60 comments

[ 2.8 ms ] story [ 78.5 ms ] thread
You have to wonder if Microsoft is doing this out of malice or just because they haven't thought it all the way through.

I'm going to go with option 2 -- I don't think they are clever enough to nerf linux like this. They are probably just thinking, "how do we prevent viruses?"

In my limited experience on and around the Redmond campus, I have to say I was startled by the level of ill-will some MS employees have towards Linux. Ranging from dismissal, "UNIX is nothing but a toy" to outright hatred, "Linux is evil". This seemed to only increase the closer you got to the top...

Although that doesn't necessarily mean they're doing this out of malice, I don't think it went entirely unconsidered. MS definitely likes to be aggressive when possible.

(comment deleted)
MicroSoft is famous for developing a siege mentality intentionally as it helps them get a huge amount of labor out of their employees.

http://en.wikipedia.org/wiki/Siege_mentality

What the Wikipedia article leaves out is that employes that are in this state will have a sort of 'fight or flight' response and will usually work their tails off.

I'm an employee of Microsoft in the Valley. when I leave work at 6:15, there are maybe 15 people left at their desks in the section of the floor I work on (which has about 150 desks in it.) I know multiple people who show up around 11 and leave by 6.

Microsoft is hardly the worst offender in this metropolitan area, much less the industry.

> Microsoft is doing this out of malice or just because they haven't thought it all the way through

Come on. It's Microsoft we are talking about. They regularly donate software to government agencies in order to promote their lock-in and to prevent competitors from gaining a foothold.

I think the ability to install/boot Linux on PC hardware actually benefits Microsoft at this point. It keeps a small but influential group within the PC ecosystem, often dual-booting Windows, at a time when the biggest threat to Microsoft is the potential decline of the PC ecosystem as a whole.
both of your choices are wrong. Microsoft is doing this because there is already malware that patches the NT kernel and boot manager, and Microsoft gets blamed when it happens: see things like http://en.wikipedia.org/wiki/Alureon, a rootkit which had a bug in it that caused the kernel to crash -- through no fault of its engineering team -- when Microsoft applied a security patch.

you're being kind of a jerk assuming that Microsoft engineers aren't clever enough to nerf Linux like this, given its long history of hacks to both mess with its competitors (http://en.wikipedia.org/wiki/AARD_code) and make sure its software works properly (see a lengthy paper on Windows PatchGuard here: http://uninformed.org/index.cgi?v=6&a=1&p=23 and basically every post Raymond Chen makes about application compatibility on his blog here: http://blogs.msdn.com/b/oldnewthing/)

if Microsoft wanted to kill Linux through technological means, it would be able to do it. the fact of the matter is, it doesn't, or even if it does, it would never be able to convince its hardware and software partners to go along with its scheme.

Windows's support for UEFI secure boot, and its requirement that it ship turned on by default on logo-certified PCs, is a matter of reducing the number of things average people -- people who don't even know what Linux is, much less use it -- complain about Microsoft for, nothing more.

(disclaimer: I work for Microsoft, but I'm not speaking officially on behalf of the company.)

Wouldn't pirates be able to make Windows copies that have a valid BootManager? Wouldn't OEM's be able to ship chips that allow original Windows to be booted as well as Linux?

This is yet another futile attempt to prevent piracy. Besides, piracy is probably a good thing for Microsoft. The more Windows users the better in the long run.

The issue on the linux side is the need to have a valid key to sign your bootloader and from what I understand the kernel too as it's part of the bootloader or something like that. Which means, no self compiled kernel and only from Linux vendors that were able to get a key in there.

Obviously if anyone has a key it's no longer secure.

exactly, I remember reading an article about someone at Microsoft saying that when Windows 3.1 came out, they actually liked piracy because at least people wanted to use the software. The same thing happened with Windows 7, Vista was such a catastrophic failure that they just wanted people to use Windows again. Now that they've had some success, they're going to go right back to their old ways.
In order to go after pirates, Microsoft must first create a market for Windows-only PCs. As soon as you have no option but Microsoft, they will cease to see piracy of Microsoft products as a choice preferable to using a competing product: competition becomes a non-issue because nobody else will be able to write OSs for the Windows-only computers.
Not sure if it's EFI as well, but Chrome OS implements this as "verified boot"[1]. If the OS doesn't check out, it falls back on a backup copy on the SSD (and if that one's bad too, it asks for a recovery SD card). Google mandates a "devmode" switch to bypass it, enabling it wipes all data and adds a warning screen at boot (to avoid malicious rooting), but you have full control after hitting the switch.

[1]http://dev.chromium.org/chromium-os/chromiumos-design-docs/v...

Yeah, it's EFI. But you can't boot Linux on it because the EFI is "stripped down" and is missing some functions that Linux needs to boot.
That's not entirely true, at least on the cr-48. Here is the install guide to get ubuntu on a cr-48[1]. The docs do say, however, that the cr-48 lacks initrd, so you have to modify the ubuntu kernel to get it to boot.

[1] http://www.chromium.org/chromium-os/developer-information-fo...

Interesting, that seems like a lot of work :) I've seen a simpler hack that rewrites the EFI firmware to emulate a normal BIOS and then installs vanilla Ubuntu or even Windows on it. http://corey.degrandchamp.com/2011/04/10/flash-google-cr-48-...
I'd like to point out that your counter to doing "a lot of work" involves totally disassembling the Cr-48.
Well, you just have to take the bottom off but it is a lot of screws. Still, I bet it's faster and less hassle.
I thought we were past this stage? Honestly, I think Linux is established enough that this won't be an issue. See the CR-48 from google.
"Of course, all major OEMs are going to want the Windows 8 logo."

In a sentence, this is how broken the current OEM landscape is.

How does that statement show that the OEM landscape is broken?
Who really cares if his PC has a Windows logo on it, as long as it works?
The OEM logo is one indication that it works.
How is a regular person supposed to determine if a PC will work well with Windows? The logo program is supposed to give some assurance of quality, especially when dealing with low priced systems.

(Although, Microsoft screwed this up in the past, certifying crappy video cards in order to help partners out.)

> How is a regular person supposed to determine if a PC will work well with Windows?

You can't be serious. Unless you are over 40, chances are you only saw computers that couldn't run some version Windows in museums.

The logos are version specific. So a Windows 8 logo would imply things that a Windows Vista logo wouldn't. Especially in this Win8 era with touch and min size for side-by-side, having a logo would be a huge help to many people.
I'm only running Windows on my VMware machine.
It's going to be one of those "every other version is good".

Windows 95 (crap)

Windows 98 (good)

Windows ME (crap)

Windows XP (good)

Windows Vista (crap)

Windows 7 (good)

Windows 8 (crap)

Let's just wait and see what the EU commission has to say about this. I call another multi billion euro fine :)

Your timeline has a bug. Where is Win 2000? Also what about 98SE and NT?
Depend on how you want to lay it out. Windows NT was a parallel line of development. Windows 2000 was Windows NT 5.0 (it was originally meant to be the release that bridged the Win9x and WinNT lines). When they finally released Windows XP (Windows NT 5.1), it was the released that merged the two lines into a single product line going forward and running on the NT kernel.

Also, maybe I'm remembering wrong, but Windows 98 was just like Windows 98 SP1, no? If that's the case, why aren't you arguing for all of the service packs on WinNT, WinXP, WinVista, etc.

... and you conveniently left out Windows 2000 and NT4 which both were rather good and would have screwed up your list and thus destroyed your argument.

I agree though that the EU might be interested in something like this, but it wouldn't be Microsoft they go after but the OEMs to force them to allow users to install their own keys or at least turn off the signature validation.

(comment deleted)
I thought the same thing (about 2000 & NT) but then it occurred to me that those versions were (I believe) considered part of the business-oriented (rather than consumer-oriented) NT line, so maybe the list above is reasonable.
(comment deleted)
If Microsoft is pressuring OEMs to block Linux and other operating systems, then Microsoft gets the axe. Microsoft's case with IE hasn't really made them favorable to the EU.
You are missing 95B, 98SE, NT, and 2000.

