EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS


Microsoft Much Worse Than Proprietary With ‘Secure Boot’ Scam, Pretends to be ‘Open’

Posted in Free/Libre Software, Microsoft at 1:50 pm by Dr. Roy Schestowitz

Emergency phone

Summary: Some of Microsoft’s latest technical attacks on Linux and some responses to EEE (embrace, extend, extinguish) tactics and FUD

Torvalds clearly refuses to give up by putting blobs and keys (similar to but worse than firmware) by adding Microsoft interfaces for Microsoft-signed keys inside the kernel, especially if these are Microsoft’s. This is major news that got the attention of journalists and a known Microsoft booster incites against Torvalds over this (just see headline and image here). Red Hat has been getting close to Microsoft again, so as one blogger put it:

  • Linus Bites RedHat

    It’s great that Linus does not support the idea of making M$ the keeper of the keys. We’ve had enough of that in IT for decades. Free Software needs to remain free of M$ and anyone else who wishes to lock out competition. Linus is not a great lover of FLOSS. His views are based on practicality. It’s stupid to lock Linux into M$. Does RedHat really believe it’s a great thing if millions of GNU/Linux boxes quit booting if M$ revokes a key via firmware upgrade etc.? Do they really think “secure boot” is about security of the world’s IT rather than perpetuation of M$’s monopoly on legacy x86 stuff? Using the damned keys to induce the world to take another step on the Wintel treadmill is just too tempting a fruit to trust M$ to leave it alone.

  • Closed !== Open

    I don’t think so. In the immortal words of Paul Maritz, “* to combat Nscp. we have to have position the browser as “going away” and do deeper integration on Windows. The stronger way to communicate this is to have a “new release“ of windows and make a big deal out of it. We will thus position Memphis as “Windows 98′. * IE integration will be most compelling feature of Memphis.“ Nathan Myhrvold wrote, “I think that it is CRUCIAL to make the statement we ask people about in the survey, or the statement we ask them to sign etc. is worded properly. Saying “put the browser in the OS” is already a statement that is prejudical to us. The name “Browser” suggests a separate thing. I would NOT phrase the survey. or other things only in terms of “put the browser in the 0S’‘. Instead you need to ask a more neutral question about how Internet technology needs to merge with local computing. I have been pretty successful in trying this on various joumalists and industry people.“ To sum up, is the company that brought waves of malware to the world of IT by integrating a totally insecure web browser with their OS in order to mess with competitors to be trusted as “open”? No. M$ is a closed corporation with closed products intending to close out competition by fair means or foul. Pretending to be open is just a means to delay the shift to real openness, FLOSS, or to slow that shift.

Even more Microsoft-apologetic circles accepted Torvalds’ skepticism. To quote one:

As it turned out, almost all of the Windows 8 machines that first appeared had Secure Boot implemented in such a way that Linux was locked out. Workarounds have appeared, but they are based on Microsoft-signed keys. As the maker of the dominant Windows operating system, Microsoft has a responsibility to protect fair play in a way that it didn’t here. In this day of virtualization and usage of multiple operating systems, it’s unfair to build an operating system around a methodology that allows for complete and utter lockout of other platforms. Torvalds’ reactions are only protests at the end of the chain reaction that all of this represented. The fact is that if Microsoft wants to be accepted as playing more fairly with open source these days than it ever has, it has carry that concept through to how it deals with everything it builds and how it deals with hardware makers.

Microsoft pretends to be open, but it’s not working. Here is another new embrace-and-extend attempt:

The expanded partnership between Microsoft and Hadoop distribution specialist Hortonworks has borne fruit with the release of a beta of Hortonworks’ Hadoop Data Platform for Windows.

With its hidden patches and a deal with Sourcefire Microsoft must have hoped to diss Linux some more. Watch this nonsense:

But simple vulnerability counts can give a distorted view. The Linux kernel is considered to be one monolithic project across the entire period, for example, while every version of Windows is a separate project. The total count of vulnerabilities for all Windows versions exceeds Linux. But then Windows is more than just a kernel. Add in all the software included in Linux distributions, and Linux goes back into the doghouse. Younan counted just the high-severity vulnerabilities, those with a Common Vulnerability Scoring System (CVSS) score of 7 or higher. Windows XP tops that list. “Windows Vista is at the number five position, even though Microsoft put a lot of effort into securing Windows Vista,” he said. “The Linux kernel isn’t even in the top ten.” Vista was the first version of Windows to benefit from Microsoft’s Security Development Lifecycle (SDL), the software development process created after Bill Gates’ Trustworthy Computing memo of January 2002. Yet from the vulnerability perspective, Vista looks like little more than a rough draft of Windows 7. Counting high-severity vulnerabilities alone, Flash Player is back in the top 10, at number five. The count of high-severity vulnerabilities doesn’t exhibit that 2012 uptick, only the steady post-2006 decline. However when looking at just critical vulnerabilities, those with a CVSS of 10, there’s no sign of a decline at all.

What silly way to count vulnerabilities. As one of the many comments points out: “I largely agree with Alex in Comment 3 (I also agree with Myth in Comment 1 that 22 != 25, but I digress). Without knowing which kernels had which CVEs reported against it, and which distros shipped with those kernels and how many people used the vulnerable kernel and the averages of people updating on install… ‘simply’ citing the Linux CVEs are practically meaningless.” The FUD against Linux recently seems like part of a trend this month, with Microsoft partners behind it.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one


  1. mjg59 said,

    February 27, 2013 at 2:57 pm


    The patches in question do not include any blobs or keys. You should correct your first paragraph.

    Dr. Roy Schestowitz Reply:

    “The way we have come up with to get around this is to embed an X.509 certificate containing the key in a section called “.keylist” in an EFI PE binary and then get the binary signed by Microsoft. The key can then be passed to the kernel by passing the signed binary” -David Howells at LKML

    mjg59 Reply:

    Yes. It adds an additional keyloading interface to the kernel, alongside the keyloading interface that already exists. The only thing it changes is that it allows you to use a different key format. It adds no keys or blobs to the kernel.

    Dr. Roy Schestowitz Reply:

    I’ll amend the post.

What Else is New

  1. Links 22/10/2016: Deus Ex for GNU/Linux, Global DDoS (DNS)

    Links for the day

  2. Battistelli-Commissioned PwC ‘Study’: Survey Comparison Shows Serious Deterioration and Efforts by PwC to Disguise the Truth

    The latest output from PwC turns out to be even worse than initially thought, indicating that not only did it find a degradation in the EPO but also attempted to hide/obscure it

  3. EPO Teaser - The "Iberian Connection" - Some Photos of García-Escudero and His Royal/Government Connections

    A look at the undeniably close connections between Mr. García-Escudero and the most powerful people in Spain

  4. Disruption to Site's Service

    A technical note about why Techrights has not been publishing many articles recently

  5. Links 21/10/2016: MPV 0.21, Mad Max for GNU/Linux

    Links for the day

  6. EPO Caricature: Battistelli's High Five

    Another cartoon about the sad state of the EPO

  7. Battistelli Ruins Not Only the EPO But Also the Whole of Europe By Ushering in Software Patents That Patent Trolls Love So Much

    Battistelli's bad leadership at the EPO threatens to bring to Europe all the ills and menaces of the patent system in the United States

  8. EPO Spokesman Lies to IP Watch in Order to Save Face and Save the King (Battistelli)

    Rewriting history (revisionism) regarding Battistelli and what was demanded amidst abusive behaviour from him

  9. Unitary Patent (UPC) is Dead, But 'Managing IP' and Selfish Patent Law Firms Still Try to Resurrect It

    The latest attempts to shore up the Unitary (or Unified) Patent Court and who's behind it other than the usual suspects

  10. Links 20/10/2016: Linux 4.10 Preview, ONF and ON.Labs to Merge

    Links for the day

  11. Battistelli-Commissioned PwC 'Study': The Raw Outcome Shows Distortion of the Facts at the EPO's Notorious 'Social Conference'

    Results of the Staff Survey carried out by PwC, in order to provide some propaganda for Battistelli's expensive Social Conference

  12. Addendum: EPO's Alberto Casado Cerviño, WIPO's Francis Gurry, and EUIPO's Archambeau

    Photos taken as part of an IP event which took place in Riga (Latvia) in March 2015

