German Government Warns Windows 8 Is an Unacceptable Security Risk

An anonymous reader writes "Die Zeit has access to leaked documents from the German government warning that Windows 8 is an unacceptable security risk for sensitive workloads. The story is written in German here, but automatic translators (such as Google Translate) do a readable job. Particularly of concern is the inability to opt out of TPM 2.0 usage."

Re:What?

It is insecure because you CAN'T use it for your purposes.

It is only there for MS and, by extension, the NSA.

You didn't think that secure boot crap was for YOUR benefit, did you?

Re:The next time you call FauxNews Sensationalisti

[Sique]

If you actually had read the article, you would have seen that this is especially mentioned. Maybe the article is a little more insightful and balanced as you can imagine?

And the follow-up article

[DingerX]

Where the BSI takes issue with their reporting.

Of course, with the extent now clear of the US government's use of US IT companies to maintain American political and economic advantages, if you were running a non-US-based company or a non-US-governmental organization, you'd want to do as much critical business with non-American hardware, software and services as possible.

Re:How is TPM a security risk?

A hardware keystore you don't have the keys to.

Re:How is TPM a security risk?

http://en.wikipedia.org/wiki/Trusted_Platform_Module [Wiki]
See "Criticism" section:

"... The concerns include the abuse of remote validation of software (where the manufacturer — and not the user who owns the computer system — decides what software is allowed to run) and possible ways to follow actions taken by the user being recorded in a database, in a manner that is completely undetectable to the user.
In simple words, it removes user's ability to control the hardware he owns, reducing the device to hardware maker's stealthy agent.
It is "Trusted" to hardware manufacturer, but, the same makes it "uncontrollable" for the user - making the user dependent on trust to the manufacturer, or whatever government or authority there is at particular location."

Re:How is TPM a security risk?

[Jesus_666]

The concern is mainly that the system hinges on the TPM, which in version 2.0 of the standard is controlled by the OS and can't be deactivated. Either you unconditionally trust the operating system (and its vendor) or you can't trust the entire system. Plus, the NSA got to mess with the standard while at least the German BSI (who issued this warning) tried but didn't get anywhere (e.g. they failed to get an opt-out function added to the standard). Plus, all TCG members are American companies and several of them are known to have made deals with the NSA before (such as giving information about security flaws to them first).

In short: The BSI doesn't unconditionally trust Microsoft around sensitive documents and recommends that no TPM 2.0 compatible OS from Microsoft is used where those might show up because TPM 2.0 makes trust in the OS vendor mandatory. Win8/TPM2 is okay for home users who don't want to think about computer security but it has no business being around stuff that might cause harm if leaked to foreign intelligence agencies.

Re:What?

[gstoddart]

This doesn't make any sense. It's insecure because you can't NOT use TPM?

If you don't trust the security of TPM, or that it doesn't have in-built stuff the NSA can use to spy on you ... then, yes, you have to consider it insecure.

It's a 'secure' system you don't control, which means if you need a secure environment, you need to trust a 3rd party.

If that 3rd party is Microsoft, who we know is beholden to the NSA -- then you betcherass it's considered insecure. Essentially, the German security people are saying "we don't trust Microsoft or the NSA/US government" -- therefore the entire platform is considered not secure.

One of the biggest complaints about TPM is that you have to explicitly trust whoever controls the keys and the like. And if you don't control it, and don't trust the 3rd party, the whole thing is garbage.

So, it makes perfect sense -- because TPM has never been about the users ability to define their own trust, it's about the manufacturer saying "you're going to have to trust us or not use our stuff". So, not using their stuff is the logical conclusion.

Re:How is TPM a security risk?

[Kjella]

The only thing holding back DRM being the primary beneficiary of TPM is the lack of adoption and the fact that TPM is entirely voluntary. If every computer had a TPM module regardless of the users preference you could be damn certain that many DRM schemes would be using this.

Microsoft has announced that from January 1, 2015 all computers will have to be equipped with a TPM 2.0 module in order to pass the Windows 8.1 hardware certification. And while not every computer will run Windows, I very much doubt you'll find a computer that can't run Windows so that's the end of TPM-less hardware. Of course Windows 8.1 will run on non-TPM hardware but I figure in a few years Windows 9 will refuse to run on anything but TPM-enabled hardware. That's the end of the PC as an open platform and you can already prepare for the funeral.

Re:Windows is an option today - not an requirement

[Karzz1]

....was essentially given away to Universities for free.

Actually it was licensed with the source code to Universities. This was still a proprietary license and the Univerities could not re-distribute except under certain conditions. This licensing was what lead to the lawsuit between Unix System Laboratories (USL) and the Univerity of California, Berkeley when the USL attempted to claim all the changes that UCB made to the source belonged to USL. There was a settlement behind closed doors, however as part of the SCO lawsuits I believe the terms of this agreement were made public.

Interesting read on this here.