Slashdot Mirror
Microsoft Releases Standards For Highly Secure Windows 10 Devices (bleepingcomputer.com)
An anonymous reader writes from a report via BleepingComputer: Yesterday, Microsoft released new standards that consumers should follow in order to have a highly secure Windows 10 device. These standards include the type of hardware that should be included with Windows 10 systems and the minimum firmware features. The hardware standards are broken up into 6 categories, which are minimum specs for processor generation, processor architecture, virtualization, trusted platform modules (TPM), platform boot verification, and RAM. Similarly, firmware features should support at least UEFI 2.4 or later, Secure Boot, Secure MOR 2 or later, and support the Windows UEFI Firmware Capsule Update specification.
Like "President Trump". Or "First Post"
Which of these new standards turns off Telemetry? Without that, Windows 10 can never be secure. Bet everything you do on "your" computer is on a server somewhere. Maybe you are a straight arrow. Best hope the laws don't change against you some day. Believe the 3 letter agencies have their arms elbow deep in some MS pussy.
These will have all telemetry and Cortana disabled or not installed at all? I'd guess it also requires a site license with yearly renewal and not available for individuals?
Mysteriously (!?) missing are what IPs/DNS to block to keep MS from collecting info on you.
"National Security is the chief cause of national insecurity." - Celine's First Law
"Secure" for who . . . ? One of the NSA's jobs is to make sure that any devices used by US government employees are "secure". Gee, if Microsoft wants to sell millions of licenses to the US government . . . guess who gets to show up a Microsoft, to build in the backdoors . . . ?
Yeah, the Microsoft executives and lawyers could squeal a bit . . . but with those National Security Letters . . . those Microsoft folks prefer the Cayman Islands as opposed to Guantanamo.
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
The chances of it coming with a version of windows that doesn't send any data back home to mama is pretty much nil.
It should be able to download security patches without sending any identifying information, tell you when it wants to do it, and be highly selective about what it does download from windows update servers.
I'll take oxymorons for 500, Alex.
Every post I see so far is the generic: see Windows in the title, bash Windows in comments. I mean I'm not sure anyone even read the summary, as all the comments could be made about any article about Windows. And this article doesn't have a lot to do about Windows, its mostly about secure hardware.
Yes, yes I know most of you hate Windows, if not Microsoft as a whole, but is it necessary to remind people of this every article?
"Highly", "secure", "windows". I've heard those words before but never in the same sentence.
I was going to suggest removing the plug, but this would be more useful.
GNU tools are required to have a usable system
How so? These reddit users find BusyBox/Linux usable. It's what you get when you replace glibc with uClibc, Newlib, or Bionic, and then drop Bash and Coreutils (GPL) in favor of BusyBox (also GPL, but not part of GNU).
the need for the GNU Compiler Collection to compile the kernel
Clang has been compiling Linux for seven years.
Look, no matter how you hate the thing, the only way to properly secure Windows 10 is to include systemd in it
HaahAHAHahhahahaha hAHAHahahaHhaHAhahahaaaaa haaa haaaa.... haaaaaaaaaa.haahahahahaa. Good one Microsoft.
The old "orange book" standards defind four letter grades, just like in school. A was excellent, B was good, C was a comfortable pass and D was a bare pass. Windows struggled to make C with networking turned off.
The standards have been replaced with easier ones, and this bundle of hardware might make D...
davecb@spamcop.net
Like "President Trump". Or "First Post"
I think you got First Post. :)
Secure Windows is a contradiction in terms, like "Hurricane-Proof House of Cards".
You will never, never, never see a self-driving car with a Windows operating system doing the driving. Because Windows is crap.
If you use Microsoft garbage, you're either stuck by spec or an idiot. If you spec Microsoft garbage, you're not worth the electricity it took your monitor to display this reality of your uselessness to you.
There is no excuse for your computer to be less reliable than the outlet it gets its power from.
That standard of reliability is from the 1960s. When was Microsoft founded again?
Fire and Meat. Yummy.
In most of the world, highly secure windows mean 1/2" to 3/4" steel bars...
Seems to run Azure just fine.
http://saveie6.com/
https://turnoff.us/geek/smart-...
Under no circumstance QA anything in secure Windows 10.
Did you know 80 to 90% of the moderators on slashdot wouldn't recognize a troll even if one dragged them under a bridge.
Only free software (software the user is free to run, inspect, share, and modify) can be assessed for security, fixed or improved, shared (even commercially), and run at any time for any reason. Without software freedom you're not being treated ethically and you deserve full control over your computers.
Nonfree software is never trustworthy, no matter how long you've run it, how much you're used to its interface, or how much you feel like you can trust it. You have no idea what nonfree software is doing when it runs, you have no permission to alter it, share it, or inspect it no matter how technical and willing you are to do these things. You might not even have permission to run it anytime you want for any reason.
So there is no way to secure Windows 10 so long as Windows 10 is nonfree software. The same applies to any other nonfree software too. No amount of public relations changes how computers and software work.
Digital Citizen
Seems to run Azure just fine.
Running Azure is the first sign that your computer is sick. Using Azure is the first sign that the sysop is sick. And not in the "good" way hipsters currently misuse the word.
Fire and Meat. Yummy.
How does any of that help you if you are running easily exploited bad code from MS?
Nor Hillary. Let's be bipartisan: Hillary would put it on her personal closet server and T would give it to Putin. Putin would then announce he already got a copy from H's server and hand it back to T.
Table-ized A.I.
This is not about security: this is about locking down the system to a vendor. It's right there in TFS:
...trusted platform modules (TPM), platform boot verification... UEFI 2.4 or later, Secure Boot, Secure MOR 2 or later, and support the Windows UEFI Firmware Capsule Update specification.
Words like "trusted", "secure" etc in computer salesdroid-speak are like "people's" and "democratic" when they get shoe-horned into a country's name - they're a warning sign, a veneer to hide a darker truth.
The idea of security standards when Windows is loaded to the hilt with malware is hilarious. Like leaving the vault door open 24x7x365 and bragging about the security features of your high tech safe.
Which raises the question "Secure for Whom?".
If you want a secure system, look at OpenVMS.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
I'd be more concerned about boot signing being locked down, first and foremost. I personally like the Google Nexus/Pixel approach where you're given a big warning that you're bootloader is unlocked. This allows tinkerers to play around, while at the same time making people who don't need/want for it unlocked (for tighter security) aware of it.
Even better, it allows security researchers to do a low level audit for NSA backdoors (give it the ol' blue pill.)
Secure from user, who might try to prevent telemetry and other spyware from working. And secure from competing spyware vendors, as MS wants to ensure monopoly for selling and monetizing the user's data.
Anything that could interfere with telemetry...
Chas - The one, the only.
THANK GOD!!!
I somehow doubt that they mean that the system can keep your data secure. It seems more that their definition means that whatever content you might sell to the "owner" (I'll use the term loosely here) of the device is safe from him actually owning it.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
An internet connection should be an automatic fail in any security audit.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
Yeah, SMM CPU, TPM chip, UEFI, Windows 10, line to Microsoft... doesn't sound like the security we usually think of at all
SMM is a bit odd, but something like a TMP is pretty important as it allows you to protect secret keys from a compromised OS. A TPM provides some write-only storage for keys and an API that allows you to use them for encryption / decryption / signing / verification, but doesn't allow you to extract the keys. UEFI at least allows the OS to replace the running firmware, which can reduce the attack surface by removing most of the vendor-provided functionality.
BTW, is there a open-source FPGA
Nope. There are no open source FPGAs and no vaguely high-end FPGAs that have a documented bitstream format, so you can't even verify the output from the proprietary synthesis tools. Oh, and any vaguely high-end FPGA has lots of fixed-function logic blocks that will make any attempt to verify them difficult.
I am TheRaven on Soylent News
Backdoors in operating systems and application software are no longer needed, thanks to the Intel Management Engine and AMD's PSP.
Words like "trusted", "secure" etc in computer salesdroid-speak are like "people's" and "democratic" when they get shoe-horned into a country's name - they're a warning sign, a veneer to hide a darker truth.
Trusted, as a technical term, means exactly what you'd expect from its use as a non-technical term: it is a thing which is expected to be correct and which can compromise (at least part of) the system if not. It is not the same as trustworthy. For example, the trusted computing base is the set of all things (microcode, bootloader, firmware, kernel, privileged daemons) that must be correct for the system to be secure. A system that uses a formally verified microkernel to provide isolation has a component that is both trusted and trustworthy.
Secure in this context also means what you'd expect. A system supporting secure boot can only boot an OS (or, at least, a second-stage bootloader) that is signed by a trusted party. There's nothing stopping such a system from allowing you to provide your own public keys, and many do, but if malware corrupts your on-disk kernel image then the system will refuse to boot unless you've also installed the malware vendor's key.
There's always a tension between user freedom and security, which goes right back to Stallman complaining about users on shared systems not being given the root password: was it better to allow users of the system to fix issues even at the expense of making all of their files wide open to every other user of the system? In the MIT AI lab, it was probably fine for everyone to have the root password, but it's not fine for everyone on the Internet to have my root password.
I am TheRaven on Soylent News
Actually, installing just Linux would make your system pretty secure. Of course, without any userland, it might not be so useful, but that's not part of the stated requirements...
I am TheRaven on Soylent News
Step 1: Delete System32
Step 2: Reboot
Step 3: ????
Step 4: 100% Secured Windows!
I do not want a "trusted platform mobile" in anything that puports to be secure. It is widely known as a back door for US spooks. This immediately makes the whole system hyper insecure.
I'll see your Constitution and raise you a Queen.
There is no excuse for your computer to be less reliable than the outlet it gets its power from.
There is: Applications.
If your staff need to run QuickBooks or Visual Studio or the quality of LibreOffice's .docx output isn't good enough for them, just telling them "sorry, Windows is crap" probably won't fly. So there are a lot of people who are interested in securing Windows as much as possible.
The big issue that no-one seems to have mentioned yet is updates. Telemetry is one thing, but for IT people the forced, random updates that can't be adequately controlled are a massive security problem and support headache.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
In most of the world, you'd be slapped in the head with a 1/2" steel bar until it was a pulpy mess. You're lucky to live where you are, but no one else is.
The best way of securing a Windows 10 device is not to switch it on.
Not if you never boot it again.
Do these standards say anything about turning off all the telemetry?
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
Agreed here. The Google "fastboot oem unlock" approach has worked extremely well for years. With that, I'd like to see an easy way to "sanitize" a machine, where I can do a "fastboot oem lock", install a signed OS, and have all factory security items intact.
Secure UEFI has its benefits. It stops attacks like NotPetya cold, for example.
Well based on the email you could give it to Hillary and provide hours of training but she would not be able to understand how it works.
Maybe we need something similar to a SIM card (in both form and function) that can be moved between PCs? It would function as a low level HSM allowing for encryption/decryption/signing/verification in a place physically off the main computer, and in a container that is both resistant to physical attacks, and narrows down the attacks that can be done from remote.
"Secure" in the sense that only Microsoft or the US Government (or China or Russia) can see what you're doing.
It's sad. In 1789, the Founding Fathers went to great lengths to make sure the government could not do these things without a warrant. Yet here we are.
