Feeds

back to article Germany warns: You just CAN'T TRUST some Windows 8 PCs

Microsoft's new touchy Windows 8 operating system is so vulnerable to prying hackers that Germany's businesses and government should not use it, the country's authorities have warned in a series of leaked documents. According to files published in German weekly Die Zeit, the Euro nation's officials fear Germans' data is not …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge
Windows

Just when you thought it couldn't get any worse..

Whether the story is true or not doesn't even matter any longer. One way or the other; it's another nail into the coffin that is Windows 8.

How much more will follow? More importantly: when will Microsoft finally wake up and start working their way out of this mess?

46
3
Silver badge

Re: Just when you thought it couldn't get any worse..

> when will Microsoft finally wake up and start working their way out of this mess?

I'm thinking "never".

Ballmer is heavily invested in Metro/Win8, and he's such a major stockholder in Microsoft that he effectively is impossible to dethrone. There are also strategic considerations - Microsoft presumably still believe that the PC is dying and that it MUST shift to mobile devices even if it P's off their PC customers.

I expect they'll keep doing what they did with Win8.1: make the smallest possible concessions to their PC users, while pressing on with the migrate-to-mobile plan.

15
1
FAIL

It gets even better:

Apparently, MS is forcing manufacturers to include TPM 2.0 into their products if they want to be "Windows 8.1 certified", starting from 2015. Good luck finding a new PC without a working TPM afterwards.

I usually regard myself as a conservative IT guy who still likes doing most things on a good old PC, but if this really is the future of X86/X64, I will seriously consider switching to some different architecture when my current machine breaks down. Damn the inconveniences.

32
1
Anonymous Coward

Re: Just when you thought it couldn't get any worse..

The article is complete and utter bollocks. There is no known issue with the TPM.

1
61
Bronze badge

Re: It gets even better:

I say we continue to loudly protest this kind of nonsense and the PC makers participation in it. Even if we have to embarrass the heck out of the PC makers for allowing themselves to be pushed into this kind of thing.

14
0

Re: Just when you thought it couldn't get any worse..

And the reason we shoulkd believe you instead of the German security bods is?

29
0
Silver badge
Thumb Up

Re: It gets even better:

when will Microsoft finally wake up and start working their way out of this mess?

.. I'm thinking "never".

Excellent.... excellent.

white_fluffy_cat.jpg

6
1
Silver badge

Re: Just when you thought it couldn't get any worse..@AC 11:23

Read this,

http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

and then review your comment.

It's now 10 years old, but lays down what Trusted Computing means to Microsoft and other vendors.

7
0
Bronze badge
FAIL

Re: Just when you thought it couldn't get any worse..

Those who can read have a clear advantage... (Old German saying!)

The Story was NEVER ABOUT TPM.... ITS ABOUT TPM v2.0!!

3
0
Bronze badge

Re: Just when you thought it couldn't get any worse..

Haha, you couldn't have said this at a more wrong time, they have just announced that Steve Ballmer will retire within the next 12 months!

4
0
Silver badge

Re: Just when you thought it couldn't get any worse..

I love how they always give shit a cute name that is about the opposite of real life.

Fair Play, Plays for Sure, Open Cable, are other examples.

Trusted? Not by me!

27
0
Anonymous Coward

Re: Just when you thought it couldn't get any worse..

"I'm thinking "never". Ballmer is heavily invested in Metro/Win8..."

I guess that's why Ballmer announced he's retiring...

5
0
Gold badge
Meh

Re: Just when you thought it couldn't get any worse..@AC 11:23

"http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html"

Indeed. This is not security for users it's DRM for Big Media, and given what is known of THE PATRIOT Act a helping hand to the NSA.

There's just one little problem.

Unlike Google (where you don't pay and you're not the customer, you're the product) with PC's you're paying for the privilege.

I wonder how customers will react to that information?

17
0
Anonymous Coward

Re: Just when you thought it couldn't get any worse..

Yes, scare stories and FUD.

1
20
Anonymous Coward

@Tom35 - Re: Just when you thought it couldn't get any worse..

Did you ever thought that TPM is about you trusting your machine ? Or your machine trusting you ?

4
2
Anonymous Coward

Re: Just when you thought it couldn't get any worse..@AC 11:23

You cite a decade old article, I correctly guessed it was by Ross Anderson. Ross does some important work, but he doesn't half talk it up and it's always big business or banks who are insecure, never FOSS. This is not one of his finer papers.

1
14
Bronze badge

Re: @Tom35 - Just when you thought it couldn't get any worse..

Yes that's the way it should be working... But, noooo lets use it for invasive DRM protection instead!

And if MicroSoft can put the Boot on the thought of Linux a little bit harder.... So much the better!!

9
0
Silver badge

Re: Just when you thought it couldn't get any worse..@Tom35

Add Windows Genuine Advantage to that list of names which mean the opposite.

13
0
Facepalm

Re: Just when you thought it couldn't get any worse..

"The article is complete and utter bollocks. There is no known issue with the TPM."

What about the unknown issues then, smartie pants.

1
0

Re: Just when you thought it couldn't get any worse..

"Ballmer is heavily invested in Metro/Win8, and he's such a major stockholder in Microsoft that he effectively is impossible to dethrone. "

Great day to make that post!

2
0
Silver badge

Re: Just when you thought it couldn't get any worse..

"More importantly: when will Microsoft finally wake up and start working their way out of this mess?"

I don't think they will. As far as I can see, Microsoft does not possess a reverse gear.

2
0
Silver badge

Re: Just when you thought it couldn't get any worse..

"There is no known issue with the TPM."

As far as you know, perhaps.

3
0
Silver badge

Re: Just when you thought it couldn't get any worse..@Tom35

"Add Windows Genuine Advantage to that list of names which mean the opposite."

Not really. It's a genuine advantage for Microsoft.

7
0
Silver badge
Unhappy

Re: Just when you thought it couldn't get any worse..

No, no, no, it's working perfectly and has no known issues.

Trouble is that it's designed for the benefit of Microsoft, Intel and all the other proposers of the specification and NOT for the user.

So, it's working as intended, to control your use of YOUR machine.

Whoever would have thought that the peasants (us) would be willing to pay for the privilege of being controlled by these bastards?

8
0
Anonymous Coward

Re: Just when you thought it couldn't get any worse..@AC 11:23

"Ross does some important work"

OK.

"it's always big business or banks who are insecure,"

So it would seem, most of the time. Maybe that's his speciality? Perhaps you're not aware of his works on e,g, smartmeters? (it's hidden on one of his university pages).

"[it's] never FOSS [that's insecure]"

Wtf? How did FOSS suddenly reach the front of your agenda? Banks are commonly featured by Anderson because they've been shown to lie repeatedly about how secure things are. And when something is insecure, the banks don't pay the price, they pass the cost on to their customers.

I do actually agree that it would be great if Anderson (or his team) would broaden their fields a bit. Infrastructure cybersecurity (yuk) seems to be a popular subject recently, and why not. Some realism would be welcome though. Maybe he could look there.

Maybe he could have a look at the safety critical systems and software going into the Dreamliner (given the apparent state of regulatory approvals to date on that aircraft, I'd be particularly worried about the safety critical stuff). And so on.

In fact I'd be quite interested if someone (anyone) would have a look at the software and system safety in a typical modern vehicle, where increasing numbers of controls are drive-by-wire, with increasingly complex software in the middle.

5
0
Anonymous Coward

Re: It gets even better:

China will be happy to provide "clean", "not-prepared for PRISM" hardware. Maybe this will carry gifts of its own, but, at least the Chinese are not sending combat robots to kill people on hearsay and rumours.

8
0
Anonymous Coward

Re: Just when you thought it couldn't get any worse..

"There is no known issue with the TPM"?

Like, the whole idea, right from the beginning and at theory level?

Giving total and uncontrollable remote control to _every machine_ to Microsoft and US Spooks, meaning NSA, on mandatory hardware?

No issue at all, eh? For who?

6
0
Anonymous Coward

Re: It gets even better:

Trusted computing was proposed quite some time ago. Many saw it as the death of piracy but also of Linux and the DIY software market.

It seems as if it has been sneaked into existence in the last few years.

6
0
Anonymous Coward

Re: It gets even better:

The irony is that the problems Windows has is the driver for all this tech and the loser ends up being rivals to Windows.

0
0
Facepalm

Re: Just when you thought it couldn't get any worse..

You not knowing of it might be the point of it's existance.

0
0
N2

Re: Just when you thought it couldn't get any worse..

Agree entirely,

They seem as happy as pigs in shit, until the money stops coming in,

Never mind, I suspect they will sprout wings & fly one day.

N

1
0
Anonymous Coward

Re: Just when you thought it couldn't get any worse..

Because the most basic of research shows that these articles are spouting pure garbage. There is no known vulnerability with TPM 2.0

A more rational overview is "we are not dealing with a security vulnerability ... Rather, this is about the worrying fact that a system you own might stop working for reasons that are completely beyond your control."

and

"In particular, on hardware running Windows 8 that employs TPM 2.0, unintentional errors of hardware or the operating system, but also errors made by the owner of the IT system, could create conditions that prevent further operation of the system. This can even lead to both the operating system and the hardware employed becoming permanently unusable. Such a situation would not be acceptable for either the federal authorities or for other users. In addition, the newly-established mechanisms can also be used for sabotage by third parties."

Which of course could be true of ANY pierce of hardware, or of the OS itself, or of any of its drivers - so this is basically a steaming pile of bullshit. There is no significant issue here. If there is a ever a bug that breaks TPMs then it will likely be fixed. No such bug exists to date and TPMs work fine on millions of systems.....

0
6
Anonymous Coward

Re: Just when you thought it couldn't get any worse..

What about the unknown issues with any OS, the chipset, the CPU, the devices drivers? It's just complete meaningless FUD.

0
3
Anonymous Coward

Re: Just when you thought it couldn't get any worse..

TPM is only really used by corporates out of choice to secure the boot encryption keys on Bitlocker protected disks. I have never yet seen it turned on with a home PC. So this is still a complete non issue for end users.

If the Krauts decide a hardware chip specifically designed to secure the boot keys is not good enough for them, what exactly do they propose to use instead? Not using anything is certainly less secure....

Seems to me that this is simply stating the obvious. Any part of a computer could have a fault, and not using TPM doesn't change that..

0
5
Anonymous Coward

Re: Just when you thought it couldn't get any worse..

"Giving total and uncontrollable remote control"

It doesn't give anything of the sort. TPM just stores the boot keys.

0
5
Anonymous Coward

Re: It gets even better:

More bullshit. TPM is a hardware industry standard - not a Windows standard as such:

Oracle ships TPMs in their recent X- and T-Series Systems such as the T3 or T4 series of servers. Support is included in Solaris 11.

Google includes TPMs in Chromebooks as part of their security model.

VMware's ESXi hypervisor has supported TPM since 4.x, and from 5.0 it is enabled by default.

PrivateCore vCage uses TPM chips in conjunction with Intel Trusted Execution Technology (Intel TXT) to validate systems on bootup.

0
5
Anonymous Coward

Re: Just when you thought it couldn't get any worse..

>"Giving total and uncontrollable remote control"

>It doesn't give anything of the sort. TPM just stores the boot keys.

So that'll be why we're being blessed with AMT then, eh RICHTO? TPM's high availability remote access evil twin.

3
0
Silver badge
FAIL

Re: Just when you thought it couldn't get any worse..@AC 11:23

"it's always big business or banks who are insecure, never FOSS.

I guess you are posting a/c so this bit of ludicrous nonsense will fly under the radar.

It is simple when you think about it. FOSS has vulnerabilities, just like anything else. The difference is that with the source being accessible, bugs and such can be identified and fixed. This is more than can be said for closed source projects where the trend seems to be to wait for faults to be reported...and/or deny/scream/ignore said problems.

If nothing else, one could compare the number of successful attacks against Linux (widely used in the infrastructure) against the number of successful attacks against Windows. Let the figures speak for themselves.

5
0
Anonymous Coward

Re: Just when you thought it couldn't get any worse..

"that'll be why we're being blessed with AMT then, eh RICHTO? TPM's high availability remote access evil twin."

I was thinking that too. I've always wanted to be able to VNC in to the BIOS while no one's looking.

2
0
Silver badge
Big Brother

@Nematoad 24/8/13 15:02

"Whoever would have thought that the peasants (us) would be willing to pay for the privilege of being controlled by these bastards?"

From time immemorial, old Toady, 'twas ever thus.

It's always been one set of utter bastards screwing the majority - some may have been a little more subtle, and perhaps not quite so vicious.

But screwed we have been, and screwed we continue to be!

1
0
Silver badge

Swings and roundabouts....

this in theroy could apply to almost ANY OS / System.

As soon as you turn on ANY auto updating feature, regardless of OS, you are at the hands of someone else, unless YOU actually go through every single line of code and validate it prior to install.

8
4
Anonymous Coward

Re: Swings and roundabouts....

indeed, but then you aren't able to "go through every single line of code and validate it" with Microsoft, and the kernel of some OS are reviewed by many people openly before it every gets to your "auto-update" feature

29
0
Silver badge

Re: Swings and roundabouts....

This is much deeper than the auto-update feature, we already have that with most OS including Windows.

This is about stopping any way of monitoring code by means of a VM or debugger without the OS knowing. While that could be used for malware protection, that is not the primary reason why this was developed. It was developed for money - to toughen DRM and/or prevent users from things that go against the vendor's policy - like installing software that has not come from a walled garden pay-store, for example.

What I think the Germans are concerned with is this ability for the OS to hide its actions by not running (or running in a different mode) if there is any attempt to analyse it. Added to that you have the machine-ID aspect which a lot of organisations would love to have - a definite way of tying on-line activity to a specific machine.

28
0
Bronze badge
Mushroom

Re: Swings and roundabouts....

"indeed, but then you aren't able to "go through every single line of code and validate it" with Microsoft,"

Yes you are:

http://cyber.law.harvard.edu/ilaw/brazil03/ms.html

http://referencesource.microsoft.com/

0
11
Silver badge

Re: Swings and roundabouts....

Really, you can get *ALL* the code for windows and build it yourself? Including those modules considered "DRM" or "security", and promptly for all patches?

Why have the Germans not been aware of this openness?

10
0
Bronze badge
Alert

Re: Swings and roundabouts....

One question.... Where?

0
0
Silver badge

Re: Swings and roundabouts....

"As soon as you turn on ANY auto updating feature, regardless of OS, you are at the hands of someone else, unless YOU actually go through every single line of code and validate it prior to install."

Isn't that true of any update - automatic or otherwise?

Sure, if you don't turn on auto-updates you retain the right to stare suspiciously at the one-line description of each patch for as long as you have to spare, before muttering, "I guess it must be OK" and accepting it.

1
1

Re: Swings and roundabouts....

@Paul Crawford "Really, you can get *ALL* the code for windows"

Yes. It's called a disassembler. You can get all the code to anything that runs on a PC. It might not be nice commented C source, but it's still there.

0
6
Silver badge

Re: Swings and roundabouts.... @El Andy

just don't use your disassembler in the US. There's clauses in the DMCA specifically banning reverse engineering.

I'm also interested in your disassembler. Are you that fluent in x86 machine code? Can you really gleen from the executed code what the software writer was trying to achieve without access to the meaningful variable names, structure definitions, function names (missing if the symbol table has been stripped), argument types and comments? If so, you are in a class of your own, so much better that anybody else in the world (and yes, in my time I have tried to do exactly what you suggested, and even had some limited success)

In order to get access to what Paul Crawford wants, you would need a de-compiler which was able to reconstruct the C, C++ or whatever language the various parts of Windows are now written in, including removing all the optimisations that not only change the generated machine-code, but in some cases completely eliminate sections of code. And you had better hope there is no self-modifying code in there anywhere!

If you have such a de-compiler, you should be immensely wealthy, because what you would have would be tantamount to magic.

1
0

Wait for the leak

It is just a matter of time until someone spills the beans. If the spooky spying was a rage, then the spooky spying as a backdoor would pop the entire (proprietary) industry to bits.

If anyone is naive enough to think that the software vendors are /not/ in bed with the spooks has a deranged attitude far from reality. Of course are there backdoors being created; we've seen the virus/worm/malware/... shit already hitting the fan at several occasions.

I have heavily invested in popcorn factories and are awaiting the inevitable stock surge.

17
1

Page:

This topic is closed for new posts.