Microsoft may lock out other OSes with Windows 10

23 Mar 2015 | Author: | No comments yet »

Microsoft may lock out other OSes with Windows 10.

If you’ve a fondness for installing old versions of Windows and alternatives like Linux on your desktops and laptops, be warned: It looks likely that some Windows 10 machines will be made to run Windows 10 and nothing else. Microsoft has announced a relaxation of its “Secure Boot” guidelines for OEMs, allowing companies to sell computers pre-loaded with Windows 10 that will refuse to boot any non-Microsoft OS. OEMs will have the option to make it impossible to install other operating systems, according to slides shown off by Microsoft at a conference in China.

This UEFI Secure Boot protected against malware that would interfere with the boot process that would inject itself into the operating system at a low level. The feature we’re concerned with is called Secure Boot, and it’s designed to protect you: The installed OS becomes locked to the hardware itself, and if any other OS attempts to interfere (like a low-level malware app for example) then the system simply won’t start up. Like many security measures, the devil is in the details: if you get to tell your computer which OSes you trust, this is a powerful defense against malware.

When Secure Boot was enabled, the core components used to boot the machine must have correct cryptographic signatures, and the UEFI firmware would verify this before it would let the machine start. For those who do not know, Secure Boot is actually a tool installed for increased protection on Unified Extensible Firmware Interface (UEFI) based computers. Microsoft acquiesced to consumers, and mandated their manufacturing partners add a way for users to turn Secure Boot off on their Windows 8 PC hardware. In other words, some laptop and desktop manufacturers may decide to configure their goods so that you can’t slap Windows 7 or Ubuntu on your machine, and that’s got users a little concerned. If, for example, they capitulate to state requests to install back doors (as Microsoft did with Skype), you can’t protect yourself by finding a vendor with more integrity.

The UEFI is a good security feature, but would create complications for alternative operating systems: if, you prefer compiling your own operating system, your boot files won’t include a signature that Secure Boot will recognize and authorize, and so you won’t be able to boot your PC. As yet though we don’t know for sure — it’s possible that Microsoft will change its mind between now and the summer and use the same approach to Secure Boot as it did with Windows 8.

Of course you could always put together your own PC from scratch, but if you had plans to set up a customized dual-boot system using a pre-built computer, then this is something to watch out for. We should know one way or the other when Windows 10 finally sees the light of day in a few months, complete with its revamped Start menu and biometric login support. China isn’t the only state anxious to backdoor its national IT infrastructure: UK Prime Minister David Cameron has vowed to backdoor all crypto used in the UK if he’s re-elected. It’s also likely that PC manufacturers partnered with Microsoft and Valve will charge a high premium for such a product, if they have the leverage to make them. It’s an instance of Doctorow’s first law: “any time someone puts a lock on something that belongs to you, and won’t give you the key, that lock isn’t for your benefit.” It’s a predictable and dismal salvo in the war on general purpose computers.

These may be high level options only advanced PC gamers would play with, but it still represents a narrowing of options for consumers, and what seems to be a shot fired at Valve and their Steam Machines. If Microsoft gets its way, OEMs building machines will offer no easy way to boot self-built operating systems, or any operating system that doesn’t have appropriate digital signatures.

This may not cut out Linux entirely since there have been some collaborations to provide Linux boot software with the “right” set of signatures, and these should continue to work—but it will make it a lot more complicated than before. Now it doesn’t completely lock Linux out (there have been attempts to get the appropriate certificates for Linux), but it does make it harder since all certificates and all OEMs won’t be on board with this. Being the Managing Editor of TechFrag, Sarmad splits his time between keeping up with latest news, technology, gaming and other awesome things like unearthing the merits of staying up at night and Californication! The precise final specs are not available yet, so all this is somewhat subject to change, but right now, Microsoft says that the switch to allow Secure Boot to be turned off is now optional.

Here you can write a commentary on the recording "Microsoft may lock out other OSes with Windows 10".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site