
Microsoft patched Windows RT, blocks dev Linux boot - type0
http://www.theregister.co.uk/2016/07/15/windows_fix_closes_rt_unlock_loophole/
======
Ace17
" To exploit the vulnerability, an attacker must either gain administrative
privileges or physical access to a target device [...] " There's a big
difference between a device being jailbreak-able and being vulnerable.
"vulnerable to a user with administrative privileges" shouldn't count as
"vulnerable".

~~~
bArray
It's shutting the door after the horse has escaped. All security measures have
failed at that point - the least of a user's troubles in somebody installing a
new OS.

As for physical access, somebody could install a new HDD or motherboard or
computer - where do you stop?

Microsoft's justification of this "security feature" is borderline insanity.

~~~
zamalek
There's a nice saying for this: _" it's a six ton safe in the middle of a
desert."_ No matter how secure your safe is, someone can just airlift it out
and will have practically limitless time to tear it apart.

------
oliwarner
Two steps forward, one sidestep and an enthusiastic lunge backwards in the
name of security.

They've been trying to do this with Windows-proper for the last 5 years,
banking on the apathy of manufacturers to block other operating systems from
running by not allowing other secure keys (or disabling the disabling of
secure boot).

This is just the extension of that, except they control the hardware too.

Given open Linux distributions have a habit of making devices Just Work™
indefinitely —well that's what my 2008 desktop CPU, 2010 laptop tell me— I'm
not surprised they want to make sure their hardware rots so people have to
upgrade to a newer, stronger-walled garden.

~~~
RaleyField
> Given open Linux distributions have a habit of making devices Just Work™
> indefinitely

2006 Conroe is still perfectly capable of running the latest Windows OS. And
anecdotally I had to rescue an Ubuntu installation few days ago simply because
the root partition got filled and system didn't boot. Go figure.

------
__b__
Users should have the option of choosing or not choosing to use a locked
bootloader. For some users, the benefits of an unlocked bootloader exceed the
costs of not letting Microsoft handle "security" for them.

If a company is selling hardware, why should it matter what the purchaser does
with it afterwards?

For the answer to that question, we might ask Apple.

Whatever the answer is, it is certainly not "for the security of the user" if
the user explicitly wants to install their own choice of OS.

~~~
Aloha
What exactly about CP/M and the PC BIOS? - the PC BIOS was published - code
and all by IBM.

------
masters3d
So I have a Surface RT; I've looked around for a guide to get it moved to
Ubuntu so I can play around with Swift Linux. Can anybody point me to a recent
article so I can make this paper weight useful? Maybe something like this
[http://hackaday.com/2014/05/01/mirror-mirror-on-the-
wall/](http://hackaday.com/2014/05/01/mirror-mirror-on-the-wall/)

------
kchoudhu
I don't get why they're doing this. WinRT is dead, the Surface RT is
_definitely_ dead; why bother screwing over people you've already screwed
over?

~~~
eropple
The answer to what you're asking is quoted in that very article:

 _> An attacker who successfully exploited this vulnerability could disable
code integrity checks, allowing test-signed executables and drivers to be
loaded on a target device. In addition, an attacker could bypass the Secure
Boot Integrity Validation for BitLocker and the Device Encryption security
features._

Microsoft is patching the device, _despite_ it being a dead product, to avoid
screwing actual users of the product. Sorry to the ones of people using it
with Linux, I guess, but being able to subvert BitLocker and device encryption
is _kind of bad_ , yeah?

~~~
userbinator
I personally think if you have physical access then it's game over anyway.

Besides, AFAIK if a drive is encrypted then you would not be able to decrypt
it without the correct key, unless they did something very un-crypto-like with
BitLocker...

~~~
pritambaral
> then you would not be able to decrypt it without the correct key

You're correct. So an attacker will now attempt obtaining the correct key, by
targeting the pre-decryption stages and infecting any layer that has access to
the decryption key. If the bootloader's the one that asks for the user for the
disk decryption key, then the bootloader would be the prime target of
infection. And so on, it's turtles all the way down, until the hardware; which
is what gives Intel the excuse to ship locked down firmware with their
processors and motherboards.

------
anonbanker
Anyone who thinks "Embrace Extend, Extinguish", amongst other bad business
practices, are a thing of the past for Nadella-helmed Microsoft, this should
be a tall frosty glass of reality.

~~~
unscaled
Well, not patching a security flaw is not exactly a good business practice
either.

Now, locking the Windows RT bootloader was a bad practice to begin with, and
it's a good thing Microsoft stopped doing that. Then again, it's hard to blame
them, seeing that Apple keeps locking down everything they can lay their hands
on with virtually no criticism outside the Slashdot crowd perhaps. Everyone
just keeps nodding and saying "This is the right thing for protecting their
users and ecosystem. Look at all the fragmentation and malware mess that
Android suffers from".

And what is with that "Embrace, Extend and Extinguish"? It's 2016. Next thing,
IBM will come selling their Watson SaaS and everyone would have to buy it
because "nobody ever got fired for buying IBM "?

~~~
yAnonymous
The attacker needs root or physical access, so at that point it hardly
qualifies as a security flaw anymore.

~~~
Dayshine
Except it's a vulnerability for bitlocker, which is exactly for defending
against physical access?

------
youdontknowtho
I personally think this is click bait. One of the features that is advertised
about this device is secure boot and bit locker. I'm not sure that they ever
offered a supported way to disable those features. It sounds like they were
patching a problem with that.

Also blocking the install of Linux...iPads and iPhones. Why is this a crisis
but that's OK?

Why did you but this thing?

~~~
Nullabillity
Neither is acceptable, of course.

------
xg15
I'm curious: If I understand modern software licenses correctly, companies
have long ago stopped actually _selling_ software. They sell licenses that
permit a carefully picked set of activities that can be performed with a
software.

Given MS' security model* described in this thread ("vulnerable to attackers
with administrative access") I wonder if RT tablets and similar hardware are
actually still sold. Wouldn't it - from the company's POV - be easier to just
sell a license?

*(MS is by far not the only one acting like this, but they somehow seem to draw the most attention when locking down things)

~~~
niftich
The distinction isn't too relevant because all of the machine's software is
click-wrapped in a license you must accept. With the BIOS/firmware being the
sole exception, they can just lock it down with technical means (ie. crypto
and certs), avoiding the conversation.

