EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

02.27.13

Microsoft Much Worse Than Proprietary With ‘Secure Boot’ Scam, Pretends to be ‘Open’

Posted in Free/Libre Software, Microsoft at 1:50 pm by Dr. Roy Schestowitz

Emergency phone

Summary: Some of Microsoft’s latest technical attacks on Linux and some responses to EEE (embrace, extend, extinguish) tactics and FUD

Torvalds clearly refuses to give up by putting blobs and keys (similar to but worse than firmware) by adding Microsoft interfaces for Microsoft-signed keys inside the kernel, especially if these are Microsoft’s. This is major news that got the attention of journalists and a known Microsoft booster incites against Torvalds over this (just see headline and image here). Red Hat has been getting close to Microsoft again, so as one blogger put it:

  • Linus Bites RedHat

    It’s great that Linus does not support the idea of making M$ the keeper of the keys. We’ve had enough of that in IT for decades. Free Software needs to remain free of M$ and anyone else who wishes to lock out competition. Linus is not a great lover of FLOSS. His views are based on practicality. It’s stupid to lock Linux into M$. Does RedHat really believe it’s a great thing if millions of GNU/Linux boxes quit booting if M$ revokes a key via firmware upgrade etc.? Do they really think “secure boot” is about security of the world’s IT rather than perpetuation of M$’s monopoly on legacy x86 stuff? Using the damned keys to induce the world to take another step on the Wintel treadmill is just too tempting a fruit to trust M$ to leave it alone.

  • Closed !== Open

    I don’t think so. In the immortal words of Paul Maritz, “* to combat Nscp. we have to have position the browser as “going away” and do deeper integration on Windows. The stronger way to communicate this is to have a “new release“ of windows and make a big deal out of it. We will thus position Memphis as “Windows 98′. * IE integration will be most compelling feature of Memphis.“ Nathan Myhrvold wrote, “I think that it is CRUCIAL to make the statement we ask people about in the survey, or the statement we ask them to sign etc. is worded properly. Saying “put the browser in the OS” is already a statement that is prejudical to us. The name “Browser” suggests a separate thing. I would NOT phrase the survey. or other things only in terms of “put the browser in the 0S’‘. Instead you need to ask a more neutral question about how Internet technology needs to merge with local computing. I have been pretty successful in trying this on various joumalists and industry people.“ To sum up, is the company that brought waves of malware to the world of IT by integrating a totally insecure web browser with their OS in order to mess with competitors to be trusted as “open”? No. M$ is a closed corporation with closed products intending to close out competition by fair means or foul. Pretending to be open is just a means to delay the shift to real openness, FLOSS, or to slow that shift.

Even more Microsoft-apologetic circles accepted Torvalds’ skepticism. To quote one:

As it turned out, almost all of the Windows 8 machines that first appeared had Secure Boot implemented in such a way that Linux was locked out. Workarounds have appeared, but they are based on Microsoft-signed keys. As the maker of the dominant Windows operating system, Microsoft has a responsibility to protect fair play in a way that it didn’t here. In this day of virtualization and usage of multiple operating systems, it’s unfair to build an operating system around a methodology that allows for complete and utter lockout of other platforms. Torvalds’ reactions are only protests at the end of the chain reaction that all of this represented. The fact is that if Microsoft wants to be accepted as playing more fairly with open source these days than it ever has, it has carry that concept through to how it deals with everything it builds and how it deals with hardware makers.

Microsoft pretends to be open, but it’s not working. Here is another new embrace-and-extend attempt:

The expanded partnership between Microsoft and Hadoop distribution specialist Hortonworks has borne fruit with the release of a beta of Hortonworks’ Hadoop Data Platform for Windows.

With its hidden patches and a deal with Sourcefire Microsoft must have hoped to diss Linux some more. Watch this nonsense:

But simple vulnerability counts can give a distorted view. The Linux kernel is considered to be one monolithic project across the entire period, for example, while every version of Windows is a separate project. The total count of vulnerabilities for all Windows versions exceeds Linux. But then Windows is more than just a kernel. Add in all the software included in Linux distributions, and Linux goes back into the doghouse. Younan counted just the high-severity vulnerabilities, those with a Common Vulnerability Scoring System (CVSS) score of 7 or higher. Windows XP tops that list. “Windows Vista is at the number five position, even though Microsoft put a lot of effort into securing Windows Vista,” he said. “The Linux kernel isn’t even in the top ten.” Vista was the first version of Windows to benefit from Microsoft’s Security Development Lifecycle (SDL), the software development process created after Bill Gates’ Trustworthy Computing memo of January 2002. Yet from the vulnerability perspective, Vista looks like little more than a rough draft of Windows 7. Counting high-severity vulnerabilities alone, Flash Player is back in the top 10, at number five. The count of high-severity vulnerabilities doesn’t exhibit that 2012 uptick, only the steady post-2006 decline. However when looking at just critical vulnerabilities, those with a CVSS of 10, there’s no sign of a decline at all.

What silly way to count vulnerabilities. As one of the many comments points out: “I largely agree with Alex in Comment 3 (I also agree with Myth in Comment 1 that 22 != 25, but I digress). Without knowing which kernels had which CVEs reported against it, and which distros shipped with those kernels and how many people used the vulnerable kernel and the averages of people updating on install… ‘simply’ citing the Linux CVEs are practically meaningless.” The FUD against Linux recently seems like part of a trend this month, with Microsoft partners behind it.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

4 Comments

  1. mjg59 said,

    February 27, 2013 at 2:57 pm

    Gravatar

    The patches in question do not include any blobs or keys. You should correct your first paragraph.

    Dr. Roy Schestowitz Reply:

    “The way we have come up with to get around this is to embed an X.509 certificate containing the key in a section called “.keylist” in an EFI PE binary and then get the binary signed by Microsoft. The key can then be passed to the kernel by passing the signed binary” -David Howells at LKML

    mjg59 Reply:

    Yes. It adds an additional keyloading interface to the kernel, alongside the keyloading interface that already exists. The only thing it changes is that it allows you to use a different key format. It adds no keys or blobs to the kernel.

    Dr. Roy Schestowitz Reply:

    I’ll amend the post.

What Else is New


  1. Links 22/5/2018: Parrot 4.0, Spectre Number 4

    Links for the day



  2. Chamber of Commerce Lies About the United States Like It Lies About Other Countries for the Sole Purpose of Patent Maximalism

    When pressure groups that claim to be "US" actively bash and lie about the US one has to question their motivation; in the case of the Chamber of Commerce, it's just trying to perturb the law for the worse



  3. Links 21/5/2018: Linux 4.17 RC6, GIMP 2.10.2

    Links for the day



  4. The Attacks on the Patent Trial and Appeal Board (PTAB) Have Lost Momentum and the Patent Microcosm Begrudgingly Gives Up

    The Patent Trial and Appeal Board (PTAB), reaffirmed by the Court of Appeals for the Federal Circuit (CAFC) and now the Supreme Court as well, carries on preventing frivolous lawsuits; options for stopping PTAB have nearly been exhausted and it shows



  5. Software Patenting and Successful Litigation a Very Difficult Task Under 35 U.S.C. § 101

    Using loads of misleading terms or buzzwords such as "AI" the patent microcosm continues its software patents pursuits; but that's mostly failing, especially when courts come to assess pertinent claims made in the patents



  6. António Campinos Will Push Toward a France-Based Unified Patent Court (UPC)

    Frenchmen at EPO will try hard to bring momentum if not force to the Unified Patent Court; facts, however, aren't on their side (unlike Team UPC, which was always on Team Battistelli's side)



  7. In Apple v Samsung Patents That Should Never Have Been Granted May Result in a Billion Dollars in 'Damages'

    A roundup of news about Apple and its patent cases (especially Apple v Samsung), including Intel's role trying to intervene in Qualcomm v Apple



  8. Links 20/5/2018: KDevelop 5.2.2 and 5.2.3, FreeBSD 11.2 Beta 2

    Links for the day



  9. Aurélien Pétiaud's ILO Case (EPO Appeal) an Early Sign That ILO Protects Abusers and Power, Not Workers

    A famous EPO ‘disciplinary’ case is recalled; it’s another one of those EPO-leaning rulings from AT-ILO, which not only praises Battistelli amid very serious abuses but also lies on his behalf, leaving workers with no real access to justice but a mere illusion thereof



  10. LOT Network is a Wolf in Sheep's Clothing

    Another reminder that the "LOT" is a whole lot more than it claims to be and in effect a reinforcer of the status quo



  11. 'Nokification' in Hong Kong and China (PRC)

    Chinese firms that are struggling resort to patent litigation, in effect repeating the same misguided trajectories which became so notorious in Western nations because they act as a form of taxation, discouraging actual innovation



  12. CIPU is Amplifying Misleading Propaganda From the Chamber of Commerce

    Another lobbying event is set up to alarm lawmakers and officials, telling them that the US dropped from first to twelfth using some dodgy yardstick which favours patent extremists



  13. Patent Law Firms That Profit From Software Patent Applications and Lawsuits Still 'Pull a Berkheimer' to Attract Business in Vain

    The Alice-inspired (Supreme Court) 35 U.S.C. § 101 remains unchanged, but the patent microcosm endlessly mentions a months-old decision from a lower court (than the Supreme Court) to 'sell' the impression that everything is changing and software patents have just found their 'teeth' again



  14. A Year After TC Heartland the Patent Microcosm is Trying to 'Dilute' This Supreme Court's Decision or Work Around It

    IAM, Patent Docs, Managing IP and Patently-O want more litigation (especially somewhere like the Eastern District of Texas), so in an effort to twist TC Heartland they latch onto ZTE and BigCommerce cases



  15. Microsoft Attacks the Vulnerable Using Software Patents in Order to Maintain Fear and Give the Perception of Microsoft 'Safety'

    The latest patent lawsuits from Microsoft and its patent trolls (which it financially backs); these are aimed at feeble and vulnerable rivals of Microsoft



  16. Links 19/5/2018: Mesa 18.0.4 and Vim 8.1

    Links for the day



  17. Système Battistelli (ENArque) at the EPO is Inspired by Système Lamy in Saint-Germain-en Laye

    Has the political culture of Battistelli's hometown in France contaminated the governance of the EPO?



  18. In Australia the Productivity Commission Decides/Guides Patent Law

    IP Australia, the patent office of Australia, considers abolishing "innovation patents" but has not done so yet (pending consultation)



  19. Fishy Things Noticed Ahead of the Passage of a Lot of EPO Budget (Applicants' Money) to Battistelli's Other (and Simultaneous) Employer

    Observations and odd facts regarding the affairs of the council in St Germain; it certainly looks like Battistelli as deputy mayor and the mayor (Arnaud Péricard) are attempting to hide something



  20. Links 18/5/2018: AsteroidOS 1.0 Released, More Snyk/Black Duck FUD

    Links for the day



  21. Today's EPO Financially Rewards Abuses and Violations of the Law

    Battistelli shredded the European Patent Convention (EPC) to pieces and he is being rewarded for it, perpetuating a pattern of abuses (and much worse) being rewarded by the European Patent Organisation



  22. So-Called 'System Battistelli' is Destroying the EPO, Warn Insiders

    Low-quality patent grants by the EPO are a road to nowhere but a litigious climate in Europe and an unattractive EPO



  23. Rise in Patent Trolls' Activity in Germany Noted Amid Declining Patent Quality at the EPO

    The UPC would turn Europe into some sort of litigation ‘super-state’ — one in which national patent laws are overridden by some central, immune-from-the-law bureaucracy like the EPO; but thankfully the UPC continues its slow collapse



  24. EPO's Battistelli Taking Days Off Work for Political 'Duties' (Parties) in His French Theatre Where He'll Bring Buckets of EPO Budget (EPO Stakeholders' Money)

    More tales from Saint-Germain-en-Laye...



  25. Links 16/5/2018: Cockpit 168, GCompris 0.91, DHCP Bug

    Links for the day



  26. The EPO's 'Inventor Award' Scam: Part III

    An addendum to the "inventor of the year" affair, namely the case of Remmal



  27. Apple and Microsoft Are Still Suing Companies -- Using Patents of Course -- Which 'Dare' Compete (by Leveraging GNU/Linux)

    The vanity of proprietary software giants — as the latest news serves to reveal — targeting companies with patent lawsuits, both directly and indirectly



  28. The Anti-PTAB (Patent Quality), Anti-§ 101 Lobby is Losing Its Mind and It Has Become Amusing to Observe

    The rants about the Patent Trial and Appeal Board (PTAB), the courts and even the law itself have reached laughable levels; this reveals that the real agenda of patent maximalists is endless litigation and their methods boil down to those of an angry mob, not legal professionals



  29. EPO Has Become Overzealous About Software Patents, Probably More So Than Almost Anywhere Else

    The promotion of an extreme patent regime in Europe continues unabated; whether it succeeds or not depends on what EPO examiners and citizens of Europe can do



  30. Links 15/5/2018: Black Duck's Latest FUD and the EFF's EFFail FUD Debunked Further

    Links for the day


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts