Annoyingly, Metro is moving away from the tap-and-hold. MS thinks it's a non-discoverable thing. I think MS is stupid for saying so - tap-and-hold is the default way I try to get more UI options on a touchscreen, and has been so for years - but so they claim nonetheless.
The correct way to "right click" an app on the Win8 Start screen when using touch is to flick it downward. Basically a drag of about 1/4 to 1/2 of an inch; if you drag it much more than that it will start moving the tile. Alternatively, you could either use a mouse, stylus, or trackpad (the Surface RT supports the former and includes the latter on its covers) to right-click.
These apps are optional (pre-installed but trivial to remove) and are basically just a different way of presenting the info that you could get from the relevant web sites... which, shockingly enough, also feature ads. Go figure. That stuff isn't free.
Did you actually read the linked article (not the/. circle-jerk of MS bashing, though the relevant info comes up there too if you look hard enough)? It's a Windows Defender protection against domains that are commonly embedded in other pages being redirected. It's also easy to turn off; either whitelist the Hosts file or simply disable Defender (though in that case you'll probably want to install a third-party AV).
Yeah, the Music app is kind of a big step backward from either the Zune app or Windows Media Player. The latter is still present, even on Windows RT, though.
The former... the Music app is supposed to replace it, but oh man is it a let-down. The Zune app was better both as a simple music player (it actually had a very nice UI starting with v2; the v1 was just a re-skinned WMP) *and* as a vehicle for the subscription service (far better than the Xbox Muxic app that supposedly focuses on said service...)
I don't mind the ads, but holy crap the app itself is lame.
LOL seriously? Microsoft branding idiots strike again, it seems...
Next up: A) How many MS products called "Windows" aren't actually operating systems? B) How many MS products called "Windows" don't actually use a window-based UI? C) How many MS products called "Windows" can actually run Windows software?
Lots of other brand names to pick on, but seriously, Windows makes it too damn easy. MS marketing needs to get over its love affair with that brand; the results are that the company confuses typical (uneducated) consumers, and looks like an idiot to those who educate themselves.
Frankly, a bit of arrogance is pretty normal here. I mean, this guy does what most people not only can't do, but treat as a kind of black magic... and he does it well. Lots of vulnerabilities are found each year. Some of them are known to be serious enough to be a major threat (i.e. all layers of defense can be cut through to produce a working exploit). A handful of them have exploits actually written, though usually with benign payloads (popping up Calculator is a popular choice in the community). Tavis not only did that, he did it multiple times to a high-profile target in the security field! That's a hell of a coup.
I actually think the tone of the paper was pretty good. It didn't read like some lawyer/marketing-whitewashed press release, it wasn't painfully dry and boring to wade through like so many academic papers, and it wasn't really gloating either. Yeah, he calls Sophos out and doesn't pull his punches much when pointing out their mistakes, but that's how the security world works, and this is doubly a matter of security (not just security flaws, but in a security product). Besides, he *did* pull his punches some; read the stuff on the revision history of the paper, and you'll see several indications of changes made at Sophos' behest.
Actually, it's not even 100% out. There's a ton of stuff in there that he's vague about, like not mentioning a single specific area where his fuzzer found something, plus at least one area where Sophos specifically requested that a vuln be concealed, and he agreed.
I'm not going to call him a sell-out for doing so - responsible disclosure is a tricky business, and it looks like Sophos is (somewhat slowly, but apparently in good faith) fixing some of the more egregious issues, so there's no huge push to disclose in order to force their hand. With that said, there are definitely still some serious issues that they have not fixed yet.
Well for one thing, MSE only runs on Windows. Sophos runs on OS X and Linux as well. Remember, this is a business-oriented product.. In fact, one of the big concerns here is that there are so many bugs in the Sophos scanner that, if it's installed on a server (email, proxy/firewall, whatever), it's easy to compromise that server. This applies even if running Linux.
Sue for what? This was responsibly disclosed, and the facts are straightforward so it's not like they can sue for libel. In fact, Sophos requested and was granted a number of redactions and different phrasings throughout the paper. You can read about it in the document history section, near the bottom.
Yes, I read the whole paper... some 8 hours ago. Slashdot is slow.
I really should write a simple Slashdot reply app, sideload it to my* Surface RT, and use it just so I can truthfully say "written on a sideloaded app on Surface RT" in the posts. It's completely possible to sideload on the RT. I don't know why people keep parroting this BS claim that it's not; that's trivially disprovable if you actually try using one for the minute or so that it takes to enable sideloading plus install a sideloaded app.
* Purchased by my company for research and training purposes. We're a computer security firm, and are expected to keep on top of new systems. They also recently bought iPads, Nexus 7 tablets, and various smartphones; I imagine other Android tablets will follow soon probably including Kindle Fire.
But with Tracking Protection (which makes a decent ad-blocker in addition to its basic purpose, and is able to use automatically-updating third-party lists from folks like EasyList, better known for the AdBlock Plus list), developer tools, process isolation, tab separation, and so on. You can set it so that links from any app, desktop or "Metro", open in the desktop IE, which is probably what you want to do.
As for third-party browsers, there's nothing stopping them from being ported. They'd have to be store apps ("Metro", not desktop) but the APIs and language support are there, apps are allowed to register as default filetype and URI scheme handlers, and they'd be sandboxed so they would need to use the WinRT file picker APIs to do things like save or upload files (no big deal; just use them instead of the Windows Common Controls library).
Restoring a backup requires that the device be bootable though, right? Not very useful in the case of a FUBARed update or somebody messing up the system files after jailbreaking, or while attempting to do so. Also, still nobody has mentioned support for rolling back an update that you don't want.
As for the second paragraph, it's first-hand experience. My company bought me one for research and training (we're a digital security firm; they've also bought myself and other employees various Android and iOS devices) and so far the only thing that I hoped/expected to be able to do that hasn't worked has been to boot into testsigning mode (bcdedit is there, and you can add or modify boot options, but testsigning is explicitly blocked). Since that enables running third-party desktop apps, I wasn't terribly surprised that they blocked it, but I'm still looking into bypassing that restriction. In the meantime, scripting (using powershell, in particular) works fine and is an easy way to add third-party programs (as does sideloading of "apps"). In terms of "QUITE locked down", what gave you that impression? It runs as a standard user with UAC by default, so "rooting" it is a click away. It does not support replacing the bootloader with a non-Microsoft one, but you can boot it from external storage if you want to (though the bootloader will still need a MS signature). I'm looking into chainloading the built-in bootloader to GRUB or similar; no idea if that will work yet, but it's worth a shot.
I'm amused by the implication that Flash is locked down, while ignoring the fact that there's no other device running this CPU and form factor that comes with Flash at all anymore. Incidentally, bypassing the Flash restriction is easy; there are two different known ways to make it work (either modify the compatibility list, or add the domain to a test value in the registry; there are scripts on the XDA-Developers site to do this easily). As for the walled garden, there's no limits on scripting and sideloading is officially supported (you're only *supposed* to use it for development or LOB apps, but you *can* use it for whatever the hell you please). It's at least as flexible as Android in that regard.
As for what's to like, its got good specs (for an ARM device, screen resolution aside) and battery life, has the interface and software that most of the computing world is used to (yes, it also has the "Metro" stuff, but the desktop and admin tools are very similar to Win7), it's got microSD and full USB and HDMI out (unlike typical tablets), it's got a full-size spill-proof keyboard and trackpad built into the cover and a kickstand built into the back, it includes Office, it can run the same Windows Store apps as normal Win8 (without requiring that you re-purchase them), and it's highly portable?
Peripherals, not internals. The Surface RT has a standard USB host port. It's also thinner than all but the most recent iPads, incidentally, so "it's a tablet!" isn't really an excuse for *not* having one.
That USB port is probably going to mostly be used for USB Mass Storage devices, of course, but it also supports printers, game controllers, other types of storage (optical drives, UMS + various encryption schemes), media devices (can you manage songs on your iPod using your iPad?), scanners, cameras, cellular modems, GPS or other sensors, mice (including pretty advanced ones), non-basic keyboards, and... well, pretty much anything else that has a driver for Win8. MS claims over 100,000 devices supported.
Sure, you aren't going to leave those things connected on a regular basis, but the difference is that with a Surface (or other Windows RT device), you *can* connect peripherals if you want to. The situation on iPads regarding printing was essentially nonexistent for some time, and still isn't very good... and they don't even come with full copies of Word!
You can completely erase your iPad and restore apps, data, and the OS from iCloud -- no PC required. Even if you lose your iPad, you can just log in with your iTunes account from a brand new iPad and all of your apps, settings, even icon positions are restored from iCloud -- no PC required.
