EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

02.27.13

Microsoft Much Worse Than Proprietary With ‘Secure Boot’ Scam, Pretends to be ‘Open’

Posted in Free/Libre Software, Microsoft at 1:50 pm by Dr. Roy Schestowitz

Emergency phone

Summary: Some of Microsoft’s latest technical attacks on Linux and some responses to EEE (embrace, extend, extinguish) tactics and FUD

Torvalds clearly refuses to give up by putting blobs and keys (similar to but worse than firmware) by adding Microsoft interfaces for Microsoft-signed keys inside the kernel, especially if these are Microsoft’s. This is major news that got the attention of journalists and a known Microsoft booster incites against Torvalds over this (just see headline and image here). Red Hat has been getting close to Microsoft again, so as one blogger put it:

  • Linus Bites RedHat

    It’s great that Linus does not support the idea of making M$ the keeper of the keys. We’ve had enough of that in IT for decades. Free Software needs to remain free of M$ and anyone else who wishes to lock out competition. Linus is not a great lover of FLOSS. His views are based on practicality. It’s stupid to lock Linux into M$. Does RedHat really believe it’s a great thing if millions of GNU/Linux boxes quit booting if M$ revokes a key via firmware upgrade etc.? Do they really think “secure boot” is about security of the world’s IT rather than perpetuation of M$’s monopoly on legacy x86 stuff? Using the damned keys to induce the world to take another step on the Wintel treadmill is just too tempting a fruit to trust M$ to leave it alone.

  • Closed !== Open

    I don’t think so. In the immortal words of Paul Maritz, “* to combat Nscp. we have to have position the browser as “going away” and do deeper integration on Windows. The stronger way to communicate this is to have a “new release“ of windows and make a big deal out of it. We will thus position Memphis as “Windows 98′. * IE integration will be most compelling feature of Memphis.“ Nathan Myhrvold wrote, “I think that it is CRUCIAL to make the statement we ask people about in the survey, or the statement we ask them to sign etc. is worded properly. Saying “put the browser in the OS” is already a statement that is prejudical to us. The name “Browser” suggests a separate thing. I would NOT phrase the survey. or other things only in terms of “put the browser in the 0S’‘. Instead you need to ask a more neutral question about how Internet technology needs to merge with local computing. I have been pretty successful in trying this on various joumalists and industry people.“ To sum up, is the company that brought waves of malware to the world of IT by integrating a totally insecure web browser with their OS in order to mess with competitors to be trusted as “open”? No. M$ is a closed corporation with closed products intending to close out competition by fair means or foul. Pretending to be open is just a means to delay the shift to real openness, FLOSS, or to slow that shift.

Even more Microsoft-apologetic circles accepted Torvalds’ skepticism. To quote one:

As it turned out, almost all of the Windows 8 machines that first appeared had Secure Boot implemented in such a way that Linux was locked out. Workarounds have appeared, but they are based on Microsoft-signed keys. As the maker of the dominant Windows operating system, Microsoft has a responsibility to protect fair play in a way that it didn’t here. In this day of virtualization and usage of multiple operating systems, it’s unfair to build an operating system around a methodology that allows for complete and utter lockout of other platforms. Torvalds’ reactions are only protests at the end of the chain reaction that all of this represented. The fact is that if Microsoft wants to be accepted as playing more fairly with open source these days than it ever has, it has carry that concept through to how it deals with everything it builds and how it deals with hardware makers.

Microsoft pretends to be open, but it’s not working. Here is another new embrace-and-extend attempt:

The expanded partnership between Microsoft and Hadoop distribution specialist Hortonworks has borne fruit with the release of a beta of Hortonworks’ Hadoop Data Platform for Windows.

