Slashdot Mirror

← Back to Stories (view on slashdot.org)

No Windows 8 Plot To Lock Out Linux

Posted by samzenpus on from the playing-nice dept.

First time accepted submitter Bucky24 writes "ZDNet's Ed Bott decided to contact major PC makers to find out the truth about Windows 8 SecureBoot. The responses are encouraging for those of us who run third party operating systems. Dell plans to have a BIOS switch to allow SecureBoot to be disabled, and HP assures us that they will allow consumers to make their own choice as to what operating system to run, though they have not given details as to how."

25 of 548 comments (clear)

  1. Ed Bott by bmo · · Score: 5, Informative

    Ed Bott is nothing more than a Microsoft mouthpiece. Not going to RTFA and almost didn't RTFS because of his name. His hobbies are trolling and shilling for Microsoft.

    The only difference between him and Robert Enderle is that Robert is a more honest whore.

    --
    BMO

    1. Re:Ed Bott by hedwards · · Score: 4, Insightful

      He's probably technically correct that it isn't a plot to lock out Linux. In practice though, I'd be surprised if it didn't end up like ACPI early on, where MS' implementation was the only one that many vendors bothered with, opting not to fix bugs that MS had a workaround for.

    2. Re:Ed Bott by izomiac · · Score: 5, Informative

      I read the article and regret it. The author called Dell and HP "spokespersons" and asked about their company's plans. One non-decision-making employee says Dell is currently planning to provide an option, and a similar HP employee has no idea what SecureBoot is, but can confirm that HP is not participating in a conspiracy (the stated question apparently).

      So, after two phone calls and an e-mail, the author's fact-checking work is done, so the article moves on to mocking selected quotes by open source advocates. I'll try to remember Ed Bott's name, as he obviously has such high journalistic standards.

    3. Re:Ed Bott by hedwards · · Score: 4, Interesting

      When they do it by including undocumented workarounds for a known standard, yes it certainly is evil. And in the case of ACPI, it didn't just affect people that wanted to have pure code, it also affected all the other projects that depended upon the code being implemented to standards. It took years to sort that out and ultimately, just served to benefit MS.

      Had MS actually implemented the standard that everybody else was using, the one that Intel provided a validator for, it wouldn't have been an issue.

    4. Re:Ed Bott by sortius_nod · · Score: 3, Informative

      anything on ZDNet is going to be a Microsoft shill piece.

    5. Re:Ed Bott by The+Askylist · · Score: 3, Funny
      My only question is - how can booting into Windows version anything be called "secure boot"?

      Surely the term "locked-in boot" is more accurate?

    6. Re:Ed Bott by Zancarius · · Score: 5, Informative

      Okay, I'll bite. Let's take this article as a fine example of his work:

      Allow me to illustrate by turning the argument around in an equally cynical way, with an equally inflammatory rhetorical flourish:

      People who make their living in the Linux ecosystem are demanding that Microsoft disable a key security feature planned for Windows 8 so that malware authors can continue to infect those PCs and drive their owners to alternate operating systems.

      Oh, wait. Now that I think about it, thatâ(TM)s actually pretty close to the truth.

      Bott takes a provocative approach by claiming to "turn the argument around" using "equally inflammatory rhetorical flourish"--then implicitly claims it's "close to the truth." In other words, he's essentially linking malware authors with people who are attempting to drive users toward alternative OSes like Linux. Is it a joke? Maybe, but his last statement leaves one wondering if he really does believe it.

      He claims that UEFI will magically prevent rootkits from working simply because the BIOS will then be able to detect mangled files. I'm not sure Bott fully understands the purpose of a rootkit, but if one were well designed, UEFI will achieve nothing toward this goal. Indeed, unless UEFI contained signatures for all Windows system files, I'm quite certain that it would be fairly easy for an interested party to circumvent. After all, the objective of a rootkit is to hide the rootkit from examination, and running one under UEFI would simply require hooking into the OS at points that the UEFI does not check. But no, Bott seems to espouse this technology as magical!

      Let's not stop there.

      In this article, Bott's original post immediately presumes that the reports of MSE incorrectly flagging Chrome as malware were the fault of the users downloading compromised versions or installing on a compromised Windows install. It seems that it never occurred to him that it could have been a false positive in MSE until after it was confirmed with MS.

      Now, before you tell me that I'm nitpicking, consider this: False positives are not at all unheard of with antivirus software. Avira, Avast, AVG, et al, have been known to flag valid, clean software as potentially dangerous, and most sensible people installing something from a known-good source that claims the source file is not compromised will immediately assume it's a false positive and submit it to the AV company. While Bott did the correct thing in submitting it, he dismissed it as the fault of users simply because he couldn't recreate the problem. Ah yes, not a chance that MS could do anything wrong...

      Oh, and then there's this wonderful masterpiece in which Bott proudly declares Microsoft's victory. While this may be true--Linux on the desktop is unlikely to become a reality--you have to dig a bit to find that he concedes, quote, "On the server side, of course, Microsoft continues to acknowledge that Unix and Linux are strong competitors." You can tell he was salivating over the prospect, though, never mind that Android is, essentially, Linux under the hood.

      And what about his article The Hidden Costs of Running Windows on a Mac? Not only does he go out of his way to point out that you have to buy licenses (hint to you, Mr Bott: you're still buying OEM Windows licenses when you buy a Dell), but he points out possible performance issues and the likes. Honestly, I think this is a true shill piece; if someone has decided that they want to run Windows on their

      --
      He who has no .plan has small finger. ~ Confucius on UNIX
    7. Re:Ed Bott by bmo · · Score: 4, Informative

      For many years, Ed was on the side of SCO. His typical characterizing the FOSS crowd as dirty unkempt, unwashed hippies over the same years, and his continual use of the word "freetard" was, and is, reprehensible. And yes, there is a lot of it, which is why I don't want to go diving in the filth.

      Not reasonable in the least.

      If you read the post I put up here that had the quote from Florian, Florian lists almost all the "paided" shills for Microsoft and calls them "smart" thus aligning himself against FOSS and with Microsoft. Ed Bott is one of them. He left out Paul Murphy, AKA Rudy de Haas.

      And that's not ad-hominem.

      There is a lot of animosity from people like me that people like them earned.

      --
      BMO

  2. Wow, quite the article... by fuzzyfuzzyfungus · · Score: 4, Insightful

    While nice, if true, to hear that OEMs will be doing (part of) what people would like to see(specifically, having an option to disable 'secure boot' is better than nothing; but what you really want is the option to do a keyfill with trusted keys of your choice: signed boot components make good sense, it's just not being able to choose who is trusted to sign them that is an issue); this article could hardly be any smarmier or less informative.

    "In response to the FUD campaign of the freetards, I asked some PR people. Dell said 'yes', HP emitted word salad, AMI said that they would do whatever their customers felt like. Case Solved!" If it weren't for the smirking invective, the whole thing could have been boiled down to a single paragraph(or, heaven forfend, bulked out with technical information...)

    1. Re:Wow, quite the article... by hedwards · · Score: 4, Insightful

      At that point, you might as well ditch it completely and just have a special boot chip that can be made writable via jumper and most of the time set to read only.
      It would solve the problem without the need for such a scary possibility as the vendor being able to lock you out of your OS of choice.

    2. Re:Wow, quite the article... by fuzzyfuzzyfungus · · Score: 5, Insightful

      As best I can tell, EFI was what happened when somebody looked upon the BIOS, saw that it sucked compared to the OS, and decided that(rather than building a new firmware aimed at getting into the OS as simply and quickly as possible) they would build a BIOS large enough to possess every vice of an operating system and leave implementation to the capable hands of the PC OEMs, whose dedication to software quality is legendar...

    3. Re:Wow, quite the article... by wzinc · · Score: 3, Interesting

      I think the issue is n00bs will try Linux for the first time, fail, and think it's no good. Ubuntu, etc will have to plaster "turn-off SecureBoot" all over their site. Of course, like most BIOSes, it will be poorly translated, and you'll have to hunt all over for the right setting. People are always saying how closed Apple is on this site, but they specifically wrote a BIOS emulator so you could run Win/Linux on a Mac. Apple will be the most open hardware maker after this!

  3. Load your own keys? by tchuladdiass · · Score: 4, Insightful

    I want to leave secure boot enabled, but put me in charge of the keys. That is, I want to load my own public keys into the system (through a secure channel, such as a bios screen or flipping a physical switch, for example).

  4. I doubt that Microsoft would try this by MrKevvy · · Score: 4, Insightful

    They were successfully sued (albeit more of a slap on the wrist) for antitrust violations simply for bundling a browser with an operating system.

    Colluding with hardware manufacturers to actually lock out rival operating systems making them an enforced monopoly is several orders of magnitude more severe. Why would they risk that when other operating systems have such a tiny market share anyways? The possible penalties are not worth it for a small increase.

    --
    -- Insert witty one-liner here. --
    1. Re:I doubt that Microsoft would try this by walterbyrd · · Score: 4, Insightful

      MS would just say that the hw makers decided to do it. Besides, MS never gets more than a slap on the wrist.

      Why would MS do this? The same reasons that MS funded the scox-scam, and bribed officials in the OOXML scam.

    2. Re:I doubt that Microsoft would try this by Lando · · Score: 3, Informative

      I may be way off base here, but though Microsoft was declared to be an illegal monopoly, wasn't their punishment settlement basically an agreement that gave them more control and profit than they had before? I'd have to go back and read through the documentation. That being the case, wouldn't it be in Microsoft's best interest to get in trouble again. Either way, it would be 10+ years before the case went to trial and by that time it would be the defacto standard .

      --
      /* TODO: Spawn child process, interest child in technology, have child write a new sig */
  5. Disabling secureboot implys a Non-Win OS is risky by Anonymous Coward · · Score: 3, Interesting

    The requirement to disable Secureboot in order to run a non-Windows OS will imply that the other OS is less secure. Just another way for M$ to try and make the hardware pseudo-proprietary. This is not much different than the 'Windows Key'. Ask yourself, Is this an attempt to incorrectly solve a problem that doesn't exist or just another FUD tactic from a behemoth corporation?

  6. No, that's not a solution by liquidweaver · · Score: 3, Insightful

    Disabling secure boot is not a solution - it's crippling the security, needlessly. I'd love to hear my Dell rep explain to me on my next round of server purchases that I cannot use a fantastic feature to protect the security of my linux servers because they were too lazy/corrupt to enable me to use my own platform key. I will buy from the vendor who allows my to set the PK, and will not from those who refuse. Period.

    --
    mov ah, 4ch
    int 21h
  7. Re:Duh by Sasayaki · · Score: 5, Insightful

    For now.

    Features like this tend to creep their way in slowly.

    - It's something you can turn on.
    - It's on by default, but you can turn it off easily.
    - It's on by default and you need a CS degree to turn it off.
    - It can only be turned off by hacking your system.
    - It can only be turned off by hacking your system, and this is illegal to do.

    --
    Check out my sci-fi book "Lacuna" at http://goo.gl/MVxX8
  8. Re:Not really that surprising by betterunixthanunix · · Score: 5, Insightful

    even normal people will look for "just in case" they want to try out this Linux thing or whatever

    The last time I dealt with a "normal person" buying a computer, the conversation went like this:

    Me: "...this has 2 gigabytes of ram, which should last you a few years."
    Her: "It's so ugly! What about that one, that one looks prettier!"
    Me: "That one has a lower end processor and less memory. Are you sure you want something that is less capable?"
    Her: "Look they are letting me pick the color!"

    Non-technical people are just that: non-technical. Computer makers and especially Apple know exactly how to take advantage of such people, which is what "secure boot" is all about. This is about ensuring that customers can be locked into DRM-laden platforms, plain and simple. Dell will probably have the option described in TFA...in their high end workstations, that are prohibitively priced, with the option disabled for "consumer" systems. My guess is that this will not happen in the first generation of systems with "secure boot," but more likely in the second or third generation, when more "strategic" platforms are deployed out of the box for which DRM is a key part of the control.

    --
    Palm trees and 8
  9. self-described by PopeRatzo · · Score: 3, Insightful

    From the comments at the ZD story:

    Protecting 99% of users is more important than catering to the whims of a whiny 1%.

    Where have we heard that before?

    Can you believe Microsoft is using the language of Occupy Wall Street to try to position itself as the "masses" fighting the "whiny 1%" of people who prefer OSS?

    ZDNet, Ed Bott, and some Microsoft executives all need to burn in hell.

    --
    You are welcome on my lawn.
  10. Re:Not really that surprising by Gerald · · Score: 3

    I'm confused. Are we supposed to go "tsk tsk" and be dismissive or be impressed that she had clear and concise specs which the vendor was able to meet?

  11. Not everyone needs higher end hardware by perpenso · · Score: 3

    I have personally seen a gril going and asking the salesman : which of these laptops are available in pink After that she bought the one with the least weight among the pink ones She did not check the config even once

    And if she is just going to browse the web, maybe use an email client (more likely web based email) and maybe run the bundled word processor what is the problem? I think we are long past the point where even the most modest computer at the local retailer has performance far beyond the needs of casual users. Hell, a tablet plus a bluetooth keyboard is probably an option for many such users.

  12. Re:Careful there... by Rogerborg · · Score: 4, Insightful

    Uh... it's not ad hominem to point out that the listed "experts" have a track record of being wrong, wrong and wrong again, and have been repeatedly caught with their hands in Microsoft's pockets.

    Groklaw (under Pamela Jones) has called things correctly far more often than not.

    Full Disclosure: On a personal note, I detest that whiny martyr PJ and her horde of White Knight sycophants, but I do have admit that it's hard to find examples of her getting things wrong.

    --
    If you were blocking sigs, you wouldn't have to read this.
  13. Re:At first at least. by dingfelder · · Score: 3, Insightful

    until they patch it