EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

02.27.13

Microsoft Much Worse Than Proprietary With ‘Secure Boot’ Scam, Pretends to be ‘Open’

Posted in Free/Libre Software, Microsoft at 1:50 pm by Dr. Roy Schestowitz

Emergency phone

Summary: Some of Microsoft’s latest technical attacks on Linux and some responses to EEE (embrace, extend, extinguish) tactics and FUD

Torvalds clearly refuses to give up by putting blobs and keys (similar to but worse than firmware) by adding Microsoft interfaces for Microsoft-signed keys inside the kernel, especially if these are Microsoft’s. This is major news that got the attention of journalists and a known Microsoft booster incites against Torvalds over this (just see headline and image here). Red Hat has been getting close to Microsoft again, so as one blogger put it:

  • Linus Bites RedHat

    It’s great that Linus does not support the idea of making M$ the keeper of the keys. We’ve had enough of that in IT for decades. Free Software needs to remain free of M$ and anyone else who wishes to lock out competition. Linus is not a great lover of FLOSS. His views are based on practicality. It’s stupid to lock Linux into M$. Does RedHat really believe it’s a great thing if millions of GNU/Linux boxes quit booting if M$ revokes a key via firmware upgrade etc.? Do they really think “secure boot” is about security of the world’s IT rather than perpetuation of M$’s monopoly on legacy x86 stuff? Using the damned keys to induce the world to take another step on the Wintel treadmill is just too tempting a fruit to trust M$ to leave it alone.

  • Closed !== Open

    I don’t think so. In the immortal words of Paul Maritz, “* to combat Nscp. we have to have position the browser as “going away” and do deeper integration on Windows. The stronger way to communicate this is to have a “new release“ of windows and make a big deal out of it. We will thus position Memphis as “Windows 98′. * IE integration will be most compelling feature of Memphis.“ Nathan Myhrvold wrote, “I think that it is CRUCIAL to make the statement we ask people about in the survey, or the statement we ask them to sign etc. is worded properly. Saying “put the browser in the OS” is already a statement that is prejudical to us. The name “Browser” suggests a separate thing. I would NOT phrase the survey. or other things only in terms of “put the browser in the 0S’‘. Instead you need to ask a more neutral question about how Internet technology needs to merge with local computing. I have been pretty successful in trying this on various joumalists and industry people.“ To sum up, is the company that brought waves of malware to the world of IT by integrating a totally insecure web browser with their OS in order to mess with competitors to be trusted as “open”? No. M$ is a closed corporation with closed products intending to close out competition by fair means or foul. Pretending to be open is just a means to delay the shift to real openness, FLOSS, or to slow that shift.

Even more Microsoft-apologetic circles accepted Torvalds’ skepticism. To quote one:

As it turned out, almost all of the Windows 8 machines that first appeared had Secure Boot implemented in such a way that Linux was locked out. Workarounds have appeared, but they are based on Microsoft-signed keys. As the maker of the dominant Windows operating system, Microsoft has a responsibility to protect fair play in a way that it didn’t here. In this day of virtualization and usage of multiple operating systems, it’s unfair to build an operating system around a methodology that allows for complete and utter lockout of other platforms. Torvalds’ reactions are only protests at the end of the chain reaction that all of this represented. The fact is that if Microsoft wants to be accepted as playing more fairly with open source these days than it ever has, it has carry that concept through to how it deals with everything it builds and how it deals with hardware makers.

Microsoft pretends to be open, but it’s not working. Here is another new embrace-and-extend attempt:

The expanded partnership between Microsoft and Hadoop distribution specialist Hortonworks has borne fruit with the release of a beta of Hortonworks’ Hadoop Data Platform for Windows.

With its hidden patches and a deal with Sourcefire Microsoft must have hoped to diss Linux some more. Watch this nonsense:

But simple vulnerability counts can give a distorted view. The Linux kernel is considered to be one monolithic project across the entire period, for example, while every version of Windows is a separate project. The total count of vulnerabilities for all Windows versions exceeds Linux. But then Windows is more than just a kernel. Add in all the software included in Linux distributions, and Linux goes back into the doghouse. Younan counted just the high-severity vulnerabilities, those with a Common Vulnerability Scoring System (CVSS) score of 7 or higher. Windows XP tops that list. “Windows Vista is at the number five position, even though Microsoft put a lot of effort into securing Windows Vista,” he said. “The Linux kernel isn’t even in the top ten.” Vista was the first version of Windows to benefit from Microsoft’s Security Development Lifecycle (SDL), the software development process created after Bill Gates’ Trustworthy Computing memo of January 2002. Yet from the vulnerability perspective, Vista looks like little more than a rough draft of Windows 7. Counting high-severity vulnerabilities alone, Flash Player is back in the top 10, at number five. The count of high-severity vulnerabilities doesn’t exhibit that 2012 uptick, only the steady post-2006 decline. However when looking at just critical vulnerabilities, those with a CVSS of 10, there’s no sign of a decline at all.