With its hidden patches and a deal with Sourcefire Microsoft must have hoped to diss Linux some more. Watch this nonsense:

But simple vulnerability counts can give a distorted view. The Linux kernel is considered to be one monolithic project across the entire period, for example, while every version of Windows is a separate project. The total count of vulnerabilities for all Windows versions exceeds Linux. But then Windows is more than just a kernel. Add in all the software included in Linux distributions, and Linux goes back into the doghouse. Younan counted just the high-severity vulnerabilities, those with a Common Vulnerability Scoring System (CVSS) score of 7 or higher. Windows XP tops that list. “Windows Vista is at the number five position, even though Microsoft put a lot of effort into securing Windows Vista,” he said. “The Linux kernel isn’t even in the top ten.” Vista was the first version of Windows to benefit from Microsoft’s Security Development Lifecycle (SDL), the software development process created after Bill Gates’ Trustworthy Computing memo of January 2002. Yet from the vulnerability perspective, Vista looks like little more than a rough draft of Windows 7. Counting high-severity vulnerabilities alone, Flash Player is back in the top 10, at number five. The count of high-severity vulnerabilities doesn’t exhibit that 2012 uptick, only the steady post-2006 decline. However when looking at just critical vulnerabilities, those with a CVSS of 10, there’s no sign of a decline at all.

What silly way to count vulnerabilities. As one of the many comments points out: “I largely agree with Alex in Comment 3 (I also agree with Myth in Comment 1 that 22 != 25, but I digress). Without knowing which kernels had which CVEs reported against it, and which distros shipped with those kernels and how many people used the vulnerable kernel and the averages of people updating on install… ‘simply’ citing the Linux CVEs are practically meaningless.” The FUD against Linux recently seems like part of a trend this month, with Microsoft partners behind it.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

4 Comments

  1. mjg59 said,

    February 27, 2013 at 2:57 pm

    Gravatar

    The patches in question do not include any blobs or keys. You should correct your first paragraph.

    Dr. Roy Schestowitz Reply:

    “The way we have come up with to get around this is to embed an X.509 certificate containing the key in a section called “.keylist” in an EFI PE binary and then get the binary signed by Microsoft. The key can then be passed to the kernel by passing the signed binary” -David Howells at LKML

    mjg59 Reply:

    Yes. It adds an additional keyloading interface to the kernel, alongside the keyloading interface that already exists. The only thing it changes is that it allows you to use a different key format. It adds no keys or blobs to the kernel.

    Dr. Roy Schestowitz Reply:

    I’ll amend the post.

What Else is New


  1. Vista 10 Inherently Criminal: Vandalising the Competition (Dual Boot, Rival Web Browsers, Online Services)

    Vista 10, the latest incarnation of Windows, takes its anticompetitive aspects to a whole new level, betraying even so-called 'partners' in the process



  2. As Microsoft AstroTurfing/PR Budget Runs Dry, Vista 10 Truths Come Out

    The media manipulation by Microsoft (to the tune of hundreds of millions of dollars spent on 'marketing') grows thin as a growing number of growingly angry early adopters of Vista 10 publicly rant



  3. Links 31/7/2015: Lennart Poettering as 'Linux Hero' and systemd Conference Coming

    Links for the day



  4. Links 30/7/2015: Apache Spark on Z System, Elive 2.6.8 Beta

    Links for the day



  5. Microsoft's Mouthpiece Mary Branscombe Tries to Shoot Down Free Software, But Fails Miserably

    At the CBS-owned ZDNet, which is Free/Open Source software-hostile, new FUD surfaces, but the FUD is so flawed that a full rebuttal is easy and almost imperative



  6. People of New Zealand Must Rise Up to Defend Sovereignty and Stop Software Patents

    The TPPA serves to override (launder) the law of New Zealand, allegedly legalising patents on software in the process



  7. Microsoft Illegally Evades Billions of Dollars in Tax, Says IRS

    The criminal enterprise known as Microsoft finds itself embarrassingly exposed in the courtroom, for the IRS belatedly (decades too late) targets the company in an effort to tackle massive tax evasions



  8. Vista 10 Very Buggy Upon Release, Just as We Have Repeatedly Warned for Weeks

    Vista 10 is prematurely pushed out the door (to meet a deadline) way ahead of it being stable, even remotely polished, and supported by hardware companies (there is a serious drivers issue)



  9. Surveillance Machine With a Keylogger: Vista 10 Will Spy on the User (Over the Internet) Even While Playing Games

    Microsoft is making it clear that even playing a simple game like Solitaire on Vista 10 will make one subjected to spying (for targeted ads); other serious violations of privacy revealed upon release



  10. Links 29/7/2015: Akademy 2015 Ends, NetBSD 7.0 RC

    Links for the day



  11. MPEG-LA is Preparing New Patent Obstruction (Called DASH) Against Free Software, OIN Grows

    A new conspiracy against free multimedia software, set up by the MPEG cartel, is called DASH



  12. New Zealand's Media Gets History Wrong on Software Patents

    Setting the record straight on the fight against software patents in New Zealand



  13. Not Only Vista 10 Crashes a Lot, Any .NET Application Does Too (Updated)

    Microsoft software is quickly becoming synonymous with crashes as any piece of software developed with Microsoft's tools, not just the underlying platform, crashes chronically



  14. The Government of Bulgaria Sells Out to Microsoft, Again

    Despite some promises and reassurances that Bulgaria will consider Free/libre software, the Bulgarian government hands out a lot more of taxpayers' money to the Mafia



  15. Corporate Media Finally Finds Out That Vista 10 Crashes a Lot

    Stability issues of Vista 10 are belatedly reported to be a major catastrophe, leaving it unusable for many early adopters



  16. Links 28/7/2015: Linux 4.2 RC4, New Logos and Bug 'Branding' for FUD

    Links for the day



  17. Patents Roundup: Technicolor, Alice, Voip-Pal, Fitbit, Marijuana Patents, and JDate

    A look at some of last week's patent news, with imperative responses that criticise corporate exploitation of patents for protectionism (excluding and/or driving away the competition using legal threats)



  18. Corporate Lobbyists Including Koch-Connected Front Groups Attack Real and Perceived Patent Reform in the United States

    Looking at some of the latest propaganda for and against a bill which is already too watered-down to actually fix the US patent system



  19. Patents in the Android World Further Complicate Freedom in This Linux-Powered Platform

    A survey of last week's news with special focus on Google and Android, which are trying to coexist and thrive in a world full of patent maximalists



  20. The 'Unitary' Patent Trojan Horse Rammed Down the Throat of Europe

    Under the guise of 'unification' or 'unity', existing patent systems are being abandoned and more power gets passed to corrupt EPO officials



  21. HEVC Cartel is Not News, Only the Names of Backers and the Costs Are New

    A few remarks on and a roundup of recent articles about HEVC, which we first wrote about in spring



  22. IRC Proceedings: July 12th, 2015 – July 25th, 2015

    Many IRC logs



  23. Links 26/7/2015: Purism Librem and Freedom, Akademy Updates

    Links for the day



  24. Vista 10 (Windows 10) Has NSA Back Doors and Front Doors

    Vista 10 to bring new ways for spies (and other crackers) to remotely access people's computers and remotely modify the binary files on them (via Windows Update, which for most people cannot be disabled)



  25. Vista 10 Not Ready, But Released Anyway

    Despite severe technical issues in the rushed-out-the-door Vista 10, Microsoft decides to stick with the deadline, only days after reporting billions of dollars in losses



  26. Links 25/7/2015: Plasma Mobile, Linux Mint 17.2 OEM

    Links for the day



  27. Links 24/7/2015: openSUSE Leap 42.1, Intel With Rackspace for OpenStack

    Links for the day



  28. Links 24/7/2015: GNOME 3.17.4, Mozilla Developer Network Turns 10

    Links for the day



  29. Microsoft Has Run Out of Attempts and Vista 10 Will Definitely Fail

    As Microsoft admits billions of dollars in losses just days before Vista 10 is pushed as a 'free' upgrade, there is no concrete sign that financial recovery is imminent, for the bigger cash cow (Office) suffers a similar fate



  30. GNU/Linux Circles Ought to Stop Promoting Visual Studio, Which is Neither Cross-Platform Nor Free Software

    Media carries on openwashing Visual Studio and perpetuating the illusion that it is not tied to Microsoft Windows


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts