Slashdot Mirror
German Government Warns Windows 8 Is an Unacceptable Security Risk
An anonymous reader writes "Die Zeit has access to leaked documents from the German government warning that Windows 8 is an unacceptable security risk for sensitive workloads. The story is written in German here, but automatic translators (such as Google Translate) do a readable job. Particularly of concern is the inability to opt out of TPM 2.0 usage."
Windows has always been a Security Risk.
Danke.
Good thing alternatives exists.
I am not advocating they should "just change". I am just saying that on a personal level I am very happy that thrustworthy alternatives exists, and that Windows (no longer) is an requirement at the workplace or at home, but just an option.
Thank you, Stallman, Linus, and all you other people around the world, who have used your time to provide us with these alternatives.
And, yes, I know some people will claim that Windows is an requirement for the specific uses you have. I don't really care - for the wast majority of computing users around the world, Windows is an option, not an requirement. And, I am happy for that.
It is insecure because you CAN'T use it for your purposes.
It is only there for MS and, by extension, the NSA.
You didn't think that secure boot crap was for YOUR benefit, did you?
Just read TFA, it does a good job at explaining the security risks and concers. One important concern is that while the BSI (the german Federal Office for Information Security) was involved in the TPM 2.0 specification, all their proposals were denied, while the proposals the NSA had were accepted. And the final acceptance was announced with "The NSA agrees".
http://en.wikipedia.org/wiki/Trusted_Platform_Module [Wiki]
See "Criticism" section:
"... The concerns include the abuse of remote validation of software (where the manufacturer — and not the user who owns the computer system — decides what software is allowed to run) and possible ways to follow actions taken by the user being recorded in a database, in a manner that is completely undetectable to the user.
In simple words, it removes user's ability to control the hardware he owns, reducing the device to hardware maker's stealthy agent.
It is "Trusted" to hardware manufacturer, but, the same makes it "uncontrollable" for the user - making the user dependent on trust to the manufacturer, or whatever government or authority there is at particular location."
The BSI (Bundesamt für Sicherheit in der Informationstechnik) published a clarification after websites reported about that Windows 8 warning: https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2013/Windows_TPM_Pl_21082013.html
Basically, they pedalled back a bit. They now claim they never warned about Windows 8 itself, but about possible risks when combining Windows 8 with TPM 2.0, because the user no longer has complete control over his system and that because of that, the user could end up in a situation where the system is permanently unusable. They no longer mention the US / the NSA and the possibility for backdoors, instead they now just mention the possibility of "sabotage", and the need for an opt-in AND opt-out for things like TPM 2.0.
Are you totally ignorant of the software world?
Linux is at this point more popular than windows, if we count embedded devices and servers. Windows has come a long way, but until very recently it had some serious problems. The issue stems from the design philosophy not any level of obscurity.
The concern is mainly that the system hinges on the TPM, which in version 2.0 of the standard is controlled by the OS and can't be deactivated. Either you unconditionally trust the operating system (and its vendor) or you can't trust the entire system. Plus, the NSA got to mess with the standard while at least the German BSI (who issued this warning) tried but didn't get anywhere (e.g. they failed to get an opt-out function added to the standard). Plus, all TCG members are American companies and several of them are known to have made deals with the NSA before (such as giving information about security flaws to them first).
In short: The BSI doesn't unconditionally trust Microsoft around sensitive documents and recommends that no TPM 2.0 compatible OS from Microsoft is used where those might show up because TPM 2.0 makes trust in the OS vendor mandatory. Win8/TPM2 is okay for home users who don't want to think about computer security but it has no business being around stuff that might cause harm if leaked to foreign intelligence agencies.
USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
So we have a case of sour grapes, then? Unless one of the NSA requests was "we want a backdoor" then this by itself doesn't mean much because the NSA is a weird creation that not only spies on everyone, but has an "information assurance" department that tries to design secure systems for US usage. They're behind the creation of SELinux which is both highly sophisticated and well reviewed by independent third parties. It does not have back doors. Also, many important constructions in cryptography were designed by the NSA. For example SHA2 was designed by the NSA and it is extensively studied. It has never been found to contain even a hint of a back door.
This crap about how the TPM allows Microsoft to remotely control computers for DRM purposes came up over a decade ago when trusted computing extensions were first designed. It was FUD back then with no connection to reality, and it's certainly FUD today too. If you want to learn about the actual next-gen TC technologies, go and read up on Intel SGX. Then go and read this post on bcflick, a use of the TPM and trusted computing designed to make Bitcoin wallets more secure. That's the kind of thing the tech is designed for. The TPM isn't even electrically capable of controlling the CPU.
> The only reason that I can think that an open source OS would be more secure than Windows is because of obscurity.
No, obscurity doesn't offer much security at all.
Open Source stuff tends to be more secure because it has so many people looking at it, from many different perspectives, both professionals and amateurs, all working together to improve the code and make it more secure.
Microsoft, on the other hand, are the only people who can patch and improve their code. And they have demonstrated again and again that they can't be trusted to do this in a timely and useful manner.
The advantage of Open Source is that you or anyone else can fix the software if/when security problems are found, whether in the OS, core libraries, network stack, or any Open Source applications. We are not dependent on the original developers to make any such fixes. I have done this a couple times in the past by fixing security issues in open source code before the developer fixes were available (I could have waited a day and got the developer fixes).
now we need to go OSS in diesel cars
But since nobody actually knows, and because if the NSA informed Microsoft to hand over the keys they'd be legally required to, and because while they help design 'secure systems for US usage' nobody trust them for anything that isn't the US.
So, it's OK if you want to trust TPM, Microsoft, and the NSA. But that doesn't mean that the rest of the world has any reason to do so.
I think you are increasingly going to see governments around the world look at Microsoft and say "do we want to put all of our infrastructure in the hands of someone who has to take orders from a US spy agency?" And I think the only logical conclusion is going to increasingly be "no, not really".
Lost at C:>. Found at C.
I had a nickle for every time they told me they didnt know how their own software works I'd be richer than Bill Gates
If it takes them 10 secs to say that, and Bill Gates has 50 billion dollars, it would take you 16000 years to get that rich.
Have you seen any suspicious operating systems? Nein! I mean... 8!
Science advances one funeral at a time- Max Planck
I was also a nice trustworthy person which caught people by surprise when I stole money from their wallets.
Ok no I wasn't but just because the NSA has at times released software without backdoors should in no way influence your opinion of their future performance, especially given future performance is malware that provides a back door, not to mention back doors to every ISP in the country, spying on international conferences etc. Honestly it would be outright foolish to assume that anything they had a major hand in is safe.
That said TPM serves one purpose, secure the system from the prying hands of the user. The only thing holding back DRM being the primary beneficiary of TPM is the lack of adoption and the fact that TPM is entirely voluntary. If every computer had a TPM module regardless of the users preference you could be damn certain that many DRM schemes would be using this. A trusted key store safe from the user is exactly the kind of security system a DRM scheme needs to operate well.
Just because something hasn't (yet) come true does not make it FUD.
This. This is overblown BS written by someone who doesn't understand TPM and what it can and can't do.
The story also fails to mention that the TPM module is usually an option and typically only available on corporate PC's. Not to mention the fact that it can be disabled in BIOS/EFI if you are admin over that system.
TPM is not even required by Windows 8. RT... well that's another issue but this article is mainly about PC's, not RT tablets.
The only thing holding back DRM being the primary beneficiary of TPM is the lack of adoption and the fact that TPM is entirely voluntary. If every computer had a TPM module regardless of the users preference you could be damn certain that many DRM schemes would be using this.
Microsoft has announced that from January 1, 2015 all computers will have to be equipped with a TPM 2.0 module in order to pass the Windows 8.1 hardware certification. And while not every computer will run Windows, I very much doubt you'll find a computer that can't run Windows so that's the end of TPM-less hardware. Of course Windows 8.1 will run on non-TPM hardware but I figure in a few years Windows 9 will refuse to run on anything but TPM-enabled hardware. That's the end of the PC as an open platform and you can already prepare for the funeral.
Live today, because you never know what tomorrow brings