German Government Warns Windows 8 Is an Unacceptable Security Risk

An anonymous reader writes "Die Zeit has access to leaked documents from the German government warning that Windows 8 is an unacceptable security risk for sensitive workloads. The story is written in German here, but automatic translators (such as Google Translate) do a readable job. Particularly of concern is the inability to opt out of TPM 2.0 usage."

How is TPM a security risk?

[afidel]

TPM is nothing more than a hardware keystore, I'm not sure how they'd see it as a security risk unless they're worried that the NSA has the MS signing key's private key (probable) but even then it doesn't exactly give you worse security than other OS's without access to a hardware keystore.

Re:How is TPM a security risk?

TPM is nothing more than a hardware keystore, I'm not sure how they'd see it as a security risk unless they're worried that the NSA has the MS signing key's private key (probable) but even then it doesn't exactly give you worse security than other OS's without access to a hardware keystore.

I don't think the author of this article have any clue about what TPM is or how it works.

Re:How is TPM a security risk?

A hardware keystore you don't have the keys to.

Re:How is TPM a security risk?

http://en.wikipedia.org/wiki/Trusted_Platform_Module [Wiki]
See "Criticism" section:

"... The concerns include the abuse of remote validation of software (where the manufacturer — and not the user who owns the computer system — decides what software is allowed to run) and possible ways to follow actions taken by the user being recorded in a database, in a manner that is completely undetectable to the user.
In simple words, it removes user's ability to control the hardware he owns, reducing the device to hardware maker's stealthy agent.
It is "Trusted" to hardware manufacturer, but, the same makes it "uncontrollable" for the user - making the user dependent on trust to the manufacturer, or whatever government or authority there is at particular location."

Re:How is TPM a security risk?

[Jesus_666]

The concern is mainly that the system hinges on the TPM, which in version 2.0 of the standard is controlled by the OS and can't be deactivated. Either you unconditionally trust the operating system (and its vendor) or you can't trust the entire system. Plus, the NSA got to mess with the standard while at least the German BSI (who issued this warning) tried but didn't get anywhere (e.g. they failed to get an opt-out function added to the standard). Plus, all TCG members are American companies and several of them are known to have made deals with the NSA before (such as giving information about security flaws to them first).

In short: The BSI doesn't unconditionally trust Microsoft around sensitive documents and recommends that no TPM 2.0 compatible OS from Microsoft is used where those might show up because TPM 2.0 makes trust in the OS vendor mandatory. Win8/TPM2 is okay for home users who don't want to think about computer security but it has no business being around stuff that might cause harm if leaked to foreign intelligence agencies.

Re:How is TPM a security risk?

[Kjella]

The only thing holding back DRM being the primary beneficiary of TPM is the lack of adoption and the fact that TPM is entirely voluntary. If every computer had a TPM module regardless of the users preference you could be damn certain that many DRM schemes would be using this.

Microsoft has announced that from January 1, 2015 all computers will have to be equipped with a TPM 2.0 module in order to pass the Windows 8.1 hardware certification. And while not every computer will run Windows, I very much doubt you'll find a computer that can't run Windows so that's the end of TPM-less hardware. Of course Windows 8.1 will run on non-TPM hardware but I figure in a few years Windows 9 will refuse to run on anything but TPM-enabled hardware. That's the end of the PC as an open platform and you can already prepare for the funeral.

Re:How is TPM a security risk?

Note that TPM 2.0 is required by Windows 8.1, as shown by Microsoft's certification requirements. The BSI cautions against Windows 8 because apparently Win8 supports TPM 2.0 while Win7 doesn't.

Let's be a little more precise. TPM 2.0 is not required by windows 8.1. It will run just fine without and people are currently doing that with the leaked RTM builds.

In the document at your link Microsoft says that they will require that all new systems that OEMS wants to certify after January 1st 2015 must have TPM2.0 to pass certification and get the sticker. It is a marketing sticker requirement, not a Windows 8.1 system requirement.

Re:What?

It is insecure because you CAN'T use it for your purposes.

It is only there for MS and, by extension, the NSA.

You didn't think that secure boot crap was for YOUR benefit, did you?

Re:The next time you call FauxNews Sensationalisti

[Sique]

If you actually had read the article, you would have seen that this is especially mentioned. Maybe the article is a little more insightful and balanced as you can imagine?

And the follow-up article

[DingerX]

Where the BSI takes issue with their reporting.

Of course, with the extent now clear of the US government's use of US IT companies to maintain American political and economic advantages, if you were running a non-US-based company or a non-US-governmental organization, you'd want to do as much critical business with non-American hardware, software and services as possible.

Re:What?

[gstoddart]

This doesn't make any sense. It's insecure because you can't NOT use TPM?

If you don't trust the security of TPM, or that it doesn't have in-built stuff the NSA can use to spy on you ... then, yes, you have to consider it insecure.

It's a 'secure' system you don't control, which means if you need a secure environment, you need to trust a 3rd party.

If that 3rd party is Microsoft, who we know is beholden to the NSA -- then you betcherass it's considered insecure. Essentially, the German security people are saying "we don't trust Microsoft or the NSA/US government" -- therefore the entire platform is considered not secure.

One of the biggest complaints about TPM is that you have to explicitly trust whoever controls the keys and the like. And if you don't control it, and don't trust the 3rd party, the whole thing is garbage.

So, it makes perfect sense -- because TPM has never been about the users ability to define their own trust, it's about the manufacturer saying "you're going to have to trust us or not use our stuff". So, not using their stuff is the logical conclusion.

Re:Windows is an option today - not an requirement

The license of Unix we use costs about $20,000 for the number of users we have.

Not practical for most people. Thank the people who make it practical. It's you who is wrong, not him.

Re:Not just Win8

[h4rr4r]

Windows 8 runs on other platforms too. Go look at the linux tablet market share and compare that to windows 8 tablet share.

I have used linux for that long on the desktop. Works fine.

Marketing matters far more than you think. Bud is a very popular beer, and no one really thinks it is a good beer.

Re:This is known

When you're a government, there's a difference between a product whose bugs can be mitigated with sufficient money thrown at security vendors, and a product that by design keeps control in the hands of a company whose government has a known history of spying on you. The TPM in Windows 8 is the latter.

Privacy issues

[jones_supa]

I think the Microsoft Account and related stuff is also quite bad privacy and security risk. Apparently 8.1 will send your searches to Microsoft in a similar way to Unity's "Amazon shopping lens". When enabled, the IE SmartScreen filter will send your browser URLs to MS. All sorts of little things here and there -- "would you like to send information to company X to improve our services". I suppose you can get rid of most of it by carefully unticking each buried checkbox, but it's getting increasingly hard to opt out of this kind of junk. What if I just want to be alerted about Patch Tuesday updates?

Re:What?

[gstoddart]

Why is it that people on slashdot dont have a clue how technology works anymore?

Why is it that every smarmy little shit on Slashdot thinks everyone else is an idiot?

Don't want to run software that utilizes the TPM chip instead of some other certification method, then don't run that software.

Yes, exactly. But in this case "don't run that software" applies to Windows.

It's the OS which is utilizing the TPM, and therefore it's the OS you can't trust. What part of that are you not understanding?

This was the whole point of TFA -- since Windows 8 uses this TPM shit, and you can't turn that off, you inherently can't trust the OS. The software you stop using because you don't trust the TPM isn't your own software, it's the fucking OS.

Re:The next time you call FauxNews Sensationalisti

[devent]

As a German I get regularly headaches when I'm watching Fox News or similar "news". The American news are like game shows, flashing light, CGI effects, running texts everywhere, cut screens, cut clips. It's like news for babies, like the assumed average concentration span is only 5 seconds of the viewers.

Re:Windows is an option today - not an requirement

[Karzz1]

....was essentially given away to Universities for free.

Actually it was licensed with the source code to Universities. This was still a proprietary license and the Univerities could not re-distribute except under certain conditions. This licensing was what lead to the lawsuit between Unix System Laboratories (USL) and the Univerity of California, Berkeley when the USL attempted to claim all the changes that UCB made to the source belonged to USL. There was a settlement behind closed doors, however as part of the SCO lawsuits I believe the terms of this agreement were made public.

Interesting read on this here.

Re:Windows is an option today - not an requirement

[unixisc]

But would require CS majors to know how to work them, and was not available on normal PCs, which were too weak then to run Unix. So anyone who could afford PCs would then need DOS, and then on top of that, things like WordPerfect, Lotus or dBase. So it's indeed the explosion in the usage of Linux that's made this possible.

Linux has also lowered the usability bar. With Unix, one was stuck with Bourne Shell or C Shell, and could only enjoy GUIs like OpenLook or Motif if one was at a company or university that had installed workstations from Sun, DEC, SGI, et al. With Linux, GUIs like KDE had been the default from day 1, and now there's a bonanza of them - GNOME, LXDE/Razor-qt, XFCE, Unity, Cinnamon, et al.

Re:What?

[gstoddart]

My understanding was TPM became mandatory with Win 8, and in previous versions was optional.

It's the non-optional part that is the problem. Microsoft made it mandatory, and that changed quite a bit.

So, if you deem TPM isn't trustworthy, it makes Win 8 not trustworthy.