EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

02.27.13

Microsoft Much Worse Than Proprietary With ‘Secure Boot’ Scam, Pretends to be ‘Open’

Posted in Free/Libre Software, Microsoft at 1:50 pm by Dr. Roy Schestowitz

Emergency phone

Summary: Some of Microsoft’s latest technical attacks on Linux and some responses to EEE (embrace, extend, extinguish) tactics and FUD

Torvalds clearly refuses to give up by putting blobs and keys (similar to but worse than firmware) by adding Microsoft interfaces for Microsoft-signed keys inside the kernel, especially if these are Microsoft’s. This is major news that got the attention of journalists and a known Microsoft booster incites against Torvalds over this (just see headline and image here). Red Hat has been getting close to Microsoft again, so as one blogger put it:

  • Linus Bites RedHat

    It’s great that Linus does not support the idea of making M$ the keeper of the keys. We’ve had enough of that in IT for decades. Free Software needs to remain free of M$ and anyone else who wishes to lock out competition. Linus is not a great lover of FLOSS. His views are based on practicality. It’s stupid to lock Linux into M$. Does RedHat really believe it’s a great thing if millions of GNU/Linux boxes quit booting if M$ revokes a key via firmware upgrade etc.? Do they really think “secure boot” is about security of the world’s IT rather than perpetuation of M$’s monopoly on legacy x86 stuff? Using the damned keys to induce the world to take another step on the Wintel treadmill is just too tempting a fruit to trust M$ to leave it alone.

  • Closed !== Open

    I don’t think so. In the immortal words of Paul Maritz, “* to combat Nscp. we have to have position the browser as “going away” and do deeper integration on Windows. The stronger way to communicate this is to have a “new release“ of windows and make a big deal out of it. We will thus position Memphis as “Windows 98′. * IE integration will be most compelling feature of Memphis.“ Nathan Myhrvold wrote, “I think that it is CRUCIAL to make the statement we ask people about in the survey, or the statement we ask them to sign etc. is worded properly. Saying “put the browser in the OS” is already a statement that is prejudical to us. The name “Browser” suggests a separate thing. I would NOT phrase the survey. or other things only in terms of “put the browser in the 0S’‘. Instead you need to ask a more neutral question about how Internet technology needs to merge with local computing. I have been pretty successful in trying this on various joumalists and industry people.“ To sum up, is the company that brought waves of malware to the world of IT by integrating a totally insecure web browser with their OS in order to mess with competitors to be trusted as “open”? No. M$ is a closed corporation with closed products intending to close out competition by fair means or foul. Pretending to be open is just a means to delay the shift to real openness, FLOSS, or to slow that shift.

Even more Microsoft-apologetic circles accepted Torvalds’ skepticism. To quote one:

As it turned out, almost all of the Windows 8 machines that first appeared had Secure Boot implemented in such a way that Linux was locked out. Workarounds have appeared, but they are based on Microsoft-signed keys. As the maker of the dominant Windows operating system, Microsoft has a responsibility to protect fair play in a way that it didn’t here. In this day of virtualization and usage of multiple operating systems, it’s unfair to build an operating system around a methodology that allows for complete and utter lockout of other platforms. Torvalds’ reactions are only protests at the end of the chain reaction that all of this represented. The fact is that if Microsoft wants to be accepted as playing more fairly with open source these days than it ever has, it has carry that concept through to how it deals with everything it builds and how it deals with hardware makers.

Microsoft pretends to be open, but it’s not working. Here is another new embrace-and-extend attempt:

The expanded partnership between Microsoft and Hadoop distribution specialist Hortonworks has borne fruit with the release of a beta of Hortonworks’ Hadoop Data Platform for Windows.

With its hidden patches and a deal with Sourcefire Microsoft must have hoped to diss Linux some more. Watch this nonsense:

But simple vulnerability counts can give a distorted view. The Linux kernel is considered to be one monolithic project across the entire period, for example, while every version of Windows is a separate project. The total count of vulnerabilities for all Windows versions exceeds Linux. But then Windows is more than just a kernel. Add in all the software included in Linux distributions, and Linux goes back into the doghouse. Younan counted just the high-severity vulnerabilities, those with a Common Vulnerability Scoring System (CVSS) score of 7 or higher. Windows XP tops that list. “Windows Vista is at the number five position, even though Microsoft put a lot of effort into securing Windows Vista,” he said. “The Linux kernel isn’t even in the top ten.” Vista was the first version of Windows to benefit from Microsoft’s Security Development Lifecycle (SDL), the software development process created after Bill Gates’ Trustworthy Computing memo of January 2002. Yet from the vulnerability perspective, Vista looks like little more than a rough draft of Windows 7. Counting high-severity vulnerabilities alone, Flash Player is back in the top 10, at number five. The count of high-severity vulnerabilities doesn’t exhibit that 2012 uptick, only the steady post-2006 decline. However when looking at just critical vulnerabilities, those with a CVSS of 10, there’s no sign of a decline at all.

What silly way to count vulnerabilities. As one of the many comments points out: “I largely agree with Alex in Comment 3 (I also agree with Myth in Comment 1 that 22 != 25, but I digress). Without knowing which kernels had which CVEs reported against it, and which distros shipped with those kernels and how many people used the vulnerable kernel and the averages of people updating on install… ‘simply’ citing the Linux CVEs are practically meaningless.” The FUD against Linux recently seems like part of a trend this month, with Microsoft partners behind it.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

4 Comments

  1. mjg59 said,

    February 27, 2013 at 2:57 pm

    Gravatar

    The patches in question do not include any blobs or keys. You should correct your first paragraph.

    Dr. Roy Schestowitz Reply:

    “The way we have come up with to get around this is to embed an X.509 certificate containing the key in a section called “.keylist” in an EFI PE binary and then get the binary signed by Microsoft. The key can then be passed to the kernel by passing the signed binary” -David Howells at LKML

    mjg59 Reply:

    Yes. It adds an additional keyloading interface to the kernel, alongside the keyloading interface that already exists. The only thing it changes is that it allows you to use a different key format. It adds no keys or blobs to the kernel.

    Dr. Roy Schestowitz Reply:

    I’ll amend the post.

What Else is New


  1. Patents Roundup: Software Patents, Patenting Loopholes, PTAB, Patent Trolls, and Software Patents Propagandists

    A digest of recent news about (primarily) software patents and people who oppose or promote them in the United States



  2. Links 13/2/2016: Debian 6.0 EOL

    Links for the day



  3. The European Patent Office, Aloof/Apathetic to Inventors and Human Rights, Simply Cannot be Trusted With the Unitary Patent (UPC)

    The European Patent Office (EPO), once a source of great pride for increasingly-unified Europeans, not only wants to enjoy impunity but also wants to attain new powers, despite demonstrating that its interests are anything but European and are often detrimental to Europeans, not just to European inventors



  4. Feedback About Battistelli's 'Meet the President' Event in Rijswijk (4th of February, 2016)

    President of the EPO, the self-absorbed Battistelli, as described by those who attended his self-glorification event earlier this month



  5. Microsoft Continua Usando Patentes de Software para Extorsionar/Chantajear Incluso Más Compañías que Usan Linux, Forzandolas/Coerciendoles a PreInstallar Basura de Microsoft

    Acer es el último gran OEM que se ha convertido en la caza de brujas por parte de Microsoft contra preinstalladores de Android/Linux, a quienes esta coerciendo en convertirse en transportistas de Microsoft (o enfrentarse a litigaciones sobre patentes de software, con altos costos legales sino bloqueos con altísimos costos por arreglos secretos).



  6. Nuevas Protestas Contra La Vil OEP en Medio de Crisis Nerviosa de su Empleado Español (Después del Matoneo Institucional de Los Chacales de Battistelli), España Rechaza la Patente Unitaria UPC

    Enfrentando enorme presión de no-tecnicos Eurocráticos como Battistelli, España permanece FUERTE y RESISTE la Corte Unitaria de Patentes (UPC), que pone más poder en las manos de un cuerpo ABUSIVO que grotescamente discrimina contra los Españoles.



  7. Sólo Media Docena de Patentes Cubana Registradas en la OEP, Pero el Trístemente Célebre Battistelli Va a Cuba a Acumular Apoyo Baráto

    Ahora que España esta antagonizando a la OEP (y especialmente la UPC) el Presidente de la OEP ayuda a crear piezas de hojaldre en español cuando visitó Cuba y sus vecinos hispano-hablanetes que históricamente son renombrados por su gobernabilidad desaparecida así como su ilegalidad (como la OEP misma)



  8. In Lawyerland, Simulated UPC 'Trials' and More Extraordinary EPO Propaganda for Change That Would Harm Europe to Help Patent Lawyers and Their Big Clients

    A look at the latest wave of lobbying for the Unitary Patent Court (UPC), courtesy of patent lawyers who profit from patent disputes, and the utterly shameless marketing from the European Patent Office (EPO)



  9. Apple and Microsoft Cannot Keep Up With Android (Linux), More Layoffs Reported

    Having failed to grow (in the operating systems market share sense), proprietary software giants lose loyalty, try to attack the winner (Android/Linux) with software patents, and inevitably make their staff redundant



  10. Links 12/2/2016: Russian's Government With GNU/Linux, India's Wants FOSS

    Links for the day



  11. New EPO Protests Amid Nervous Breakdowns of Spanish EPO Employee (After Institutional Bullying by Battistelli's Goons), Spain Rejects the Unitary Patent (UPC)

    In the face of enormous pressure from non-technical Eurocrats like Battistelli, Spain remains strong and resists the Unitary Patent Court (UPC), which puts more power in the hands of an abusive body that grossly discriminates against Spaniards



  12. Only Half a Dozen Cuban Patents Filed at EPO, But Hugely Unpopular Battistelli Goes to Cuba to Garner Cheap Support

    Now that Spain is antagonising the EPO (and especially the UPC) the President of the EPO helps create some puff pieces in Spanish as he visits Cuba and neighbouring Spanish-speaking nations which are historically renowned for defunct governance and lawlessness (like the EPO itself)



  13. Nepotismo de la UPC, Abusos Políticos, y el Envolvimiento en la UPC de la Firma ¨Legal¨ que la OEP Contrato para Matonear a Techrights

    La Corte Unitaria de Patentes UPC, un sistema arregaldo esta siendo embestida por la gargant de Europa por la OEP. (Nos están metiendo la yuca). Sus grandes clientes (incluso extranjeros), con sus abogados de patentes para que todo el mundo los vea.



  14. Miembro del Parlamente Europe Resalta ¨Las Continuas Violaciones de los Fundamentales Derechos de los Empleados de la OEP¨

    Pregunta a la Comisión Europea de parte de la MEP Portuguesa Ana Gomes, publicado en el sitio del Parlamente Europeo.



  15. Links 11/2/2016: LibreOffice 5.1, HMRC and FOSS

    Links for the day



  16. Microsoft Continues to Use Software Patents to Extort/Blackmail Even More Companies That Use Linux, Forcing/Coercing Them Into Preinstalling Microsoft

    Acer is the latest large OEM to have become a victim of Microsoft's witch-hunt against Android/Linux preloaders, whom Microsoft is coercing into becoming Microsoft's carriers (or face litigation over software patents, with high legal fees if not injunctions or high damages upon secret settlements)



  17. EPO Brain Drain (Even Directors Fed Up With Team Battistelli) and Rumours About Battistelli Becoming President of the UPC

    Words heard through the grapevine of the European Patent Office (EPO), where staff is overwhelmingly against the managers and some people, including high-profile staff, add to the exodus



  18. More Than 20 Years in the Line: European Patent Office and Claims of European Convention on Human Rights Infringement Against Applicants/Stakeholders

    Gross incompetence and potentially an infringement of the European Convention on Human Rights at the European Patent Office (EPO), this time impacting an applicant (one of many in a similar position)



  19. UPC Nepotism, Political Abuses, and UPC Involvement From the Legal Firm That EPO Hired to Bully Techrights

    The Unitary Patent Court (UPC), a rigged system that is being rammed down Europe's throat by the EPO, its big clients (even foreign), and their patent lawyers laid bear for people to see



  20. Member of European Parliament Brings Up “Ongoing Violations of the Fundamental and Employment Rights of the Staff of EPO”

    Question to the European Commission from Portuguese MEP Ana Gomes, as published in the site of the European Parliament



  21. La Oficina Europea de Patentes Pretende que No Pasa Nada y Prepara una Feria de Vanidad

    La estrategia de relaciones públicas de la OEP cuya destructiva estrategia de patentes continua sin disminución (por ahora), se engancha en Colombia y se esfuerza en manufacturar el mito donde el público, examinadores de patentes, y aplicantes de patentes todos estan muy felices con la OEP.



  22. La ‘Internacional’ Commisión de Comercio Impone/Reenfuerza Patentes de Software para Establecer Otro Embargo

    La Comisión Internacional (sic) de Comercio se esta entrometiendo en competición de nuevo permitiendo a un gigante de los Estados Unidos Ciso en este caso, a potencialmente bloquear rivales (no importaciones del extranjero) usando patentes de software.



  23. Links 9/2/2016: Linux in Robotics, Hyperledger Project

    Links for the day



  24. Besieged Benoît Battistelli Mimics 'Damage Control' Tactics of FIFA or Blatter as More Judges Start Getting Involved in EPO Scandals

    Rumours and a new rant from Battistelli reinforce suspicions that actions are being organised behind the scenes, possibly as part of an upcoming, high-level campaign to unseat/dethrone Battistelli, who has become a reputational disaster to the European Patent Office (EPO), much like Sepp Blatter at FIFA



  25. Several Political Parties Directly Challenge the European Patent Office for Ignoring the Law, Not Obeying Court Orders

    Politicians make it crystal clear that the EPO, despite its unique status, cannot just raise its nose at the rulings of courts of law, definitely not in Dutch territory where the EPO operates



  26. Even the Legal Community is Upset at Benoît Battistelli for the Damage He Did to the EPO

    A recent article from lawyers' media (in German) speaks of the great damage (or mess) left by its current president, who has become somewhat of a laughing stock and growingly synonymous with farcical trials even in the circles of stakeholders, not just his own staff



  27. EPO Union (SUEPO) Getting Busted: “More and More People are Joining the Union, but Fewer and Fewer People Dare to Take on Leading Positions There.”

    The union-busting actions taken by EPO management in collaboration with Control Risks (for weak accusations against staff representatives) and FTI Consulting (for 'damage control') as described in a recent article, in the words of SUEPO lawyer Liesbeth Zegveld



  28. Microsoft's Copyrights- and Patents-Based Attacks on GNU/Linux Carry on

    The SCO case is still going on and Microsoft has just signed a patent deal with GoPro over its FOSS-based software, relating to “certain file storage and other system technologies”



  29. The EPO's Benoît Battistelli is the Dictator Who Can No Longer Dictate Like He Used to

    The European Patent Office's mechanism of oversight is starting to work just a little because, based on a new report from Juve, Battistelli is now reluctant to make proposals that would prove unpopular among delegates



  30. La Más Detallada Explicación (hasta ahora) de ¿Qué esta mal con la OEP?

    La insistencia de la OEP que permanece arriba de la ley no sólo est bajo fuego en los medios pero también esta siendo desafiada basado en personas familiares con la aplicabilidad de la ley a organizaciones internacionales.


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts