OStatic

by an anonymous user on Oct. 19, 2011

That really doesn't sound like much of a good point to me. Plenty of companies make exclusionary decisions regardless of calls they might get. I still remember Firewire and was slightly disappointed that many chose to go with USB 2 instead, fortunately I didn't care that much. Plus, Microsoft just a few years ago ended the Blueray v. (whatever it was called) debate- AFTER they created a XBox that ran the competitor. There are probably many other like decisions which make this point- pointless. Besides, who doesn't want to call India and complain about their computer?

by NOYB on Oct. 19, 2011

Windows 8 not so great. I do not appreciate. Therefore I eliminate.

by linuxcanuck on Oct. 19, 2011

Windows can't make itself secure like Linux so it wants to change the boot process so that a user cannot install a secure OS like Linux and force them to use a locked down OS like Windows that forces users to spend hours and much money to make up for Microsoft's deficiencies.

Is that about it?

Why not just make a secure operating system in the first place?

by Grant on Oct. 19, 2011

I disagree. I expect that it is their best interest to make sure that nothing but the original OS is ever installed, including upgrades. It drives future sales. As for support calls, question 1 is "Are you running the operating system that was shipped with the PC?" If not, the answer is use the restore disk, no further support.

by an anonymous user on Oct. 19, 2011

How do we install Win9?

by an anonymous user on Oct. 19, 2011

Well, I don't intend on buying a Windows PC. My last one was a barebones (or black box or white box or whatever you want to call it) PC, that is, one without any OS installed. And the next one is likely to be the same.

by laz on Oct. 19, 2011

This is a good little article.

There is a lot of 'opinion' listed on the internet these days, with little evidence our reasoning to back it up.

Unfortunately, baseless opinion seems to get a lot if voice these days.

1: How comes there's is no call for Apple to open up the iPad for third party os's?

2: Why would Ms care about blocking Linux on the consumer platform, alot if trouble for a market that market is less than 1%

3: why would hardware vendors want to alienate that extra 1% of the market...every % means extra $$$

4: why would hardware vendors want to have extra sort calls asking how to install Linux?

These are fair reasons, compared to the finger pointing and accusations by the anti Ms crowd!

by oiaohm on Oct. 20, 2011

Most flawed arguement from bolt.

Allowing users to change the secure boot signing key can make the platform more secure not less.

Please remember Linux support booting on Intel UEFI signing system what is a unique key per system. You upload the approval key you want the hardware to support with the Intel system.

This is end user controlled by the bios. Ie insert your linux cd/dvd/usb key boot into bios select to load the aproval key for that media from that media then you can boot from it. That is the intel way.

Result is system more secure. Each Linux distribution can have its own signing key. Attacker can only undermine with an approved key.

Now if user does not want to run a distribution or OS they just don't load in the key.

What happens if MS losses there signing key how is the user going to remain secure and reject the key.

by an anonymous user on Oct. 20, 2011

How will users of current hardware upgrade to new operating system when Microsoft launches the next one. If the hardware is tightly coupled with the software user might never get to install even windows. This might give hardware vendors an undue advantage to sell new hardware over and over again to the same customer when upgrading software. Microsoft says users will not be able to boot older operating system, does that mean they will be able to install new ones that releases later.

by Anonymouse on Oct. 20, 2011

I love this whole debate. Of course OEMs will enable a switch. Hell, this isn't even really MS's idea. The chromebooks have a hardware switch that enable "dev mode" when you turn it on (hint: it disables secure boot).

This is about MS trying to assert control over users, people, consumers, oems, whatever. It will never happen, people are too smart. They're genius in their approach, too. It's a PR marketing ploy to make themselves the victim. But as I said, typically computer people (which is just about anyone these days, right?) are also smart thinking people.

I read the "non-trivial" quote from above like so few end users actually install Linux on their home personal PCs to be worried about it. Well here's another fine PR point: secure boot, a "digitally signed" boot process also would prevent piracy. I'm sure a non-trivial amount of Windows users actually pay for their software. This is an unintended consequence that noone wants to bring up.

Why? If the FSF says it battles piracy, they look pro-piracy and that's a bad thing. In fact they support and respect copyright. As MS about piracy, and their head might explode. Because on one hand they want profits, on the other, it's difficult to assert influence unless your product is pervasive.

So what will be the outcome? The OEMs will enable it by default, but if you're using Linux and installing your own hardware and OS anyhow, you're pretty much your own OEM, and you'll continue as you always have. If it's MS's point to assert power and control over those who they don't already have it, it will fail as it has so many times in the past.

by doctork on Oct. 20, 2011

Institutional buyers like mine often have IT departments that don't support end-users using Linux (even if their own servers run it). What choice are they going to make between comparably-priced PC's that don't allow dual booting versus those that do? Probably the former.

by T. J. Brumfield on Oct. 20, 2011

To an extent, this isn't a tradeoff of security.

Windows 7/8 already won't let you write directly to the boot loader while Windows is running. It is already secure. You need to compromise the kernel to access the bootloader, and to an extent, you need to compromise the bootloader currently to inject unsigned drivers to compromise the kernel.

We don't have a security hole, but we're plugging it anyways, which just coincidentally has a side-effect of stopping people from dual-booting into Linux.

by an anonymous user on Oct. 20, 2011

The issue here isn't about being able to disable secure boot. That is most likely going to be on option on every for years to come, to support legacy operating systems.

The real issue is that vendors do not appear to be implementing a means for end-users to decide which keys can sign trusted binaries. Right now, the only entity that is supported in many cases is Microsoft. What Matthew Garret (who initially raised everyone's awareness of this issue) is working towards is allowing the user to manage the list of keys that are trusted for signing binaries.

It isn't just about Linux, it is about putting the control in the hands of the user, and not being at the mercy of Microsoft or your PC Vendor.

by Clive on Oct. 20, 2011

The so-called good point didn't seem to be much of a point at all.

If the secure key stops another O/S being loaded then it will also kill off the second hand PC market unless hardware manufacturers provide a system to allow it to be switched off. in some ways hardware manufacturers would like to kill the second-user PC market - but governments wouldn't like it as it would grow the toxic waste mountain even faster.

by anonymouser on Oct. 20, 2011

what was his point exactly?

that we shouldnt make a big deal about it because it will all work out for us?

how is 'close your eyes, dont say a word and wish real hard and good things will happen' a point?

the real point is that things will work out for us in the end BECAUSE we will make a big deal out of it.

and if he insists of calling me a Linux 'fanatic' then I could just as easily ask him if he's stopped beating his wife.

so infer and imply at will Ed.

by Bernard Swiss on Oct. 20, 2011

In a world in which it has already been demonstrated that manufacturers will manufacture motherboards with grossly broken BIOS tables (even though the tables provided for Windows will work perfectly well for Linux, too), this kind of blithe "don't worry, be happy" logic is distinctly unreassuring -- and arguably either ignorant or dishonest.

by an anonymous user on Oct. 20, 2011

Security that you have no say in is NOT security, it is control.

If you as the computer owner do not have control of the approved keys, then you no longer have control of your PC. Someone else does and they, not you, get to decide what you can and cannot do with it.

Also, exactly how is this supposed to work in a virtual environment? There is no such thing as a secure boot in a virtual environment. Will you only be able to run Windows 8 in an "approved" virtual environment like Hyper-V, but not KVM?

by an anonymous user on Oct. 20, 2011

If OEMs don't offer a switch, users will stick with the PCs & OS they have for a much longer period. IOW, OEMs will shoot themselves in the foot and will hurt enough to convince them to offer a switch.

If MS puts a time limit on its software, users will look somewhere else.

-Abe

by an anonymous user on Oct. 20, 2011

Ed Bott is misrepresenting the objection. It is not a debate about secure boot vs no secure boot (no matter how many Windows advocates paint it that way). Nobody is really complaining about secure being enabled by default - just that it might not be possible to turn off on some machines.

He is also just assuming ALL OEMs will allow secure boot to be turned off - despite Redhat being told by some OEMs that they don't plan to.

If being able to turn off secure boot is such a universal solution to both MS and Ed Bott that all (they assume) OEMs will allow anyway, why doesn't MS add a clause to the Win8 requirements that the ability to disable secure boot manually can not be removed.

That would not lower anyones default security level, but would make the objections from Linux users go away.

by markh on Oct. 20, 2011

Here is my approach.......Remember how GeoHot made sony run from court with their tail between their legs??? For doing exactly the same thing.

This time it will go our way and then some.....just think, we already have the legal precedent with the PS3 case. Now imagine if Dell, gateway, emachines etc are jumping up M$ tail because they are losing court battles regarding consumer rights.

Now the next question becomes If they do end up locking out all but the mothership what will ppl who use PXE boot in large corporate situations do about their custom PXE applications ESPECIALLY ghosting software. I think M$ is going to open a can of worms that they wont be able to close.

As far as what I am going to do? I will buy no OS pc's if I have to, If it comes down to it I will buy a mac and put linux on it......Linux is the only way I get what I want done :)

by an anonymous user on Oct. 21, 2011

It doesn't matter if Microsoft thinks the system is is safer or not. The bottom line is if I ever decide to reformat and install Linux or just make a dual boot, that's is my business, not Microsoft's.

by Alex on Oct. 21, 2011

There would certainly be a lot of developers on windows who would try to tweak the OS for testing. Will then having no option to turn off secure boot not be a problem for them too. I think hardware manufacturers have no advantage in removing the option unless Microsoft uses its partnership to secretly influence them. This might only happen if Microsoft feels that there is a massive threat to its already dominating OS.

If hardware manufacturers allow disabling secure boot, then all dual booting solution will need secure boot disabled. This is disadvantageous for all.

Mac has EFI. When linux or windows is installed, Mac's bootloader overrides theirs and so there is no problem. Mac helps the alien OS load from their firmware. However there is no secure boot. If Microsoft does something similar with secure boot in collaboration with the manufacturers, it would solve this problem for all. Better still, if Linux live cds can install their own UEFI key in the firmware and also allow other OS to load securely by impersonating their secure keys in the linux bootloader, it would be the best solution of all.

by an anonymous user on Oct. 21, 2011

yeah, i buy the hardware its mine and i should be able to put whatever i want on it, if the windows system was designed properly secure boot wouldn't even be needed. screw microsoft and all their little schemes to force people to use windows like foxconn's bad acpi tables, nvidia optimus, etc.

by Lurker on Oct. 21, 2011

its MY machine, I will do what i will, with it

by an anonymous user on Oct. 28, 2011

Unfortunately, the Typical End User (TEU) is clueless and could not care less about the entire issue. They outnumber those of us who do understand the situation at a rate of more than 10,000 to 1. So MS/OEMs are going to care about what we say/think/do why?

Exactly. They are not. They do not. They will not.

Of course there will be ways around this, and if it goes forward in dictatorial fashion, perhaps will blow up in their faces.

One can only hope sanity prevails, but this is not the trend in big business, especially concerning anything Microsoft touches.

by an anonymous user on Feb. 28, 2012

No way this will happen like that. Too many large corporations (including microsoft) use linux or BSD for their servers. Why? Because they are already secure lol. But in all seriousness, they WONT care about us end users, but they certainly WILL care about large corporations that will no longer be able to upgrade servers and keep their stable, secure, functioning, legacy compatable, OS.