  13. Worrisome Connections Between EPO VP2 Alberto Casado Cerviño and Patricia García-Escudero Márquez

    Exploring the potential conflicts of interests implicating the EPO's Boards of Appeal Committee

  14. Site's Infrastructure Under Attack and Upgrades Ahead of Major New Publications

    Protections for the Web site have been improved and capacity increased in order to avoid or at least prepare for another week of abusive/spam traffic

  15. Team Battistelli's Conspiracy Theory: SUEPO is Behind Everything, EPO Management is Trying to Tell the Media

    Attempts to blame SUEPO, the staff union of the EPO, even though SUEPO has nothing to do with articles that are critical of the EPO while many thousands of EPO employees are disgruntled

  16. Links 19/10/2016: Canonical Livepatch Service, Plasma Plans

    Links for the day

  17. The 'Sarah Sharps' of Microsoft: Not the Kind of Scandal the Media Cares Enough to Write About

    Another example of the large (industrial) scale of sexual discrimination at Microsoft -- a company that tries to advertise itself as diverse or tolerant and stigmatise Free/Open Source software (FOSS) as intolerant and/or not diverse

  18. EPO Caricature: EQE Questions

    The latest EPO cartoon, this time about European qualifying examination (EQE)

  19. The Long History or Seeds of Control by Fear and Punishment at the EPO

    The latest hogwash from Team Battistelli (Pinocchio), the latest instance of software patents promotion by EPO Principal Director, and an old (decade-old) nugget of information from the Forum for Principal Directors

  20. Subject of the European Patent Office's Abuses Raised in European Parliament by Ulrike Müller (ALDE)

    A local copy of a bunch of questions asked less than a month ago by Ulrike Müller at the European Parliament, regarding the unacceptable state of affairs at the European Patent Office (EPO)

  21. French Article About the EPO "Crisis"

    Le Monde, which covered EPO suicides and nervous breakdowns a year and a half ago, revisits the subject

  22. Battistelli Wants Us to Believe a Patent Office in a Freefall (EPO) is “Stronger and More Sustainable”

    Still in denial (or self-deluding for self indulgence), Battistelli writes about the EPO as though everything is rosy and people are happy

  23. Leaked Documents Shed More Light on What Happened to Alison Brimelow and How Battistelli Rose to Power

    How Battistelli's (almost) all-male (and all-white, mostly French) management came into being, not too long after Ms Alison Brimelow got elbowed out the Office

  24. Leaked: Outcomes of 149th Administrative Council's Meeting at the European Patent Organisation

    The raw details or a summary thereof, based on the above which serves to confirm what we wrote about several days ago, right after the quarterly meeting had ended

  25. Danish Press Coverage of the European Patent Office and the Problems Explored by Techrights

    Jesper Kongstad does virtually nothing to deny the arguments (or "accusations") and instead alludes to the style of the writings about him

  26. Links 18/10/2016: Release Candidate of Leap 42.2, Looking Ahead at GTK4

    Links for the day

  27. Links 17/10/2016: JS Foundation, Ubuntu 17.04 Named ‘Zesty Zapus’

    Links for the day

  28. EPO Updates: Battistelli in Trouble, Grossenbacher and Battistelli Having a Fight, EPO Doubles Down on Željko Topić

    Interesting updates from the European Patent Office (EPO), where things have taken a turn for the worse for Battistelli while Željko Topić secures an extension of his notorious contract

  29. EPO Social Conference Another Example of Astronomical Waste of Money by Benoît Battistelli

    Having paid the media and attempted to scare/intimidate staff into silence (even among one another), Battistelli now pays some firms to lie for him and present the lies while staff representatives are blocked from entering the presentation

  30. As Expected, Benoît Battistelli Puts Longtime Ally Roland Grossenbacher on Top of Boards of Appeal

    Benoît Battistelli's predecessor Roland Grossenbacher, who has a track record of protection and support for Battistelli (no matter the magnitude of abuses), reportedly takes a key position with Battistelli's approval, debunking the notion that the appeal boards will enjoy greater (perceived) independence from the Office


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time


Recent Posts