EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

02.27.13

Microsoft Much Worse Than Proprietary With ‘Secure Boot’ Scam, Pretends to be ‘Open’

Posted in Free/Libre Software, Microsoft at 1:50 pm by Dr. Roy Schestowitz

Emergency phone

Summary: Some of Microsoft’s latest technical attacks on Linux and some responses to EEE (embrace, extend, extinguish) tactics and FUD

Torvalds clearly refuses to give up by putting blobs and keys (similar to but worse than firmware) by adding Microsoft interfaces for Microsoft-signed keys inside the kernel, especially if these are Microsoft’s. This is major news that got the attention of journalists and a known Microsoft booster incites against Torvalds over this (just see headline and image here). Red Hat has been getting close to Microsoft again, so as one blogger put it:

  • Linus Bites RedHat

    It’s great that Linus does not support the idea of making M$ the keeper of the keys. We’ve had enough of that in IT for decades. Free Software needs to remain free of M$ and anyone else who wishes to lock out competition. Linus is not a great lover of FLOSS. His views are based on practicality. It’s stupid to lock Linux into M$. Does RedHat really believe it’s a great thing if millions of GNU/Linux boxes quit booting if M$ revokes a key via firmware upgrade etc.? Do they really think “secure boot” is about security of the world’s IT rather than perpetuation of M$’s monopoly on legacy x86 stuff? Using the damned keys to induce the world to take another step on the Wintel treadmill is just too tempting a fruit to trust M$ to leave it alone.

  • Closed !== Open

    I don’t think so. In the immortal words of Paul Maritz, “* to combat Nscp. we have to have position the browser as “going away” and do deeper integration on Windows. The stronger way to communicate this is to have a “new release“ of windows and make a big deal out of it. We will thus position Memphis as “Windows 98′. * IE integration will be most compelling feature of Memphis.“ Nathan Myhrvold wrote, “I think that it is CRUCIAL to make the statement we ask people about in the survey, or the statement we ask them to sign etc. is worded properly. Saying “put the browser in the OS” is already a statement that is prejudical to us. The name “Browser” suggests a separate thing. I would NOT phrase the survey. or other things only in terms of “put the browser in the 0S’‘. Instead you need to ask a more neutral question about how Internet technology needs to merge with local computing. I have been pretty successful in trying this on various joumalists and industry people.“ To sum up, is the company that brought waves of malware to the world of IT by integrating a totally insecure web browser with their OS in order to mess with competitors to be trusted as “open”? No. M$ is a closed corporation with closed products intending to close out competition by fair means or foul. Pretending to be open is just a means to delay the shift to real openness, FLOSS, or to slow that shift.

Even more Microsoft-apologetic circles accepted Torvalds’ skepticism. To quote one:

As it turned out, almost all of the Windows 8 machines that first appeared had Secure Boot implemented in such a way that Linux was locked out. Workarounds have appeared, but they are based on Microsoft-signed keys. As the maker of the dominant Windows operating system, Microsoft has a responsibility to protect fair play in a way that it didn’t here. In this day of virtualization and usage of multiple operating systems, it’s unfair to build an operating system around a methodology that allows for complete and utter lockout of other platforms. Torvalds’ reactions are only protests at the end of the chain reaction that all of this represented. The fact is that if Microsoft wants to be accepted as playing more fairly with open source these days than it ever has, it has carry that concept through to how it deals with everything it builds and how it deals with hardware makers.

Microsoft pretends to be open, but it’s not working. Here is another new embrace-and-extend attempt:

The expanded partnership between Microsoft and Hadoop distribution specialist Hortonworks has borne fruit with the release of a beta of Hortonworks’ Hadoop Data Platform for Windows.

With its hidden patches and a deal with Sourcefire Microsoft must have hoped to diss Linux some more. Watch this nonsense:

But simple vulnerability counts can give a distorted view. The Linux kernel is considered to be one monolithic project across the entire period, for example, while every version of Windows is a separate project. The total count of vulnerabilities for all Windows versions exceeds Linux. But then Windows is more than just a kernel. Add in all the software included in Linux distributions, and Linux goes back into the doghouse. Younan counted just the high-severity vulnerabilities, those with a Common Vulnerability Scoring System (CVSS) score of 7 or higher. Windows XP tops that list. “Windows Vista is at the number five position, even though Microsoft put a lot of effort into securing Windows Vista,” he said. “The Linux kernel isn’t even in the top ten.” Vista was the first version of Windows to benefit from Microsoft’s Security Development Lifecycle (SDL), the software development process created after Bill Gates’ Trustworthy Computing memo of January 2002. Yet from the vulnerability perspective, Vista looks like little more than a rough draft of Windows 7. Counting high-severity vulnerabilities alone, Flash Player is back in the top 10, at number five. The count of high-severity vulnerabilities doesn’t exhibit that 2012 uptick, only the steady post-2006 decline. However when looking at just critical vulnerabilities, those with a CVSS of 10, there’s no sign of a decline at all.

What silly way to count vulnerabilities. As one of the many comments points out: “I largely agree with Alex in Comment 3 (I also agree with Myth in Comment 1 that 22 != 25, but I digress). Without knowing which kernels had which CVEs reported against it, and which distros shipped with those kernels and how many people used the vulnerable kernel and the averages of people updating on install… ‘simply’ citing the Linux CVEs are practically meaningless.” The FUD against Linux recently seems like part of a trend this month, with Microsoft partners behind it.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

4 Comments

  1. mjg59 said,

    February 27, 2013 at 2:57 pm

    Gravatar

    The patches in question do not include any blobs or keys. You should correct your first paragraph.

    Dr. Roy Schestowitz Reply:

    “The way we have come up with to get around this is to embed an X.509 certificate containing the key in a section called “.keylist” in an EFI PE binary and then get the binary signed by Microsoft. The key can then be passed to the kernel by passing the signed binary” -David Howells at LKML

    mjg59 Reply:

    Yes. It adds an additional keyloading interface to the kernel, alongside the keyloading interface that already exists. The only thing it changes is that it allows you to use a different key format. It adds no keys or blobs to the kernel.

    Dr. Roy Schestowitz Reply:

    I’ll amend the post.

What Else is New


  1. Links 23/5/2016: GNOME 3.22, Calculate Linux 15.17

    Links for the day



  2. 'Celebrity' Patent Trolls and the Elusive Battle Against Patent Trolls (or Eastern District of Texas Courts) Rather Than Software Patents

    Some of last week's more important reports, which serve to demonstrate how the system is attempting to tackle a side-effect of software patents rather than the patents themselves (their irrational scope)



  3. The Circus of Patent 'Reporting' (by Omission) on the Subject of Software Patents in the US and USPTO Bias

    look at some of the latest oddities in the US patent system and much of the reporting about software patenting (more or less monopolised by those who profit from it, not harmed by it)



  4. IP3 Demonstrates That Today's Patent Systems Devolve Into a Conglomerates' Game, Won't Protect the Mythical Small Inventor

    Multinational corporations bring together their shared interests and steer the increasingly-inseparable patent systems according to their needs and goals, but has anyone even noticed?



  5. Disrupting Battistelli's Distracting Propaganda: EPO Staff to Protest Again in About a Fortnight

    The overly extravagant (waste of money) EPO European Inventor Award will have to compete for media attention with thousands of EPO staff (in all EPO sites) marching in the streets to protest against the EPO's abuses



  6. Corrupting Democracy? Growing Frequency of Rumours That the EPO's President Battistelli is 'Buying' Votes of Small Member States

    Several sources suggest that rather than appease the Administrative Council by taking corrective action Battistelli and his notorious 'circle' now work hard to remove opposition from the Administrative Council, especially where this is easier a task to accomplish (politically or economically)



  7. [ES] Los Mitos de la EPO ‘Calidad’ de Patentes y de ‘Creación’ de Patentes: Basados en Ventas de Cafe y Trauma

    La carrera hacia el fondo, o la ridícula asumpción de Battistelli de que otorgar más y más patentenes más rápidamente (e.g. usando PACE) sería beneficióso a largo término, puede guíar al final colapse del valor de la EPO y la pérdida de su lárgamente ganada reputación a nivel mundial



  8. Links 22/5/2016: Systemd 230, Debian Installer Alpha 6

    Links for the day



  9. EPO Patent 'Quality' and 'Patent Creation' Myth: Capsule-Based Coffee Sales and Trauma

    The race to the bottom, or Battistelli's ludicrous assumption that granting more and more patents faster (e.g. using PACE) would be beneficial in the long run, may lead to the ultimate collapse of the EPO's value and demise of its long-earned reputation worldwide



  10. Guest Post: How Vista 10 Imposes Itself on Users of Windows

    A reader's experience being nagged by Microsoft, as documented and explained by this reader



  11. [ES] El Notorio Tirano de la EPO, Benoît Battistelli, Se Reune Con Otros Tiranos, Reportes de Que ‘Limpia’ el Consejo Administrativo

    El régimen de Battistelli, talvez la fuente de verguénza más grande, alegadamente está “cortejándo países pequeños/corruptos para asegurárse de que los delegados que votarón contra él serán remplazados”



  12. [ES] Comentadores Anónimos Debaten Si la EPO de Battistelli Puede Revocar las Pensiones de Empleados Que Se Atreveen — GASP — a Buscar Empleo Alternativo

    Una mirada a las causas de desesperación e imensa presión en la EPO, donde las pensiónes pueden ser cortadas como medio de represália y la gente puede ser negada empleo aún después de dejar la Oficina Europea de Patentes (EPO)



  13. [ES] Otra Casi Vacía Presentación de la EPO en La Hague

    El propagandístico “estudio social” de Battistelli (básicamente un montón de engañosas afirmacionesdisfrazadas como ‘investigación’) ayuda a demostrar que los empleados de la EPO no tiene absolutamente fe en la gerencia



  14. Links 21/5/2016: Manjaro Linux RC, Flock 2016 Schedule

    Links for the day



  15. USPTO Ignores a Lot of Cases Against Software Patents to Justify Resumption of More Software Patenting

    The US patent system (USPTO) is so obsessed with granting as many patents as possible -- even bogus patents in areas that are no longer patent-eligible -- that its guidelines are further perturbed and whose appeals board is massively overwhelmed/overworked/understaffed



  16. Notorious EPO Tyrant, Benoît Battistelli, Meets Other Tyrants, Reportedly 'Cleanses' the Administrative Council

    The Battistelli regime, perhaps the biggest embarrassment of Europe right now, is allegedly "courting smaller countries to make sure the delegates who voted against him will be replaced"



  17. Links 20/5/2016: Purism Tablet, ChromeOS PCs Outsell 'Mac'-Branded PCs

    Links for the day



  18. CAFC Rules Against Software Patents But Witness With Horror the Silence From Patent Lawyers (Bias by Omission)

    In an effort to protect software patents in the United States, where these patents came from in the first place (and continue to spread from), patent lawyers pretend not to see cases where software patents get invalidated and instead focus on the rare exception



  19. It's All Just Artificial Distractions From EPO Management, 'Yellow' Union Comes Under Scrutiny Again

    What's happening inside the EPO these days and what meaningless rubbish the management of the EPO would rather have the media obsessed with



  20. Anonymous Commenters Debate Whether Battistelli's EPO Can Revoke Pensions of Dismissed Employees Who Dare -- GASP -- Find Alternative Employment

    A look at causes for desperation and immense pressure at the EPO, where pensions can be cut as means of reprisal and people can be denied employment even after they leave the European Patent Office (EPO)



  21. Australian Productivity Commission's Research Calls for Ban on Software Patents, Davies Collison Cave Calls for Complaints Against This Finding

    As the push against software patents grows in Australia, much to the chagrin of Australian software developers, Davies Collison Cave (patent law firm) publicly calls for opposition, calling its side "the truth" and pretending it represents "Australian innovators."



  22. Links 19/5/2016: Wine-Staging 1.9.10, Android N

    Links for the day



  23. Another Almost Empty EPO Presentation at The Hague

    The propagandistic "social study" of Battistelli (basically a lot of misleading claims disguised as 'research') helps demonstrate that EPO staff has absolutely no faith in the management



  24. [ES] La UPC un Ataque No Sólo Contra el Público Europeo Pero También Contra los Empleados de la EPO

    El despido de los empleados actuales de la EPO y el remplazo del interés público por intereses corpórativos (intereses de grandes compañíás del otro lado del charco) es todo lo que la UPC realmente es



  25. Links 18/5/2016: ReactOS 0.4.1, KWayland in KDE Frameworks

    Links for the day



  26. Endless Harmonious Self-Congratulatory Praises From Self-Serving Law Firms in the Wake of Just One Pro-Software Patents Decision From CAFC

    The court that brought software patents to the United States has defended a software patent and patent lawyers want us to believe that this is an historic game-changing decision (potentially to be appealed by Microsoft, if Microsoft actually wanted to fight software patents)



  27. If Battistelli Stayed and UPC Became a Reality, Patent Quality at the EPO Would Get a Lot Worse

    The vision that Team Battistelli has for the EPO is an ENA-inspired neoliberal and corporatist vision that would bring the legitimacy of the system down to zero and the European economy to the brink of collapse



  28. Two Months Down the Line, Battistelli Has Done None of What the Administrative Council Told Him to Do; He Should be Sacked Next Month

    An informal but timely progress report shows that Battistelli has made no progress whatsoever and all the injustices remain in tact, in spite of the warnings from the Administrative Council (mid March)



  29. [ES] Al Abundar Patentes de Sofware, Free/Open Source Software Pierde, Mientras que los Abogados de Patentes Ganan Más que Nadie

    Impuestos al desarrollo — o el costo relaciónado con el caos de patentes — rápidamente creciéndo cada vez mas y en el caso del Free software rápidamente excede las ganancias por distribución, que usualmente es $0



  30. [ES] La UPC es Guerra de Classes (los Ricos contra Todo el Mundo), He Aqu el Porque de la Militarización de la Oficina Europea de Patentes

    En cara a la resistencia a contróversiales y frecuéntemente antidemocráticas, ilegales y posiblemente actos críminales o felonías, los chácales de Battistelli recurren a ataques de decapitación (atacando o torturando figuras claves) y armándose alrededor de sí misma — todo esto mientras falsamente acusando otros de portar armas o recurrir a la agresión


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts