Windows RT Jailbroken To Run Third-Party Desktop Apps

An anonymous reader writes "We all knew it was just a matter of time, now it looks like Windows RT has been Jailbroken. From the article: 'The hack, performed by Clokr, exploits a vulnerability in the Windows kernel that has existed for a long time — since before Microsoft ported Windows from x86 to ARM, in fact. Basically, the Windows kernel on your computer is configured to only execute files that meet a certain level of authentication. There are four levels: Unsigned (0), Authenticode (4), Microsoft (8), and Windows (12). On your x86 Windows system, the default setting is Unsigned — you can run anything you like. With Windows RT, the default, hard-coded setting is Microsoft (8); i.e. only apps signed by Microsoft, or parts of Windows itself, can be executed.'"

Non Sequitir

[recoiledsnake]

Microsoft locked Windows RT down because it wanted to slowly get rid of the Win32 cruft dating back to the 80s and 90s. That cruft does exist now and is used to run things like Office and Notepad etc. but Microsoft can easily rewrite them in the future. What will happen to Putty, VNC and the like then? They will break,and then again we will blame Microsoft for it. That's the reason to lock it down.

Re:Non Sequitir

[JDG1980]

Microsoft locked Windows RT down because it wanted to slowly get rid of the Win32 cruft dating back to the 80s and 90s.

If Microsoft gets rid of the "Win32 cruft dating back to the 80s and 90s", then there will be no reason for anyone to choose Windows over any other operating system. Legacy compatibility and a huge installed base of applications are Microsoft's primary competitive edge, but Ballmer seems to have forgotten this in his Ahab-like quest to chase down Apple.

That cruft does exist now and is used to run things like Office and Notepad etc. but Microsoft can easily rewrite them in the future.

If Microsoft could have ditched legacy API usage for Office that easily, I think they would have done so already in the first release of Surface. At this point, the Office codebase is probably so FUBARed with 20+ years of spaghetti code and the need for backwards compatibility with 500 different document types that I doubt they could rewrite it completely even if they wanted to. Office for MacOS is almost a completely different product, done by a separate business unit. And if Microsoft ever releases a slimmed-down "Office" for iOS and/or Android, then those products will probably be written from scratch, and will not be 100% backwards compatible with anything other than OOXML.

(Of course, any competent programmer could write a better version of Notepad in a month, so that's really not a factor.)

Re:Despicable

[Patch86]

Linux isn't going anywhere, and there are plenty of niche manufacturers out there producing purpose-built Linux laptops and desktops (well I say plenty...you know, relatively speaking). Presumably they'd see a fair surge of business if they became the only way to run Linux (rather than the hitherto standard method of buying anything you like from Dell/HP/whoever and just wiping the hard drive).

Re:Whitelisting of a sort (& the future of sec

[iamgnat]

Except the problem with your whole premise is that you forget the user.

Basically Apple "whitelists" what Apps can run under iOS (and are clearly moving that way for OSX too), yet people rail against it and even go so far as to remove the "whitelist" (e.g. jailbreak).

The problem comes down to who does the vetting and testing of an application to add it to a whitelist? If it is the user, they've proven they can't be trusted because they'll "vet" any new screensaver/antivirus/cursor application that comes along. If it is a central organization (Microsoft/Apple/Google/etc..) you then run into conflicts of interest in what they think you should do with the platform and what you actually need/want to do (e.g. what happens when you have a problem that can't be solved by any existing approved application?).

There is no simple single solution to the problem of security. A real solution by nature needs to be multilayered which means there is some complexity and ultimately users have to take responsibility for their actions. The idea that a single company/program can keep you safe just keeps perpetuating this idea that you don't have to pay attention to what your are downloading/executing and it's that mentality that allows malware to continue to be so successful.

Re:well then the appstore will NEED NO censorship

[hairyfeet]

I think this article linked through TFA reviewing the WOA appstore sums it up nicely "But for now, x86 compatibility isn't just a check box: It's a doorway back to a land of sanity.". Kinda sad they are actually charging more than iPad for Surface when its quite obvious just from reading the reviews their appstore is completely broken and worthless.

BTW it may be a little petty of me, but since i called it months ago that the WOA and Win 8 appstore would be a trainwreck, since they couldn't make GFWL functional after years and a competitor that would be easy enough to copy they sure as hell wouldn't be able to pull off an appstore for a different arch so I'd like to say "I told you so" to those that doubted me and do the dance of smug superiority.