executive summary:
|
| Author | Content |
|---|---|
| tuxchick Jun 22, 2012 3:21 PM EDT |
More lunatic hassles for a false sense of additional security. They keep nattering about pre-boot malware-- has there ever been any for Linux or Windows? Real malware, and not proof-of-concept. I don't recall any. You don't need fancy hard stuff like pre-boot malware to infect Windows, as it offers multiple points of entry that are much easier. However, there have been multiple failures in the root CAs and signing keys, like the fun Windows Flame malware. Those are real and proven, not theoretical. How is the Windows signing system going to keep up with Linux? Linux does not stand still and kernel updates are frequent. Why would anyone even want this on a Linux system, what are the benefits? Real and not theoretical. The only value I see in this is using your own personal PKI and not relying on an external signing system. And then figuring out a way to keep up with updates and changes without going mad. This is a big not-funny joke. |
| BernardSwiss Jun 22, 2012 7:29 PM EDT |
Quoting:They keep nattering about pre-boot malware-- has there ever been any for Linux or Windows? Mebromi: the first BIOS rootkit in the wild http://blog.webroot.com/2011/09/13/mebromi-the-first-bios-ro... Not that you don't make some good points. But as the Linux side points out often enough in the FUD wars, "Security Is A Process". The boot-chain is just one more target, and Secure Boot is just one more defence. Bad Guys (tm) will, just like Data Execution Prevention and Address Space Layout Randomization, and code signing, eventually find ways to avoid -- perhaps even exploit -- this mechanism. So I figure there are really two over-arching questions: (1) Do the benefits out-weigh the costs? Secure Boot could be a boondoggle, but opinions among very qualified people differ. (2) Will the implementation be a sensible one -- one which spreads the benefits and costs equitably, rather than effectively serves as a tool for covertly and anti-competitively tilting the hardware market in favour of the dominant desktop-OS distributor (ie. Microsoft/Windows), and in active hindrance to the alternatives (ie. generally Linux and BSD)? |
| BernardSwiss Jun 22, 2012 7:49 PM EDT |
Quoting: Have I got this straight? Does this section indicate an important difference from RedHat's approach -- one that RedHat considered not tenable? |
| tuxchick Jun 22, 2012 11:57 PM EDT |
Good questions all, and there are many more. Too dang many to foist this half-baked mess on the world. |
| helios Jun 23, 2012 9:45 AM EDT |
to foist this half-baked mess on the world. They got their unspiration from KDE and Gnome Devs........ Unspiration....my Yogi Berra-ism for the week |
| albinard Jun 23, 2012 10:39 AM EDT |
May I suggest de-inspiration, which shortens to the more probable cause of Microsoft's effort, desperation. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!