. This is because they're highly active in US politics in the highest places, where there's little resistance to their deeds. 

 

Worse yet, we have little support as to Tech/Internet activism, maybe some small victories that hasn't been won in full yet (such the definition of broadband of being 25Mbps down/3Mbps up), and what all the Net Neutrality deal is over. These are issues that affects everyone with most any type of Internet connection w/out a solid support group, yet there are others where the beneficiaries are only a microscopic fraction of the nation's citizens. Yet the protests over these will come hard & full throttle, they tend to forget where most of their work is done. Online, beginning with petitioning, where the NSA via Microsoft can monitor every step of their way, keeping the government one foot ahead on all of their plans. 

 

As a whole, the North American consumer market is one that buys now, pays the hidden price later, w/out regards to what that price may be. In this case, freedom, what millions have laid their lives down for, yet many takes that for granted. Some of the content of the 'Bill of Rights' applies to us also. Yet we have no major consumer rights group (if so, point these out) willing to stand up to Microsoft & call for what's right. Control over our personal property, to include how Microsoft violates that control over & over again, and could do worse at their will (the kill switch). 

 

Don't expect improvement of this with Windows 10, rather a worsening state, with the NSA via Microsoft acting against us w/out as much as a search warrant to access all of the content of our hard drives. Even the things one would never want another person, even their spouse, to know. 

 

My next PC will be home built, to (partially) avert any of these types of events. Some of the rest is on our end, adding & using search engines to our browsers that doesn't collect IP addresses, and being sure that when purchasing that shiny new Windows 10 PC, to be disconnected from the Internet, to force the creation of a Local, rather than a Live account. 

 

Is it a wonder why so many consumers are now wanting Windows 7 computers? Not all are ignorant of what is happening under their very noses & are taking a stand, even if that's only going to last until the year 2020. If one thought that XP holdouts were bad, we've seen nothing yet. Usershare of Windows 7 is continuing to grow as of this date. 

 

The bottom line being, is a free OS worth your freedom? If the answer is Yes, then go with the flow. If No, then do something about it. Inaction equals acceptance. There's an OS on one computer that I had considered upgrading to Windows 10, that plan has been scrapped. 

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#13 Andrei_V

Andrei_V

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 PM

Posted 26 March 2015 - 04:10 AM

 

At its WinHEC hardware conference in Shenzhen, China, Microsoft talked about the hardware requirements for Windows 10. The precise final specs are not available yet, so all this is somewhat subject to change, but right now, Microsoft says that the switch to allow Secure Boot to be turned off is now optional. Hardware can be Designed for Windows 10 and can offer no way to opt out of the Secure Boot lock down.

The presentation is silent on whether OEMS can or should provide support for adding custom certificates.

 

 

So I guess that gets rid of the linux disk option for file recovery on a WIndows 10 OEM computer where SecureBoot cannot be disabled not to mention any chance of running a Windows 7 PE disk.

 

Article

 

 

 

Oem's   "Can"   does not mean "will" or " must" .........



#14 jerabina

jerabina

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 PM

Posted 26 March 2015 - 05:14 AM

cat1092: Interesting conspiracy but it's true I think ... Microsoft and NSA(and maybe AVG agents) want take a control above each resident on the Earth ...



#15 bluesmanuk

bluesmanuk

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 26 March 2015 - 09:09 AM

 

 

It would bother them if they were not selling as many as the savvy manufacturers that will give choice.

The biggest problem is that MR and MRS Average have no idea what secure boot is and don't care as long as the PC works when they hit the on button all is good.

 

To some extent I agree that the average user might not know of the implications but I also think that many people will ask friends and family with tech knowledge about what to buy and as word spreads, some machines are going to get less recommendation.

 

Likewise, with more people going to deal sites to seek the right thing for them, user comments and voting may also influence.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users