What silly way to count vulnerabilities. As one of the many comments points out: “I largely agree with Alex in Comment 3 (I also agree with Myth in Comment 1 that 22 != 25, but I digress). Without knowing which kernels had which CVEs reported against it, and which distros shipped with those kernels and how many people used the vulnerable kernel and the averages of people updating on install… ‘simply’ citing the Linux CVEs are practically meaningless.” The FUD against Linux recently seems like part of a trend this month, with Microsoft partners behind it.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

4 Comments

  1. mjg59 said,

    February 27, 2013 at 2:57 pm

    Gravatar

    The patches in question do not include any blobs or keys. You should correct your first paragraph.

    Dr. Roy Schestowitz Reply:

    “The way we have come up with to get around this is to embed an X.509 certificate containing the key in a section called “.keylist” in an EFI PE binary and then get the binary signed by Microsoft. The key can then be passed to the kernel by passing the signed binary” -David Howells at LKML

    mjg59 Reply:

    Yes. It adds an additional keyloading interface to the kernel, alongside the keyloading interface that already exists. The only thing it changes is that it allows you to use a different key format. It adds no keys or blobs to the kernel.

    Dr. Roy Schestowitz Reply:

    I’ll amend the post.

What Else is New


  1. In Attempt to Promote the Horrific UPC (Poor Quality of Patents Everywhere), Minnoye and Casado Cerviño Attack Their Own Staff for Saying the Truth

    An attack on truth itself -- the disintegration of the European Patent Office (EPO) -- carries on, after staff found the courage to tell delegates what had happened due to Battistelli's policies and incredible oppression that prevails and expands



  2. Another Likely Casualty of the Battistelli Regime at the EPO: Validity of Decisions of Terrified Boards of Appeal Judges

    Under pressure and habitual intervention from a demoralising, overreaching, and out-of-control President (from an entirely different division), examiners and judges 'normalise' the practice of granting patents on genetics -- a very slippery slope in terms of patent scope



  3. Benoît Battistelli 'Pulls an Erdoğan' Faster Than Erdoğan

    An explanation of what the imminent departure of Minnoye (this summer) will mean for Benoît Battistelli and his confidants, who now resemble some of the world's most ruthless dictatorships



  4. With Important Supreme Court Decisions Looming, Mainstream Media Tackles Patent Trolls

    The US Supreme Court (SCOTUS) will soon rule on TC Heartland and Lexmark, potentially restricting abusive patent behaviour even further (making room for freedom to innovate and for competition)



  5. IAM Magazine is Very Blatantly Promoting Patent Trolls and Their Agenda

    IAM Media, which produces a magazine every now and then while posting online every day, maintains its pro-trolls agenda, which is becoming so clear to see that it is definitely worth documenting yet again



  6. A “Perfect Recipe for Fraud” at the European Patent Office (EPO)

    How the world's leading patent office became a world-leading source of abuse, corruption, nepotism, injustice, incompetence, censorship, alleged bribery, pure deception, distortion of media, defamation, and suicides (among many other things)



  7. Techrights Was Right About the Unitary Patent (UPC)

    No Unified Patent Court in the UK and probably nothing like it in the rest of Europe any time soon (if ever)



  8. Patents on Life and Patents on Software Serve to Show That EPO Patent Quality Fell Well Behind the US (PTO)

    Anything goes at the EPO, except dissent; any patent application seems to be grantable, provided one uses simple tricks and persists against overworked examiners who are pressured to increase so-called 'production'



  9. Links 28/3/2017: Linux 4.11-rc4 Kernel Released, Red Hat Surge on Sales

    Links for the day



  10. The Crook Goes to Brussels to Lie About the Unitary Patent (UPC)

    The person who spent years lying about the UPC and severely attacking critics (usually by blatantly lying about them) goes to Brussels for another nose extension



  11. The EPO's HR Roadmap Retrospective

    A look back at the terrible ‘accomplishments’ of the Jesper Kongstad-led Administrative Council, which still issues hogwash and face-saving lies, as one might expect from a protector of Battistelli that lies to national representatives and buries inconvenient topics



  12. Links 26/3/2017: Debian Project Leader Elections, SecureDrop and Alexandre Oliva FSF Winners

    Links for the day



  13. His Master's Voice, Jesper Kongstad, Blocks Discussion of Investigative and Disciplinary Procedures at the EPO

    The Chairman of the Administrative Council of the European Patent Organisation is actively preventing not just the dismissal of Battistelli but also discussion of Battistelli's abuses



  14. Heiko Maas and the State of Germany Viewed as Increasingly Complicit in EPO Scandals and Toxic UPC Agenda

    It is becoming hard if not impossible to interpret silence and inaction from Maas as a form of endorsement for everything the EPO has been doing, with the German delegates displaying more of that apathy which in itself constitutes a form of complicity



  15. With IP Kat Coverage of EPO Scandals Coming to an End (Officially), Techrights and The Register Remain to Cover New Developments

    One final post about the end of Merpel’s EPO coverage, which is unfortunate but understandable given the EPO’s track record attacking the media, including blogs like IP Kat, sites of patent stakeholders, and even so-called media partners



  16. Everyone, Including Patent Law Firms, Will Suffer From the Demise of the EPO

    Concerns about quality of patents granted by the EPO (EPs) are publicly raised by industry/EPO insiders, albeit in an anonymous fashion



  17. Yes, Battistelli's Ban on EPO Strikes (or Severe Limitation Thereof) is a Violation of Human Rights

    Battistelli has curtailed even the right to strike, yet anonymous cowards attempt to blame the staff (as in patent examiners) for not going out of their way to engage in 'unauthorised' strikes (entailing dismissal)



  18. Even the EPO's Administrative Council No Longer Trusts Its Chairman, Battistelli's 'Chinchilla' Jesper Kongstad

    Kongstad's protection of Battistelli, whom he is supposed to oversee, stretches to the point where national representatives (delegates) are being misinformed



  19. Thanks to Merpel, the World Knows EPO Scandals a Lot Better, But It's a Shame That IP Kat Helped UPC

    A look back at Merpel's final post about EPO scandals and the looming threat of the UPC, which UPC opportunists such as Bristows LLP still try hard to make a reality, exploiting bogus (hastily-granted) patents for endless litigation all around Europe



  20. EPO Critics Threatened by Self-Censorship, Comment Censorship, and a Growing Threat to Anonymity

    Putting in perspective the campaign for justice at the EPO, which to a large degree relies on whistleblowers and thus depends a great deal on freedom of the press, freedom of speech, and anonymity



  21. Links 25/3/2017: Maru OS 0.4, C++17 Complete

    Links for the day



  22. Judge and Justice Bashing in the United States, EPC Bashing at the EPO

    Enforcement of the law based on constitutional grounds and based on the European Patent Convention (EPC) in an age of retribution and insults -- sometimes even libel -- against judges



  23. Looking for EPO Nepotism? Forget About Jouve and Look Closely at Europatis Instead.

    Debates about the contract of Jouve with the EPO overlook the elephants in the room, which include companies that are established and run by former EPO chiefs and enjoy a relationship with the EPO



  24. Depressing EPO News: Attacks on Staff, Attacks on Life, Brain Drain, Patents on Life, Patent Trolls Come to Germany, and Spain Being Misled

    A roundup of the latest developments at the EPO combined with feedback from insiders, who are not tolerating their misguided and increasingly abusive management



  25. It Certainly Looks Like Microsoft is Already Siccing Its Patent Trolls, Including Intellectual Ventures, on Companies That Use Linux (Until They Pay 'Protection' Money)

    News about Intellectual Ventures and Finjan Holdings (Microsoft-funded patent trolls) reinforces our allegations -- not mere suspicions anymore -- that Microsoft would 'punish' companies that are not paying subscription fees (hosting) or royalties (patent tax) to Microsoft and are thus in some sense 'indebted' to Microsoft



  26. Links 24/3/2017: Microsoft Aggression, Eudyptula Challenge Status Report

    Links for the day



  27. Bernhard Rapkay, Former MEP and Rapporteur on Unitary Patent, Shoots Down UPC Hopes While UPC Hopefuls Recognise That Spain Isn't Interested Either

    Germany, the UK and Spain remain massive barriers to the UPC -- all this in spite of misleading reports and fake news which attempted to make politicians believe otherwise (for political leverage, by means of dirty lobbying contingent upon misinformation)



  28. Links 23/3/2017: Qt 5.9 Beta, Gluster Storage 3.2

    Links for the day



  29. The Administrative Council of the European Patent Organisation Has Just Buried an Innocent Judge That Battistelli Does Not Like

    An innocent judge (never proven guilty of anything, only publicly defamed with help from Team Battistelli and dubious 'intelligence' gathering) is one of the forgotten casualties of the latest meeting of the Administrative Council (AC), which has become growingly complicit rather than a mere bystander at a 'crime' scene



  30. Nepotism at the European Patent Office and Suspicious Absence of Tenders for Big Projects

    Carte blanche is a French term which now perfectly describes the symptoms encountered in the European Patent Office, more so once led by a lot of French people (Battistelli and his friends)


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts