The Ed Bott Report

Ed Bott
Home / News & Blogs / The Ed Bott Report

Why do Linux fanatics want to make Windows 8 less secure?

By | October 18, 2011, 2:00pm PDT

Summary: Windows 8 isn’t even in beta yet, and already the FUD is flying fast and furious. A small group of activists are whipping up controversy over the UEFI secure boot feature even as they admit the feature is “valuable and worthwhile.” Here’s the real story.

The FUD is flying fast and furious over Windows 8, and the OS isn’t even in beta yet.

The Free Software Foundation (FSF) is organizing a petition-signing campaign over Microsoft’s announced support for the secure boot feature in next-generation PCs that use Unified Extensible Firmware Interface (UEFI) as a replacement for the conventional PC BIOS. My ZDNet colleague Steven J. Vaughan-Nichols is urging his readers to sign the petition with a bit of deliberately inflammatory language, calling it “UEFI caging.”

The crux of their argument is that Microsoft is deliberately requiring a change in next-generation hardware that will make it impossible to wipe off a Windows installation and install Linux. They are wrong, and their effort to whip up public fury is misguided at best and cynical at worst.

Allow me to illustrate by turning the argument around in an equally cynical way, with an equally inflammatory rhetorical flourish:

People who make their living in the Linux ecosystem are demanding that Microsoft disable a key security feature planned for Windows 8 so that malware authors can continue to infect those PCs and drive their owners to alternate operating systems.

Oh, wait. Now that I think about it, that’s actually pretty close to the truth.

The most disappointing part of this whole phony controversy is that its ringleaders have managed to suck in some people who should know better. Like Ross Anderson, Professor of Security Engineering at the University of Cambridge Computing Laboratory, who wrote this last month:

I hear that Microsoft (and others) are pushing for this to be mandatory, so that it cannot be disabled by the user, and it would be required for OS badging.

This is grossly incorrect. It is disappointing that a university researcher who should believe in scientific rigor and respect for facts would spread a rumor that begins “I hear that…”

He continues:

The extension of Microsoft’s OS monopoly to hardware would be a disaster, with increased lock-in, decreased consumer choice and lack of space to innovate. It is clearly unlawful and must not succeed.

This is pure FUD.

Here’s the reality. Malware authors are getting more creative and more vicious. A rootkit that can infect key operating system files can hide itself so thoroughly that it is virtually impossible to detect. The TDL4 rootkit is probably the best known and most deadly of the bunch. It can patch the Windows Boot Configuration Database, overwrite key system modules, and disable driver signing requirements, just for starters. It is a nightmare to clean up.

The secure boot feature pulls the rug out from under this rootkit and everything like it. Those key boot files that the rootkit tampers with are digitally signed. With Secure Boot enabled, any modification to those files is detected at startup by the UEFI code-signing check, and the system stops in its tracks. Rootkit foiled, user protected, recovery possible.

As my colleague Mary Jo Foley has noted, the initial reports came from an employee of Red Hat Linux who acknowledges that “UEFI secure boot is a valuable and worthwhile feature.”

Page 2: What do the BIOS makers say? –>

More from “The Ed Bott Report”

Topics

Linux, PC, Operating System, OEM, Microsoft Corp., Microsoft Windows 8, FUD, Microsoft Windows, Rootkits, Operating Systems, Desktops, Security, Software, Spyware, Adware & Malware, Hardware, Ed Bott

Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications.

Disclosure

Ed Bott

Ed Bott is a freelance technical journalist and book author. All work that Ed does is on a contractual basis.

Since 1994, Ed has written more than 25 books about Microsoft Windows and Office. Along with various co-authors, Ed is completely responsible for the content of the books he writes. As a key part of his contractual relationship with publishers, he gives them permission to print and distribute the content he writes and to pay him a royalty based on the actual sales of those books. Ed's books are currently distributed by Que Publishing (a division of Pearson Education) and by Microsoft Press.

On occasion, Ed accepts consulting assignments. In recent years, he has worked as an expert witness in cases where his experience and knowledge of Microsoft and Microsoft Windows have been useful. In each such case, his compensation is on an hourly basis, and he is hired as a witness, not an advocate.

Ed does not own stock or have any other financial interest in Microsoft or any other software company. He owns 500 shares of stock in EMC Corporation, which was purchased before the company's acquisition of VMWare. In addition, he owns 350 shares of stock in Intel Corporation, purchased more than two years ago. All stocks are held in retirement accounts for long-term growth.

Ed does not accept gifts from companies he covers. All hardware products he writes about are purchased with his own funds or are review units covered under formal loan agreements and are returned after the review is complete.

Biography

Ed Bott

Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications. He's served as editor of the U.S. edition of PC Computing and managing editor of PC World; both publications had monthly paid circulation in excess of 1 million during his tenure. He is the author of more than 25 books on Microsoft Windows and Office, including the recently released Windows 7 Inside Out.

Talkback Most Recent of 461 Talkback(s)

  • RE: Why do Linux fanatics want to make Windows 8 less secure?
    Linux is free, but the services for Linux is not free...
    Why don't these hypocrites make Linux services free as well and serve mankind for a noble cause?

    How do these free software advocates make a living ??? Living on benifits or goverment grant using tax payers money???
    ZDNet Gravatar
    owlnet
    18th Oct
  • RE: Why do Linux fanatics want to make Windows 8 less secure?
    @owlnet

    They make a living working for places like IBM, Google, and HP.
    ZDNet Gravatar
    Michael Kelly
    18th Oct
  • Master Joe Says...Wow
    @Michael Kelly Was that meant as a good thing? IBM's claim to fame recently was that their servers aren't 10x slower than Oracle's. They're only 6; this from IBM's own people. Google has tax issues at the moment, anti-privacy issues, and anti-trust issues, and even its own employees have begun to, allbeit accidentally, bash their products (Google+) in public, with some rather strong language. HP can't even find a fit CEO to run the company, kills off a product two months after launch, and now has an OS they spent a whole lot of money on with no means of turning a profit for them. Those sound like great places to work. If you're a consultant, IBM IS a great place to work. If you're a Linux developer, other than perhaps working with the RHEL team or with Cannonical, I'm just not seeing how you're better off than someone who is more intimately familiar with Windows, which, by the way, rules both the enterprise and consumer markets. Just my two cents on this.

    --Master Joe
    ZDNet Gravatar
    MasterJoe
    19th Oct
  • A long history of antitrust trials and Microsuck
    @Michael Kelly
    I could not help to feel a kind of deja vu, that this has happened before, and it has. Linux is a threat in spite of its minuscule user base but has a big presense among web servers.
    Add to this an insecure Microsoft, they know they would lose a lot of customers without using dirty tricks.
    ???Security??? is just an excuse. Did anyone really believe otherwise? When has MS Windows ever been anything else than totally perforated by malware?
    ZDNet Gravatar
    Mikael_z
    19th Oct
    • Flagged
  • RE: Why do Linux fanatics want to make Windows 8 less secure?
    To be perfectly honest, I see this as more a preemptive attack against possible 'regular home users' switching over to something like Ubuntu. Your average user won't know how to go into BIOS to disable UEFI - and if they see that installing Linux means doing 'some dern technical thingy', they'll just not do it.

    This is exactly what Ubuntu and other distributions are trying to avoid, making Linux look 'technical'. Even if EVERY OEM allows the user to disable it easily, but since they all want Windows 8 stickers they have it on by default... Microsoft has won.

    The 90% of people who COULD switch to Linux (people who don't play games, or run MS-only products - people who can live with Firefox instead of IE, LibreOffice instead of MS Office, etc.) will just not switch, because they don't know how/are too lazy to mess with their BIOS, usually accompanied by something about how 'technical' it is, and 'not for them'.
    ZDNet Gravatar
    Tynach
    19th Oct
  • RE: Why do Linux fanatics want to make Windows 8 less secure?
    @Tynach
    So you're saying that adjusting BIOS settings scares potential Linux users of but installing a new OS won't? People that install Linux are 'expert' users or otherwise they will let an 'expert' friend do it for them. Really, adding an extra step inside the BIOS won't change anything.
    If I'd be a novice user I would be more scared to install a completely new OS other than Windows without wrecking my computer (and that's not a stupid assumption when you're a novice) then to adjust one tiny setting.

    And btw, you're talking about an EUFI option inside the BIOS but actually the BIOS will be totally replaced by EUFI. So it's an option inside EUFI. Just so you know happy
    ZDNet Gravatar
    belli_bettens@...
    20th Oct
  • RE: Why do Linux fanatics want to make Windows 8 less secure?
    @Tynach
    The average home user will never move to any version of Linux unless a major marketer of PCs and laptops promotes the platform. That is never going to happen. Hand held devices don't count.
    ZDNet Gravatar
    notme403@...
    20th Oct
  • RE: Why do Linux fanatics want to make Windows 8 less secure?
    @Tynach, if you think toggling a SecureBoot setting is going to be a roadblock to running Ubuntu, you're ignoring what it already takes to install and run Ubuntu. It's trivial.

    There is nothing preventing Ubuntu's developers from updating it to be SecureBoot compliant.
    ZDNet Gravatar
    Lester Young
    20th Oct
  • RE: Why do Linux fanatics want to make Windows 8 less secure?
    @owlnet
    It's not about free; it's about choice. I agree it's early to attack Win 8. They might still force OEMs to have a toggle off option.

    Likewise, it's took early for the Windows fanatics to be defending Win 8 too. Microsoft may allow OEMs to turn the PC market into one like the smartphone where you are expected to only run what it comes with.
    ZDNet Gravatar
    anono
    18th Oct
  • It's not up to Microsoft
    @anono

    So stop trying to pin the blame on them. It is up to the OEM. Pure and simple. I know you'd really like to find something wrong with Microsoft on this but it's a fantastic feature. Anything that prevents rootkits is a fantastic feature.

    Some OEMs will allow you to disable it, others won't. But it has nothing to do with Microsoft.
    ZDNet Gravatar
    LiquidLearner
    19th Oct
  • Now That's Not Correct Either
    @LiquidLearner

    Considering the requirement to have this enabled by default in order to get Windows 8 certification, it's rather a stretch to say, "It has nothing to do with Microsoft." Microsoft isn't forcing manufacturers not to make the option to turn it off available, but they do have a lot to do with the feature being implemented in the first place. Just leave it at, "Microsoft isn't making the final decision."
    ZDNet Gravatar
    CFWhitman
    19th Oct
  • RE: Why do Linux fanatics want to make Windows 8 less secure?
    @liquidlearner

    Sorry, but history has shown that OEM's do whatever Microsoft tells them to. If they don't, then Microsoft just increases the price the OEM's are charged until they are out of business. Everyone in the OEM business knows that too. That's what really happened to the Linux based 'Netbooks'. There, it wasn't the Netbook market, it was the Desktop and Laptop markets that really frightened the OEMs. The only holdouts are Apple and a few Linux resellers.

    In servers it doesn't matter as much because Microsoft isn't capable or running a big server. Anything over 64 processors just doesn't do Windows well at all.

    Microsoft has been convicted twice in the US of using these tactics, and also convicted twice in Europe. More times than that in Asia. It's old news. It also hasn't changed.

    The fear in Linux is real, and based on experience. Saying 'Oh Shucks' which is all Mr. Bott has really done does nothing to allay the suspicion.

    The last time Microsoft tried this, around 12 years ago, your computer wouldn't run if you replaced any of the cards in the system.

    Yes, the Linux people are concerned, but the Windows people who maintain systems should be terrified. Just think, if you add any memory, you will need to buy an new Windows license.

    Now do you understand?
    ZDNet Gravatar
    YetAnotherBob
    21st Oct
  • RE: Why do Linux fanatics want to make Windows 8 less secure?
    @anono What? Have you not read that its a simple matter of making a selection in the BIOS to turn off IUFI. Give it a rest. By default a computer should be more secure. If you want to reduce that security to run another OS, than you do it at your own risk.
    ZDNet Gravatar
    groberts116@...
    22nd Oct
  • ScorpioBlue, making this out to be Microsoft's problem again.
    @ScorpioBlue
    I see it is business as usual for you, just like before under your earlier screen names.

    Do you not get tired of the endless FUD campaign that you have waged since the begining? I know many of us here have tired of your endless FUD campaign.

    I imagine you have a vested interest in having Windows released without it being as secured as it could be.
    plain
    ZDNet Gravatar
    Mister Spock
    18th Oct
  • No, I don't get tired of battling a monopoly
    A monopoly that lied, cheated and stole it's way to the top. A monopoly that's as unavoidable today as cell phones.

    Better get used to it, faux pointy ears.
    ZDNet Gravatar
    ScorpioBlue
    19th Oct
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources