Hacker Newsnew | comments | show | ask | jobs | submitlogin

Translation (it's a very long-winded article with many repetitions, I left some passages out):

How trustworthy is Microsoft? This is the question that concerns the Federal Administration and other German government agencies, as well as companies and private users who might want to use the Windows operation system now and in the future. Sooner or later they will be forced to use Windows 8 or its successor. According to documents available to the ZEIT ONLINE, government IT experts consider Windows 8 to be dangerous. They contend that the operating system contains a backdoor which cannot be closed. This backdoor is called Trusted Computing and it might empower Microsoft and the NSA to remotely control any device that uses it.

[...] The way in which the chip and the operating system cooperate is standardized and the specification for this is defined by the Trusted Computing Group (TCG). The TCG was founded ten years ago by Microsoft, Intel, Cisco, AMD, HP, and Wave Systems - all of which are US companies.

The current TPM specification is scheduled to be replaced by a new one dubbed TPM 2.0. Together, TPM 2.0 and Windows 8 achieve what has become the norm on smartphones, tablets, and gaming consoles: hardware and operating system become a tightly coupled unit that allows the OS vendor to tie down precisely what can be installed on a device and what cannot. To put it another way, Trusted Computing is a vehicle for Digital Rights Management (DRM) enforcement.

[...] Three issues arise here: First, contrary to the current generation standard TPM will be enabled right from the first boot-up of the device. Whoever uses this computer will no longer be able to decide if they want to use TPM (Opt-in). Secondly, TPM can no longer be deactivated on systems that have it (Opt-out). Thirdly, how TPM functions are used is entirely up to the operating system [vendor], in the case of Windows computers this will be Microsoft.

From the year 2015 on every single PC will be shipped with Windows 8.x and TPM 2.0. For the user there is simply no way to tell what exactly Microsoft does to their system through remote updates.

To summarize, users of a Trusted Computing System lose control of their computer. This is the design goal of Trusted Computing, as the Federal Ministry for IT Security (BSI) explains in detail here [link]. The BSI suggests that government agencies, companies, and private users actually make use of this technology - but only if certain conditions are met. A way to Opt-in and Opt-out is part of these conditions, and these options are being eliminated now. [...] Accordingly, the Federal Administration and the BSI now express very clear warnings against the use of Trusted Computing 2.0 within German agencies.

According to a paper issued by the Ministry for Commerce from early 2012: "Due to the loss of control over [the capabilities of] information technology" "the security-oriented principles of 'confidentiality' and 'integrity' are no longer achievable". Other statements assert for example: "this could have severe consequences for the IT security of the Federal Administration." Thus the conclusion is: "The use of 'Trusted Computing' technology in this form ... is not acceptable within the Federal Administration and other critical infrastructure".

[end of page 1]

Another document reveals that Windows 8 and its successors combined with TPM 2.0 are already unusable "even today". Windows 7 could "be used securely until 2020". After that, other solutions would have to be found.

In an assessment the BSI writes that "unconditional and complete trust" in Trusted Computing is not possible with TPM 2.0. The documents contain evidence that the German government did try to influence the development of the new standard. This type of cooperation has been taking place for years, this time the Germans have been simply ignored though. However, other parties got exactly what they wanted. The NSA, for example. "The NSA approves" was a catch phrase that has been issued during the last meeting between TCG and interested parties, according to some participants.

[end of translation]

The second page contains a lot of predictable conclusions about suspected NSA/US spying capabilities.




It's funny how Windows 8 is singled out as if other Windows versions are any better. Windows 7 can be securely used till 2020? That's the cut off date for updates from MS. The same MS that the article says " For the user there is simply no way to tell what exactly Microsoft does to their system through remote updates."

The above is true of Apple and Google, but it is glossed over.

First, I fail to see any relevance or technical info about what the TPM or trusted boot has to do with the issue at hand.

If anything they should be warning people about using Chromebooks where everything is uploaded to the cloud by default, same with Google Apps and Skydrive. Or Outlook.com and Gmail.

Oh, also be careful about Ubuntu, Shuttleworth said he has root on your machines.

In short, this is a rambling article full of technical sounding gibberish designed to get semi technical folks riled up with scary sounding buzzwords instead of actually educating people.

Edit: Fixed typo reported in reply.

-----


"First, I fail to see any relevance or technical info about how TPM or trusted boot to the issue at hand."

Is that a sentence? It sort of looks like a sentence, but something seems missing.

-----


I'm assuming you're not a computer, have you tried using context clues to figure out what the author might have meant? This isn't Reddit, we don't need grammar Nazis or joke threads here.

-----


The sentence looks like the author started a thought but didn't finish it. I doubt moocowduckquack was taking a cheap shot at the grammar so much as wondering if the author didn't finish the thought.

-----


wasn't a grammar issue, it was that the middle of the sentence seemed to be missing and that it was confusing enough that I thought it useful to point out, and now it is fixed and makes sense to people, yayy :)

-----


Sorry for my misunderstanding then, glad it's worked out for all involved. :)

-----


Windows 8 features MS's version of Apple-style walled garden app infrastructure, which is in turn protected by hardware TPM. Windows 7 can be installed without this hardware support, but will utilize it when available (by securing signed drivers). Windows 8 doesn't require TPM (yet), Windows 9 has been in development since before the release of 7. TPM support was introduced as a core component in Vista, iirc.

-----




Applications are open for YC Summer 2015

Guidelines | FAQ | Support | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: