Slashdot Mirror
Microsoft 'Patch' Blocks Linux Installs On Locked-Down Windows RT Computers (fossbytes.com)
An anonymous Slashdot reader quotes a report from fossBytes:
Microsoft has released a security update that has patched a backdoor in Windows RT operating system [that] allowed users to install non-Redmond approved operating systems like Linux and Android on Windows RT tablets.
This vulnerability in ARM-powered, locked-down Windows devices was left by Redmond programmers during the development process. Exploiting this flaw, one was able to boot operating systems of his/her choice, including Android or GNU/Linux.
The Register points out that since Windows RT is "a dead-end operating system" which Microsoft has announced they'll stop developing, "mainstream support for Surface RT tablets runs out in 2017 and Windows RT 8.1 in 2018. This is why a means to bypass its boot mechanisms is highly sought."
The Register points out that since Windows RT is "a dead-end operating system" which Microsoft has announced they'll stop developing, "mainstream support for Surface RT tablets runs out in 2017 and Windows RT 8.1 in 2018. This is why a means to bypass its boot mechanisms is highly sought."
... today I applied a patch to my credit card that blocks buying any locked down hardware from Microsoft. What a coincidence!
Why would anyone that knows how to install Linux on a tablet EVER buy a Microsoft tablet?
Fuck all their products and services. It's just spyware for the US Government.
MSNBC is Microsoft National Broadcasting Company too.
math it.
It's this kind of infantile misunderstanding of security that will eventually be the undoing of technology. Purchasing of hardware is independent of security - if I own a device I have every right to do with it what I choose, even if that means installing DOS. The manufacturer is not obliged to PROVIDE that support, but every block they put in my WAY should be CRIMINAL. If you purchase a house, you have every right to remove whatever locks and security measures are placed there "for your security", and your physical devices should be no different.
Don't be so quick to give up your rights before you understand what it means, AC.
1. Wait for support to end
2. Wait for first security vulnerability that gets us into kernel space
3. ??
4. Linux!!
An exploit was being used for the install. They patched the exploit. If this is annoying to you, don't buy a system that you need to crack in order to install your chosen O/S.
Real lawyers write in C++
A secure but useless tablet is not something that most people want, especially when they (at least, in theory) own the hardware and (very rightfully) want to control it.
If they cared about their customers being able to do what they want to and being able to control the device, they would provide mechanisms to do just that independent of the exploit. Instead, they treat the hardware like they own it, and refuse you administrative access. This trend is very disturbing, since it essentially means they own the machine, not you. As this is the case, users are left with little option other than to either abandon the device as the company wants (turning their property into a paperweight simply because corporate wants you to rent functionality), or use an exploit, in order to take back the control that is rightfully theirs.
You don't actually NEED the company to basically own the device and deny you control in order to be secure. However, the trend of acting as though only a continuous series of patches will keep your device from melting down and that only the company should truly control the computer seems to be catching on. That's pretty fundamentally disturbing. I'm rather surprised you don't realize that, or don't care.
While Microsoft may actually be doing the correct thing overall, the really correct thing would be to provide a mechanism where this is not necessary. Overall, as I value owning my hardware, I'd rather take my chances with the exploit staying there, and I seriously doubt that I'm alone. There are many reasons to avoid patches and updates, and malicious intent on the part of the companies is rapidly becoming the most prominent one, if it isn't already there.
Been looking for a solution for this for quite a while. Got two of these from work when they determined that they were dead end devices that we were not going to use. Now that I know it is there I can't seem to find the exploit. Search goes on.
-- David inquired...
It's just Microsoft being Microsoft, doing a typical dick move for no genuinely good reason.
"Oh dear, someone might be able to do something cool or useful with a product we're killing off? Fuck them."
Microsoft just can't help being dicks about stuff, no matter what it is.
Imagine the goodwill they could generate by just not being dicks at every goddamn opportunity, but nooooooo, we can't have that.
Just cruising through this digital world at 33 1/3 rpm...
They do that all the time. Even with pC's every once and a whiletjey try to prevent dualboot. Each OS since probably 7 tries to prevent it. Yet here I am, running Linux on everything.
What about Windows 10 tablets? Are they also locked?
... with their "boot other" retroactively removed. Only, redmond never promised they'd offer. On the other hand, removing a way to blow new life into dead-end hardware still seems like kicking the customer when he's fallen and trying to get up. Next you know the same thing'll happen to peecees.
Tin foil hat time: Now we know why you can run "ubuntu apps" on windows. Once peecees are locked down the only way to run your fave linux software is if it's an "ubuntu app" and hey, you can run those under windows, right? No need to install anything else, see? Or something to that slimy tune.
Don't buy locked-down anything, people. On principle. Tell your friends and family too.
A class action lawsuit, forcing MS to buy back these dead devices, all of them, at full retail. This would be the American way.
Microsoft killed my hopes for a usable Gnome environment...
This is probably the legal situation in Europe. Unfortunately, we in the UK, have voted to be shoved right up the arse of the USA.
Sent from my ASR33 using ASCII
Would you want to run a computer in which software could exploit holes to obtain root access? The answer, of course, is no.
On its face this sounds reasonable but if you look at the industry's best practices, this is not remotely true. The actual answer as given by the market is "You are giving me a graphical desktop with that? I can use a mouse to click on things?!? Yes please!"
Besides, "software" is entirely too broad. Do I want the OS to have full and complete access?[0] Probably, yes. Software that I wrote? Sure, why not. Software I installed and trust enough not to abuse the access it really needs to do its job? Of course. Software that likes to ask more access than it strictly needs? Not really, no.[1] Software coming in from elsewhere and I don't know what it's doing?[2] Nope. Software that came in unbidden and installed itself? Hell no.
Note that how it gets that root access is not a consideration. Whether it can obtain it, is the key. This is the difference between Mordak the Preventer's mindset, and the common or garden variety user who just wants things to work, and when prompted will give the politically correct answer that of course security risks are like, not good, you know.
Me, I'm not politically correct nor a garden variety user, so I say that ultimately me, myself, and I, want and demand full control over the hardware I own, and nobody else gets to have any control at all. If I don't have full control I don't really own the thing. RT devices are thus not fully ownable, they always remain under someone else's control. As such, they fail a very simple security test and are unfit for use.
Counter-intuitively, the fact that it was rootable means there was a way to claw back control rightly due me the owner of the device, so that's a better situation than after the "patch", and this despite the obvious security risk.
That's because it's a security risk. Yes, it might break some functionality a few people would want, but it's necessary for security. This is also closing a security hole that could be used for malware.
This sort of entirely reasonable-sounding argument could substitute "by terrorists" and it'd be just as reasonable. Why this is so? It's a superficial "it's for your own good" argument, which does not address anything at all and can well turn out to be entirely wrong. In fact, for all the best intentions that make such arguments, they turn out entirely wrong awfully often.
Microsoft is doing the right thing by closing security holes, even if it's more difficult for you to run Linux.
Not really, since they sold hardware locked-down that they've already announced to no longer be supporting soonish. Meaning that they now are also slamming the door on third-party improvements and will, once support stops, leave you with an unfixable security risk.
[0] Not necessarily obtainable at all on modern hardware!
[1] There is an awful lot of this around. For some reason moreso from commercial outfits than FOSS-developed. Hard to keep tabs on, too.
[2] Like, oh, anything that needs to call home for "activation" or "verification" or somesuch. Hi TCPA/Palladium!
... I think this could be a "CYA" move inspired by the lawyers. Though the sales department may also have had a say. They appear desperate for sales, so forcing hardware to become unfixable security risks once support stops might help there, a bit. Now you just have to buy a new redmondian tablet. But hey, you can run "ubuntu apps" there these days, so you really don't need linux, anyway.
Don't forget that they're a big marketeering company* pandering to the fortune 500. Everything else is just small fry for them. So of course they can afford to be dicks, though they themselves will probably not see it that way. They probably still think they're being awesome making technology available to the masses. Even though they really only put out toys unfit for serious use. The market still is full of (figuratively) very small children in need of soft toys with rounded corners, and of course redmond would like to keep it that way. You can see that in how hard they try and work on achieving exactly that.
* Just like google is the biggest in search, we know them as the very icon of search, but they're really an advertising company. When they are being evil, it's usually because of that difference.
What does ownership even mean? Note: you have similar "scheduled to break" scenarios when buying laptops with proprietary-only display drivers.
You can buy old Thinkpad laptops with Intel graphics or "more powerful" ATI or Nvidia onboard graphics. Of course, the "power" supported with binary-only proprietary drivers means that they'll not properly hibernate/suspend under GNU/Linux and will at some point of time stop running altogether after upgrading your GNU/Linux distribution and will likely refuse supporting mixed architectures/memory models. So those laptops with proprietary-only drivers are implicitly scheduled to break. You won't be able to run them with reasonable performance with Windows-like operating systems (even if the driver support dies slower there for whatever reason) and their Linux binary driver support will be dead long before the hardware actually becomes unsuitable for using.
The Windows RT "Fuck you" message is just more explicit but there are quite a few other players where you effectively end up in the same kind of rut.
I am not used to tablet OS, but I am assuming that they have an EPROM for the "current" OS and a ROM for the original one. I could be wrong. If it is the case cannot you simply reset back to factory build with factory OS and still exploit the vulnerability ? If it is the case why is there outrage ?
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
That is bullshit which has long since been discredited. In the real world, the only thing a locked-down boot-loader like this accomplishes is to restrict what the user can do, it does not protect against malware as there are numerous other vectors.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
that is a fucking long bow you are drawing there saying patching vulnerabilities in an OS is blocking you and criminal. I guess every Linux developer, apple, MS and every other OS vendor by your definition is a criminal conspiracy. They aren't stopping you from doing anything with the hardware, they are however patching their OS.
Does Windows RT have The Windows Subsystem for Linux (WSL)?
If so (and I assume not, but haven't looked) then you can run native Debian binaries right from CMD.EXE
Specialist Mac support for creative pros, Melbourne
Not sure why Microsoft would even care at this point? Why block owners of these RT devices trying to install a OS that is still supported? I give Microsoft the benefit of doubt here and its possible the patch just had the side effect of doing this. Nobody should really expect a device to support anything people want to install on it. You want Android buy a Android device, you want Linux on something it's hit or miss if the device can support it. Kind of like installing a Chevy engine in a Ford. Neither company was thinking at the time about making sure this would work.
And the answer is not buying a phone (or tablet) without root access.
Obviously that requires some research before buying, with questions such as:
-Does the device have a locked boot loader?
-If yes, can the customer unlock it? By an "officially" supported method?
C - the footgun of programming languages
If I understand this correctly - this "patch" works in a similar fashion (and for similar purpose) as secureboot. The intention isn't to lock out other operating systems - it's to prevent possible rootkit installation - for the majority of people this is a good thing.
For the record, I've been "off" Microsoft for a few years now - i have no love for them. But - spreading misinformation doesn't do anybody any good.
âoeThis is an enormously important decision for Microsoft, allowing it to offer its well-known and trusted database to an expanded set of customersâ, said Al Gillen, group vice president, enterprise infrastructure, at IDC. âoeBy taking this key product to Linux Microsoft is proving its commitment to being a cross platform solution provider. This gives customers choice and reduces the concerns for lock-in. We would expect this will also accelerate the overall adoption of SQL Server.â
http://blogs.microsoft.com/blo...
So, who is in charge of propaganda at MS these days?
JoeR
Say an OS publisher wants to add a feature to make installation of a boot-time rootkit, which runs the host OS in a virtual machine, obvious to a PC's user. How should this be achieved without appearing anticompetitive?
From about 2009 through mid-2012, 10" Linux laptops were available. But in late 2012, manufacturers discontinued 10" laptops. The commonly suggested workaround was to buy a tablet and a clip-on keyboard. At the time, the Surface Pro was three times the price of the 10" laptops it replaced.
(Nowadays the workaround is to buy a Chromebook, put it in developer mode, and make sure nobody else touches it so that it doesn't get accidentally factory restored.)
Microsoft no longer owns the Most Socialist Network on Basic Cable. It sold MSNBC TV to NBC in 2005 and MSNBC.com to NBC in 2012.
A friend of mine bought a Surface Pro because it was the most suitable for art work, with the pressure-sensitive screen. This is slightly interesting because Apple has traditionally been the choice of graphic artists, and Apple is strong in tablets. But not tablets for graphic artists.
ehh, that's not really true. The point of hte locked down bootloader is the second order affect, to prevent people from owning digital media. If I can own the root, I can own the video stream.
The hardware is clearly passed it's useful life, it has been CONSUMED. it is a CONSUMABLE. When COMSUNABLES have been CONSUMED you must PURCHASE a NEW ONE.
I know people don't like PURCHASING things, so don't worry, you can LEASE some NEW hardware.
That way, you get all the benefits of NEW hardware, without the need to PURCHASE a NEW ONE.
CONSUMABLES keep the ECONOMY running.
reusing hardware does not add money to the ECONOMY. the ECONOMY runs on MONEY.
Once something has been CONSUMED, A NEW ONE MUST BE PURCHASED.
It's simple really. I don't understand why people don't grasp that.
CONSUME! CONSUME! CONSUME!
And the answer is not buying a phone (or tablet) without root access.
Netbooks had root access because they were capable of running desktop operating systems. Netbooks disappeared in 2012, around the time Surface came out. Coincidence?
"mainstream support for Surface RT tablets runs out in 2017 and Windows RT 8.1 in 2018. This is why a means to bypass its boot mechanisms is highly sought."
That and because people don't want the virus of an OS that Microshaft has to offer.
Not really, since they sold hardware locked-down that they've already announced to no longer be supporting soonish. Meaning that they now are also slamming the door on third-party improvements and will, once support stops, leave you with an unfixable security risk.
This is exactly the argument that is persuasive to me, at least.
As it is, this smacks of what happened to all the PlaysForSure (not!) devices and vendors when MS abandoned THAT platform. Everyone was left with a bunch of USELESS tech, which was SUPPOSED to force those people into the (later also abandoned) Zune "ecosystem".
And we all know the end of THAT story...
Didn't Sony just lose a lawsuit over the same thing? Why would Microsoft think it could get away with it? Whether the "flaw" was intentional or not, if people purchased an RT tablet with that feature enabled so that they could install another OS, then removing that feature cripples it from the intended purpose. Furthermore, since support from Microsoft on the devices is about to expire, what would be the reason to do this other than to force consumers to upgrade to a new device? While that might be a valid business reason, it should only apply to devices purchased going forward, not retroactively.
Can anyone say class action suit?
So, who is in charge of propaganda at MS these days?
Goebbels, of course.
So, who is in charge of propaganda at MS these days?
Goebbels, of course.
"Do you want butter or Surface RT?" Actually, that's not far off the mark. Microsoft is about giving the customer options for how he wants to get screwed.
Good asshole, but you forget it is MY computer and I decided what value goes into what ram, flash or register location at what time. I own every bit of it. If I decide to run freebsd on it, it is my purview to sit down and port it to it If I decide I don't want your appstore or your ads and your "analytics" enabled app spying I remove that. I do not want you to have ANY access to my system after I bought it from you, what I do with it, for what I use it for is none of your business. If you want to use secureboot features that is fine, but the very cpu bootstrap on that chip has to query a dedicated gpio pin that goes to a dip switch I can easily access. That dip switch puts the cpu rom bootstrap in a mode where I can overwrite any and all keys and take full ownership of the device. Then once I have installed my own secure bootstrap and whatever code it boots I can have both a more secure system AND YOU locked out from it. You dumb shit, what you propose is like a locksmith installing a lock on your door to which he has a ney himself and then telling you he will come into your home and enforce arbitrary rules he makes up on the fly such as if you can have an electric stove, if you can have non-cable internet, even if you can have guests sleep over on Fridays. WTF???
and that Indian Bastard that is destroying a great USAian institution. I demand that USAian corporations be run into the ground by good honest red blooded USAians. Thinking of you Carley.
False. It protects against a very specific form of malware that is incidentally also very difficult to remove once it appears. We have a long history of malware affecting the boot processes before the OS even begins loading. The fact that Windows has more holes than a pasta strainer doesn't change that secure boot can eliminate an entire family of malware.
> It protects against a very specific form of malware
If the "malware" is considered to be "unsigned software accessing anything without permission by an upstream paid key holder", then yes. It becomes clear that the entire Trusted Computing stack is designed for DRM. Security against a few forms of attack is a consequence, not the purpose of the software.
I was on the fence and couldn't make up my mind between the Surface Pro 4 and Huawei Matebook. I'm buying the Matebook now. Bricking older devices or forcing them to run obsolete OS's is never cool.
Yes, coincidence. Netbooks provide a terrible user experience for their intended purpose, combined with the fact that the general public thought they were small, cheap laptops, which led to massive disappointment. Unfortunately their failure has tainted the form factor, but on the other hand this means that there's enough cheap/free netbooks out there to last you several lifetimes.
Not really, since they sold hardware locked-down that they've already announced to no longer be supporting soonish. Meaning that they now are also slamming the door on third-party improvements and will, once support stops, leave you with an unfixable security risk.
Which is industry-standard these days. I'm not saying that's a good thing but it's exactly what you get from any iPhone or iPad that is out of support or any bootloader-locked Android device that is out of support or devices like the HP TouchPad or Palm Pre.
In the real world, the only thing a locked-down boot-loader like this accomplishes is to restrict what the user can do
But SecureBoot is not a locked-down boot-loader. You can simply turn it off. If the device does not provide that mechanism then choose a different device, just like you would on Android devices. Of course on iOS devices you have no choice because the only device provider is Apple so in that case you can't have iOS support.
I am pissed and I am done with this $500 brick. I bought a Surface RT when they first appeared thinking Microsoft would support it for a long period of time. I suppose they have, so this news means grab a hammer! I am literally going to do this. Good-bye Surface, you have been a pain in the arse!