Feeds

back to article China puts Windows 8 on TV, screams: 'SECURITY, GET IT OUT OF HERE!'

China has stepped up its war on Microsoft's Windows 8 operating system with a report in state-backed media that questions the security of the software. In a one and a half minute segment aired on China's CCTV television channel, journalists reported that the Chinese government is concerned by the security of the Windows 8 …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

Software piracy?

Quote: Although China is a strategically important growth market for many IT vendors, it's not viewed as a particularly lucrative one by software companies due to its eye-wateringly high rates of piracy.

Since the government stance is ignore piracy of items developed outside it's borders (hardware, software, consumer goods, etc.), no one really wants to jump into the market. They would lose before they sold the first product.

However, a home brew OS would have the necessary protections from the government along with enforcement provisions. And the family will get the bill for the bullet. Piracy issue solved.

Yes, I believe they have a right to have their security concerns just as we (US and others) have ours. Espionage, spying, cyberwar... it's all a reality and no one is winning.

14
1
Anonymous Coward

Re: Software piracy?

I'm afraid China doesn't work like that. They will copy it & pirate it if it is of Chinese origin or not.

The only concern is if money can be made from it.

And the risks are really not as high as you suggest, as long as you get a friendly official and a scapegoat to take the rap when the police need to get an arrest to hit a government set KPI then you're good.

2
1
Silver badge

Re: Software piracy?

You assume it's commercial. They'd probably be quite willing to spend tax money on developing the software and giving it away free within China if doing to brought economic benefits greater than the development cost.

0
0
Silver badge

Re: Software piracy?

"However, a home brew OS would have the necessary protections from the government along with enforcement provisions."

Certainly the latter. But they've already tried this and failed. Who now remembers Red Flag Linux?

Given the vast number of alternative distros in Western markets, you might assume that home brewing an OS isn't that big a deal, but the reality is that there's precious few competing desktop operating systems, even from those regimes (China, Russia, Iran etc) who might seem to have a damn good reason to want an OS not under US control, and who you'd assume could throw the necessary resources at the matter.

Maybe all the recent NSA/GCHQ news has persuaded them that enough is enough, and they'll deliver Red Flag Linux 2 this time and force nationwide adoption (to be followed by all non-Western powers copying the approach but not the software). In that case the world's "security" agencies can sit back knowing that there's far less chance of easily snooping foreign powers, and they can concentrate on inspecting the underpants of their domestic populations. Many might conclude that was the real objective in the first place, because the political elite in all countries aren't really interested in real democracy, merely the sort that gets the right one person elected (eg Syria, Russia, China), or the supposedly "free world" version in which two sets of indistinguishable and incompetent clowns play buggins turn, not really minding who wins so long as they get their turn in due course (eh UK, US, France, etc).

2
0
Silver badge

Re: Software piracy?

Stop being so cynically realistic Led

0
0

Wow! That is a mighty, mighty thing for China to be saying. However, it does warrant a closer look to see if Windows 8 is forcing the storage of the private data mentioned on US based servers outside of any safe harbour agreements. This could have really serious implications obviously, if there is a grain of truth to that.

That said, there is a lot of hypocrisy in this, as China are the biggest source of attempts to get into my home network. It's got so bad I've had to block access to and from the whole country at the firewall. Statistically we'll always see that though, given the size of their population.

9
0
Bronze badge

China are the biggest source of attempts to get into my home network

Seconded:

Alias CIDRs Packets

pfBlockerAfrica 2734 71

pfBlockerAsia 16048 25243

pfBlockerEurope 19837 12658

pfBlockerNorthAmerica 1949 323

pfBlockerOceania 146 6

pfBlockerSouthAmerica 2398 1261

Most of "Asia" is China in the above.

Note the above should not be taken too far out of context - whole swathes of the world are still not blocked out of hand but there are a lot of CN hits. Mind you Europe n Russia are pretty popular as well.

Cheers

Jon

4
2
Stop

Re: China are the biggest source of attempts to get into my home network

I get my ranges from a few web resources and drop them in as tables.

As well as China, I also block Ukraine, Russia, Latvia, North Korea & Vietnam. Seeing any patterns here?

Apart from the occasional oddity, which I set an early rule for, I don't find myself missing out on a single thing and I'm seeing totals on par with yours.

0
0

Not forcing so much, but you'll find that Windows 8 does its best to get you to use Skydrive for all your documents, pictures, etc. And of course to do so you'll need an account. And yes, that data is going to the US and as we already know, the safe harbour agreements are meaningless.

As for 'attacks' on my network. Over the last few weeks it seems to be a pretty even split between Russia, the US, China and the rest of the world combined.

12
0
Bronze badge

Safe Harbour

The world changes, Hong Kong was a British safe harbour, that is why it was important, safe from storms, I don't think we can compare what is offered by the current US/EU safe harbour agreement as safe from anything, so many holes it could sink a battleship :-(

3
0
Anonymous Coward

Re: Safe Harbour

Safe Harbour was never about "safe keeping of data", it was only "keep our income safe" of US companies which would otherwise be already out on their ear because of the severe weakening of due diligence requirements in the US legal system. Post Snowden, Safe Harbour is pretty much dead AFAIK, but there is apparently a v2 in the make. If that is again based on self certification and only FTC slaps on the wrist with a wet noodle if you lie about your compliance it will roughly have the same value as v1: none whatsoever.

Safe Harbour is basically politics, forced by the US under threat of trade restrictions because otherwise the EU would have already made it hard for US companies to host EU data. Not sure how v2 will pan out yet, but if your business is in any way dependent on personal information I would very much advise to avoid any US provider, or providers that have their HQ in the US or you be find yourself in breach of Data Protection.

1
0
Anonymous Coward

However, it does warrant a closer look to see if Windows 8 is forcing the storage of the private data mentioned on US based servers outside of any safe harbour agreements.

As the recent Irish email case has proved, safe harbour agreements are meaningless where the American Government are concerned.

5
0

Not many hacks from the US then

The yanks don't need to hack your network from the outside. They have a device on your motherboard.

1
0
Bronze badge
Alert

Re: China are the biggest source of attempts to get into my home network

I've seen as many as 500 attacks from China in two minutes on one of my high-profile websites.

1
1
Silver badge

Re: China are the biggest source of attempts to get into my home network

China are the biggest source of attempts to get into my home network

So I heard you like spring rolls!

0
0
Bronze badge

You ignore China to your peril

The writing could really be on the wall for MS int al. Whatever you think of China, it's a huge, huge, err pretty damn big market.

The eye-wateringly* large rates of piracy are for now a bit of a blip or a harbinger of the way things will be in the future when piracy will be unnecessary as we all sink into the relaxing bath of Open Source software. Mmmm.

To refuse a sovereign government the right to review source (or me for that matter) is pretty rubbish, no matter what you think of them and their politics (or mine.) I suspect the story misses one or two facts somewhere.

Trust me, this is simply another small point along the path of how the world is changing rather quickly and the IT field will be unrecognisable in, say, a decade. Not sure what it will look like - that's what I (don't) pay el Reg to tell me.

Cheers

Jon

* Google, you slaaaag - you can't spell: "wateringly" is a perfectly reasonable English (en_GB) word. You simply whack on -ly to make a word an adjective. I think it's called a gerundive or something. You get extra points for doing it to a compound word.

7
6
Bronze badge

gerdesj

add -ly also is very valuable in Scrabble

5
0
Bronze badge

Re: You ignore China to your peril

"refuse a sovereign government the right to review source" - Arrhhh, it sounds like your one of these people that think the government has the right to poke around in whatever they want. If you want to keep your source private, that your choice and the market will make up its own mind about that. For a government to demand access to it? Thats wrong, along with them demanding access to most other data.

4
3
Gold badge

Re: You ignore China to your peril

No source, no sale, now ship off, Shirley.

3
0
Silver badge
Happy

Re: You ignore China to your peril

@bigtimehustler, you are completely right, Microsoft decides about their source code, but you should also remember the fuss MS made about letting governments audit the source earlier.

As having spent many years programming in machine code or processor code if you like, I would like to point out that you cannot hide behind binary, it's all there to be studied. A tedious task yes, but doable. I still love machine code and the number of instructions I still remember from 1970 is amazing. Also in those years we used "line spies" to test and debug transmission protocols, so you cannot hide what a computer or say, a router, sends and receives either. Encrypted data would make that more difficult but I think you would still see where it's sent to.

2
0
Silver badge

Re: You ignore China to your peril

"Whatever you think of China, it's a huge, huge, err pretty damn big market."

Not for software, or foreign IP, branded goods etc. A market is where you have a meeting of demand (a desire to purchase backed up by the means to pay), and supply (a willingness to sell at some price offered by a segment of potential buyers. China is still (on a per capita basis) a very poor country, and culturally (as with all emerging economies, including the US and Europe in their times) expensive stuff is there to be copied or stolen.

0
0
Anonymous Coward

Microsoft just cannot win; XP is highly pirated and now the government is telling people not to buy Windows 8 which is the only desktop version of Windows still being sold.

2
0
Anonymous Coward

only desktop version of Windows still being sold.

You mean they dont actually have a viable product at the moment?

18
2
Coat

Re: only desktop version of Windows still being sold.

"You mean they dont actually have a viable product at the moment?"

You mean they had one at some point? Ha, but I kid.

Seriously though, where is my copy of Debian Wheezy?

10
1
Bronze badge

If the government hates it

Then the people will love it.

I think most of the Chinese government's problem can be boiled down to "Microsoft can't spy on our people; that is *our* job!"

0
2
Gav

Re: If the government hates it

Which is very different from the US Government; "Microsoft *can* spy on our people, we've outsourced the job."

0
0
Bronze badge

Re: If the (British) government hates it (They give the job to the NSA)

Just downloaded the Greenwald stuff and page 100 and 102 are quite interesting, and it validates what I have been saying that whatever your government can't do to it's own people goes to the NSA and viceversa.

0
0
FAIL

Nice. The pot calling the kettle black.

3
3
Silver badge

"Microsoft would no longer open its Windows 8 source code to the Chinese government"

Chuckle. Neither would I.

3
5
Silver badge
Facepalm

Look at page 113 of the 'Greenwald' file

and you will understand the Chinese point of view.

Here is the document (pdf)

1
1

This post has been deleted by its author

Bronze badge

Re: Look at page 113 of the 'Greenwald' file

Can't help feeling if you aren't prepepared to identify "page 113" the content might be a little tough going.

It's one thing to assume in some cynical way a cloud service may have been compromised but it's another to see them talking up the benefits to their "Enterprise Customers".

0
0
Silver badge

Re: Look at page 113 of the 'Greenwald' file

I think you will find slide "Page 113" is on page 27 of the PDF.

1
0
Bronze badge

Re: Look at page 113 of the 'Greenwald' file

So putting all the various disclosures together: is the NSA actually hosting a mirror or shadow copy of Skydrive and hence effectively an active host for Microsoft Azure?

0
0

Is everyone forgetting

http://www.theregister.co.uk/2012/08/25/windows8_smartscreen_spying/

Wikipedia:

Windows 8 introduced SmartScreen filtering at the desktop level, performing reputation checks by default on any file or application downloaded from the Internet. Microsoft faced concerns surrounding the privacy, legality and effectiveness of the new system; suggesting that the automatic analysis of files (which involves sending a cryptographic hash of the file and the user's IP address to a server) could be used to build a database of users' downloads online, and that the use of the outdated SSL 2.0 protocol for communication could allow an attacker to eavesdrop on the data. In response, Microsoft later issued a statement noting that IP addresses were only being collected as part of the normal operation of the service and would be periodically deleted, that SmartScreen on Windows 8 would only use SSL 3.0 for security reasons, and that information gathered via SmartScreen would not be used for advertising purposes or sold to third parties

Nothing about not handing it freely over to the NSA, and that MS Office 2013 defaults to saving all your files onto its Amercan based (One Drive) cloud server unless you explicitly tell it not to and that Bing does just as much data harvesting as Google's search engine.

12
0
Silver badge

What's the point of having access to the Microsoft 'source code'?

I mean, in the context of security auditing etc.

It's still MS that releases the binary only distributions that get used - how can a company/government etc. know if they have a sanitised copy?

2
0
Silver badge

Re: What's the point of having access to the Microsoft 'source code'?

The test is that the provided code must compile and be binary identical to the publicly available deployed files. This gets messy with code signing involved.

4
0
Bronze badge

"This gets messy with code signing involved."

Not at all. The code signing section is just a piece of metadata stuck to the binary and can be stripped without difficulty. This was done to enable signed executables to be able to run on machines that don't understand code signing without needing to modify the file.

1
0
Silver badge

Re: "This gets messy with code signing involved."

Yes and no. Hence messy. For example, online file streams do not contain metadata.

All of the metadata (file streams) attached to an individual file would have to be verified to ensure consistent operation on the off chance that code within that module, or any other for that matter, checks the metadata and changes behaviour as a result.

0
0
Silver badge
Facepalm

Re: What's the point of having access to the Microsoft 'source code'?

" The test is that the provided code must compile and be binary identical to the publicly available deployed files."

Doh. I'd have realised that if I had a brain...

0
0
Bronze badge

China speaks..

..what we already knew. Microsoft are to security what chocolate is to fire guards

4
2

So Basically, the chinese government has been keeping an eye on the snowden leaks, matching it with their own data and been drawing inferences that mean they think that their data is insecure. What's the chances that it's down to not being able to block traffic to a microsoft server otherwise windows 8 stops working (or won't activate) and needing to block traffic to the same server to prevent data leaking.

2
1
Bronze badge

Only the garbage available.

It has always been 'garbage in garbage out' with Windows.

But, by hook or by crook, it was all we had.

Surely nothing has really changed with Windows.

2
4
Bronze badge

Access to MS source code?

Sounds like it would just make it easier for China to spy on US, as well as to pirate the OS. I wouldn't give it to them either.

But while I am grateful to MS for the fact that while Windows continues to exist, I will always have an IT job, when I am home it's a relief to use Linux.

3
1
Bronze badge

were Apple compliant then?

It makes you think.

0
0
Anonymous Coward

How many times...

... have we heard China say it is going to go desktop Linux. Just hurry up already and do it. Nothing ever seems to actually happen.

1
0
Bronze badge

Re: How many times...

Whatever happened to 'Red Flag Linux' anyway? Wasn't that also based on Ubuntu?

2
0
Anonymous Coward

"Your identity, account, contact book, phone numbers, all this data can be put together for big data analysis," explains another academic, Ni Guangnam."

Believe what you like, but you've got to admire Guangnam's style.

3
0
Anonymous Coward

Why such big nations as Japan, China and India can't develop their own OS and CPU families I don't know.

0
0
Silver badge

Because it's organizations that do that, not nations.

Otherwise you end up with Soviet Horror OS that helps nobody.

0
0

Page:

This topic is closed for new posts.