Also, Vista wasn't crap. Microsoft lowered the system requirements to appease intel and their OEMs. So no surprise it runs like crap on a 4 year old laptop. 2 years later when 7 came out everyone had 2 year newer laptops 7 looks great.

Vista itself may not have been crap, but the whole Vista experience certainly was. In addition to the artificially lowered requirements, drivers were a huge problem. Because they changed the driver model, drivers frequently weren't available (at least at first) and when they were available they were frequently buggy. That may not directly be Microsoft's fault, but if your Vista is blue screening, you don't really care who's fault it is.

You can see the same with with corporate IT departments: many of them decided not to upgrade to Vista. Why bother when Vista has marginal improvements with lots of bugs? Instead they stuck with the rock solid XP and waited until Microsoft (and the vendors) fixed things (Win7).

I expect corporate IT will view Windows 8 the same way: Metro is a big headache they'll want to avoid. They aren't going to be deploying Metro apps (at least not at first) and they'd probably disable Metro to avoid confusing users. If Microsoft is hoping to make Win8 the corporate standard, they'll have to do it via tablets. Presumably if everyone is using Win8 tablets, they'll eventually want Win8 on their desktop/laptop. Otherwise, I'd expect many IT departs to skip 8 and wait for 9.

Down voting :D Yay

I still stand by my list.

98SE is missing, but I don't really count a second edition of one operating system to be a new operating system, though that might also go for ME.

Windows 2000 and NT4 are not here, because they are enterprise software (anyone here tried playing games on Windows 2000, most of the games I tried in my childhood did not even install on 2000).

I have also left out Windows CE. Which is utter crap. HP even put a dedicated reset button on the front of their devices running CE 2.x because it was used so often. It became very popular though and is still used in many gps units. Mind you though, Windows Phone was based on CE until version 7. They were popular with the enterprise because of exchange sync and the general support in windows. Everyone else used blackberries and palms and now of course iphones and androids.

I have also left out Windows Server editions. Though these have mostly been rather good because you didn't need a college graduate to install and configure them, though many were just as slow and buggy as their client counterparts.

To be fair, 3.0, 3.1 and WfW 3.11 were fine. 1.x and 2.x were horrible.
Something I didn't get from the articles is can Windows 8 work on non UEFI systems? What if I buy a machine today and wanted (probably won't but hypothetical here) to run Windows 8 on it is that still possible? Because then pirated copies will just use that to get around the requirement.

Also, if this pans out, I hope the EU and potentially the US antitrust authorities look into it.

Yes. They do plan backwards support - as annoying as the Secure Boot thing is, I can't imagine the outcry if MSFT said "our new OS only runs on brand new machines."
I have the Windows 8 developer preview running on an old laptop with no UEFI. Also Microsoft has said again and again that every computer that can run Windows 7 will be able to run Windows 8.
1.) It's not about piracy, it's about attack surface.

2.) What are the antitrust issues? They're doing this to help preserve the security and integrity, very similar to what Apple does with iOS devices, and almost every single Android vendor does with its devices.

Edit: The downvoters have spoken. But why is Microsoft being singled out when every other platform does, or is looking to do the same exact thing? Android, iOS, and soon likely Mac OS X.

1. The predictable outcome has not to be the same as the stated goals.

2. The antitrust issue is that every OEM that wants to distribute Windows could be forced to ship computers that prevents other systems to work. This could be seen as Microsoft abusing his dominant position to block competitors.

So does the same line of reasoning in #2 apply to Apple iOS and Android devices? Why aren't people in an uproar about that? (I take that back, they are in an uproar in the Android world).

If you've hung out at a WWDC in the past couple years, it's apparent Apple is looking into the same such security scheme(s) for Mac OS X.

OEMs ship these computers as Windows computers. OEMs generally don't support alternative OSes on their hardware, because there hasn't been enough demand to make it worthwhile.

Linux on the desktop isn't even on Microsoft's radar. That war was lost by Linux (although ironically, they may win or at least fair very well in the "post-pc" era).

I'm still confused as to why Linux diehards don't just create their own (ARM-based?) desktop platform where nothing is locked down or closed source.

> the same line of reasoning in #2 apply to Apple iOS and Android devices?

They are not PCs and are not sold under the expectation they are able to run something other than what was built in. What Microsoft is trying to do is to force OEMs into creating Windows-only PCs.

There's no expectation that PCs will run anything other than Windows for the vast, vast majority of consumers, either.
> So does the same line of reasoning in #2 apply to Apple iOS and Android devices? Why aren't people in an uproar about that? (I take that back, they are in an uproar in the Android world).

This line of reasoning doesn't apply to iOS/Android because there is more than one major player. On the other hand it's basically impossible to go into a retail chain and walk out with a PC that runs something other than Microsoft Windows (unless you're buying a Mac, but they are still only a small portion of the consumer PC market).

I think it's a worrying trend, ever since Apple's iOS.

It's a pity that so many developers that are accustomed to use open-source tools will choose shinny over liberty to tinker, because after all -- it's the third-party developers that make or break a platform.

Basically Trusted Computing is sneaking in, because Apple-stuff is the developer-equivalent for the dancing kitty that begs clicking.

IMHO, people saying that trusted computing is a good thing are in fact idiots that haven't thought this through; since crackers will always crack, virus writers will always find back doors, and the only ones getting hurt will be legitimate customers (exactly as DRM).

And in case you think iOS is secure, you probably haven't seen JailbreakMe in action. At least with Windows XP you are aware that it isn't secure.

> Microsoft being singled out when every other platform does

Because PCs have been general-purpose machines up to now and Microsoft is trying to turn them into Windows machines. You still can install Linux on a Mac and I don't think the future will bring a OSX-only Mac.

And you'll still be able to install Linux on a UEFI PC. So what's the difference here? The Secure Boot feature is a UEFI feature, not a Microsoft-specific feature.
If I understood it right, the requirements are for OEM, that is hardware manufacturers that bundle Windows for a reduced license price. So it will apply to branded computers.

You can still make a computer from parts, but it's a problem for laptops. Also it may set the stage for further restrictions in Windows 9.

To me this resembles how network locked mobile phones work in some ways. In the end we will end up with unlocked hacks, or legit ways to unlock an OEM machine either after some time has passed or to allow certain non-MS products.
This is all for Windows Logo certification... you'll be able to build your own PC like always.
They reference mobile devices that do the same thing...but I can't think of many mobile devices that have been able to do this successfully, they all get hacked eventually. I mean, come on, if you put this up there, people are just going to see it as a challenge and hack it. Every time an OS comes out, they always boast about its new-fangled security features, and every time, within 24 hours of its release, someone in China or Russia has hacked it. There has to be a better way around this.
> Microsoft is requiring (PowerPoint) that OEMs ship client systems with the secure boot enabled to get the Windows 8 logo.

Okay, so by default this is on. Am I missing something or is there a big reason why you couldn't just Hit [DEL] when booting and change this to [disabled]? After all, major mainboard manufacturers currently make it rather easy to overclock your system (even unlocking disabled cores), which I can't imagine making Intel or AMD very happy.

Yes, some Dell/HP computers might be truly locked, which would make this Winmodem 2.0 on a bigger scale. But as long as you can build your own, most Linuxers and Hackintosh builders should be okay. Well, at least for desktops. If e.g. all Dell laptops would be permanently locked…

But right now this is a lot of coulds and mights over a potential feature. I'm still saying FUD.

Probably because that would defeat the point so disabling it from BIOS may not be an available option.
It would still be on for most users, so unless malware can affect BIOS options, you'd have complete protection against that.

I'm not certain about the implementation details, but I assume that the OS can somehow figure out if it's booting in safe mode. And I guess Windows 8 just won't boot if you disable it in the BIOS. This would be a bit annoying if you dual-boot and switch frequently, but no big deal. Nobody would loose anything, unless we assume that keeping other OSs from the system is what it's all about.

If it's a hard lock-out, we'll get cracked BIOS images pretty soon. Maybe even from the manufacturers ("Not supported, you loose Windows 8 logo compatibility" etc.)… Never mind that it won't be long until the first crack for this protection scheme is out, disabling it in windows – just like every other annoying activation / security thing MS came up with.

Again, assuming that this it will really be this restrictive and mandatory.