German Government Warns Windows 8 Is an Unacceptable Security Risk 373
An anonymous reader writes "Die Zeit has access to leaked documents from the German government warning that Windows 8 is an unacceptable security risk for sensitive workloads. The story is written in German here, but automatic translators (such as Google Translate) do a readable job. Particularly of concern is the inability to opt out of TPM 2.0 usage."
Not just Win8 (Score:3, Interesting)
Everything Microsoft produces. I have the misfortune of working with the MS developers on a regular basis and if I had a nickle for every time they told me they didnt know how their own software works I'd be richer than Bill Gates.
Nevermind the inherent security flaws in their crap OS, my concern, and the concern from every foreign country should be MS's willingness to work with the NSA. If ever there was a time to ditch Microsoft and go Open Source it is now.
NSA VPN searches on XKeyScore (Score:4, Interesting)
One of the example searches about XKeyscore, (the NSA software that lets them do ad-hoc searches on everyone's private comms) was
"show me all new VPN connections in country X"
How does it get the VPN connection data? When I investigated Windows *7*, I notice that when a VPN connection is made by the OS, the software makes two connections, one directly to a Microsoft server bypassing the VPN and one through the VPN. Both share session ids. It seems to flag to Microsoft (and NSA) the two IP addresses (via the VPN / original un-routed VPN address).
So they're focussing on Windows 8, but Windows 7 has its share of nightmares.
Then has anyone looked at Symantec / Norton 360 etc.? With all it's "password vault" features and online URL checks. It could be the NSA has served these companies with secret warrants. So we may not be able to trust that it will flag NSA spyware, or that passwords are not making their way into the Utah Stasibase.
Re:How is TPM a security risk? (Score:5, Interesting)
Re:What? (Score:5, Interesting)
Re:Windows is an option today - not an requirement (Score:2, Interesting)
It's be like me thanking the Lougheads and forgetting Ader, Whitehead and the Wrights.
Typical misleading Slashdorks.
BSI published a clarification (Score:5, Interesting)
The BSI (Bundesamt für Sicherheit in der Informationstechnik) published a clarification after websites reported about that Windows 8 warning: https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2013/Windows_TPM_Pl_21082013.html [bsi.bund.de]
Basically, they pedalled back a bit. They now claim they never warned about Windows 8 itself, but about possible risks when combining Windows 8 with TPM 2.0, because the user no longer has complete control over his system and that because of that, the user could end up in a situation where the system is permanently unusable. They no longer mention the US / the NSA and the possibility for backdoors, instead they now just mention the possibility of "sabotage", and the need for an opt-in AND opt-out for things like TPM 2.0.
Re:How is TPM a security risk? (Score:5, Interesting)
So we have a case of sour grapes, then? Unless one of the NSA requests was "we want a backdoor" then this by itself doesn't mean much because the NSA is a weird creation that not only spies on everyone, but has an "information assurance" department that tries to design secure systems for US usage. They're behind the creation of SELinux which is both highly sophisticated and well reviewed by independent third parties. It does not have back doors. Also, many important constructions in cryptography were designed by the NSA. For example SHA2 was designed by the NSA and it is extensively studied. It has never been found to contain even a hint of a back door.
This crap about how the TPM allows Microsoft to remotely control computers for DRM purposes came up over a decade ago when trusted computing extensions were first designed. It was FUD back then with no connection to reality, and it's certainly FUD today too. If you want to learn about the actual next-gen TC technologies, go and read up on Intel SGX. Then go and read this post on bcflick [bitcointalk.org], a use of the TPM and trusted computing designed to make Bitcoin wallets more secure. That's the kind of thing the tech is designed for. The TPM isn't even electrically capable of controlling the CPU.
Re:Windows is an option today - not an requirement (Score:4, Interesting)
Re:How is TPM a security risk? (Score:5, Interesting)
But since nobody actually knows, and because if the NSA informed Microsoft to hand over the keys they'd be legally required to, and because while they help design 'secure systems for US usage' nobody trust them for anything that isn't the US.
So, it's OK if you want to trust TPM, Microsoft, and the NSA. But that doesn't mean that the rest of the world has any reason to do so.
I think you are increasingly going to see governments around the world look at Microsoft and say "do we want to put all of our infrastructure in the hands of someone who has to take orders from a US spy agency?" And I think the only logical conclusion is going to increasingly be "no, not really".
Re:Windows is an option today - not an requirement (Score:4, Interesting)
I'm not so sure if running Linux would be any safer with a machine that has the trusted computer module built in. Does it even need to be a separate piece of silicon or could it be built into the cpu?
Maybe intel inside, might at some point change meaning and at what point does this occur ten years time, now or already?
Maybe Germany might create a demand for non trusted computers but would they keep them clean or just put in their own backdoors?
Ok we know that the USA spies on everyone even their own, but lets not pretend it isn't happening all over the world. Name a trustworthy Government any where.
Re:Windows is an option today - not an requirement (Score:3, Interesting)
Yeah, because BSD worked out so nicely for FreeBSD and others in the family. And BSD community is now thriving, thanks to all the commits and return of code from the most open OS - iOS and OS X. Oh, wait, they don't? Ah, who cares about facts, when I can throw dirt at GPL, because those dirty programmers won't let me take the source add some stuff for incompatibility and then sell it off as my own, without sharing source code with the users, they 're clearly infringing on my entitlement to their work.
Re:NSA VPN searches on XKeyScore (Score:2, Interesting)
Bullshit and FUD. If this were the case the web would be lit with packet dumps from people demanding an explanation. Pics or it didn't happen.
Have you looked closely at ANY "cloud based" AV lately? They all communicate with the mothership if you don't wrap the ethernet in tinfoil! *snort* Surely we need to move to Russian or Chinese sourced AV for complete security right?
Re:Windows is an option today - not an requirement (Score:5, Interesting)
The concept behind TPM could work really well, if every user compiled their own operating system, and set up the unique keys such that only their code was trusted. Thus, every user would have complete control over all the source and binary software on the system. Even in a business environment, if at least the business was in complete control of all of the source and binary software, then TPM would be of some use.
The problem is that Microsoft wants to use TPM to play a bunch of DRM movies. The DRM schemes are inherently insecure, so Microsoft opens its security window accordingly. The result is that Microsoft's security model becomes "trust Microsoft, the NSA, movie companies. music companies, game companies, and etc", with no one knowing who the "etc" is. As such, from a secure systems perspective, the resulting DRM operating system has no obvious chain of accountability. Worse, any lesson in security starts with "never trust the vendors default installation." DRM assumes "never trust the customer." With the end result being that no one trusts anyone and TPM can never be secure (with commercial closed-box software.)
For TPM to truly deliver on its security promises, everyone needs to switch to open source software where everyone compiles unique binaries with custom keys. Microsoft will never do this.
Re:This is known (Score:4, Interesting)
Re:Windows is an option today - not an requirement (Score:3, Interesting)
Linux has also lowered the usability bar. With Unix, one was stuck with Bourne Shell or C Shell, and could only enjoy GUIs like OpenLook or Motif if one was at a company or university that had installed workstations from Sun, DEC, SGI, et al. With Linux, GUIs like KDE had been the default from day 1, and now there's a bonanza of them - GNOME, LXDE/Razor-qt, XFCE, Unity, Cinnamon, et al.
Your slip is showing. The Linux fans, apparently, don't even realize that OS X is the most popular Unix (a certified one, at that). That segue from "Sun, DEC, SGI" straight to Linux was a sight to behold. That you had to list 6 GUIs for Linux tells us that none of them are very good (despite the thickly caked-on makeup), and the Linux fans who normally promote and critique them scarcely know what they even are.
Think that's a bizarre thing to say? Here's why it isn't: You all deprecate the meaning of the "Interface" part of "GUI" such that it no longer conforms to the usual standards of computer engineering. Every computer expert wants good interfaces--whether they be in software or hardware--and its a constant concern for us. But by definition, a computer interface (in an API, machined metal, etc.) must remain consistent... the definition of an interface is that of a "contract"----- a PROMISE to maintain a certain form!
Linux fans insist on good contract-like interfaces for the technically adept, even though this is the demographic that can most comfortably deal with system changes. But when it comes to user interfaces, all bets are off. Then the fans change their tune, berating users for not embracing "freedom" when they question the lack of consistency in and among so-called "Desktop Linux" distros.
Furthermore, who can say if there is any Desktop Linux that rates as a real OS? I am sometimes reminded by the fans that the textbook description of an operating system doesn't even include a user interface. That's fine. However, the defacto definition of a desktop OS was laid down by Apple and Microsoft and I don't think any FOSS project has managed to honor that. If such a definition were expressed in English, one aspect of it should be that programs are neatly divided between OS components and applications (apps). Another should be that if a novice user decides to try programming lots of high-level features using tools that came with the OS, they should be able to create a single executable file or appfolder that can be easily run without gotchas... ie a predictable runtime environment.
What are the chances of this happening successfully?
Isn't that why other OSes have so few grey areas between OS and apps... to create a predictable runtime environment?
Now, tell me why people aren't lining up to write great apps for "Desktop Linux". Tell me why we (former advocate here) can't even give this sh#t away.
As for having "lowered" the usability bar... *chuckle* One raises the bar when something is made better. You confused the metaphor with a similar-sounding one, lowering the bar to entry. It almost sounds like lowering ones' standards. We all know what you meant but the choice in phrasing is, I think, indicative of a certain attitude that looks at GUIs as peripheral and something to be tacked-on noncommittally later.