1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Windows 8 Secure Boot: Handy Malware Backdoor for Nosy Governments?

Discussion in 'News' started by qubit, Oct 29, 2011.

  1. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,822 (3.96/day)
    Thanks Received:
    3,481
    Location:
    Quantum well (UK)
    We’ve written before how Microsoft's new secure boot feature in Windows 8 could likely be used to shut out competition and create the ultimate in walled garden consumer lock-ins – something that is very undesirable from a competition, price and consumer choice viewpoint. However, it now appears that governments could lean on Microsoft in order to install secret snooping malware on user's PCs.

    Ross Anderson, professor of Security Engineering at the University of Cambridge Computer Laboratory, has written in the Light Blue Touchpaper blog, about this issue. He starts off by explaining how secure boot could limit the purchase Metro apps to only the official Microsoft app store, saying. "Even if users can opt out, most of them won't. That's a lot of firms suddenly finding Steve Ballmer's boot on their jugular." That sounds very well put and really doesn't paint a pretty picture, does it? It's exactly the same tactic as all these firms that require you to opt out of receiving their junk mail, toolbars etc when installing software, knowing full well that the majority won't.

    However, this control can turn from monopolistic to sinister, because governments could potentially lean on Microsoft to give them an official key in order to install malware on user's PC's, which could be next to impossible to remove. The particular example he gives is that of Tubitak, the Scientific and Technological Research Council of Turkey, saying that he has removed their key from his web browser, but how would he identify all foreign governments' keys?
    Sounds nasty, doesn't it? This isn’t something that anyone should want on their computer.

    Anderson has also written an 8-page paper (PDF) entitled "Can We Fix the Security Economics of Federated Authentication?" which covers this problem in great detail.

    The Free Software Foundation has also also started a petition against secure boot, which people are encouraged to sign.
     
  2. Halk New Member

    Joined:
    Jan 24, 2011
    Messages:
    105 (0.08/day)
    Thanks Received:
    26
    Whatever they do will be reverse engineered and the technically adept user will be able to use and abuse whatever secure boot ends up offering...

    However I don't accept that end users will be at the whim of governments spying on everything that they do, that doesn't seem like a realistic prospect.
     
  3. RejZoR

    RejZoR

    Joined:
    Oct 2, 2004
    Messages:
    4,623 (1.27/day)
    Thanks Received:
    928
    Location:
    Europe/Slovenia
    This should be optional and available through a physical switch on a motherboard, so no malware can change it on its own. But if user wants this technology, they can enable it (or disable) at any time. This would be great actually. But if they plan to lock it out, it's just not gonna work. With so many great free and open source apps, there is no way of signing them all or demand special fees to get them ready for this closed ecosystem.
     
  4. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,822 (3.96/day)
    Thanks Received:
    3,481
    Location:
    Quantum well (UK)
    Good points - please sign the FSF petition! :toast: Link at the bottom of the article.
     
  5. Frick

    Frick Fishfaced Nincompoop

    Joined:
    Feb 27, 2006
    Messages:
    10,614 (3.39/day)
    Thanks Received:
    2,232
    Meh, the Government can do a lot of shit anyway.

    And this is borderline editorial.
     
  6. Neuromancer

    Neuromancer

    Joined:
    May 23, 2008
    Messages:
    379 (0.16/day)
    Thanks Received:
    64
    Location:
    South Jersey
    Dont need windows 8 if you are running Intel equipment remote backdoor is built in :)
     
  7. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,822 (3.96/day)
    Thanks Received:
    3,481
    Location:
    Quantum well (UK)
    I think you're thinking of vPro - and you're correct. It's right down to the chipset and CPU level, no software required. :shadedshu Dunno how you block this one.
     
  8. RejZoR

    RejZoR

    Joined:
    Oct 2, 2004
    Messages:
    4,623 (1.27/day)
    Thanks Received:
    928
    Location:
    Europe/Slovenia
    You can block it by not buying Intel to begin with :p
     
  9. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,422 (4.68/day)
    Thanks Received:
    3,240
    Meh, this is a lot of ton-foil hat wearing nonsense. Using the words 'could likely' in this sense follows the same conspiratorial logic about the US government could likely fly planes into the twin towers. The ability of microsoft and other software companies to install backdoors in your software and hardware has been there for decades. Get over it people.
     
    Super XP, 1c3d0g, Eva01Master and 2 others say thanks.
  10. Shihabyooo

    Shihabyooo

    Joined:
    Jan 10, 2011
    Messages:
    566 (0.42/day)
    Thanks Received:
    110
    Location:
    A sad excuse of a country called Sudan.
    ^
    +1 ... the twin tower incident was a Mossad/Russian joint op !
    >_>
    And end up using faildozer instead ? No thanq. I'll pick the spybot chip !
    /jk
     
    1c3d0g says thanks.
  11. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,822 (3.96/day)
    Thanks Received:
    3,481
    Location:
    Quantum well (UK)
    Yes, it's a bit of a lose-lose situation, isn't it? :ohwell:
     
  12. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,422 (4.68/day)
    Thanks Received:
    3,240
    You should probably prove something to be true before you go around boycotting it.
     
