* Posts by goretsky

14 posts • joined 5 Nov 2012

This isn't Boeing to end well: Plane maker to scrap some physical cert tests, use computer simulations instead

goretsky

Not the devs, but the execs...

Hello,

Will Boeing's executives (and its board of directors) be required to fly on all flights where a plane has only gone through digital simulation certification? Their company AD&D (accidental death and dismemberment) insurance should also be waived so that neither the company nor their family members can receive any compensation from that in case a life changing (or ending, as it may be) event occurs whilst on said plane.

Regards,

Aryeh Goretsky

Vlad the blockader: Russia's anti-VPN law comes into effect

goretsky

Hello,

One candidate reason for enacting this law, along with other requirements from Roskomnadzor, such as the Yarovaya law package (Russian federal bills 374-FZ and 375-FZ) requiring the capture of calls and their metadata, registration of blogs with more than 3,000 readers, requirement that social media services store data from Russian accounts in Russia, and the perennial proposals of requirements for Internet users to register, etc., is in large part due to concerns over their citizens being influenced from foreign meddling.

As to why Russia is concerned about these services being used by hostile nation state actors engaging in such meddling, the simplest answer is that they use these techniques themselves with a high level of efficacy Having seen their success, they have s strong desire to prevent the same techniques from being used against them.

Regards,

Aryeh Goretsky

You know who else hates Windows 8? Hackers

goretsky

Re: Skeptical...

Hello Anonymous Coward,

It's quite possible I'm prone logical fallacies. I have, however, dealt with a few RFCs, specifications and the like from the IEEE, IETF, various trade associations and other organizations over the years so I'm used to seeing sections labeled MANDATORY, OPTIONAL, REQUIRED and so forth.

If a widget (software, hardware, etc.) does not implement all of the functionality that's required as part of a specification, it typically does not get to claim that functionality, use the appropriate logo(s) on its packaging and so forth.

I was aware of the UEFI requirements on ARM-based Windows RT devices while writing my white paper, however, because I did not have one to test with, nor, for that matter, were there any Windows-on-ARM tablets available that I'm aware of (aside from very old and underpowered Windows CE-based PDAs, which I do not think are modern enough to even be worth mentioning). The tablet space is very different from the PC space in that vendor lock-in is the norm rather than the exception, at least from looking at the dominant players like Apple and Android. Admittedly, a number of Android tablets can be rooted, but all the ones I have seen or used come with an operating system and software loaded, including some kind of appstore.

In the case of UEFI firmware and Secure Boot on ARM, I did not feel it was worth discussing since the experience there is largely one of a closed ecosystem already.

Regards,

Aryeh Goretsky

goretsky

Re: Skeptical...

Hello Anonymous Coward,

I was just replying to various comments on John Leyden's article. Since it was based (in part) on my white paper, I felt that was the chivalrous thing to do. I work at ESET, which competes with Microsoft in the anti-malware software field. That said, we, like other anti-malware developers, also cooperate with Microsoft.

I am neither a Microsoft employer nor am I a web-based PR guy. I have received awards from Microsoft in the past, though, but not for my security work. My title at ESET is Distinguished Researcher, which basically means that "I'm old, crotchety and failed to duck when they handed out titles." I have a longer bio on ESET's blog (where I should be writing more blog posts) as well as a few other white papers up on ESET's website.

Regards,

(Mr.) Aryeh Goretsky

goretsky

Re: Secure Boot

Hello,

Secure Boot helps protect the computer against bootkits and rootkits before the operating system and anti-malware software has fully initialized and had a chance to set up security. This is covered in detail in the white paper. :)

Regards,

Aryeh Goretsky

goretsky

Re: Two things:

Hello Robinson,

If you have not read the white paper, here is what I actually wrote in it:

<i>"Windows Defender as included with Windows 8 is a good product and does, in fact, provide a decent level of protection, especially when compared against other free anti-malware programs. However, Windows Defender does not contain many of the advanced features and functions of paid-for solutions, such as a high level of granularity for threat detection, task scheduling, centralized management and reporting and so forth. As with other free anti-malware programs, support options for Windows Defender are limited."</i>

It is <b>not</b> an issue with detection, but rather lack of functionality. Now, admittedly, most home users do <b>not</b> have a need for centralized management or support, but such features are pretty much requirements in the business world.

I hope that explains things for you.

Regards,

Aryeh Goretsky

goretsky

Re: UEFI bootloader

Hello Anonymous Coward,

As Dogged noted, the requirement for UEFI to be enabled on Windows 8 is only for new installations of the 64-bit version, and not upgrades. Additionally, many computer manufacturers have shipped existing systems where UEFI support is somewhat... problematic, shall we say, and they have been suggesting that customers leave their firmware in BIOS mode when upgrading to Windows 8.

Regards,

Aryeh Goretsky

goretsky

Re: That's not why hackers dislike Windows 8

Hello,

PowerShell is a really interesting technology and one I wish I had time to go over in the white paper, along with IE10 and AppLocker. Unfortunately, the white paper was getting a bit long and I ran out of time on my self-imposed deadline of getting it done before Windows 8 was released to the public, so I had to skip a few things.

One of the most interesting uses that I saw of PowerShell was the ability to provision a DirectAccess (an IPsec-like VPN connection) in one line. My previous job was at Linux-based embedded hardware systems manufacturer, and setting up IPsec connections was always difficult.

Some of the most fascinating things that I saw with Windows 8 during my research were not security technologies but networking ones. Unfortunately, networking is not always a very user-facing technology and it is hard to get most consumers interested in things which happen below the GUI.

Regards,

Aryeh Goretsky

goretsky

Re: Anti-virus

Hello Koolholio,

Microsoft obtains licenses of anti-malware software from most companies. This is simply to scan their own files for false-positive alarms before release (and periodically afterwards, I suppose) so that their mutual customers do not have to deal with the problems that come from having core business software mistakenly identified as a threat.

As far as I know, the expertise behind Microsoft Security Essentials/Forefront/Windows Defender were developed through acquisitions of GIANT Company Software and GeCAD Software as well as through hiring a lot of very skilled people from the anti-malware community. No one from ESET has been hired by Microsoft that I'm aware of, though. A few have gone the other way, though. :)

Regards,

Aryeh Goretsky

goretsky

Re: Windows Defender

Hello Annihilator,

Yes. In Microsoft Windows 8, Windows Defender has the equivalent functionality that Microsoft Security Essentials did under Windows 7 and other prior versions of Windows that it supported.

Regards,

Aryeh Goretsky

goretsky

Re: AGAIN:

Hello James,

At the time I wrote the white paper, I only had a limited number of systems that had UEFI firmware to test with, but all of them supported toggling between BIOS and UEFI firmware functionality. Given that hardware changes tend to occur slowly over time (I just bought a motherboard with a PS/2 port earlier this year!) and the need for compatibility with legacy hardware and software for years or even decades after it has been released I do not expect this to change.

Regards,

Aryeh Goretsky

goretsky

Re: Skeptical...

Hello Eadon,

From what I recall, Microsoft's keys are actually issued by Symantec's VeriSign division. If they become too expensive for other operating system developers to purchase, I suspect other CA's will step up to take advantage of that particular situation.

Regards,

Aryeh Goretsky

goretsky

Re: Skeptical...

Hello Anonymous Coward,

I do not have a copy in front of me, but I believe that the ability to toggle Secure Boot has been a part of Section 27.1 or 27.2 of the UEFI specification for quite some time.

Regards,

Aryeh Goretsky

goretsky

Re: Skeptical...

Hello Anonymous Coward,

I do not really see the move towards Secure Boot as reducing consumer choice. After all, there is nothing which prevents other companies from setting up their own signing authorities, and, of course, other operating system vendors can certainly approach BIOS/UEFI firmware developers and motherboard manufacturers about including their keys. As a matter of fact, it is kind of disappointing that other operating system vendors have not stepped forward to do so.

If you are actually interested in increasing the range of supported operating systems, I would strongly suggest contacting the developer(s) of your favorite distribution(s) and asking them to add support for Secure Boot functionality.

Regards,

Aryeh Goretsky

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020