
Windows 8 Spells Trouble for Linux, Hackintosh Users and Malware Victims - darkduck
http://www.readwriteweb.com/enterprise/2011/09/windows-8-spells-trouble-for-l.php
======
mhd
> Microsoft is requiring (PowerPoint) that OEMs ship client systems with the
> secure boot enabled to get the Windows 8 logo.

Okay, so by default this is on. Am I missing something or is there a big
reason why you couldn't just Hit [DEL] when booting and change this to
[disabled]? After all, major mainboard manufacturers currently make it rather
easy to overclock your system (even unlocking disabled cores), which I can't
imagine making Intel or AMD very happy.

Yes, some Dell/HP computers might be truly locked, which would make this
Winmodem 2.0 on a bigger scale. But as long as you can build your own, most
Linuxers and Hackintosh builders should be okay. Well, at least for desktops.
If e.g. all Dell laptops would be permanently locked…

But right now this is a lot of coulds and mights over a potential feature. I'm
still saying FUD.

~~~
bad_user
Probably because that would defeat the point so disabling it from BIOS may not
be an available option.

~~~
mhd
It would still be on for most users, so unless malware can affect BIOS
options, you'd have complete protection against that.

I'm not certain about the implementation details, but I assume that the OS can
somehow figure out if it's booting in safe mode. And I guess Windows 8 just
won't boot if you disable it in the BIOS. This would be a bit annoying if you
dual-boot and switch frequently, but no big deal. Nobody would loose anything,
unless we assume that keeping other OSs from the system is what it's all
about.

If it's a hard lock-out, we'll get cracked BIOS images pretty soon. Maybe even
from the manufacturers ("Not supported, you loose Windows 8 logo
compatibility" etc.)… Never mind that it won't be long until the first crack
for this protection scheme is out, disabling it in windows – just like every
other annoying activation / security thing MS came up with.

Again, assuming that this it will _really_ be this restrictive and mandatory.

------
nkassis
Something I didn't get from the articles is can Windows 8 work on non UEFI
systems? What if I buy a machine today and wanted (probably won't but
hypothetical here) to run Windows 8 on it is that still possible? Because then
pirated copies will just use that to get around the requirement.

Also, if this pans out, I hope the EU and potentially the US antitrust
authorities look into it.

~~~
runjake
1.) It's not about piracy, it's about attack surface.

2.) What are the antitrust issues? They're doing this to help preserve the
security and integrity, very similar to what Apple does with iOS devices, and
almost every single Android vendor does with its devices.

Edit: The downvoters have spoken. But why is Microsoft being singled out when
every other platform does, or is looking to do the same exact thing? Android,
iOS, and soon likely Mac OS X.

~~~
narag
1\. The predictable outcome has not to be the same as the stated goals.

2\. The antitrust issue is that every OEM that wants to distribute Windows
could be forced to ship computers that prevents other systems to work. This
could be seen as Microsoft abusing his dominant position to block competitors.

~~~
runjake
So does the same line of reasoning in #2 apply to Apple iOS and Android
devices? Why aren't people in an uproar about that? (I take that back, they
are in an uproar in the Android world).

If you've hung out at a WWDC in the past couple years, it's apparent Apple is
looking into the same such security scheme(s) for Mac OS X.

OEMs ship these computers as Windows computers. OEMs generally don't support
alternative OSes on their hardware, because there hasn't been enough demand to
make it worthwhile.

Linux on the desktop isn't even on Microsoft's radar. That war was lost by
Linux (although ironically, they may win or at least fair very well in the
"post-pc" era).

I'm still confused as to why Linux diehards don't just create their own (ARM-
based?) desktop platform where nothing is locked down or closed source.

~~~
rbanffy
> the same line of reasoning in #2 apply to Apple iOS and Android devices?

They are not PCs and are not sold under the expectation they are able to run
something other than what was built in. What Microsoft is trying to do is to
force OEMs into creating Windows-only PCs.

~~~
runjake
There's no expectation that PCs will run anything other than Windows for the
vast, vast majority of consumers, either.

------
scrrr
Wouldn't pirates be able to make Windows copies that have a valid BootManager?
Wouldn't OEM's be able to ship chips that allow original Windows to be booted
as well as Linux?

This is yet another futile attempt to prevent piracy. Besides, piracy is
probably a good thing for Microsoft. The more Windows users the better in the
long run.

~~~
nkassis
The issue on the linux side is the need to have a valid key to sign your
bootloader and from what I understand the kernel too as it's part of the
bootloader or something like that. Which means, no self compiled kernel and
only from Linux vendors that were able to get a key in there.

Obviously if anyone has a key it's no longer secure.

------
djeikyb
Extensive discussion here from a day ago:
<http://news.ycombinator.com/item?id=3020459>

------
droob
"Of course, all major OEMs are going to want the Windows 8 logo."

In a sentence, this is how broken the current OEM landscape is.

~~~
recoiledsnake
How does that statement show that the OEM landscape is broken?

~~~
ams6110
Who really cares if his PC has a Windows logo on it, as long as it works?

~~~
MichaelGG
How is a regular person supposed to determine if a PC will work well with
Windows? The logo program is supposed to give some assurance of quality,
especially when dealing with low priced systems.

(Although, Microsoft screwed this up in the past, certifying crappy video
cards in order to help partners out.)

~~~
rbanffy
> How is a regular person supposed to determine if a PC will work well with
> Windows?

You can't be serious. Unless you are over 40, chances are you only saw
computers that couldn't run some version Windows in museums.

~~~
kenjackson
The logos are version specific. So a Windows 8 logo would imply things that a
Windows Vista logo wouldn't. Especially in this Win8 era with touch and min
size for side-by-side, having a logo would be a huge help to many people.

------
ConstantineXVI
Not sure if it's EFI as well, but Chrome OS implements this as "verified
boot"[1]. If the OS doesn't check out, it falls back on a backup copy on the
SSD (and if that one's bad too, it asks for a recovery SD card). Google
mandates a "devmode" switch to bypass it, enabling it wipes all data and adds
a warning screen at boot (to avoid malicious rooting), but you have full
control after hitting the switch.

[1][http://dev.chromium.org/chromium-os/chromiumos-design-
docs/v...](http://dev.chromium.org/chromium-os/chromiumos-design-
docs/verified-boot)

~~~
sp332
Yeah, it's EFI. But you can't boot Linux on it because the EFI is "stripped
down" and is missing some functions that Linux needs to boot.

~~~
trobertson
That's not entirely true, at least on the cr-48. Here is the install guide to
get ubuntu on a cr-48[1]. The docs do say, however, that the cr-48 lacks
initrd, so you have to modify the ubuntu kernel to get it to boot.

[1] [http://www.chromium.org/chromium-os/developer-information-
fo...](http://www.chromium.org/chromium-os/developer-information-for-chrome-
os-devices/cr-48-chrome-notebook-developer-information/how-to-boot-ubuntu-on-
a-cr-48)

~~~
sp332
Interesting, that seems like a lot of work :) I've seen a simpler hack that
rewrites the EFI firmware to emulate a normal BIOS and then installs vanilla
Ubuntu or even Windows on it. [http://corey.degrandchamp.com/2011/04/10/flash-
google-cr-48-...](http://corey.degrandchamp.com/2011/04/10/flash-google-
cr-48-bios-without-luigi-or-ubuntu/)

~~~
ConstantineXVI
I'd like to point out that your counter to doing "a lot of work" involves
totally disassembling the Cr-48.

~~~
sp332
Well, you just have to take the bottom off but it is a lot of screws. Still, I
bet it's faster and less hassle.

------
SurfScore
They reference mobile devices that do the same thing...but I can't think of
many mobile devices that have been able to do this successfully, they all get
hacked eventually. I mean, come on, if you put this up there, people are just
going to see it as a challenge and hack it. Every time an OS comes out, they
always boast about its new-fangled security features, and every time, within
24 hours of its release, someone in China or Russia has hacked it. There has
to be a better way around this.

------
hmottestad
It's going to be one of those "every other version is good".

Windows 95 (crap)

Windows 98 (good)

Windows ME (crap)

Windows XP (good)

Windows Vista (crap)

Windows 7 (good)

Windows 8 (crap)

Let's just wait and see what the EU commission has to say about this. I call
another multi billion euro fine :)

~~~
pilif
... and you conveniently left out Windows 2000 and NT4 which both were rather
good and would have screwed up your list and thus destroyed your argument.

I agree though that the EU might be interested in something like this, but it
wouldn't be Microsoft they go after but the OEMs to force them to allow users
to install their own keys or at least turn off the signature validation.

~~~
bostonpete
I thought the same thing (about 2000 & NT) but then it occurred to me that
those versions were (I believe) considered part of the business-oriented
(rather than consumer-oriented) NT line, so maybe the list above is
reasonable.

------
jedberg
You have to wonder if Microsoft is doing this out of malice or just because
they haven't thought it all the way through.

I'm going to go with option 2 -- I don't think they are clever enough to nerf
linux like this. They are probably just thinking, "how do we prevent viruses?"

~~~
llambda
In my limited experience on and around the Redmond campus, I have to say I was
startled by the level of ill-will some MS employees have towards Linux.
Ranging from dismissal, "UNIX is nothing but a toy" to outright hatred, "Linux
is evil". This seemed to only increase the closer you got to the top...

Although that doesn't necessarily mean they're doing this out of malice, I
don't think it went entirely unconsidered. MS definitely likes to be
aggressive when possible.

~~~
benjohnson
MicroSoft is famous for developing a siege mentality intentionally as it helps
them get a huge amount of labor out of their employees.

<http://en.wikipedia.org/wiki/Siege_mentality>

What the Wikipedia article leaves out is that employes that are in this state
will have a sort of 'fight or flight' response and will usually work their
tails off.

~~~
vogonj
I'm an employee of Microsoft in the Valley. when I leave work at 6:15, there
are maybe 15 people left at their desks in the section of the floor I work on
(which has about 150 desks in it.) I know multiple people who show up around
11 and leave by 6.

Microsoft is hardly the worst offender in this metropolitan area, much less
the industry.

------
ghc
I thought we were past this stage? Honestly, I think Linux is established
enough that this won't be an issue. See the CR-48 from google.

------
silon
I'm only running Windows on my VMware machine.

