EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

02.27.13

Microsoft Much Worse Than Proprietary With ‘Secure Boot’ Scam, Pretends to be ‘Open’

Posted in Free/Libre Software, Microsoft at 1:50 pm by Dr. Roy Schestowitz

Emergency phone

Summary: Some of Microsoft’s latest technical attacks on Linux and some responses to EEE (embrace, extend, extinguish) tactics and FUD

Torvalds clearly refuses to give up by putting blobs and keys (similar to but worse than firmware) by adding Microsoft interfaces for Microsoft-signed keys inside the kernel, especially if these are Microsoft’s. This is major news that got the attention of journalists and a known Microsoft booster incites against Torvalds over this (just see headline and image here). Red Hat has been getting close to Microsoft again, so as one blogger put it:

  • Linus Bites RedHat

    It’s great that Linus does not support the idea of making M$ the keeper of the keys. We’ve had enough of that in IT for decades. Free Software needs to remain free of M$ and anyone else who wishes to lock out competition. Linus is not a great lover of FLOSS. His views are based on practicality. It’s stupid to lock Linux into M$. Does RedHat really believe it’s a great thing if millions of GNU/Linux boxes quit booting if M$ revokes a key via firmware upgrade etc.? Do they really think “secure boot” is about security of the world’s IT rather than perpetuation of M$’s monopoly on legacy x86 stuff? Using the damned keys to induce the world to take another step on the Wintel treadmill is just too tempting a fruit to trust M$ to leave it alone.

  • Closed !== Open

    I don’t think so. In the immortal words of Paul Maritz, “* to combat Nscp. we have to have position the browser as “going away” and do deeper integration on Windows. The stronger way to communicate this is to have a “new release“ of windows and make a big deal out of it. We will thus position Memphis as “Windows 98′. * IE integration will be most compelling feature of Memphis.“ Nathan Myhrvold wrote, “I think that it is CRUCIAL to make the statement we ask people about in the survey, or the statement we ask them to sign etc. is worded properly. Saying “put the browser in the OS” is already a statement that is prejudical to us. The name “Browser” suggests a separate thing. I would NOT phrase the survey. or other things only in terms of “put the browser in the 0S’‘. Instead you need to ask a more neutral question about how Internet technology needs to merge with local computing. I have been pretty successful in trying this on various joumalists and industry people.“ To sum up, is the company that brought waves of malware to the world of IT by integrating a totally insecure web browser with their OS in order to mess with competitors to be trusted as “open”? No. M$ is a closed corporation with closed products intending to close out competition by fair means or foul. Pretending to be open is just a means to delay the shift to real openness, FLOSS, or to slow that shift.

Even more Microsoft-apologetic circles accepted Torvalds’ skepticism. To quote one:

As it turned out, almost all of the Windows 8 machines that first appeared had Secure Boot implemented in such a way that Linux was locked out. Workarounds have appeared, but they are based on Microsoft-signed keys. As the maker of the dominant Windows operating system, Microsoft has a responsibility to protect fair play in a way that it didn’t here. In this day of virtualization and usage of multiple operating systems, it’s unfair to build an operating system around a methodology that allows for complete and utter lockout of other platforms. Torvalds’ reactions are only protests at the end of the chain reaction that all of this represented. The fact is that if Microsoft wants to be accepted as playing more fairly with open source these days than it ever has, it has carry that concept through to how it deals with everything it builds and how it deals with hardware makers.

Microsoft pretends to be open, but it’s not working. Here is another new embrace-and-extend attempt:

The expanded partnership between Microsoft and Hadoop distribution specialist Hortonworks has borne fruit with the release of a beta of Hortonworks’ Hadoop Data Platform for Windows.

With its hidden patches and a deal with Sourcefire Microsoft must have hoped to diss Linux some more. Watch this nonsense:

But simple vulnerability counts can give a distorted view. The Linux kernel is considered to be one monolithic project across the entire period, for example, while every version of Windows is a separate project. The total count of vulnerabilities for all Windows versions exceeds Linux. But then Windows is more than just a kernel. Add in all the software included in Linux distributions, and Linux goes back into the doghouse. Younan counted just the high-severity vulnerabilities, those with a Common Vulnerability Scoring System (CVSS) score of 7 or higher. Windows XP tops that list. “Windows Vista is at the number five position, even though Microsoft put a lot of effort into securing Windows Vista,” he said. “The Linux kernel isn’t even in the top ten.” Vista was the first version of Windows to benefit from Microsoft’s Security Development Lifecycle (SDL), the software development process created after Bill Gates’ Trustworthy Computing memo of January 2002. Yet from the vulnerability perspective, Vista looks like little more than a rough draft of Windows 7. Counting high-severity vulnerabilities alone, Flash Player is back in the top 10, at number five. The count of high-severity vulnerabilities doesn’t exhibit that 2012 uptick, only the steady post-2006 decline. However when looking at just critical vulnerabilities, those with a CVSS of 10, there’s no sign of a decline at all.

What silly way to count vulnerabilities. As one of the many comments points out: “I largely agree with Alex in Comment 3 (I also agree with Myth in Comment 1 that 22 != 25, but I digress). Without knowing which kernels had which CVEs reported against it, and which distros shipped with those kernels and how many people used the vulnerable kernel and the averages of people updating on install… ‘simply’ citing the Linux CVEs are practically meaningless.” The FUD against Linux recently seems like part of a trend this month, with Microsoft partners behind it.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

4 Comments

  1. mjg59 said,

    February 27, 2013 at 2:57 pm

    Gravatar

    The patches in question do not include any blobs or keys. You should correct your first paragraph.

    Dr. Roy Schestowitz Reply:

    “The way we have come up with to get around this is to embed an X.509 certificate containing the key in a section called “.keylist” in an EFI PE binary and then get the binary signed by Microsoft. The key can then be passed to the kernel by passing the signed binary” -David Howells at LKML

    mjg59 Reply:

    Yes. It adds an additional keyloading interface to the kernel, alongside the keyloading interface that already exists. The only thing it changes is that it allows you to use a different key format. It adds no keys or blobs to the kernel.

    Dr. Roy Schestowitz Reply:

    I’ll amend the post.

What Else is New


  1. Ahead of Supreme Court Decision, the Patent Microcosm is Trying to Scandalise PTAB

    The Patent Trial and Appeal Board (PTAB), which defends many businesses from bogus patents and patent trolls, comes under fire from protectors of the trolls (or those who profit from patent Armageddon/legal chaos)



  2. Benoît Battistelli's Misbehaviour Condemned the UPC to Death

    Press coverage regarding the cause for Germany's decision to halt UPC ratification, with suspension pending in part owing to the serious abuses in Munich and Berlin



  3. The Patent Microcosm is Pushing Hard to Weaken Alice and Revoke PTAB's Authority Using an Upcoming Supreme Court Case

    Patent profiteers (not inventors) continue their shameful campaign against Alice and PTAB now that software patents are in shambles and many get invalidated without them being used litigiously



  4. News About Patents Dominated by Patent Trolls/Aggressors, Their Press Releases, and Sympathisers

    A collection of news items from yesterday, demonstrating just to what degree the narrative of patent trolls (or aggressors) is being spread by paying for distribution



  5. Amazon's 1-Click Patent Continues to Tarnish the Image of the USPTO and of Patents in General

    Public ridicule and scorn over the shallowness of patents granted in the US is inevitable (Amazon has a patent even on white background in photographs), demonstrating that patent maximalism does nobody a favour, only a great disservice to both patenters and the public at large



  6. Bristows LLP Tries Hard to Maintain the Illusion That UPC is Alive, Using Media Placements and Paid Plugs

    Ever-so-desperate efforts to keep the Unitary Patent (UPC) in headlines, even though nothing is happening and nothing is likely to happen any time soon



  7. Links 22/8/2017: Linux 4.13 RC6, Mesa 17.1.7, Wine 2.15, Android O

    Links for the day



  8. IRC Proceedings: July 2nd – July 29th 2017

    Many IRC logs



  9. IRC Proceedings: June 4th – July 1st, 2017

    Many IRC logs



  10. IRC Proceedings: May 7th – June 3rd, 2017

    Many IRC logs



  11. IRC Proceedings: April 9th, 2017 – May 6th, 2017

    Many IRC logs



  12. Patent Scope Recognised as Essential For Patent Quality, But Software Patents Continue to be Granted

    Patents that are toothless, clawless lions are being accumulated by companies that should know various courts would scrutinise these enough to rule them invalid



  13. Litigation and Patenting Versus Research and Development

    reminder of who's 'stealing' jobs from engineers and who it is done for (who benefits from mass taxation rather than actual production)



  14. The Federal Circuit Has Become the Go-To Place For Patent Appeals Arising From USPTO Errors

    Patent appeals that come to CAFC as a result of bad Patent Office decisions now outnumber the appeals coming from district courts (an extraordinary situation)



  15. The Truly Odd Concept of Design Patents, Which the US Supreme Court Might Crush Very Soon

    The epidemic of shallow patents, which has already resulted in patents on mere designs, be soon end; but not before an unprecedented gold rush for such patents



  16. Quality of European Patents Has Sunk, Value Diminished

    The trouble associated with declining patent quality at the European Patent Office and early warnings about it from the staff union



  17. The Notorious 1-Click Buying Patent Expired Rather Than Invalidated

    As proof of the fact that many bogus patents (typically on software) are worthless but not invalidated, we now have Amazon's patents reaching their end of life



  18. PTAB Crushes Software Patents and Patent Extremists Are Not Happy About It

    The Patent Trial and Appeal Board (PTAB), a legal facility which invalidates many software patents, still faces opposition from those who profit from software patents (not software developers)



  19. Software Patents and Patent Trolls Are Almost the Same Problem (Still)

    Apple just got sued again, Microsoft-connected patent trolls continue serial litigation against Microsoft's competitors, and a bike shop gets sued using software patents



  20. Links 20/8/2017: KStars 2.8.1, Fedora Design Interns

    Links for the day



  21. Lack of Independent Judiciary Under the Unitary Patent (Like Boards of Appeal Under Battistelli, in Defiance of the EPC) Will Possibly Kill the Unified Patent Court

    Germany, a key player in UPC negotiations (most patents at stake), cannot proceed to ratification and Britain's expected exit from the European Union further restricts any progress



  22. The Staff Union of the EPO Has Long Warned About Declining Patent Quality

    The quality of granted European Patents (EPs) has been declining sharply and the EPO's staff representatives have warned about it for a long time, only to find themselves severely reprimanded for telling the truth



  23. The EPO's Management Needs a Perception of Security Crisis

    The EPO follows that familiar pattern of writing about every Islamic terror attack in Europe (and in the US too) while media in Munich tells a story where facts are yet uncertain



  24. Links 18/8/2017: Wallpaper of Plasma 5.11, Oracle Liberates Java EE a Bit

    Links for the day



  25. Links 17/8/2017: Krita 3.2.0, New Raspbian GNU/Linux OS

    Links for the day



  26. Corruption at the European Patent Office and Systematic Bullying That Leads People to Suicide/Bankruptcy

    A look back at 3 years of intensive EPO coverage and what's coming up next (suppression of truth behind closed doors in the courtrooms)



  27. Supreme Court Decision on TC Heartland v Kraft Food Brands Group Already Vacates the Eastern District of Texas

    Patent trolls are losing their mojo as patent lawsuits drop 21% in the Eastern District of Texas and this collapse is expected to accelerate



  28. Media Dominated by the Patent Microcosm Spreads Myths and Defends Patent Trolls, Collectors

    Popular culture myths, such as Edison being a prolific inventor, and what we all ought to know about an actual patent epidemic (vast increase in the number of patents granted, bringing the total to over 10 million in the US)



  29. The Patent Trial and Appeal Board Squashes Many Software Patents (Abstract) and §101 Seems Safe From Lobbying by the Patent Microcosm

    The Patent Trial and Appeal Board (PTAB), together with the Alice-inspired §101, is an efficient eliminator of bogus patents on software and there is no end to that in sight



  30. Ericsson Hired From the World's Largest Patent Troll and Became a Massive Troll in Europe

    Ericsson's patent aggression campaign (even in Europe) carries on; it turns out the person behind this strategy came from Intellectual Ventures


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts