Hacker News new | comments | show | ask | jobs | submit login

Key point: "Trusted" in this sense refers to trust to an external entity and not the owner or user of the actual computer, which ironically is not trusted to have full access to all things on the computer.

The biggest problem is that the "trusted" party which has full access is almost certainly under NSA/PRISM jurisdiction and can be forced to do things which most people would find objectionable.

Where do you see that a trusted party has full access? Yes, the NSA could probably create a Windows build with a backdoor, and forge a signature that the TPM would accept, but they could (and probably did) just ask Microsoft to do that and save the bother.

What attack vector, exactly, does the TPM enable that isn't present pre-TPM?

Because you can only install software approved by Microsoft, you cannot install software on it for detecting a backdoor installed by Microsoft. These computers are only more secure if you trust Microsoft. If Microsoft can't be trusted (and they can't be, as they are under NSA's jurisdiction), then the Windows 8 computers are less secure.

But wait, it gets worse. At least in the case of MacBooks you only have to trust Apple, but in the case of Microsoft you also have to trust the computer manufacturer. And that's a really tough pill to swallow.

I actually hope that Windows 8 will be banned by governments in the public sector, as Trusted Computing is a scourge upon this industry.

Um, wait-Windows 8 will allow you to install any old x86 Windows program. Only Windows RT is locked down to such an extent. I hope HN doesn't have Slashdot levels of ignorance concerning Windows.

> I hope HN doesn't have Slashdot levels of ignorance concerning Windows.

Only Windows? HN also has Slashdot levels of ignorance concerning the legal system, patents, copyright, and the music industry, and these are only the topics I know something about. I avoid political discussions, but from what I'm told, those are just as misinformed.

Note that I am no expert in those topics either. I just took the time and effort to research those on my own rather than accept the sound bites media puts out.

When it comes to technology, there's probably no better place. (And even that I would caveat with an exception for Microsoft technologies, where you'll find more FUD than knowledge.) But basically for anything else, don't expect much from HN.

Before jumping to conclusions, take your time and read about how rootkits work and why it is hard to detect rootkits. Also I love it when new users give warnings about HN's evolution.

It doesn't make sense. TPM is only "less secure" for running a non-Windows OS, which isn't possible. Windows is the problem (security-wise), not TPM (which has many other problems) - isn't it exactly as secure for running Windows as running Windows on a non-TPM computer?

My point was merely that this TPM thing fundamentally boils down to giving up control over your own hardware to someone else.

While it may not be a direct security risk per se, it represents a model of computing where the security-priorities are reversed as far as anyone not in the content-industry is concerned.

Now... If Windows 8 is any worse in this regard than Windows 7 is probably questionable, but Windows 8 has had as a default OEM-configuration to be more locked down in "secure boot" and TPM-land than it used to be.

There are plenty of good reasons to steer clear of TPM. Protecting yourself from the NSA just isn't one of them.

Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact