TechNews Pictorial PriceGrabber Video Sat Nov 30 01:51:01 2024

0


Will Windows 8 Secure Boot Block Linux?
Source: Mathew J. Schwartz


A brand-new security feature to be included in Windows 8, designed to block some types of malware, is drawing fire from advocates of non-Microsoft operating system. In particular, they accuse Microsoft of launching a stealth attack against people who choose to install open source operating systems on their Windows-branded PCs.

The feature in question, unified extensible firmware interface (UEFI), is designed to be a more flexible replacement for the BIOS that's long featured in PCs. "In most PCs today, the pre-operating system environment is vulnerable to attacks by redirecting the boot loader handoff to possible malicious loaders. These loaders would remain undetected to operating system security measures and antimalware software," said Steven Sinofsky, president of the Windows group at Microsoft, in a blog post. "Windows 8 addresses this vulnerability with UEFI secure boot, and using policy present in firmware along with certificates to ensure that only properly signed and authenticated components are allowed to execute."


        Outsourcing Security: What Every Potential Cloud Security Customer Should Know
        Effective IT Inventory and Asset Management: From Quagmire to Quick Fix

Videos
TechWebTV catches up with Whisper Systems' CTO and co-founder Moxie Marllinspike to discuss and demo WhisperCore -- a mobile security solution that brings BlackBerry-like centralized enterprise-grade security to Android devices.Richard Bejtlich, CSO and VP of managed services, sits down with Dark Reading's Kelly Jackson Higgins at Black Hat USA to talk about the two hats he wears at the incident response company, and trends in attacks against enterprises and security firms.We spoke with Chris Sather, Product Management for Network Defense at McAfee about McAfee's next generation firewalls that analyze relationships and not protocols.
TechWebTV catches up with Whisper Systems' CTO and co-founder Moxie Marllinspike to discuss and demo WhisperCore -- a mobile security solution that brings BlackBerry-like centralized enterprise-grade security to Android devices.



Sinofsky's post was written in response to accusations that Microsoft might use UETF to block people from installing non-Windows operating systems on their PCs. But he said that UEFI is managed by the UEFI Forum, a trade organization that counts not just Microsoft, but also AMD, Apple, Dell, Intel, Phoenix Technologies, and other companies as members.

[ Learn more about Windows 8 and whether the planned tablet is too little, too late. ]

Furthermore, how operating systems choose to handle UETF is up to their developers. "We focus our boot loader on Windows and there are a number of alternatives for people who wish to have other sets of functionality," he said. Likewise, according to the UEFI Forum's website, "UEFI will provide a clean interface between operating systems and platform firmware at boot time, and will support an architecture-independent mechanism for initializing add-in cards."

But open source advocates are warning that the Microsoft move to UEFI could disenfranchise people who use PCs to run non-Windows operating systems. "As things stand, Windows 8 certified systems will make it either more difficult or impossible to install alternative operating systems," said Matthew Garrett, who works on power management and mobile development for Linux distributor Red Hat, in a blog posted on Friday.

That's because UEFI will only hand off to an operating system environment using digital certificates that the PC firmware recognizes. Microsoft is reportedly requiring that PC manufacturers who ship machines certified for Windows 8 enable secure boot by default. But that certification program won't require manufacturers to include certificates that authenticate non-Windows operating systems. As a result, people who install other operating systems on "Windows 8 certified" machines may not be able to get their PCs to boot.

"Microsoft can require that hardware vendors include their keys. Their competition can't," said Garrett. "Red Hat is unable to ensure that every OEM carries their signing key. Nor is Canonical. Nor is Nvidia, or AMD or any other PC component manufacturer. Microsoft's influence here is greater than even Intel's."


}

© 2021 PopYard - Technology for Today!| about us | privacy policy |