Hacker News new | comments | show | ask | jobs | submit login
German government warns Windows 8 is a security risk (zeit.de)
172 points by reirob on Aug 21, 2013 | hide | past | web | favorite | 119 comments

2013, it's the post-snowden era. We don't have a cold war any more, but the level of spying is unbelievable. I am currently moving out my emails from GMail and installed PGP. At the moment I am using OSX since I do for years. But in the end the only "safe" way to protect your business and privacy is to use Linux/Unix. The FSF said it for years; the german CCC told us for years. I admit, I didn't believe it's so bad. I always thought: good there are a few of us paranoid, they take care there is a balance.

Now we see, there is no balance. Good we have had these paranoid people because they are now providing us a chance to opt-out.

Good there were these programmers who worked for years and often in their prime time in free and open solutions like GNU/Linux. Snort, the intrusion detection system. GPG. And so on.

For me it is a hard job to opt-out of being spied. But I will move on, step for step. Email privacy is the first; no GMail, no Apple Mail. Old friend Thunderbird/Enigmail it is. I also installed TrueCrypt.

The biggest move will be to change the OS (again). Guess it takes me months or longer as I have a lot of great OSX software. But on the other hand, I can simply set up a new machine for private tasks - or dual boot my macbook with Linux.

I hope my government will take this warning serious and support more "Linux @ City" projects (Munich runs on Linux and Open- or LibreOffice).

Wow, long comment. I just needed to say. I am worried.

It is even worse. The attempt to escape into OSS/Linux is a step in the right direction. But as long as we are dependent on mass consumer hardware then there is always a risk of being spied through hardware backdoors. In this case it doesn't matter which software we use. Even encryption is useless. It is NOT enough to avoid Windows 8 because the real problem is modern hardware that uses Trusted Computing chips.

Trusted Computing (TC) is way more dangerous than classical hardware backdoors. I consider TC an evil technology because it not only takes control away from the user but it even allows to inject faked evidence into computers which could make innocent people -- independent journalists, political activists etc. -- suspect to crime.

TC could also be used to delete evidence from computers of journalists who would have no power to keep it. TC allows to control people without letting them even know about it. TC is a huge danger for freedom of speech. It should be banned politcally and boycotted in business. My recommendation: Don't buy consumer hardware but use embedded Linux systems with bare bone technology.

If we want to be truly secure from being spied then we must do a complete restart with new hardware and software from scratch. There is no way around.

I am actually "glad" about the NSA scandal (thank you Snowden) because it woke people up and made them aware of the reality of global surveilliance, and about the huge threats of Trusted Computing. NSA should be controlled by the people of the United States but obviously it has become out of control. This single NSA case has silenced the mouth of the conspiracy mockers once and for all.

> silenced the mouth of the conspiracy mockers once and for all

Before the Snowden leaks, you'd be hard pressed to find a technically-minded person arguing that the NSA doesn't have, at the least, the potential to have their fingers in every pie.

Before the recent leaks, the response was "OK, that's possible in theory buy surely they wouldn't." Now we know if they can, they do.

> TC could also be used to delete evidence from computers of journalists who would have no power to keep it.

Since Amazon deleted all those copies of 1984 from everyone's Kindles, I don't keep mine connected to the internet. If you have data, you can keep it. Keep it on your own devices.

I think journalists or other hobbyists/professionals with work they need to protect should start thinking about keeping an air-gapped computer around. I've seen this phrase used recently to describe a computer which has never been connected to the internet, a network or another device. I'm sure it's non-trivial to source a computer that arrives in a trustworthy state, however.

> Since Amazon deleted all those copies of 1984 from everyone's Kindles

What? When? Seriously?

They mistakenly sold books the publishers hadn't licensed, then refunded the customers and removed the books from their Kindles.

Thanks for your insight. I completely agree. Can you recommend any tutorials and secure hardware components?

It is the job of the hackers to think about the whole mess, and to develop solutions that actually work and which guarantee freedom of speech to us. Hacking insecure systems is one thing but now they have the opportunity to prove how smart they really are.

Meanwhile you could google around for "Linux embedded systems".

Do you have any more information about the use of Trusted Computing/the Trusted Platform Module to remotely run arbitrary code on a victim's computer? This is news to me.

A mainboard with such a feature just needs a hidden remotely accessible subsystem that is completely protected by TPM and which has access to your system through DMA, to read bytes and to write bytes in whatever system (RAM, Harddisks, SDcards, USB, WLAN, etc).

Consider it a "dual system" mainboard with the usual hardware where you have full control, plus a controlling subsystem where you have no access at all. Everything could be done remotely but you couldn't see any evidence.

I agree that this could be done in principle, and even that it isn't unlikely that people are thinking about doing it. But is there any evidence that such a subsystem has ever been created? Are there any additional technical details surrounding this?

What portion of people you communicate with email were you able to convince to use PGP with you?

My understanding is, that there isn't an email privacy, since at least they will have your metadata. In my limited understanding, secure communication is to be done using some secure chat service.

The important first step is to give the option of encrypted communications to people that want it. Also, not all email is sensitive, and you can convince the people that matter, e.g. coworkers, friends, family.

I'm also fairly sure that Google will start integrating PGP into their desktop clients (Android, iOS) because this is affecting their bottom line (just wait until governments will start banning Gmail usage in the public sector).

For most contacts you just move away from people who don't use secure communication and may compromise you in the future, no need to convince someone. Works for me.

"For most contacts you just move away from people who don't use secure communication"

people aren't JS libraries, you can't/don't "just move away from them"

"Hi Mom, I just want you to know: I am deprecating our relationship to "acquaintance" because you use Gmail and an iPad"

Those of you who downvoted this comment, please explain your reasons.

E.g. here are mine: not enough people communicate securely right now. I can't just abandon everyone; that's way too isolationist for my personal taste. Still, if you want to that _is_ an option.

I have no intention of moving away from Windows 8. I do, however, have a laptop that never connects to a network. Ever. It's where I keep things I consider private. Data transfer, minimal as it is, is done using swivel-chair integration.

Everything else (i.e. all my remaining devices and apps on those devices) are treated like any PC in an Internet café - untrusted and compromised.

How do you back up the private data on that laptop?

Two external hard drives. One stays at home, the other is at my dad's house.

> We don't have a cold war any more

We absolutely have a cold war, except, rather than a continuously increasing stockpile of nuclear weapons, we have a continuously increasing stockpile of zero-day exploits.

Another hallmark of the cold war is escalation and regional hegemony, and consider that draconian spying legislation is disseminating from the USA to her vassal states -- Canada, UK, Australia, NZ. Similar technology and legislation is being deployed in other major world players under the guise of fighting "terrorism," but it stands to reason that it's in response to Chinese espionage/reconnaissance.

The USA has a very serious rivalry with China, and vice versa. We can expect to see the USA trying to further compete with China by trying to level the playing field across a variety of fields. The TPP and the F35 Joint Task Force are shining examples of attempts to curry favour with fellow nation states.

> The USA has a very serious rivalry with China, and vice versa.

Can you say more about this? Are we afraid of them doing something to us? What? Are they afraid of us doing something to them? What?

My wife is Chinese and I do a lot of work related to US and China relations. Basically from what I know, China wants to be the best, jealously is very, very strong within the Chinese, if you are not number 1 then you are last. The CCP will do all it can to be number 1. For 50 years they have systematically provided the US with opportunities, enhanced our economy (on the surface), and done so much more. However, as the US is now seeing, it was all done for China and not for the US. Now the US has placed its self in China hands. We have become so dependent on China that the US has backed its self into a corner and has no clue how to get out. So China now is cracking its iron knuckles seeing how far it take advantage of the situation.

If the US speaks out, China pulls the plug on our Economy. If the US spies on them via technology, China uses its mass 25,000 military hackers to wreak havoc in cyber-security. With the debt we owe China, they keep waving it in our face, the US is helpless.

On the plus side, the Chinese people also are loosing faith in the party and have moved their money over seas, soon China's economy bubble will burst and the most of the US will be saved. New jobs will open, our debt to China will end, and all will be well. For those who make all their business importing from China, they will be the ones you will see on the streets if they don't stop and see the signs.

This leads to a German article. Sorry I did not find any English article on this topic yet. So here the short summary (actually my translations of selected passages):

[German] government experts warn, Windows 8 is an unacceptable security risk for governmental offices and companies. The so-called Trusted Computing might be a backdoor for NSA.


According to their [expert's] opinion the operating system contains a backdoor which cannot be closed. This backdoor is called Trusted Computing and might have the consequence that Microsoft could control every computer remotely. And therefore NSA could do it as well.


Three points are decisive: First the [new] TPM, in contrary to the existing standard, is active from the time when you switch on the computer. As soon as you start the computer you cannot decide anymore if you want Trusted-Computing (Opt-in). Secondly it is not possible to deactivate in future the TPM (Opt-out). Third the OS takes over the control over the TPM, in the case of Windows OS it means that the computer is controlled by Microsoft.


In the light of the current situation on spying, I have to say that I am happy that it goes in this direction.

If what Snowden showed us is true, the same thing for the (recent) versions of MacOsX. I'd say things are looking up for Linux on the desktop.

Can you elaborate on the OS X issue (I think I've missed that disclosure)? Everything I can find, which admittedly is not anything authoritative (nothing from Apple directly), says that Apple hasn't shipped TPMs for a few years now.

I have no knowledge about OS X and TPMs specifically, but I do know some people have concerns about what OS X stores in the SMC: http://www.nosuchcon.org/talks/D1_02_Alex_Ninjas_and_Harry_P...

I'm not remotely qualified to comment on the contents of that talk, but it's a very concerning read–they claim that the SMC stores your FileVault key (though they don't seem to prove this?) and that the SMC has a backdoor. I'm all ears if anyone else has any additional info/knowledge about this...

Sorry, I should have provided more details. I ment to say Prism program also taps in to user data of Apple. PRISM showed us the NSA has direct access to Apple servers. The Guardian: http://www.theguardian.com/world/2013/jun/06/us-tech-giants-...

Ah, I see. (I thought you were talking about something found in OS X, not Apple's PRISM involvement.) I'm not sure if I personally consider this a reason not to use OS X, but it is definitely a reason to not use iCloud.

Same for me too, I don't use iCloud or iOS, I don't even have an AppleID. But my MBA/OSX a very nice unix client.

Same for me. I don't use iCloud, but I still use OSX

Being unable to read German I can't comment fully on the original article, but based on this summary this warning seems pretty silly.

The operating system kernel always has full control over the system, how are they suggesting the TPM adds control here? The TPM is a small chip that handles certain crypto operations more securely (especially key management), how does this provide any additional backdoor scenarios?

If Microsoft wanted a backdoor it could easily be added to the OS without a TPM.

>If Microsoft wanted a backdoor it could easily be added to the OS without a TPM.

Without a TPM, it is possible to detect and remove (or more likely mitigate) a backdoor. With the TPM, even if you know about a backdoor and have a patch you can not apply it without Microsofts blessing. At least, thats my understanding.

If I remember my German correctly the articles argues around many different points.

One is spying (NSA), another is restrictions on what to install (Microsoft) and some parts discuss the threat from China, manufactures of the TPM chips.

TPMs can't be used to control which software you can install. All they can do is prove what software you're running, which means that a remote provider can choose whether or not to provide a service based on what you're running. Trusted Boot is about providing proof, not about enforcing local policies. Secure Boot can be used to restrict which software you can install, as demonstrated in Windows RT. But that has nothing to do with TPMs - iOS behaves in the same way without using any TPMs.

So I don't really understand the article. Placing trust in TPMs to maintain your secrets obviously depends on you trusting the TPM manufacturer not to hand over any of the secret keys, but having a TPM doesn't mean that you have to place trust in it.

For all of you who (somehow) don't recognize the UID here, this isn't just some "interested observer", this is the person implementing support for booting Linux on systems with these TPMs. In fact if I understand it right Linux can now optionally use a TPM to verify that kernel modules are only loaded if cryptographically signed.

A good intro to TPM on Linux: http://mjg59.dreamwidth.org/24818.html

TPMs are also pretty handy for low-level corporate security. Setup disk encryption, store in the TPM then either boot directly (allowing RAM attacks) or require a PIN (requiring someone to break the TPM itself). That's a pretty nifty feature for general security.

I think the distrust and confusion around TPMs and so on is due to Microsoft's moronic handling of Vista's protected playback system and people have extrapolated from there.

I believe the Chromebook uses TPM quite well.

So because Windows 8 has support for trusted boot and friends that might (it's pure speculation) contain a backdoor, it's less secure than previous versions that did not support trusted boot at all?

I agree that the NSA spying is a real threat, but so is traditional malware. The article is basically saying that, because the malware protection is not good enough (i.e. not securing against NSA malware), it's worse than no protection at all.


I do agree that locking down the OS so that it runs only MS-signed applications is a dick move in general and we'll probably see really bad changes in the market overall, but I see no relation to the NSA spying issue. The NSA can install malware as well on XP machines as it can on Windows 8 machines, so in that regard, Win8 is no better nor worse than previous versions.

(also: I really don't intend to be trolling and my argument seems reasonable. As such I wonder what the reason for the downvotes is. Is it possible that you guys are getting an english article with a different content? If I click the link I get to see a german article)

> The article is basically saying that, because the malware protection is not good enough (i.e. not securing against NSA malware), it's worse than no protection at all.

No. If the OS is locked down so only MS-signed applications can run, it is impossible to run software that can detect malware that has been approved by MS. It is also impossible to run software that can remove such malware.

If the OS makes it impossible to detect or remove malware, it is less secure than OS that do allow detection and removal of malware. This is not FUD.

What should happen, is that MS should be held strict liable for any illegal acts which their restrictions helps to propagate. Held under vicarious liability by non-US markets (so they can't get immunity by the US government), MS shareholders would demand the elimination of the restrictions in favor of less legal risk for the company.

First, Windows 8 allows you to run whatever desktop apps you want, including third party antivirus software of your choice that have full access to the system.

Second, I haven't seen your argument made for iOS and Chromebooks which are much more locked down than Windows 8. Though one could argue that Chromebook doesn't need to have malware since everything is helpfully uploaded to the cloud.

If the third party antivirus software need to be approved by MS, then I can't run the software of my choice.

It might had been worth mentioned, I am not the first person to talk about liability issues regarding lockdown. I first heard it in a talk that described the iPhone.

"I do agree that locking down the OS so that it runs only MS-signed applications is a dick move in general and we'll probably see really bad changes in the market overall, but I see no relation to the NSA spying issue."

You see no relation?

If MS is the only who could control your computer, and MS is an American company tat has to obey American laws, and the American laws says they must spy on every customer, specially non Americans, like Germans, as they are defined "adversaries"...

You see no relation?

> that might (it's pure speculation) contain a backdoor

Maybe, just maybe we have come to the point in time that unless a system has been shown to be secure, it should be assumed to be wiretaping the user. We can no longer assume secure until proven insecure.

> FUD.

Absolutely. This is what the reputational damage to american firms like Microsoft looks like. Why the hell should their systems be trusted now?

>Maybe, just maybe we have come to the point in time that unless a system has been shown to be secure, it should be assumed to be wiretaping the user. We can no longer assume secure until proven insecure.

I 100% agree. But I really fail to see how this makes Windows 8 a worse operating system in that regards than its predecessors. A system that provides no trusted computing support is equally easily hacked by the NSA as is a system that does support trusted computing. The latter does have the benefit of making hacking significantly more difficult for everybody but the NSA, so I would say it's still a net positive and not a huge negative which the article makes it out to be.

Security-wise only of course. I hate the idea of losing control over the hardware I purchased and I will resist as long as humanly possible installing a system that removes this kind of control from me. It just has _nothing_ to do with NSA spying and everything with corporate control of the OS maker.

If a system has engineered access for government investigators, then that system is more vulnerable than systems which have no such access built in, because it really isn't "hacking" (cracking) if the system is built to allow access.

> FUD.

Fud or not, this is what happens when you shake the public's trust in... anything. In this case it happens to be government, the internet and technology. The NSA scandal will have wide reaching and unpredictable implications.

Losers will be traditional technology providers like Microsoft, HP, Cisco, etc. Remember how the US blocked China from supplying networking gear domestically on grounds of "security concerns"? (Which no doubt are totally valid.) Well, would you trust your company's or government's security to Cisco gear?

The relation to the NSA is that whoever controls Microsoft also controls which programs can and cannot run on a Windows 8 computer. The assumption is that the NSA controls Microsoft. Is that really FUD? I'm not so sure.

This is about the TPM in windows 8. It's the same argument about treacherous computing that goes around, except the article seems to be suggesting people think it's a extent problem now because the TPM is always on, not a hypothetical in the future/ Microsoft's long term plan. Further, there is a nebulous assertion linking this to the NSA.

1) The TPM still can't control your computer(yet). It can only measure it's state, allow you access to keys you created in some state, and attest to things about the state (which would allow other parties to mandate what state your system is in when interacting with it, but presumably those entities would be bond by German law and likely be German themselves)

2) If Microsoft wanted to backdoor your system, they don't need the TPM to do it. In fact, the TPM can be used to protect against a whole bunch of malware that various intelligence agencies might use: it can protect keys with passwords (with rate limiting/self destruct for guessing), make sure the system is in the same state(i.e. malware free) when you created you PGP key as it is when your using it to decrypt an e-mail, and it can isolate an application from the rest of your system.

I have a Windows 8 notebook and for the first time in my life I have no control over my own general purpose computer:

- I can't enter BIOS before entering OS.

- Once I enter the BIOS from the OS I can't activate the hard disk password.

- I can't install the Windows 8 OS clean. The MSFT has the deal with the computer producers that doesn't allow them to deliver the pure OS medium, you can only backup the already present installed files to some external HDD.

- Because of the previous and the fact that the binaries are controlled on the hardware level (TPM), I have no control of what's running on my computer -- I can't know, to be precise.

- It's even worse than that, there is some Intel built-in technology on the hardware/BIOS/drivers level which also has built-in "features" that allow communication with some external "command and control center" which I don't control. It supposedly allows, among other "features" disabling the notebook once it's stolen. But I don't control how it's done, and I don't know if it has additional backdoors. It proudly claims to facilitate "remote access."

It's scary how it looks like all together. I haven't even figured out how I'd be able to install Linux on the computer. In some forums people claim that the OEM should allow that, but apparently a lot of people haven't managed to actually install it on different specific computers -- there are BIOS problems that can't be avoided, and the OEMs don't give you support or the updates. Mine is an Intel i5 processor-based modern Acer. It's fast, but I have no control. Definitely not FUD.

Personally I like Apple approach more: thanks to their approach of the OSX or iOS (no third party pre-installed crap) at least I have to just trust Apple. Here I have to trust Microsoft, Intel and every company who has the drivers on my machine. Much more chance for some of them to do what they want, in the name of "cloud." Remember routers that are controlled from the producer of the router, even "protecting" you from browsing all the sites? Remember Android phones which upload all your passwords to the cloud of the mobile operator? That's where the "cloud" support of the driver writers goes now. It is scary.

(Globally, we're talking about this: http://xkcd.com/743/ -- We've been giving up the control of "infrastructures" for a long time)

What brand notebook is that? Just so I can make a mental note to avoid purchasing that brand in the future :)

It's Acer, but I as far as I know almost nothing it Acer specific -- it's a Windows 8, all OEMs must accept what MSFT wants, plus the concept of third party additions, plus the Intel technologies. I'm surprised how little coverage there is on this all aspects.

The discussions of kernel-level "giving up control" existed in Palladium and "technologies formerly known as Palladium (http://en.wikipedia.org/wiki/Next-Generation_Secure_Computin...) even 10 years ago but with Windows 8 they start to be ubiquitous and nobody even notices.

It was Apple that implemented Palladium in on iPads and iPhones and many technical folks even cheered it on.

I like iPad and iPhone as they are. Apple devices don't come with random crud from the third parties preinstalled. Windows computers have problematic things even in BIOSes: different software from companies that claim to "protect" your computer but can even provide remote access for third parties.

My roommate bought a Windows 8 equipped Asus a few months back and installed Mint on it. Seriously, Google 'How to install Linux on a Windows 8 laptop' sometime.

My point is still: new made-for-Windows 8 computers (especially notebooks) are bigger security risk than older Windows 7 computers. Installing Linux on the Windows 8 hardware can help if you avoid some issues, still even then there has to be independent evaluation of the modern BIOSes, appearing more and more in Windows 8 computers, that know how to connect or answer to the Internet and that provide the level of execution which user can't observe.

I had Windows 8 RTM installed on an old ThinkPad that I eventually wiped clean and put Ubuntu on. Granted its not a new laptop with Windows 8, but still, its not impossible to install Linux on a Win 8 laptop.

The notebook hardware made for Windows 8 behaves differently than all PC hardware before. It's irrelevant that the old ThinkPad works, it didn't magically change because the new software arrived.

No it doesn't. There were plenty of pre-Win 8 motherboards that had UEFI on there. Apple's been using it in their computers since the Intel switch in 2006. I don't know what you think is going on with your computer, but every other Windows 8 computer I've touched behaves identically to all other PCs, with the exception that Secure Boot is turned on by default.

I talk about the new Windows 8 notebooks not "motherboards."

Notebooks use motherboards, just like desktops do. And they run the same firmware. Apple's Macbooks have shipped with EFI since 2006.

Your second point is exactly what the German government is afraid of according to the article. According to the article there seem to be security vulnerabilities on 3 levels in TPM 2.0, which might be used by intelligence agencies - the article states NSA and China who is actually producing most of the TPM chips.


> If Microsoft wanted to backdoor your system ...

... they already have Windows Update. It cannot be null-routed (respective entries in /etc/hosts are simply ignored), it is virtually always on and it can be trivially used to deliver custom patches to specific boxes. What more can you ask for?

You are right that MSFT has the "update". The bigger problem with Windows 8 computers is that similar things are in practice available to all the "third parties" who have hardware or kernel-driver components. And you have less control than before about them all. It's a broader problem than just Microsoft.

The new "you as the user can't control the kernel stuff, even with the debugger" concept is really about the user (you) giving up the control. The excuse is that you as the user aren't supposed to be able to copy movies. In practice, you have no more control of your own computer whereas the companies have real-time control even of the content by directly controlling your computer. Some routers already did such stuff. It is really worrying -- having the part of the "great firewall of China/whateverothercountry" on your own computer which you paid with your own money.

What if you disable it? Doesn't it respect that setting?

Who says the original windows binaries don't have backdoors in them? So far as I can see the only difference TPM makes is that it potentially opens vulnerabilities in non-MS operating systems you run. If you're running any version Windows, or in fact any software you don't compile yourself from source(1), you just have to trust on faith it's not back-doored up to the eyeballs from the get-go. This has always been true.

(1) And in fact also have total confidence in the compiler itself: http://scienceblogs.com/goodmath/2007/04/15/strange-loops-de...

The core-argument is that the Windows 8 way of using, implementing and enforcing TPM and establishing a so called feudal security approach isn't considered good security practice any longer.

It's not so hard to understand.

I would pay a 50%+ premium for competitive open source hardware. Happily.

I tried my hand at Translating the article here: http://www.greatdox.com/windows8/

Sorry for any errors in Grammar or mistranslations. I also don't claim the technical 'facts' in the article are true, but they are what the original article was stating.

A link back to Hacker News on this thread and other related links. Plus a link to Lunubtu and Linux.org at the end.

Please ignore my affiliate links near the bottom, I am having problems finding a job, and paying for web hosting, etc. Most people don't click on them anyway, and the entire web page is text no javascript, no images, no pop-ups, etc.

I never really understood how TC works. Does the TPM actually do anything on-the-fly that is noticeable? Is it used at all on any consumer devices?

Fill me in here, because I'm at a loss.

EDIT: Never mind. It seems like prior TPMs shipped with hardware, but were opt-in instead of opt-out, and now, with the W8.1 hardware spec, TPM 2.0 (which has a greater range of TC technologies) will need to be enabled as default on hardware shipped with W8.1, and there is no possible way to opt-out.

A shame that hardware manufacturers are just Microsoft lackeys.

Translation (it's a very long-winded article with many repetitions, I left some passages out):

How trustworthy is Microsoft? This is the question that concerns the Federal Administration and other German government agencies, as well as companies and private users who might want to use the Windows operation system now and in the future. Sooner or later they will be forced to use Windows 8 or its successor. According to documents available to the ZEIT ONLINE, government IT experts consider Windows 8 to be dangerous. They contend that the operating system contains a backdoor which cannot be closed. This backdoor is called Trusted Computing and it might empower Microsoft and the NSA to remotely control any device that uses it.

[...] The way in which the chip and the operating system cooperate is standardized and the specification for this is defined by the Trusted Computing Group (TCG). The TCG was founded ten years ago by Microsoft, Intel, Cisco, AMD, HP, and Wave Systems - all of which are US companies.

The current TPM specification is scheduled to be replaced by a new one dubbed TPM 2.0. Together, TPM 2.0 and Windows 8 achieve what has become the norm on smartphones, tablets, and gaming consoles: hardware and operating system become a tightly coupled unit that allows the OS vendor to tie down precisely what can be installed on a device and what cannot. To put it another way, Trusted Computing is a vehicle for Digital Rights Management (DRM) enforcement.

[...] Three issues arise here: First, contrary to the current generation standard TPM will be enabled right from the first boot-up of the device. Whoever uses this computer will no longer be able to decide if they want to use TPM (Opt-in). Secondly, TPM can no longer be deactivated on systems that have it (Opt-out). Thirdly, how TPM functions are used is entirely up to the operating system [vendor], in the case of Windows computers this will be Microsoft.

From the year 2015 on every single PC will be shipped with Windows 8.x and TPM 2.0. For the user there is simply no way to tell what exactly Microsoft does to their system through remote updates.

To summarize, users of a Trusted Computing System lose control of their computer. This is the design goal of Trusted Computing, as the Federal Ministry for IT Security (BSI) explains in detail here [link]. The BSI suggests that government agencies, companies, and private users actually make use of this technology - but only if certain conditions are met. A way to Opt-in and Opt-out is part of these conditions, and these options are being eliminated now. [...] Accordingly, the Federal Administration and the BSI now express very clear warnings against the use of Trusted Computing 2.0 within German agencies.

According to a paper issued by the Ministry for Commerce from early 2012: "Due to the loss of control over [the capabilities of] information technology" "the security-oriented principles of 'confidentiality' and 'integrity' are no longer achievable". Other statements assert for example: "this could have severe consequences for the IT security of the Federal Administration." Thus the conclusion is: "The use of 'Trusted Computing' technology in this form ... is not acceptable within the Federal Administration and other critical infrastructure".

[end of page 1]

Another document reveals that Windows 8 and its successors combined with TPM 2.0 are already unusable "even today". Windows 7 could "be used securely until 2020". After that, other solutions would have to be found.

In an assessment the BSI writes that "unconditional and complete trust" in Trusted Computing is not possible with TPM 2.0. The documents contain evidence that the German government did try to influence the development of the new standard. This type of cooperation has been taking place for years, this time the Germans have been simply ignored though. However, other parties got exactly what they wanted. The NSA, for example. "The NSA approves" was a catch phrase that has been issued during the last meeting between TCG and interested parties, according to some participants.

[end of translation]

The second page contains a lot of predictable conclusions about suspected NSA/US spying capabilities.

It's funny how Windows 8 is singled out as if other Windows versions are any better. Windows 7 can be securely used till 2020? That's the cut off date for updates from MS. The same MS that the article says " For the user there is simply no way to tell what exactly Microsoft does to their system through remote updates."

The above is true of Apple and Google, but it is glossed over.

First, I fail to see any relevance or technical info about what the TPM or trusted boot has to do with the issue at hand.

If anything they should be warning people about using Chromebooks where everything is uploaded to the cloud by default, same with Google Apps and Skydrive. Or Outlook.com and Gmail.

Oh, also be careful about Ubuntu, Shuttleworth said he has root on your machines.

In short, this is a rambling article full of technical sounding gibberish designed to get semi technical folks riled up with scary sounding buzzwords instead of actually educating people.

Edit: Fixed typo reported in reply.

"First, I fail to see any relevance or technical info about how TPM or trusted boot to the issue at hand."

Is that a sentence? It sort of looks like a sentence, but something seems missing.

I'm assuming you're not a computer, have you tried using context clues to figure out what the author might have meant? This isn't Reddit, we don't need grammar Nazis or joke threads here.

The sentence looks like the author started a thought but didn't finish it. I doubt moocowduckquack was taking a cheap shot at the grammar so much as wondering if the author didn't finish the thought.

wasn't a grammar issue, it was that the middle of the sentence seemed to be missing and that it was confusing enough that I thought it useful to point out, and now it is fixed and makes sense to people, yayy :)

Sorry for my misunderstanding then, glad it's worked out for all involved. :)

Windows 8 features MS's version of Apple-style walled garden app infrastructure, which is in turn protected by hardware TPM. Windows 7 can be installed without this hardware support, but will utilize it when available (by securing signed drivers). Windows 8 doesn't require TPM (yet), Windows 9 has been in development since before the release of 7. TPM support was introduced as a core component in Vista, iirc.

It is fairly amazing that any non-"Five Eyes" nation would use non-auditable and non-buildable software on systems they want to secure for quite a while now. I suppose the recent revelations have drained the last drop of credibility from the "we could but we wouldn't" argument.

Just have found another article that might give some more details. It is again a German article, so I hope that German speaking community will step in again (the last Google translation was really bad) and provide its interpretation.

The article is an interview of Professor Dr. Rüdiger Weis, who is a cryptology expert:


Nothing prevents you from buying a non-Windows, non-Mac laptop. It's not the year 2000 anymore when there were hardly any other options.

Or using a system without tpm I am looking at building a new pc and all the motherboards I have looked at do not have a tpm module they have the header to implement one but its not installed by default.

Tell me where these mythical laptops are, other than the Dell XPS 13?

http://www.system76.com/ among others.

I hadn't heard of them, although buying such a thing internationally would be an expensive pain in the ass to return if there were an in-warranty defect!

Also, as an Ubuntu-user, as I really love the idea of these, but they're ugly and look really cheap: http://i.imgur.com/KGPznQz.jpg

There are other places, like http://www.powernotebooks.com/ and http://www.xoticpc.com/ that have excellent warranties and deal with all the international stuff so you don't have to. Granted they don't come with linux, but you can order them with no OS.

There is also the so-called Windows Refund [0] for everyone else, but it's an absolute pain in the butt to go through (deliberately so), and ends up costing more in time and hassle for a measly refund.

[0] http://en.wikipedia.org/wiki/Bundling_of_Microsoft_Windows#L...

I just have looked up on www.xoticpc.com for a Thinkpad X1 Carbon and there is NO possibility to get it without Windows. So at least for them it is not true.

If Microsoft has been complying with government requests to facilitate access to Microsoft online services, then it wouldn't be entirely unreasonable to extrapolate from there to question whether or not Microsoft operating systems have also been engineered to facilitate government access.

TPM combined with the recent revelations may become Windows' final nail in the coffin.

I certainly understand the sentiment, but we've been talking about the end of the Windows era for at least fifteen years. At some point it will inevitably end, but I suspect that we will only be able to point to the 'final nail' in hindsight.

can anyone elaborate on TPMs, what are they, why are they the risk in MS case etc.?

Key point: "Trusted" in this sense refers to trust to an external entity and not the owner or user of the actual computer, which ironically is not trusted to have full access to all things on the computer.

The biggest problem is that the "trusted" party which has full access is almost certainly under NSA/PRISM jurisdiction and can be forced to do things which most people would find objectionable.

Where do you see that a trusted party has full access? Yes, the NSA could probably create a Windows build with a backdoor, and forge a signature that the TPM would accept, but they could (and probably did) just ask Microsoft to do that and save the bother.

What attack vector, exactly, does the TPM enable that isn't present pre-TPM?

Because you can only install software approved by Microsoft, you cannot install software on it for detecting a backdoor installed by Microsoft. These computers are only more secure if you trust Microsoft. If Microsoft can't be trusted (and they can't be, as they are under NSA's jurisdiction), then the Windows 8 computers are less secure.

But wait, it gets worse. At least in the case of MacBooks you only have to trust Apple, but in the case of Microsoft you also have to trust the computer manufacturer. And that's a really tough pill to swallow.

I actually hope that Windows 8 will be banned by governments in the public sector, as Trusted Computing is a scourge upon this industry.

Um, wait-Windows 8 will allow you to install any old x86 Windows program. Only Windows RT is locked down to such an extent. I hope HN doesn't have Slashdot levels of ignorance concerning Windows.

> I hope HN doesn't have Slashdot levels of ignorance concerning Windows.

Only Windows? HN also has Slashdot levels of ignorance concerning the legal system, patents, copyright, and the music industry, and these are only the topics I know something about. I avoid political discussions, but from what I'm told, those are just as misinformed.

Note that I am no expert in those topics either. I just took the time and effort to research those on my own rather than accept the sound bites media puts out.

When it comes to technology, there's probably no better place. (And even that I would caveat with an exception for Microsoft technologies, where you'll find more FUD than knowledge.) But basically for anything else, don't expect much from HN.

Before jumping to conclusions, take your time and read about how rootkits work and why it is hard to detect rootkits. Also I love it when new users give warnings about HN's evolution.

It doesn't make sense. TPM is only "less secure" for running a non-Windows OS, which isn't possible. Windows is the problem (security-wise), not TPM (which has many other problems) - isn't it exactly as secure for running Windows as running Windows on a non-TPM computer?

My point was merely that this TPM thing fundamentally boils down to giving up control over your own hardware to someone else.

While it may not be a direct security risk per se, it represents a model of computing where the security-priorities are reversed as far as anyone not in the content-industry is concerned.

Now... If Windows 8 is any worse in this regard than Windows 7 is probably questionable, but Windows 8 has had as a default OEM-configuration to be more locked down in "secure boot" and TPM-land than it used to be.

There are plenty of good reasons to steer clear of TPM. Protecting yourself from the NSA just isn't one of them.

So just don't install a TPM module if your getting paranoid and does any one know what powers the BND and the plethora of secret police have in Germany?

This smells of poujadist knee jerk Anti Americanism

I'd be under the impression that TPM 2.0 modules come pre-installed and are probably surface mounted chips, the removal of which would void any warranty and possibly cause damage to the motherboard.

So and your point is? for example None of the consumer Ausus 8 series MB's (1150 Haswell) come with a pre installed TPM they just have the header.

My point is TPM 2.0 appears to be a different beast. While it's optional today, it probably won't be tomorrow. Vendors are very keen to lock shit down and create walled app gardens in the name of increased security.

So don't buy an iPhone ;-)

But you do have a point - I suggest you lobby your MEP/Senator/MP to ban totally walled gardens or to use anti trust to split the app side of Google and Apple etc from the parent - this is what caused IBM so much trouble in the 60/70's

TPM isn't limited to iPhones!

I don't think TPM or walled gardens are a political problem, but more a technical and marketing problem. Lobbying for legislation that prevents alternative marketplaces from being locked out of a particular ecosystem doesn't actually mean people will use them en masse, or even know they exist. For example, despite Android's open nature, Amazon Appstore is very unlikely to ever beat Google Play because most people don't switch from the default. Similarly, Internet Explorer remained the most popular browser up until lately, despite alternatives and European legislation. Google Chrome is now the most popular browser, but it took an expensive ad campaign to make Google Chrome happen, not legislation. Firefox is trailing in last among popular web browsers!

Increased adoption of FOSS is really the only solution. It only becomes political when FOSS is legally restricted.

call me when open office and gimp don't suck

I don't really use OpenOffice apps frequently (LaTeX FTW!), but OO doesn't suck.

Photoshop beats the pants off GIMP, unfortunately.

OpenOffice/LibreOffice suck for what I do with Office: Write scripts that exchange data with other applications, in particular, operations research software. It is a pity, because Python is a superior scripting language than VBA, but for the most part, developers of optimization and simulation packages have voted with their feet to make it easier for their programs to exchange data with Excel and Access, not with OO/LO Calc.

Admittedly, my use case is not terribly common.

Thing is, it's use cases like this that are hindering adoption of Linux on the desktop, and I feel sad that these points of friction still exist; they shouldn't. <stallman-clone>We need, in part, widespread adoption of free, open source software to help maintain privacy, personal security, and freedom. It's use cases like yours that need to be taken into account and accommodated. Until this happens, and migrating to something like Ubuntu is problem-free and frictionless, our computers aren't free, and we, as a society are less free and more vulnerable to malicious government entities. Also, the era of the cloud as we know it has to end!</stallman-clone>

I see you're new too! Welcome to HN! :-)

> Thing is, it's use cases like this that are hindering adoption of Linux on the desktop, and I feel sad that these points of friction still exist; they shouldn't.

I am a happy Arch user at home. There is no non-free software installed on my personal machine. Even for my operations research work, when I do it using my machine, I prefer using free software (e.g., GLPK for optimization and Aivika for simulation) over the proprietary alternatives, because free software developers do not pull crap like "The professional edition can only run models with up to 2000 variables. If you need more, buy the enterprise edition."

Sadly, at work I do not get to pick what tools I use. Customers do not want to give up Excel and the proprietary software designed to interact / exchange data with it.

In any case, my original comment ("OpenOffice/LibreOffice suck for what I do with Office") was not meant to be a characterization of free software in general.

> <stallman-clone>We need, in part, widespread adoption of free, open source software to help maintain privacy, personal security, and freedom. (...)

Five years ago or so, I might have dismissed you as a lunatic; but, these days, I find myself increasingly agreeing with this point of view. I have seen OS X evolve from a somewhat restrictive but overall very convenient OS (Leopard and Snow Leopard) to an OS openly designed to limited what users can or cannot do (Lion, I have not used Mountain Lion). Windows has undergone a similar path (beginning with the Windows Genuine Advantage thing).

It is quite a feat that proprietary software has become so restrictive that I, someone who still does not place software freedom too high in his priority list, actively seek to use free software over its proprietary counterparts.

> (...) Also, the era of the cloud as we know it has to end!</stallman-clone>


> I see you're new too! Welcome to HN! :-)

Thanks! :-)

> Five years ago or so, I might have dismissed you as a lunatic

Six months ago I'd have dismissed me as a lunatic too! Stallman, whether by luck or foresight, was right.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact