Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft 'Patch' Blocks Linux Installs On Locked-Down Windows RT Computers (fossbytes.com)

Posted by EditorDavid on from the scratching-the-Surface dept.

An anonymous Slashdot reader quotes a report from fossBytes: Microsoft has released a security update that has patched a backdoor in Windows RT operating system [that] allowed users to install non-Redmond approved operating systems like Linux and Android on Windows RT tablets. This vulnerability in ARM-powered, locked-down Windows devices was left by Redmond programmers during the development process. Exploiting this flaw, one was able to boot operating systems of his/her choice, including Android or GNU/Linux.
The Register points out that since Windows RT is "a dead-end operating system" which Microsoft has announced they'll stop developing, "mainstream support for Surface RT tablets runs out in 2017 and Windows RT 8.1 in 2018. This is why a means to bypass its boot mechanisms is highly sought."

25 of 141 comments (clear)

  1. That's funny ... by Anonymous Coward · · Score: 5, Funny

    ... today I applied a patch to my credit card that blocks buying any locked down hardware from Microsoft. What a coincidence!

  2. Re:Confused by Anonymous Coward · · Score: 3, Insightful

    I think it's because people like to re-purpose things. Reasonable hardware found in the bargain bin as companies dump unsupported tablets might be enticing to some. The real question is why MS would close off the bootloader when the hardware is EOL in a year or so? That's just cunty.

  3. Re:This is like blocking software from rooting pho by Anonymous Coward · · Score: 3, Insightful

    It's this kind of infantile misunderstanding of security that will eventually be the undoing of technology. Purchasing of hardware is independent of security - if I own a device I have every right to do with it what I choose, even if that means installing DOS. The manufacturer is not obliged to PROVIDE that support, but every block they put in my WAY should be CRIMINAL. If you purchase a house, you have every right to remove whatever locks and security measures are placed there "for your security", and your physical devices should be no different.

    Don't be so quick to give up your rights before you understand what it means, AC.

  4. Yes... by SeattleLawGuy · · Score: 5, Insightful

    An exploit was being used for the install. They patched the exploit. If this is annoying to you, don't buy a system that you need to crack in order to install your chosen O/S.

    --
    Real lawyers write in C++
    1. Re:Yes... by Oliver+Wendell+Jones · · Score: 5, Interesting

      Yes, but why bother to patch such an exploit in an OS that you've already killed off yourself? Why not open up the market to let people take advantage of the hardware rather than let it end up in the Landfill? The answer of course is, "because they're Microsoft, duh?", but what value did this add?

      --
      A computer once beat me at chess, but it was no match for me at kick boxing -- Emo Phillips
    2. Re:Yes... by gweihir · · Score: 3, Insightful

      Indeed. The first check when I do when I buy computing hardware something is whether I can install an OS of my choosing on it. For example, I will not even look at a phone that is hard or impossible to root, or a tablet or mainboard that does not allow me to switch "secure" boot off. When I buy it, it is _mine_ afterwards and a vendor that does not understand this is not going to make a sale to me, ever.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    3. Re:Yes... by Anonymous Coward · · Score: 3, Insightful

      And *that* is a problem of their own making, since they, and apparently you, equate being able to install _anything_ other than the approved version of Windows as a "security-hole". Says more about you, Microsoft and whose "protection" you're concerned with, than the "risks" involved.

    4. Re:Yes... by tepples · · Score: 2

      That's the entire point of SecureBoot. A defense against root kits.

      Then why isn't there a physical switch on the device to set it in a mode where the user can edit the list of operating systems that Secure Boot trusts?

      Microsoft is not taking a feature away from you

      Then what should the device be useful for once support runs out?

  5. Re:Confused by DMFNR · · Score: 3, Insightful

    Because a security hole a benevolent Linux hacker can exploit to allow you to install an operating system of your choice could also serve as an attack vector for those with not-so-good intentions. How big of a security risk that poses to the user? I have no clue, but it's the reason I wouldn't trust any hacked version of a locked down device over a proper general purpose device.

  6. It's just Microsoft being Microsoft by JustAnotherOldGuy · · Score: 5, Insightful

    It's just Microsoft being Microsoft, doing a typical dick move for no genuinely good reason.

    "Oh dear, someone might be able to do something cool or useful with a product we're killing off? Fuck them."

    Microsoft just can't help being dicks about stuff, no matter what it is.

    Imagine the goodwill they could generate by just not being dicks at every goddamn opportunity, but nooooooo, we can't have that.

    --
    Just cruising through this digital world at 33 1/3 rpm...
    1. Re:It's just Microsoft being Microsoft by Desler · · Score: 4, Insightful

      Patching an exploit vector is now a bad thing?

    2. Re:It's just Microsoft being Microsoft by BlueStrat · · Score: 2

      How do you expect MS to sell their new POS if they can.t cripple the old one?

      Spot on. They know good and well that the hardware can keep operating for years.

      Imagine if this idea takes hold in the auto industry? "Gee, the new car models came out, so my old model car got bricked by the manufacturer!" The only real difference is the amount of money involved.

      This move by MS may just be class-action material, that is, if the US Department of (in)Justice and/or Congress/POTUS doesn't run interference for MS. Maybe MS can get some of that retroactive/ex post facto lawmaking goodness we've seen with the NSA/telecoms/surveillance issue to give MS immunity from past lawbreaking.

      After all, in today's US, the "rule of law" depends on who you are, who you know (and what you know about them), and how much money and power you have. People like Hillary or Trump could blowtorch babies to death live on TV and walk away. People like us get years in PMITA prison for making bank deposits/withdrawals that some bureaucrat decides looks like it could possibly be considered "structuring" if one squints real hard.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    3. Re:It's just Microsoft being Microsoft by JustAnotherOldGuy · · Score: 2

      Patching an exploit vector is now a bad thing?

      Oh please, this wasn't done to "protect" anyone except Microsoft.

      There aren't any reports of RT tablets being exploited in this manner that I can find, and the OS is a dead end as per Microsoft themselves. In 5 years there probably won't be a single one running anywhere in the world. But Microsoft found a way to screw anyone who wants to re-purpose the tablet AND they got to do it under the auspices of a "security patch", so it's a win-win for them.

      --
      Just cruising through this digital world at 33 1/3 rpm...
  7. Just like sony... by Anonymous Coward · · Score: 2, Insightful

    ... with their "boot other" retroactively removed. Only, redmond never promised they'd offer. On the other hand, removing a way to blow new life into dead-end hardware still seems like kicking the customer when he's fallen and trying to get up. Next you know the same thing'll happen to peecees.

    Tin foil hat time: Now we know why you can run "ubuntu apps" on windows. Once peecees are locked down the only way to run your fave linux software is if it's an "ubuntu app" and hey, you can run those under windows, right? No need to install anything else, see? Or something to that slimy tune.

    Don't buy locked-down anything, people. On principle. Tell your friends and family too.

  8. Re: Confused by SuricouRaven · · Score: 4, Insightful

    The Surface was an attempt to imitate the business success of the iPad. The OS may be different, but the business model is a clone: Don't just sell the hardware, run the ecosystem as well. That way every sale becomes a continuing revenue stream. It's something that Microsoft wants desperately, because their revenue has always been tied to the upgrade process and customers are getting increasingly fed up of replacing their OS every three years - just look how long killing off XP took!

  9. Re:Confused by Anonymous Coward · · Score: 3, Interesting

    How big of a security risk that poses to the user?

    Let's be clear about this. It's not a remote exploit. It's not something "a hacker" could normally use. It might be useful as part of a blended remote attack (go in through somewhere else, take over system, write new system to disk), but there are plenty of other more dangerous vulnerabilities left to patch. Why do they choose this one?

    This is only really a "security vulnerability" because it allows the person who paid for the device (consumer) to become the owner of the device (person with control). Microsoft's security is compromised because their customers gain power and freedom.

  10. Re:This is like blocking software from rooting pho by gweihir · · Score: 5, Insightful

    That is bullshit which has long since been discredited. In the real world, the only thing a locked-down boot-loader like this accomplishes is to restrict what the user can do, it does not protect against malware as there are numerous other vectors.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  11. Re: Confused by DMFNR · · Score: 2

    I enjoy messing around with stuff like this so I'd personally look at it as a bug rather than a feature, but people like me are going to buy something else. As crazy as it may seem, there may be people that purchased this because it is what they wanted, a locked down Windows device. One example I can think of would be the various luxury goods that with tablets pre-installed with software for control and configuration of said item. Many of these are very low volume goods and the manufacturers commonly use off the shelf electronics. The point I'm trying to make is that this is a product sold to the same people who complained when the paperclip went away in Word. It's simply a patch to restore advertised functionality, not on my freedom to compute. I will do that with onew of the many capable devices, which despite the sky falling for years, show no sign of disappearing.

  12. The Windows Subsystem for Linux by PhunkySchtuff · · Score: 2

    Does Windows RT have The Windows Subsystem for Linux (WSL)?

    If so (and I assume not, but haven't looked) then you can run native Debian binaries right from CMD.EXE

    --
    Specialist Mac support for creative pros, Melbourne
  13. Re: Microsoft. Spyware. Garbage. Same. by mSparks43 · · Score: 2

    actually. they were a highly socialist party.
    part of the confusion in calling parties left/right wing.
    is the us and uk use left/right wing to indicate how much a party targets its policies to looking after the lower classes (left) and upper classes (right).

    and europe uses left/right wing to indicate how authoritarian parties are in implementing policies for the lower classes, since they mostly executed all the upper classes over the years.

  14. Re: Microsoft. Spyware. Garbage. Same. by Dog-Cow · · Score: 2

    Why do you think the Nazi party wasn't socialist?

  15. Re:just a matter of time then? by Opportunist · · Score: 2

    When using exploits becomes the only way to actually use a device that you paid for, something's really wrong. Mostly with your choice of devices.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  16. Re:Confused by Anonymous Coward · · Score: 5, Insightful

    Your entire starting point is wrong.

    "Secure boot" isn't about security at all, it's an anti-competitive measure. Saying that this exploit is a security hole is like saying that any computer that doesn't run a locked down Windows installation or old enough to not have this "feature" is "insecure".

  17. Re:just a matter of time then? by Sax+Russell+5449D29A · · Score: 2

    As I recall, there's a sort of positive 'dead man's switch' in Qt, for example. The KDE project is heavily dependent on it and once Digia decided to sell the Qt project onwards, a clause to release all code under a FOSS license was included in the sale should the new owner go bankrupt or otherwise end the project. This gave the communities and companies currently using Qt a peace of mind.

    Although it might sound a bit outlandish to suggest something like this to hardware, it might not be a bad idea at all! I can imagine they would likely try to circumvent laws like that by utilizing some sort of lease/subscription arrangements and similar, though. I mean, that's what Microsoft has been striving for with Windows, after all. Even back in the day, Microsoft officially considered the bought operating system discs to be "subscriptions" to their product (as described in the EULA). This didn't really hold up in the courts though, at least not in Europe.

    --
    -SR
  18. No M$ in MSNBC anymore by tepples · · Score: 2

    Microsoft no longer owns the Most Socialist Network on Basic Cable. It sold MSNBC TV to NBC in 2005 and MSNBC.com to NBC in 2012.