|
|
Subscribe / Log in / New account

Garrett: UEFI secure booting (part 2)

Garrett: UEFI secure booting (part 2)

Posted Sep 23, 2011 16:29 UTC (Fri) by k3ninho (subscriber, #50375)
In reply to: Garrett: UEFI secure booting (part 2) by hannada
Parent article: Garrett: UEFI secure booting (part 2)

>If UEFI turned out to be the Silver Bullet that would finally put an end to all malware, we'd have to concede that MS has accomplished something good.

Like identity cards with lots of details stopped people from denying political regimes like that in Hitler's Germany? (I know that this is a potentially sticky example, but it's a real time and place where showing your papers was expected and used to enforce rules.) The counterfeiters will co-opt the process and steal Windows' signing keys so that they can pass themselves off as the authentic article, and they'll probably do it without too much trouble.

I'm going to call this a piece of 'security theatre' -- it's show. While it might make some malware attacks more difficult, there are a few things we need to remember:
* we're the customers of the device manufacturers, so we should be able to influence the product choices available (so I'm preparing a letter to write to the people who sell me hardware, which says that I want to buy their hardware and I want to choose what software I run on it);
* we haven't exactly seen a track record of good security practice from Microsoft;
* the anti-trust implications of the Windows Logo program needs to be referred to our lawmakers;
* finally, we will want to weigh up this prospect of buying a Windows-8-badged device with limited liberty to use its general-purpose components against the adage about trading-eternal-liberty-for-temporary-security.

Take care.
K3n.

to post comments

Garrett: UEFI secure booting (part 2)

Posted Sep 23, 2011 16:39 UTC (Fri) by cesarb (subscriber, #6266) [Link] (1 responses)

> finally, we will want to weigh up this prospect of buying a Windows-8-badged device with limited liberty to use its general-purpose components against the adage about trading-eternal-liberty-for-temporary-security.

This made me think of something. What if someone starts using it as FUD? "Do not buy computers with a Windows 8 logo, <insert bad thing here>." Even if the bad thing mentioned is not true, it does not matter; nontechnical users would not be able to tell the difference, and having heard that "Windows 8 has something that prevents you from booting other operating systems" (I know this sentence is a very badly mangled version of the issue, but it is how nontechnical people would perceive it) makes them more inclined to believe on the bad thing mentioned.

This could backfire for Microsoft if someone plays this angle.

Garrett: UEFI secure booting (part 2)

Posted Sep 23, 2011 17:40 UTC (Fri) by cjwatson (subscriber, #7322) [Link]

Noting that Microsoft's response says something like (sorry, from memory as I'm typing this on my phone) "no compromise on security", I think the best way to respond to this in the public arena is to note that it's *securing the wrong thing* - it's securing the computer against its legitimate owner and user!


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds