
Circumventing Windows RT’s Code Integrity Mechanism - mikecane
http://surfsec.wordpress.com/2013/01/06/circumventing-windows-rts-code-integrity-mechanism/
======
venomsnake
Amazing work. I have the best predictor of any product success - ask Steve
(em)Ballmer what is the correct thing to do and find someone that does the
exact opposite.

Surface RT and the whole metro store were very exciting until Microsoft
unveiled the lockdown.

And even today I think that a reversal of course is possible and will be
beneficial for the adoption of windows 8/RT. Just unlock the damn things - a
lot of professionals are looking for a third device still.

Windows and PC succeeded because they were wild and buggy and moldable - that
allowed them to deliver good solution now instead of perfect in 10 years.

The same things is happening with ARM/Android - I am having more fun switching
roms than anytime since the late 90s. And from anecdotal evidence Raspberry
Pis and the likes are busy taking over the world where mobility is not a
concern - the moment you are asked by non geek about the Pi and can it move a
home server, you know the rules of the game are changing and fast.

~~~
marshray
So how do you reply to the argument that "people certainly like iOS devices
that are locked-down, often citing the absence of malware and other non-
conforming apps"?

~~~
venomsnake
That I want to see that real user of iDevices that sober will say the phrase
"noncomforming apps" ... or that lack of malware will be anywhere near the top
5 reasons of liking them. And path behavior was one expected of malware. And
it was approved by Apple with bells and whistles.

Malware is a solved problem already since Vista shipped even on windows. I
haven't seen one in ages on the maybe 20-30 friend pcs that I am the
involuntary "IT" guy.

People like iDevices. Period. But one of the engines of innovation is being
able to use something for purpose other than the one envisioned by its
creator. It creates positive feedback loop. Which include running software
that somebody might not approve. Also unlocked does not mean defenseless.
Sandboxing and isolation are good things, so is the vetting of the apps in the
store.

I think that the HTC model currently is best - device comes locked, with
official unlock available that voids part of the warranty. If I want security
- I got it. But if i want to use 300 of them mounted on the ceilings of the
clubs uploading realtime feeds to show the hottest places in town right now -
I can use them for that too.

~~~
nnnnni
I'm still seeing malware on Vista and 7 on home machines where the users are
STILL all local admins and click "OK"/"Yes" to every "should this be allowed
to run?" prompt because years of popup messages have conditioned the average
user to just say "whatever" and click the continue button.

~~~
antiufo
Even without administrative privileges, your malware can still do lots of
interesting things: full access to the user's files, settings and browser
history, full internet access, automatic launch on startup.

------
noveltyaccount
I am very impressed with the thread over at XDA - really impressive hacking
skills and discussion between a talented few. Go to pages 20 and 21 to see
things like PuTTY and 7zip compiled and running on a Surface. Utterly
fantastic!

[http://forum.xda-
developers.com/showthread.php?t=1885399&...](http://forum.xda-
developers.com/showthread.php?t=1885399&page=20)

------
mikecane
>>>The decision to ban traditional desktop applications was not a technical
one, but a bad marketing decision.

But wouldn't Desktop apps need to be recompiled to run on the ARM CPU?

~~~
sjmulder
It would, but Apple did the same thing when they switched to Intel and worked
out pretty well. They even shipped all the PowerPC binaries for a while,
together with an emulation layer, so you could run old apps on Intel (albeit
slowly).

It's more of a backwards compatibility/marketing issue, I suppose. Apple could
afford to have programs work 'more or less', Microsoft with its track record
for backwards compatibility probably cannot.

~~~
wmf
Emulation is fine when you're switching to a faster processor (68K -> PPC, PPC
-> Intel). In this case, MS is introducing a slower processor so emulation
would probably be painful.

~~~
meaty
Well they shot themselves there. The CLR was supposed to be the portability
layer i.e. IL code would be dynamically compiled. Unfortunately due to
Microsoft's schizophrenia, it never became a first class part of the OS over
say non-portable PE x86 specific binaries.

Technically they could use dynamic translation, but building a working
translator for x86->arm would be an absolute bastard as x86 is such a non-
orthagonal mess of an architecture.

------
drivebyacct2
I'd buy a Surface if Sublime Text 2 were cross compiled for ARM.

edit: I'm also a bit confused, the XDA thread seems to imply that a user could
side load an RT app that would launch an unchecked application [1]... meaning
some sort of side-loadable RT app that could springboard a launcher for other
ARM compiled apps.

Ironically there could be a community package manager and accompanying RT app
and beat MS to the punch (if they were ever to go in that direction which is
arguable)

edit2: Ah, a bit later in the thread it's revealed that the resulting cmd
prompt still runs from the RT apps context, with its limitations and lifespan.

[1] That presumably would be killed/revoked from the Store and/or would never
pass verification)