Even if the iPad isn't bootable (say, ran out of power while installing a kernel update)? That's possible - it implies the presence of a small recovery system tucked in there somewhere, with enough smarts to connect to the Internet and fix the main system - but given that you thoroughly misinterpreted what I said, I doubt it. I wasn't talking about "normal reset scenarios" like you describe (in fact, I explicitly pointed that out in my post) but rather things where the situation requires actual recovery. You also didn't address downgrading.
Are you referring to the ARM version (the one referenced in the article or the x86 version?
The x86 version isn't even out yet. I was referring to the ARM version. The management tools are, unsurprisingly, hidden by default (i.e. not on the Start screen). However, they are definitely present, if you choose to show them in Start and/or you know how to use the command line. I take it, from your response, that the iPad can't do any of those things.
Well, and exclude that processor from ever executing code for other VMs. Remember that a process is an OS-level concept. The OS can certainly set affinity to a single CPU and exclude all other processes from using that CPU, but that only works for intra-OS context switches. When the hypervisor context-switches the execution to a different VM, you get a different OS (that of the attacker) executing on (potentially) the same processor. The attacker's OS has no ability to see, much less reason to respect, the target OSes decision to dedicate one CPU to the target process.
In fact, that actually makes the attacker's job a hell of a lot easier. They can dedicate their attack code to the same CPU, in which case *all* the cache changes that occur while the process is context-switched will be due to the target process. In a more typical environment, there would be a lot more "noise" in the cache activity.
Wow, what browser do you use? You *might* be able to make an argument for netcat being secure, though I sure wouldn't bet on that. Firefox, Chrome, Opera, Safari, and IE have all had vulnerabilities discovered in the last year. Most of them were rapidly patched, and in some cases nobody other than the developers would ever have learned of the vulnerability if not for the patch notes, but I can guarantee you that they didn't find them all!
Also, logging into another account is insufficient. Just as your browser is vulnerable, so is your OS; I'm absolutely certain there are local EOP vulns in it somewhere. What good is logging into account B to protect account A when the exploit is running as root? Of course, the same argument could be made for VMs - once the guest machine is taken over, you're now trusting your hypervisor to keep your main OS from attacks, but there's probably some vuln in the hypervisor too (although this is a bit less likely than in a more complex piece of software like an OS). It goes on even further from there, too; attacks against the network, the hardware, your local power grid or ISP...
At some point, you simply must decide that there is *enough* security, and work from there. For most people, a fully-patched browser, preferably with Flash and Java disabled and possibly also JavaScript, running as a limited user with ideally some sandboxing around the browser process, is sufficient. That doesn't actually make you not vulnerable, though.
Actually, cache attacks have existed, and been well-known in the cryptographic community, for a *long* time. The only thing that sets this attack apart from the others in history is the fact that the attack was carried out across two VMs (different logical machines, same physical one), rather than across two processes on the same (logical) machine. That's a significant finding, to be sure, but it's not even a new idea to try it; the novelty is that the researchers succeeded.
"See" from one VM into another, on the same physical hardware. It's a cache-based attack; the attacker fills the cache lines of the CPU, then yields and hopes the hypervisor schedules the other VM on the same CPU core next, and that the other VM is executing a particular set of cryptographic operations. These operations have a very specific behavior with regard to the processor cache. When the attacker's process runs again, it determines which of its cache lines were flushed, and this information tells it something about the operations the other VM is doing.
Obviously, this is a very slow and error-prone operation, not something you can do in real-time, or even within a few seconds (which, on modern CPUs, means a few billion cycles). Rather, the attack requires hours - tens of trillions of CPU clock cycles - to get enough samples of the CPU behavior to determine which samples are meaningless, and to have enough information to piece together the cryptographic key. Obviously, this assumes that the other VM on the same host is frequently engaging in cryptographic operations using this key.
I don't think I'd go so far as to call this attack truly practical, yet, but it's possible in at least some situations. That fact, by itself, is quite scary for two reasons. First, stealing a key is the kind of thing that you don't need to do Right Now in most cases; if you can do it within a reasonable time frame (which may be months), that's enough. Second, these types of attack are almost always slow and/or difficult when first demonstrated. The problem is, now that the attack is known to be possible, it has garnered a lot of attention and many people will be examining it to see if they can improve on it somehow.
Insert a microSD card. Format it to NTFS. Boot to command prompt as admin (officially supported). Copy the contents of the C:\Program Files\WindowsApps folder to the microSD card. Rename the WindowsApps folder (or delete it, if you feel brave). Unmount the microSD card (can be done with the mountvol utility). mkdir "C:\Program Files\WindowsApps" Mount the microSD card to the empty WindowsApps folder (diskpart or mountvol can both do this). Reboot to the normal mode.
Windows 8, including RT, do not include the older versions on.NET by default. Granted, 4.5 alone is still quite large, but MS *has* removed most of the install footprint of.NET.
Don't forget that explorer.exe is also the full graphical shell (taskbar, etc.). Also don't forget that, unlike most tablets, the Surface also includes a full window manager.
As for the command prompt, cmd.exe is pretty tiny, but Powershell is (relatively) huge. You can basically use its script language to access the entire.NET framework. plus a bunch of additional commands and built-in help data.
iOS has no system management tools, no scripting support, no filesystem browser, no developer tools in the browser, no Flash player, no... lots of other things (which Surface has). I think Apple stripped out too much for a real tablet OS, personally. It also basically only has one on-screen keyboard configuration, and no handwriting recognition. It only includes the runtime for one compiled language, plus JavaScript; Surface supports multiple languages including a JS engine that offers far more system APIs than a simple WebView in an app. Most importantly though, both in terms of differences in what you can do with them and in terms of what takes up so much space, the iPad doesn't support USB peripherals. The Surface not only does, it ships with gigabytes of drivers for them (over 100k devices supported at launch, according to MS, although many can probably just use common "class" drivers such as USB Mass Storage).
All those drivers, plus the 3600 MB devoted to the recovery volume that allows Surface to reset or repair itself, even in the face of catastrophes like loss of the decryption key for the entire OS volume or running out of battery during an OS update, plus Office (which is hardly a lightweight program suite, but is far more powerful than any equivalent for the iPad), explains the size usage.
Slashdot Mirror
Annoyingly, Metro is moving away from the tap-and-hold. MS thinks it's a non-discoverable thing. I think MS is stupid for saying so - tap-and-hold is the default way I try to get more UI options on a touchscreen, and has been so for years - but so they claim nonetheless.
The correct way to "right click" an app on the Win8 Start screen when using touch is to flick it downward. Basically a drag of about 1/4 to 1/2 of an inch; if you drag it much more than that it will start moving the tile. Alternatively, you could either use a mouse, stylus, or trackpad (the Surface RT supports the former and includes the latter on its covers) to right-click.
These apps are optional (pre-installed but trivial to remove) and are basically just a different way of presenting the info that you could get from the relevant web sites... which, shockingly enough, also feature ads. Go figure. That stuff isn't free.
Did you actually read the linked article (not the /. circle-jerk of MS bashing, though the relevant info comes up there too if you look hard enough)? It's a Windows Defender protection against domains that are commonly embedded in other pages being redirected. It's also easy to turn off; either whitelist the Hosts file or simply disable Defender (though in that case you'll probably want to install a third-party AV).
This would be a lot funnier if you'd chosen a distro that doesn't include ads in its default configuration (Amazon referrals on search, etc.)
Yeah, the Music app is kind of a big step backward from either the Zune app or Windows Media Player. The latter is still present, even on Windows RT, though.
The former... the Music app is supposed to replace it, but oh man is it a let-down. The Zune app was better both as a simple music player (it actually had a very nice UI starting with v2; the v1 was just a re-skinned WMP) *and* as a vehicle for the subscription service (far better than the Xbox Muxic app that supposedly focuses on said service...)
I don't mind the ads, but holy crap the app itself is lame.
Or on Linux. Sophos is available for both.
I feel terribly sorry for anybody who uses them, but hey, they *are* available!
LOL seriously? Microsoft branding idiots strike again, it seems...
Next up:
A) How many MS products called "Windows" aren't actually operating systems?
B) How many MS products called "Windows" don't actually use a window-based UI?
C) How many MS products called "Windows" can actually run Windows software?
Lots of other brand names to pick on, but seriously, Windows makes it too damn easy. MS marketing needs to get over its love affair with that brand; the results are that the company confuses typical (uneducated) consumers, and looks like an idiot to those who educate themselves.
Frankly, a bit of arrogance is pretty normal here. I mean, this guy does what most people not only can't do, but treat as a kind of black magic... and he does it well. Lots of vulnerabilities are found each year. Some of them are known to be serious enough to be a major threat (i.e. all layers of defense can be cut through to produce a working exploit). A handful of them have exploits actually written, though usually with benign payloads (popping up Calculator is a popular choice in the community). Tavis not only did that, he did it multiple times to a high-profile target in the security field! That's a hell of a coup.
I actually think the tone of the paper was pretty good. It didn't read like some lawyer/marketing-whitewashed press release, it wasn't painfully dry and boring to wade through like so many academic papers, and it wasn't really gloating either. Yeah, he calls Sophos out and doesn't pull his punches much when pointing out their mistakes, but that's how the security world works, and this is doubly a matter of security (not just security flaws, but in a security product). Besides, he *did* pull his punches some; read the stuff on the revision history of the paper, and you'll see several indications of changes made at Sophos' behest.
Actually, it's not even 100% out. There's a ton of stuff in there that he's vague about, like not mentioning a single specific area where his fuzzer found something, plus at least one area where Sophos specifically requested that a vuln be concealed, and he agreed.
I'm not going to call him a sell-out for doing so - responsible disclosure is a tricky business, and it looks like Sophos is (somewhat slowly, but apparently in good faith) fixing some of the more egregious issues, so there's no huge push to disclose in order to force their hand. With that said, there are definitely still some serious issues that they have not fixed yet.
I could email you a PDF to install that replacement for you...
No, not a PDF on *how* to install it, one that *would* do so (or rather, cause Sophos to do so) as soon as it entered your email server! :-)
Well for one thing, MSE only runs on Windows. Sophos runs on OS X and Linux as well. Remember, this is a business-oriented product.. In fact, one of the big concerns here is that there are so many bugs in the Sophos scanner that, if it's installed on a server (email, proxy/firewall, whatever), it's easy to compromise that server. This applies even if running Linux.
Sue for what? This was responsibly disclosed, and the facts are straightforward so it's not like they can sue for libel. In fact, Sophos requested and was granted a number of redactions and different phrasings throughout the paper. You can read about it in the document history section, near the bottom.
Yes, I read the whole paper... some 8 hours ago. Slashdot is slow.
I really should write a simple Slashdot reply app, sideload it to my* Surface RT, and use it just so I can truthfully say "written on a sideloaded app on Surface RT" in the posts. It's completely possible to sideload on the RT. I don't know why people keep parroting this BS claim that it's not; that's trivially disprovable if you actually try using one for the minute or so that it takes to enable sideloading plus install a sideloaded app.
* Purchased by my company for research and training purposes. We're a computer security firm, and are expected to keep on top of new systems. They also recently bought iPads, Nexus 7 tablets, and various smartphones; I imagine other Android tablets will follow soon probably including Kindle Fire.
But with Tracking Protection (which makes a decent ad-blocker in addition to its basic purpose, and is able to use automatically-updating third-party lists from folks like EasyList, better known for the AdBlock Plus list), developer tools, process isolation, tab separation, and so on. You can set it so that links from any app, desktop or "Metro", open in the desktop IE, which is probably what you want to do.
As for third-party browsers, there's nothing stopping them from being ported. They'd have to be store apps ("Metro", not desktop) but the APIs and language support are there, apps are allowed to register as default filetype and URI scheme handlers, and they'd be sandboxed so they would need to use the WinRT file picker APIs to do things like save or upload files (no big deal; just use them instead of the Windows Common Controls library).
Restoring a backup requires that the device be bootable though, right? Not very useful in the case of a FUBARed update or somebody messing up the system files after jailbreaking, or while attempting to do so. Also, still nobody has mentioned support for rolling back an update that you don't want.
As for the second paragraph, it's first-hand experience. My company bought me one for research and training (we're a digital security firm; they've also bought myself and other employees various Android and iOS devices) and so far the only thing that I hoped/expected to be able to do that hasn't worked has been to boot into testsigning mode (bcdedit is there, and you can add or modify boot options, but testsigning is explicitly blocked). Since that enables running third-party desktop apps, I wasn't terribly surprised that they blocked it, but I'm still looking into bypassing that restriction. In the meantime, scripting (using powershell, in particular) works fine and is an easy way to add third-party programs (as does sideloading of "apps"). In terms of "QUITE locked down", what gave you that impression? It runs as a standard user with UAC by default, so "rooting" it is a click away. It does not support replacing the bootloader with a non-Microsoft one, but you can boot it from external storage if you want to (though the bootloader will still need a MS signature). I'm looking into chainloading the built-in bootloader to GRUB or similar; no idea if that will work yet, but it's worth a shot.
I'm amused by the implication that Flash is locked down, while ignoring the fact that there's no other device running this CPU and form factor that comes with Flash at all anymore. Incidentally, bypassing the Flash restriction is easy; there are two different known ways to make it work (either modify the compatibility list, or add the domain to a test value in the registry; there are scripts on the XDA-Developers site to do this easily). As for the walled garden, there's no limits on scripting and sideloading is officially supported (you're only *supposed* to use it for development or LOB apps, but you *can* use it for whatever the hell you please). It's at least as flexible as Android in that regard.
As for what's to like, its got good specs (for an ARM device, screen resolution aside) and battery life, has the interface and software that most of the computing world is used to (yes, it also has the "Metro" stuff, but the desktop and admin tools are very similar to Win7), it's got microSD and full USB and HDMI out (unlike typical tablets), it's got a full-size spill-proof keyboard and trackpad built into the cover and a kickstand built into the back, it includes Office, it can run the same Windows Store apps as normal Win8 (without requiring that you re-purchase them), and it's highly portable?
Peripherals, not internals. The Surface RT has a standard USB host port. It's also thinner than all but the most recent iPads, incidentally, so "it's a tablet!" isn't really an excuse for *not* having one.
That USB port is probably going to mostly be used for USB Mass Storage devices, of course, but it also supports printers, game controllers, other types of storage (optical drives, UMS + various encryption schemes), media devices (can you manage songs on your iPod using your iPad?), scanners, cameras, cellular modems, GPS or other sensors, mice (including pretty advanced ones), non-basic keyboards, and... well, pretty much anything else that has a driver for Win8. MS claims over 100,000 devices supported.
Sure, you aren't going to leave those things connected on a regular basis, but the difference is that with a Surface (or other Windows RT device), you *can* connect peripherals if you want to. The situation on iPads regarding printing was essentially nonexistent for some time, and still isn't very good... and they don't even come with full copies of Word!
Even if the iPad isn't bootable (say, ran out of power while installing a kernel update)? That's possible - it implies the presence of a small recovery system tucked in there somewhere, with enough smarts to connect to the Internet and fix the main system - but given that you thoroughly misinterpreted what I said, I doubt it. I wasn't talking about "normal reset scenarios" like you describe (in fact, I explicitly pointed that out in my post) but rather things where the situation requires actual recovery. You also didn't address downgrading.
The x86 version isn't even out yet. I was referring to the ARM version. The management tools are, unsurprisingly, hidden by default (i.e. not on the Start screen). However, they are definitely present, if you choose to show them in Start and/or you know how to use the command line. I take it, from your response, that the iPad can't do any of those things.
Well, and exclude that processor from ever executing code for other VMs. Remember that a process is an OS-level concept. The OS can certainly set affinity to a single CPU and exclude all other processes from using that CPU, but that only works for intra-OS context switches. When the hypervisor context-switches the execution to a different VM, you get a different OS (that of the attacker) executing on (potentially) the same processor. The attacker's OS has no ability to see, much less reason to respect, the target OSes decision to dedicate one CPU to the target process.
In fact, that actually makes the attacker's job a hell of a lot easier. They can dedicate their attack code to the same CPU, in which case *all* the cache changes that occur while the process is context-switched will be due to the target process. In a more typical environment, there would be a lot more "noise" in the cache activity.
Wow, what browser do you use? You *might* be able to make an argument for netcat being secure, though I sure wouldn't bet on that. Firefox, Chrome, Opera, Safari, and IE have all had vulnerabilities discovered in the last year. Most of them were rapidly patched, and in some cases nobody other than the developers would ever have learned of the vulnerability if not for the patch notes, but I can guarantee you that they didn't find them all!
Also, logging into another account is insufficient. Just as your browser is vulnerable, so is your OS; I'm absolutely certain there are local EOP vulns in it somewhere. What good is logging into account B to protect account A when the exploit is running as root? Of course, the same argument could be made for VMs - once the guest machine is taken over, you're now trusting your hypervisor to keep your main OS from attacks, but there's probably some vuln in the hypervisor too (although this is a bit less likely than in a more complex piece of software like an OS). It goes on even further from there, too; attacks against the network, the hardware, your local power grid or ISP...
At some point, you simply must decide that there is *enough* security, and work from there. For most people, a fully-patched browser, preferably with Flash and Java disabled and possibly also JavaScript, running as a limited user with ideally some sandboxing around the browser process, is sufficient. That doesn't actually make you not vulnerable, though.
Actually, cache attacks have existed, and been well-known in the cryptographic community, for a *long* time. The only thing that sets this attack apart from the others in history is the fact that the attack was carried out across two VMs (different logical machines, same physical one), rather than across two processes on the same (logical) machine. That's a significant finding, to be sure, but it's not even a new idea to try it; the novelty is that the researchers succeeded.
"See" from one VM into another, on the same physical hardware. It's a cache-based attack; the attacker fills the cache lines of the CPU, then yields and hopes the hypervisor schedules the other VM on the same CPU core next, and that the other VM is executing a particular set of cryptographic operations. These operations have a very specific behavior with regard to the processor cache. When the attacker's process runs again, it determines which of its cache lines were flushed, and this information tells it something about the operations the other VM is doing.
Obviously, this is a very slow and error-prone operation, not something you can do in real-time, or even within a few seconds (which, on modern CPUs, means a few billion cycles). Rather, the attack requires hours - tens of trillions of CPU clock cycles - to get enough samples of the CPU behavior to determine which samples are meaningless, and to have enough information to piece together the cryptographic key. Obviously, this assumes that the other VM on the same host is frequently engaging in cryptographic operations using this key.
I don't think I'd go so far as to call this attack truly practical, yet, but it's possible in at least some situations. That fact, by itself, is quite scary for two reasons. First, stealing a key is the kind of thing that you don't need to do Right Now in most cases; if you can do it within a reasonable time frame (which may be months), that's enough. Second, these types of attack are almost always slow and/or difficult when first demonstrated. The problem is, now that the attack is known to be possible, it has garnered a lot of attention and many people will be examining it to see if they can improve on it somehow.
You actually can, it's just unsupported.
Insert a microSD card.
Format it to NTFS.
Boot to command prompt as admin (officially supported).
Copy the contents of the C:\Program Files\WindowsApps folder to the microSD card.
Rename the WindowsApps folder (or delete it, if you feel brave).
Unmount the microSD card (can be done with the mountvol utility).
mkdir "C:\Program Files\WindowsApps"
Mount the microSD card to the empty WindowsApps folder (diskpart or mountvol can both do this).
Reboot to the normal mode.
Just don't ever pull the microSD card...
Windows 8, including RT, do not include the older versions on .NET by default. Granted, 4.5 alone is still quite large, but MS *has* removed most of the install footprint of .NET.
Don't forget that explorer.exe is also the full graphical shell (taskbar, etc.). Also don't forget that, unlike most tablets, the Surface also includes a full window manager.
As for the command prompt, cmd.exe is pretty tiny, but Powershell is (relatively) huge. You can basically use its script language to access the entire .NET framework. plus a bunch of additional commands and built-in help data.
iOS has no system management tools, no scripting support, no filesystem browser, no developer tools in the browser, no Flash player, no... lots of other things (which Surface has). I think Apple stripped out too much for a real tablet OS, personally. It also basically only has one on-screen keyboard configuration, and no handwriting recognition. It only includes the runtime for one compiled language, plus JavaScript; Surface supports multiple languages including a JS engine that offers far more system APIs than a simple WebView in an app. Most importantly though, both in terms of differences in what you can do with them and in terms of what takes up so much space, the iPad doesn't support USB peripherals. The Surface not only does, it ships with gigabytes of drivers for them (over 100k devices supported at launch, according to MS, although many can probably just use common "class" drivers such as USB Mass Storage).
All those drivers, plus the 3600 MB devoted to the recovery volume that allows Surface to reset or repair itself, even in the face of catastrophes like loss of the decryption key for the entire OS volume or running out of battery during an OS update, plus Office (which is hardly a lightweight program suite, but is far more powerful than any equivalent for the iPad), explains the size usage.