And even if they get a warrant, China and Russia won't, and their citizens will get the joy of living the 1984 dream of not just imagining, but having a boot stamping on their face...forever. All so our prosecutors can get a few more (and we mean very, very few as a percentage) notches in their belt for mundane criminality.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Snowflakes are not a left or right phenomena. If you voted for Hillary because she promised you healthcare or for Trump because he promised you jobs, you are not a snowflake. You are just a victim of a two party system and, although you are unlikely to get what you want, you went with a candidate who was at least talking about it. If you personally wearing a black or white hood and carrying a bicycle lock to a street protest, you are an idiot and a criminal, but you at least have some personal courage of terrorist variety. True snowflakes are those who urge antifa to brawl because if Ben Shapiro speaks on college campus we will have Fourth Reich. Or those who urge white supremacists to march because if local government decides to take down one monument, we will have white genocide. Millenials in parents basement who don't have much in stake personally but get their panties in the bunch. The sad thing that those in the basement will be likely survivers if moron in charge starts a nuclear war. That at least I think would have been slightly less likely with Hillary...
She never got the proper training for some reason. State Dept. messed up.
Table-ized A.I.
The keys are useless if you don't use them for encryption / decryption / signing / verification, so allowing that but preventing extraction is pretty much useless.
Not true. Offline attacks are almost always worse than online attacks. If I can compromise your OS and use your keys, then the damage I can do is bounded by the amount of time between the compromise and the fix and by the amount of bandwidth that you have. If I can exfiltrate your keys, then even if you fix the vulnerability and remove my exploit code 10 seconds after the compromise then I can keep using your keys until you update any other system that accepts these credentials (and once I start noticing you doing that, then I know I've been discovered, so I may as well change your keys for all of the services that I now have access to). Still think that they're equivalent?
I am TheRaven on Soylent News
" One of the NSA's jobs is to make sure that any devices used by US government employees are "secure"."
No, it isn't. NSA is strictly comms interception and analysis with a bit of certification for DoD devices. But they are getting out of the latter fast as the COTS world is moving a lot faster than can NSA.
Some pacemakers run Linux. I wonder if Stallman had one of these, he'd be happy to advertise the root password.
Well, you've got at least 2 out of the 3.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
'Windows' and 'secure' don't belong in the same sentence, regardless of what version it is -- especially when you're discussing Windows 10, which spies on you and removes your ability to truly be in control of your own hardware.
I didn't say Clang compiled Linux only once in those seven years. Continuous integration tools such as Tinderbox and Buildbot start compilation over once the last job finishes or when changes are submitted, whichever comes later.
Yeah.
Windows.
Secure.
Windows.
Nope.
There are only two ways to do that:
1. Air Gap. No That doesn't work. Try vacuum gap.
2. Hammer. If It ain't broken, you didn't hit hard enough. If it's broken into small enough pieces, then it's secure.
aaaaaaa
If it has no network and no physical access, you can divulge the root password as much as you like.
Hint : pacemakers running Linux have no network and no physical access
aaaaaaa
That's not true.They crash for a reason.
either this reason is Windows, or it isn't.
aaaaaaa
Yep. Linux.
aaaaaaa
I am not confident that Microsoft is capable of creating secure software. I am not even sure they could release a secure, bug-free version of âoeHello, world!â
Being able to add your own signing keys would be good, but there should be a separate message to the effect that the custom user code has been validated, but to exercise caution if you didn't load said code. Otherwise it would be pretty trivial to blue-pill the user.
So what was Hillary's plan to get people suffering from loss of manufacturing/mining jobs new jobs to support themselves? Trump promised protectionism and immigration curbs. Bernie promised free education to aquire new skills. I am not saying these are realistic plans, but at least they talked about the issue. What use is Hillary's maternity leave if you don't have a job to take a maternity leave from?
This could happen in Myanmar I suppose. Do they produce many steel bars? I'm sure that there is a third country that has not got rif of this hand-me-down from the dark ages. I bet they don't make many either.
The US population is perhaps under 4.5% of the planet. That means that 95.5% of us don't use that numerically illiterate system of measurement. If this offends you, this is not my intention but neither is it my problem. 1 mile, 1,760 yards, 5,280 feet, 63,360 inches. (You seem to avoid, fathoms, poles, rods, perches, chains, barleycorns and so on.)
I'll see your Constitution and raise you a Queen.
If she is allowed to refuse it, the system is screwed up. Focus on fixing the system rather than just punishing one individual.
Table-ized A.I.