  13. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,822 (3.96/day)
    Thanks Received:
    3,481
    Location:
    Quantum well (UK)
    I'm not actually boycotting Intel over this, just making the point that whether you go AMD or Intel, you lose something significant. With AMD it's performance and Intel it's privacy from government snoops. Choose your poison. :ohwell:
     
  14. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,422 (4.68/day)
    Thanks Received:
    3,240
    there has been zero evidence that governments have been using intel chips to snoop on people.
     
  15. Wile E

    Wile E Power User

    Joined:
    Oct 1, 2006
    Messages:
    24,324 (8.35/day)
    Thanks Received:
    3,778
    And even tho it's "hardware level", it can't work without the appropriate software. So it's still defeatable.

    I agree, this is a bit on the paranoid side. Good point on possible security hole, but credibility goes down with the mention of the govt using it against us.
     
  16. Shihabyooo

    Shihabyooo

    Joined:
    Jan 10, 2011
    Messages:
    566 (0.42/day)
    Thanks Received:
    110
    Location:
    A sad excuse of a country called Sudan.
    How dare you question the conspiracy theory ! Now feel the wrath of the Illuminati !
    No seriously, what's with all this paranoia going around ? Everyone thinks there's someone spying on them.
     
  17. Frick

    Frick Fishfaced Nincompoop

    Joined:
    Feb 27, 2006
    Messages:
    10,614 (3.39/day)
    Thanks Received:
    2,232
    You really should read Qubit's other news posts. :)
     
  18. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,422 (4.68/day)
    Thanks Received:
    3,240
    Some paranoia is healthy. Evolution Scientists claim it is paranoia that has helped us survive as long as we have. This kind of paranoia though will land you in the looney bin.

    We all know bad governments will use any means necessary to control the populace. Does that mean we should get rid of all digital technology now? Or, as the professor lays out, should we CREATE MORE government regulations to prevent the possibility of this happening. The irony is not lost on me.
     
  19. TRWOV

    TRWOV

    Joined:
    Aug 11, 2011
    Messages:
    3,493 (3.07/day)
    Thanks Received:
    2,049
    Location:
    Mexico
    Why is it "likely"? That "likely" isn't necessary in that sentence IMO.
     
    Crunching for Team TPU
  20. horik

    horik

    Joined:
    Dec 4, 2010
    Messages:
    261 (0.19/day)
    Thanks Received:
    45
    you can unplug your pc from the internet...
     
  21. Shihabyooo

    Shihabyooo

    Joined:
    Jan 10, 2011
    Messages:
    566 (0.42/day)
    Thanks Received:
    110
    Location:
    A sad excuse of a country called Sudan.
    The government have already countered that one -> free porn social networks.
     
  22. fusionblu

    fusionblu

    Joined:
    Nov 3, 2010
    Messages:
    282 (0.20/day)
    Thanks Received:
    39
    Location:
    London, England, UK
    This gets more worst; at first I thought this was both an anti-piracy and brutal marketing tactic to kill competition, but now Microsoft is helping governments worldwide snoop on all internet users and their activities, this is not acceptable!!! [SIGNED NOT TOO LONG AGO]

    The only way that it can be countered is if someone uses someone else's wifi, but 9/10 users would probably access the wifi and uses services (MSN Messenger, Steam, etc) specific and identifiable the user themselves so even that method could be pointless overall.
     
  23. Frick

    Frick Fishfaced Nincompoop

    Joined:
    Feb 27, 2006
    Messages:
    10,614 (3.39/day)
    Thanks Received:
    2,232
    You see this is the problem with "qubit news". The post is full of potentials and maybes but people ignore that.
     
  24. Neuromancer

    Neuromancer

    Joined:
    May 23, 2008
    Messages:
    379 (0.16/day)
    Thanks Received:
    64
    Location:
    South Jersey
    I just brought it up to compare to people worrying about windows 8 backdoor.

    Government does not NEED a backdoor into your PC, but vPro is pretty powerful.

    you can remotely powerup a machine and even install OS! I have not looked into it in detail for some reason it does not get a lot of marketting, but I think it is one of the coolest features Intel has going (as well as the most troubling, as there is no BIOS option to disable it...)
     
  25. Eva01Master

    Joined:
    Feb 27, 2009
    Messages:
    75 (0.04/day)
    Thanks Received:
    5
    Location:
    Caracas/Venezuela.
    The question is simple, if the governments feels like taking a peek on their citizen's activities, they will do it and neither you or me (Common populace) will know about it. So it's borderline ridiculous to "sabotage" Microsoft, Intel or (Name of a leading tech company) because they push forward X or Y technology... All in all new technology is good to us end users because they innovate with a purpose but we're the ones which are able to wield those new technologies however we see fit.
     

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page