
Why I will never use Windows 8/10 - hlandau
https://www.devever.net/~hl/windows8
======
w8rbt
I've authenticoded signed Windows executable files in the past and Java jar
files. I don't currently.

In some cases, I believe that code signing is useful. For example, code
signing can prevent non-signed malware from being executed. Granted, it could
also be used to keep legitimate developers out or abused by large entities
(like stuxnet), but abuse seems rare and mostly nation state oriented.

Also, I'm not aware of a case where a corporation used code signing to keep a
legitimate developer/company out of a platform for non-malicious reasons.

~~~
wowaname
Code signing's downfalls outweigh its perceived benefits. It's the same
principle as certificate authorities, and all it means is that the signer gave
a "seal of approval" for the software. When a malicious program manages to
thwart the checks and it ends up being signed, people who use this program
will end up distraught because they placed so much trust in a "safe" mechanism
that turns out only to dish false reassurance. I don't know the requirements
for code signing, but it could also very well place developers in Microsoft's
hands just so they can showcase their code as "trusted". It ultimately deters
people from using unsigned code under the false impression that unsigned (or
self-signed) code is by default insecure compared to signed code.

~~~
toboraton
I'm going to say that this is naive open source zealot bullshit.

Code signing is what is keeping the FBI out of the iPhone. It's how we will
keep malicious trojans and other kinds of advanced persistent threats out of
the ecosystem in the future.

If you think code signing is a bad idea, then you aren't thinking about the
post Snowden security landscape.

Now, what most code signing systems fail on today is the ability to control
which keys you trust. Ideally you should be able to manage trust delegation.

But, in the future, we will think of running unsigned code like we currently
think of protocols like FTP, telnet and rsh - built for a simpler, more
trusting era.

~~~
hlandau
Indeed. Code signing is a perfectly valid technique, and useful, but device
owners must be able to control the root of trust. It's when code signing is
used to create a system of manufacturer, rather than device owner control that
is the problem.

Authenticode seems okay so long as executability doesn't depend on it. But
there's a risk Microsoft might interpret it as a vote for "require signing for
EXE files" (because the more people use it, the less developers to complain if
they require it). If this started to look likely one could always use GPG.

Though in practice this shouldn't be possible... there is a very, very long
history of binaries which are no longer updated and never will be, so
introducing such a restriction is essentially impossible. (Of course, there's
no secure way of determining binary date, so grandfathering is impossible.)

------
ryao
I jumped on the "get off Windows" bandwagon early after 4 months of Windows 7
by switching to Gentoo Linux and I have not looked back. At the time, I was
upset with Microsoft for deciding to drop mainstream support for Windows Media
Center 2005 Edition 4 months earlier than they promised by including it with
the rest of Sindows XP.

Now I think that my computing experience is better. No more chkdsk on sudden
power loss (ZFS is awesome), no more disk defragmentation, no more
antivirus/antimalware scanners, no more hunting for updates, no more
inordinate number of things starting at boot just because I installed them at
some point and no more yearly reinstalls to purge cruft from the system's
registry and filesystems. My experience is that my computer performance
improves over time with an OSS OS installed, rather than degrading over time
like it did with Windows. It is just so much nicer than what I experienced
with Windows.

~~~
xlm1717
A lot of those I don't see as something that is Windows' problem. If your
computer performance degrades over time to the point that you have to
reinstall every year to purge cruft, maybe it's something to do with that
habit you mentioned of installing things at some point?

Also, running on an SSD I don't have to do disk defragmentation anymore
either.

