03-27-2013, 04:15 PM
To be fair I have to admit that I am biased. So please don't make a judgement based on what you've read me say. Try it for yourself and see what you think. Personally I think it is a pain in the ass that is designed as a restriction mechanism. Sure it can be subverted but the vast majority of people won't.
It is called "Secureboot" But it doesnt do jack shit for security. It should be called "Restrictboot" because that's what it does.
03-27-2013, 04:18 PM
Untrue. It protects against subversion of the early boot process, which would otherwise be undetectable by any anti-malware code. It may not add any security that *you* care about, but it's simply a lie to say it adds no security.
Originally Posted by duby229
03-27-2013, 04:22 PM
So what prevents a malware author from using an existing key? (Or having a list of known keys for that matter)
03-27-2013, 04:35 PM
Originally Posted by Sonadow
- There are ARM-based cromebooks, which can be used for light work: no CAD but you can use them as developer platform for ARM devices.
- AMD has already announced their next server technology will be using ARM.
- Parallella project is developing an ARM-powered desktop supercomputer.
- In my country the famous Mont-Blanc Project will use the same ARM CPU as the above cited Chromebook for building the fastest supercomputer ever. They wait about 10 times more performance than TITAN supercomputer using the same 9 MW. Is this serious enough for you "doing real work"?
03-27-2013, 04:37 PM
Ok, so then ask yourself this very important question: Unless you directly access the hardware, when are those attacks possible? I give you the answer: Through the operating system.
Originally Posted by mjg59
If we think further, which company sells the most successful OS of all time _and_ proposed the SecureBoot standard as a standard way of certification for their OS? You are right, it's Microsoft.
What this leads to is the thought: Why force the hardware-vendors to implement a "security"-mechanism when the actual problem is the OS it is bound to? Isn't it Microsoft which should fundamentally change the security-model of their still-based-on-NT-OS to fullfil contemporary security-demands?
For me, the case is clear. Microsoft attempts to kill two birds, or rather, two penguins, with one stone:
1) Advertising a feigned security-mechanism to whitewash their OS in regards to ongoing criticism on their security
2) Making it relatively extremely hard for the average Joe to try out other operating systems on given certified hardware
3) Forcing hardware-vendors to either adapt to the unfair licensing model or be left in the dust with non-OEM versions, which is expensive, falsely stating to promote a section of the UEFI-standard
In this perspective, this plan is actually quite smart and I am looking forward to this case being solved in the interest of the users and not in the interest of one company.
Last edited by frign; 03-27-2013 at 04:47 PM.
03-27-2013, 04:42 PM
Very interesting! I think a better analogy would be that of a store full of Bieber certified CD-players which were locked to play only Bieber CDs which a false excuse of "it is a security issue".
Originally Posted by curaga
03-27-2013, 04:55 PM
I think you misinterpreted me, because I was trying to say that Microsoft recent move has nothing to see with security issues but is a unfair attack to competitors such as linux.
Originally Posted by brosis
I agree with almost all what you say except the part saying that OEMs had not other option. They have and this is why Dell and HP are selling computers with linux pre-installed. This is why there exist OEMs who only install linux in their computers.
Regarding the mayority of OEMs vendors who signed exclusivity with Microsoft, they are now suffering from that bad move. I know here a well-known store that sells all the computers with linux, but cannot sell the larger computer stock with Windows 8. They are losing money now and crying...
03-27-2013, 04:57 PM
SecureBoot is good for:
-Easier to program
-Seamless boot experience
-Better BIOS (you know what i mean) interfaces
-4GB+ Hard Drives
-Conveniently lock Linux away and call it a 'BUG' (it already happened)
SecureBoot is not a method to improve security!!! This was already proven!!!
Windows shoudln't even be able to sold together with computers (it's illegal, by the way). At most, and i strongly emphasize the at most Windows could come pre-installed and those who so choose would be able to buy a Key and activate it.
03-27-2013, 04:57 PM
Following the Bieber analogy:
All the CD's being sold are Bieber CD's. Some pirate radios play other music but you have to know how to find them, tune on to the right channel and record the music yourself in order to play it on a CD. But wait! No one sells empty CD's. (For the purpose of the analogy, let's assume all CD's are rewritable). So the only way to get other music is to buy a Justin Bieber CD, and record other music on top of it.
There are some specialist stores that sell empty CD's, but they are actually more expensive than Bieber CD's. And they are few and far between. So most people just end up buying Bieber CD's and recording over them.
But not so fast! Suddenly Bieber's recording label decides that the next CD they release needs to have a mechanism that makes it really hard to record over the CD's. They devise some kind of DRM scheme, and leverage the CD-player manufacturers that their players must implement this DRM that prevents recording on top of Bieber CD's. They justify this as protecting the consumer's CD player from malicious music. Music aficionados know how to circumvent the DRM, but it is way too difficult to the layman.
At the same time, there are a couple of small bands - one is called Frank & The Flying Fedoras, and another is some kind of ethnic world music, sounds kind of African - who collaborate with Bieber's recording label to get their songs released in such a format that they can be recorded on the Bieber CD's. Now you can easily listen to Frank & The Flying Fedoras by inserting your Bieber CD, tuning in to the right station and pressing rec, but if you try to listen to any other music, you have to circumvent the DRM. Also, Frank & The Flying Fedoras can only be listened to with certain volume & EQ settings. If you want to change the settings, you again have to circumvent the DRM.
The end result is that Bieber keeps getting richer and more obnoxious, and everyone is sick of him, but most just sort of grudgingly accept that if they want to listen to music, they have to tolerate him. Meanwhile the underground music scene is divided. Some people are really pissed at Frank and the other bands for going along with this idiocy, while others defend Frank and say he's doing good work making music more accessible - it's just a fact of life that you have to work with Bieber, they say; no one likes it, but what can you do, let's be realists here, they say.
03-27-2013, 05:07 PM
Originally Posted by dee.