Biz & IT —

Microsoft, not third parties, should be the one jailbreaking Windows RT

The perverse incentives created by locked-down platforms promote insecurity.

Windows RT hasn't been jailbroken yet, but the first steps towards opening the platform to enable it to run any program, and not merely the ones that Microsoft authorizes, have been taken. Microsoft's reaction so far has been quietly congratulatory, praising developer clrokr's ingenuity, but suggesting that the operating system flaw he took advantage of may not be a permanent feature.

Updating the operating system to be more rigorous in the way the kernel validates data passed into it is no bad thing, but Microsoft should not simply patch up the problem and then wait for the next jailbreak attack. The company should be proactive, and offer an official jailbreak solution of its own.

Although Microsoft is no doubt encouraged that developers are taking the time and interest to try to crack Windows RT, the company should also be concerned. Jailbreaking is a natural reaction to a locked-down, restricted platform, as there will always be some minority of users who don't like the restrictions being imposed—but it's not healthy.

The fundamental problem that these locked-down platforms create is that incentives become misaligned. Normally, it's in the interest of users to install security fixes as and when they become available, to make their systems more secure. It's in hackers' interests for users to not install security fixes, to make their systems easier to attack. But that changes when jailbreaking is brought into consideration. Because jailbreaking depends on exploiting security flaws, the users cease to regard security updates as desirable; they remove wanted functionality (namely, the jailbreak), making them something to be avoided. This is good for hackers, not so much for anyone else.

The misalignment also applies somewhat to the developers creating the jailbreaks. The desire to jailbreak gives those developers an incentive to publish and exploit security flaws so that users can liberate their systems, rather than report those flaws to Microsoft so that they can be fixed.

One thing that the company could do to discourage jailbreakers from avoiding security patches is to bundle security fixes with feature updates. There are rumors that Windows 8 will receive more regular feature improvements than has been typical in the past; if these feature updates also incorporate security fixes then would-be jailbreakers would have a significant incentive to update their systems, even if that meant losing access to the jailbreak.

However, if the upside of jailbreaking is big enough—and the Windows RT crack is significant in this regard, as it enables a substantial increase in functionality—even this won't work. I know a number of people who are clinging to iOS 5 on their iPhones due to the unavailability of an iOS 6 jailbreak, and it seems inevitable that Windows RT users would respond similarly. No feature that Microsoft could add to Windows RT is going to be as transformational as a crack allowing desktop apps.

I've argued on these pages that Microsoft should provide an official mechanism to opt out of the signature restrictions imposed on Metro apps. By all means, keep the restriction on by default to protect users against malware, but provide a toggle somewhere to disable them for those whose needs go beyond the limitations of the platform. Similarly, I believe Microsoft should provide an official way to opt out of the Windows RT desktop's constraints. Provide a Control Panel setting or similar to allow any desktop application to run.

Offering an official jailbreaking solution, something that wouldn't be jeopardized by security updates, would realign incentives appropriately. Users would no longer have anything to fear from security updates, and well-intentioned developers would no longer have the same motivation to publish exploits. This would make the platform more useful to more people. It would mean that developers could spend their time making useful apps rather than figuring out new ways of subverting the operating system. And it would also make the platform more secure for everyone.

Channel Ars Technica