EU had already previously responded to this and I believe this complaint by a "8000-strong" body is not going to change it.
>The Commission is aware of the Microsoft Windows 8 security requirements. According to these requirements, in order to conform to the Windows 8 certification program, computer manufacturers (‘OEMs’) have to use Unified Extensible Firmware Interface (‘UEFI’) secure boot.
>The Commission has at its disposal various legal instruments to ensure that competition is preserved in the markets. The basic provisions are contained in the Treaty on the Functioning of the European Union (‘TFEU’) in Article 101 and 102 TFEU.
>Whether there is a violation of EU competition rules depends however on a range of factual, legal and economic considerations. The Commission is currently not in possession of evidence suggesting that the Windows 8 security requirements would result in practices in violation of EU competition rules as laid down in Articles 101 and 102 TFEU. In particular, on the basis of the information currently available to the Commission it appears that the OEMs can decide to give the end users the option to disable the UEFI secure boot.
>The Commission will however continue to monitor the market developments so as to ensure that competition and a level playing field are preserved amongst all market players.
Besides the previous comment from the EU, there's an article written by Matthew Garrett (developer of the Secure Boot solution at The Linux Foundation) that explains also the big difference between Secure Boot and Restricted Boot.
>In its 14-page complaint, Hispalinux said Windows 8 contained an "obstruction mechanism" called UEFI Secure Boot that controls the start-up of the computer and means users must seek keys from Microsoft to install another operating system.
Windows 8 contains no such "obstruction mechanism". It will happily boot even if secure boot is not supported on that machine or if it's disabled. Maybe they're trying to get some free publicity with misleading hyperbole and FUD on this as the EU has already knocked down this kind of complaint before.
I get your point, but I think that it's not quite right. If you get a computer with Win 8 pre-installed, it won't boot if you turn off Secure Boot. However, I don't have a Win 8 machine on hand to confirm this.
Of course, if you have the install discs, you could then re-install it with Secure Boot disabled, but that's a significant extra step (and you can only do it if your OEM supplied you with the discs).
Can someone explain why bricking an infected computer is a good idea?
I might understand it if the boot sequence just gives a warning with information, suggestions and a "Don't warn me again" option, but from what I hear it just makes the machine unusable.
This is because the primary goal of most malware writers is not to make the machine unusable, but to hide the malware and use the machine to spam, DDoS, collect site and bank credentials etc.
Also, you can go and turn secure boot off to boot your infected machine, so it's not really bricked or unusable.
Windows 8 is meant to be used by people who don't know much about computers. Thus, the approach they take might not fit skilled users.
Ideally the novice user will take their machine to a clueful technician who will wipe the drives and reinstall the OS, and then offer to set up firewalls and anti virus software.
Unfortunately novice users often do not back up their data so wiping the drive is unpopular.
And there are many technicians who think that malware removal without wiping the drives is acceptable.
Wired is selectively quoting and interpreting. Linus is talking in generalities and unfortunately that means he's missing the specific, immediate problem that a lot of people are going to face.
Secure Boot in itself isn't necessarily a problem, and is a good thing in that it can actually increase security. However, if you don't have the ability to install your own certificate (or get a leaf cert), then it completely prevents you from installing your own OS. If a PC comes with only Microsoft's cert installed, then you can only install Microsoft software.
If the OS refuses to boot when you disable Secure Boot, then you can't dual boot the pre-installed OS, and it takes a lot of effort to get things working again. Plus, you lose Secure Boot for both OS's.
This is all a stupid mess which could have been solved by allowing users to install their own certificates - and I don't mean the Fedora solution of also having their cert installed and then handing Fedora a lot of money for a leaf.
>If the OS refuses to boot when you disable Secure Boot, then you can't dual boot the pre-installed OS, and it takes a lot of effort to get things working again.
What? Which OS refuses to boot when you disable Secure Boot?
>This is all a stupid mess which could have been solved by allowing users to install their own certificates
Exactly which UEFI Secure Boot does. Here's a guide.
> What? Which OS refuses to boot when you disable Secure Boot?
The one which was installed with secure boot enabled. My reading is the OS will prevent forward progress when it notices secure boot was bypassed when it expected it to be on. Never tried this myself - I'm likely misinformed.
> Exactly which UEFI Secure Boot does.
And apparently optional, and not something every machine implements, which was the subject of a LOT of stories a year back. Did this ever get resolved as being mandatory, and/or did all UEFI providers figure it was best practice in the end?
Apple is off in its own hardware and software ecosystem, so the potential for widespread harm is small. Microsoft has clout with the people who make the hardware most people use, so there's considerable potential for damage depending on how Microsoft's will is implemented.
Apple doesn't sell MacOS to be installed on computers not bought from them (in fact they deliberately make it hard for people to do that) so I don't see how this issue would affect them.
Microsoft's relations with the EU executive have been tense since 2004, when the EU found that the company had abused its market leader position by tying Windows Media Player to the Windows software package.
But Microsoft broke its 2009 pledge and was fined 561 million euros by the EU Commission on March 6 for failing to offer users a choice of web browser.
I'm no Microsoft fanboi, but, let's put it this way - I develop my own operating system, I develop my own browser, I develop my own media player. And I decide to bundle it/promote it along with an operating system I DESIGNED and DEVELOPED. What the fuck seems to be the problem with that?
I'm not limiting your ability in anyway - You can still install any other browser/media player you like and you can remove the ones I've provided too, just like any other..
Come on dudes, if I don't have the freedom to bundle MY software the way I like, then how is it fair? It's like saying I can't bundle a headphone for an Mp3 player I manufactured and the user should buy what he/she wants.
If I got something wrong here, please enlighten me..
Monopolists are held to different standards, on purpose, for a variety of reasons: http://en.wikipedia.org/wiki/Monopoly (in particular see the Law section)
This is indeed specifically a case in which it may be illegal for Microsoft to do something even as it is legal for Apple to do the same thing, because one is(/was) a monopoly and the other is not.
Well, you of course have the freedom to bundle your software however you want. But you're not a company with one of the most effective monopolies in the world history, with a history of abusing that dominant position, and trying to use the dominant position of one of their products to create a monopoly in another market. Is it unfair that you personally are treated different than Microsoft? Maybe, but laws aren't necessarily about fairness.
Competition laws exist for a reason. In the real world, there are points where regulation is needed to ensure a working market. Do you think it's "unfair" that companies in an oligopoly aren't allowed to form a price-fixing cartel. Is it unfair to forbid predatory pricing to drive out competitors? Or that companies might be forced to sell services to their competitors at regulated prices? That two companies with large market shares in a market with little competition might not be allowed to merge?
I guess to somebody all of that might be unfair. But I for one would not want to live in an unregulated corporate dystopia.
Hey - they were slapped down in the US and the EU for good reason. Every day I have to use an IE only intranet portal I am reminded of muppets who question why we should remember the judgement against M$.
Bundling stuff is an attempt to limit competition. Similar to making it difficult for others to manufacture things which work with your product (as non standard extenstions, parts etc.)
It's not a problem if it's easy to shop around but once you do it from dominant market position it becomes abuse.
Prime example is bundling cell phones with contracts in US. The world would be better place (well, at least for consumers) if that was banned.
If banning things leads to good outcomes it's one justification to make it a law. That's the way anti-monopoly laws came about.
Agree completely about bundling and the mobile phone industry. However, the point of IE was that it wasn't a standalone browser but a set of components that could be used by many other applications. For example, Microsoft Office didn't need to have its own HTML rendering engine, but could use the same rendering object as IE.
There is a massive difference between just bundling your additional software with your operating system and integrating (for no technical reason) your software with the operating system so that using an alternative is extremely difficult if not impossible (for the average user).
While I do believe that Microsoft should be able to include whatever it wants with Windows I want to be able to replace those parts with alternatives with zero friction.
Imagine if the US and the EU had not taken Microsoft up on this? We would still be using a god awful web browser which would have more than likely stalled the web from growing the way it has over the past decade and therefore not allowing a lot of the amazing web services we have today to exist. The same with media players. Look how crappy WMP is still compared to things like VLC. Or god forbid we would still have to buy things like CyberLink PowerDVD to play back DVDs because they are "allowed" by Microsoft to replace the built in media player for things.
Forcing Microsoft to split things up has done wonders for the IT world and while a lot of people see the huge fines as pointless they are very much not.
In the 90s Microsoft used its power to stall the growth of the web by several years. It was not until Firefox (and more recently Chrome) came along that Microsoft pulled its thumb from its ass and started to improve Internet Explorer much like it was not until Linux really got a hold in the server space in the early 2000s that Microsoft started to improve its server operating systems.
The same can be said for many parts of the IT world. Databases for example. Pressure from MySQL and PostgrSQL undoubtedly forced Microsoft to improve SQL Server (who remembers how god awful SQL 2000 was?). Even programming languages like Java and Python, etc. pushed Microsoft to make better languages (C#, F#) and platforms (.NET) and give away free tools (Visual Studio Express).
They had to as they had made the entry level to developing for the Windows platform (client and server) too expensive for individuals so they were going with the free tools as that was the only route someone could take if they wanted to get into development.
That is why we now have individual targeted tools for people to start with (the Express line as mentioned) so that Microsoft does not lose everyone to the free alternatives.
Pretty much the only product line that has survived the old Microsoft ways is the Office line because even with OpenOffice businesses couldn't make the jump for compatibility reasons (another awful thing about Microsoft).
Things are starting to change with things like Google Docs (mainly for small businesses) however I hope to see more competition in the next decade as with HTML5 it will be possible to provide a solid Office replacement as a web app.
The key for the enterprise in my opinion is the ability to offer this internally rather than an externally hosted solution like Google Docs though. Time will tell if I am right but I would bet that I am.
As an European linux user, I'm not happy about the government meddling in the hardware or software business, even if it is to my perceived benefit. Just stay out of it and let the customers decide.
That would be hard, if Microsoft makes arrangement for you not to be able to install anything that's not Windows on any laptop ever. Or even on any non-crappy laptop ever.
My comment from another thread posted earlier with the same news that happened to disappear from the front page[1]:
Alright this is getting ridiculous, we aren't living in the 90s anymore and we should be encouraging healthy competition. We now have better alternatives like Macbooks, Chromebooks etc. I can't buy into the reason that Microsoft issued secure boot only to undermine Linux. Infact, Microsoft requires all x86 Windows 8 machines to be able to turn off secure boot and/or add their own keys. This also applies for their own manufactured Surface x86 tablets.
I am really looking forward to something like secure boot. Why? Imagine using Truecrypt to encrypt your entire hard drive with 3 layers encryption, and only to defeated by a pesky 10kb keylogging bootloader malware. So unless someone has an alternative solution to this, I am sticking up for secure boot and the ability to add my own keys.
37 comments
[ 3.6 ms ] story [ 85.7 ms ] thread>The Commission is aware of the Microsoft Windows 8 security requirements. According to these requirements, in order to conform to the Windows 8 certification program, computer manufacturers (‘OEMs’) have to use Unified Extensible Firmware Interface (‘UEFI’) secure boot.
>The Commission has at its disposal various legal instruments to ensure that competition is preserved in the markets. The basic provisions are contained in the Treaty on the Functioning of the European Union (‘TFEU’) in Article 101 and 102 TFEU.
>Whether there is a violation of EU competition rules depends however on a range of factual, legal and economic considerations. The Commission is currently not in possession of evidence suggesting that the Windows 8 security requirements would result in practices in violation of EU competition rules as laid down in Articles 101 and 102 TFEU. In particular, on the basis of the information currently available to the Commission it appears that the OEMs can decide to give the end users the option to disable the UEFI secure boot.
>The Commission will however continue to monitor the market developments so as to ensure that competition and a level playing field are preserved amongst all market players.
From http://www.europarl.europa.eu/sides/getAllAnswers.do?referen...
http://mjg59.dreamwidth.org/23817.html
That complaint is not really reasonable and is going nowhere, I think.
Windows 8 contains no such "obstruction mechanism". It will happily boot even if secure boot is not supported on that machine or if it's disabled. Maybe they're trying to get some free publicity with misleading hyperbole and FUD on this as the EU has already knocked down this kind of complaint before.
Of course, if you have the install discs, you could then re-install it with Secure Boot disabled, but that's a significant extra step (and you can only do it if your OEM supplied you with the discs).
No, that's not true, it will continue to boot. There's just too much misleading information being spread.
I might understand it if the boot sequence just gives a warning with information, suggestions and a "Don't warn me again" option, but from what I hear it just makes the machine unusable.
Also, you can go and turn secure boot off to boot your infected machine, so it's not really bricked or unusable.
Ideally the novice user will take their machine to a clueful technician who will wipe the drives and reinstall the OS, and then offer to set up firewalls and anti virus software.
Unfortunately novice users often do not back up their data so wiping the drive is unpopular.
And there are many technicians who think that malware removal without wiping the drives is acceptable.
Or am I just remembering things wrong?
http://www.wired.com/wiredenterprise/2012/06/microsoft-windo...
Secure Boot in itself isn't necessarily a problem, and is a good thing in that it can actually increase security. However, if you don't have the ability to install your own certificate (or get a leaf cert), then it completely prevents you from installing your own OS. If a PC comes with only Microsoft's cert installed, then you can only install Microsoft software.
If the OS refuses to boot when you disable Secure Boot, then you can't dual boot the pre-installed OS, and it takes a lot of effort to get things working again. Plus, you lose Secure Boot for both OS's.
This is all a stupid mess which could have been solved by allowing users to install their own certificates - and I don't mean the Fedora solution of also having their cert installed and then handing Fedora a lot of money for a leaf.
What? Which OS refuses to boot when you disable Secure Boot?
>This is all a stupid mess which could have been solved by allowing users to install their own certificates
Exactly which UEFI Secure Boot does. Here's a guide.
http://blog.hansenpartnership.com/owning-your-windows-8-uefi...
The one which was installed with secure boot enabled. My reading is the OS will prevent forward progress when it notices secure boot was bypassed when it expected it to be on. Never tried this myself - I'm likely misinformed.
> Exactly which UEFI Secure Boot does.
And apparently optional, and not something every machine implements, which was the subject of a LOT of stories a year back. Did this ever get resolved as being mandatory, and/or did all UEFI providers figure it was best practice in the end?
https://lkml.org/lkml/2013/2/21/228
Why aren't people complaining about Samsung locking their phones? (both carrier locks and locking the root account)
Ok, maybe the best solution is to vote with your wallet. It worked for me :)
I'm not limiting your ability in anyway - You can still install any other browser/media player you like and you can remove the ones I've provided too, just like any other..
Come on dudes, if I don't have the freedom to bundle MY software the way I like, then how is it fair? It's like saying I can't bundle a headphone for an Mp3 player I manufactured and the user should buy what he/she wants.
If I got something wrong here, please enlighten me..
This is indeed specifically a case in which it may be illegal for Microsoft to do something even as it is legal for Apple to do the same thing, because one is(/was) a monopoly and the other is not.
Competition laws exist for a reason. In the real world, there are points where regulation is needed to ensure a working market. Do you think it's "unfair" that companies in an oligopoly aren't allowed to form a price-fixing cartel. Is it unfair to forbid predatory pricing to drive out competitors? Or that companies might be forced to sell services to their competitors at regulated prices? That two companies with large market shares in a market with little competition might not be allowed to merge?
I guess to somebody all of that might be unfair. But I for one would not want to live in an unregulated corporate dystopia.
While I do believe that Microsoft should be able to include whatever it wants with Windows I want to be able to replace those parts with alternatives with zero friction.
Imagine if the US and the EU had not taken Microsoft up on this? We would still be using a god awful web browser which would have more than likely stalled the web from growing the way it has over the past decade and therefore not allowing a lot of the amazing web services we have today to exist. The same with media players. Look how crappy WMP is still compared to things like VLC. Or god forbid we would still have to buy things like CyberLink PowerDVD to play back DVDs because they are "allowed" by Microsoft to replace the built in media player for things.
Forcing Microsoft to split things up has done wonders for the IT world and while a lot of people see the huge fines as pointless they are very much not.
In the 90s Microsoft used its power to stall the growth of the web by several years. It was not until Firefox (and more recently Chrome) came along that Microsoft pulled its thumb from its ass and started to improve Internet Explorer much like it was not until Linux really got a hold in the server space in the early 2000s that Microsoft started to improve its server operating systems.
The same can be said for many parts of the IT world. Databases for example. Pressure from MySQL and PostgrSQL undoubtedly forced Microsoft to improve SQL Server (who remembers how god awful SQL 2000 was?). Even programming languages like Java and Python, etc. pushed Microsoft to make better languages (C#, F#) and platforms (.NET) and give away free tools (Visual Studio Express).
They had to as they had made the entry level to developing for the Windows platform (client and server) too expensive for individuals so they were going with the free tools as that was the only route someone could take if they wanted to get into development.
That is why we now have individual targeted tools for people to start with (the Express line as mentioned) so that Microsoft does not lose everyone to the free alternatives.
Pretty much the only product line that has survived the old Microsoft ways is the Office line because even with OpenOffice businesses couldn't make the jump for compatibility reasons (another awful thing about Microsoft).
Things are starting to change with things like Google Docs (mainly for small businesses) however I hope to see more competition in the next decade as with HTML5 it will be possible to provide a solid Office replacement as a web app.
The key for the enterprise in my opinion is the ability to offer this internally rather than an externally hosted solution like Google Docs though. Time will tell if I am right but I would bet that I am.
Alright this is getting ridiculous, we aren't living in the 90s anymore and we should be encouraging healthy competition. We now have better alternatives like Macbooks, Chromebooks etc. I can't buy into the reason that Microsoft issued secure boot only to undermine Linux. Infact, Microsoft requires all x86 Windows 8 machines to be able to turn off secure boot and/or add their own keys. This also applies for their own manufactured Surface x86 tablets.
I am really looking forward to something like secure boot. Why? Imagine using Truecrypt to encrypt your entire hard drive with 3 layers encryption, and only to defeated by a pesky 10kb keylogging bootloader malware. So unless someone has an alternative solution to this, I am sticking up for secure boot and the ability to add my own keys.
[1] https://news.ycombinator.com/item?id=5446148