Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Microsoft Privacy Security Software Windows

Microsoft Releases Standards For Highly Secure Windows 10 Devices (bleepingcomputer.com) 173

An anonymous reader writes from a report via BleepingComputer: Yesterday, Microsoft released new standards that consumers should follow in order to have a highly secure Windows 10 device. These standards include the type of hardware that should be included with Windows 10 systems and the minimum firmware features. The hardware standards are broken up into 6 categories, which are minimum specs for processor generation, processor architecture, virtualization, trusted platform modules (TPM), platform boot verification, and RAM. Similarly, firmware features should support at least UEFI 2.4 or later, Secure Boot, Secure MOR 2 or later, and support the Windows UEFI Firmware Capsule Update specification.
This discussion has been archived. No new comments can be posted.

Microsoft Releases Standards For Highly Secure Windows 10 Devices

Comments Filter:
  • by iamacat ( 583406 ) on Monday November 06, 2017 @09:08PM (#55503523)

    Like "President Trump". Or "First Post"

    • "Secure" for who . . . ? One of the NSA's jobs is to make sure that any devices used by US government employees are "secure". Gee, if Microsoft wants to sell millions of licenses to the US government . . . guess who gets to show up a Microsoft, to build in the backdoors . . . ?

      Yeah, the Microsoft executives and lawyers could squeal a bit . . . but with those National Security Letters . . . those Microsoft folks prefer the Cayman Islands as opposed to Guantanamo.

      • I'd be more concerned about boot signing being locked down, first and foremost. I personally like the Google Nexus/Pixel approach where you're given a big warning that you're bootloader is unlocked. This allows tinkerers to play around, while at the same time making people who don't need/want for it unlocked (for tighter security) aware of it.

        Even better, it allows security researchers to do a low level audit for NSA backdoors (give it the ol' blue pill.)

        • Agreed here. The Google "fastboot oem unlock" approach has worked extremely well for years. With that, I'd like to see an easy way to "sanitize" a machine, where I can do a "fastboot oem lock", install a signed OS, and have all factory security items intact.

          Secure UEFI has its benefits. It stops attacks like NotPetya cold, for example.

          • Being able to add your own signing keys would be good, but there should be a separate message to the effect that the custom user code has been validated, but to exercise caution if you didn't load said code. Otherwise it would be pretty trivial to blue-pill the user.

      • "Secure" in the sense that only Microsoft or the US Government (or China or Russia) can see what you're doing.

        It's sad. In 1789, the Founding Fathers went to great lengths to make sure the government could not do these things without a warrant. Yet here we are.

        And even if they get a warrant, China and Russia won't, and their citizens will get the joy of living the 1984 dream of not just imagining, but having a boot stamping on their face...forever. All so our prosecutors can get a few more (and we mean

      • by gtall ( 79522 )

        " One of the NSA's jobs is to make sure that any devices used by US government employees are "secure"."

        No, it isn't. NSA is strictly comms interception and analysis with a bit of certification for DoD devices. But they are getting out of the latter fast as the COTS world is moving a lot faster than can NSA.

    • Look, no matter how you hate the thing, the only way to properly secure Windows 10 is to include systemd in it

    • The old "orange book" standards defind four letter grades, just like in school. A was excellent, B was good, C was a comfortable pass and D was a bare pass. Windows struggled to make C with networking turned off.

      The standards have been replaced with easier ones, and this bundle of hardware might make D...

      • by Gr8Apes ( 679165 )

        Despite your insightful post, I just came here to post:

        ROFLMAO

        BTW, as an aside, I did setup a supposed Orange Book C test system. With Windows NT 4.0. It was largely unusable. Windows NT 4.0 reached C2 certification in Dec, 2000. Note that Win 2K had already been released as had the first betas of XP. AFAIK those were never certified.

    • Re: (Score:2, Insightful)

      Like "President Trump". Or "First Post"

      I think you got First Post. :)

      Secure Windows is a contradiction in terms, like "Hurricane-Proof House of Cards".

      You will never, never, never see a self-driving car with a Windows operating system doing the driving. Because Windows is crap.

      If you use Microsoft garbage, you're either stuck by spec or an idiot. If you spec Microsoft garbage, you're not worth the electricity it took your monitor to display this reality of your uselessness to you.

      There is no excuse for your computer to be less reliable than the

      • Seems to run Azure just fine.

        • Seems to run Azure just fine.

          Running Azure is the first sign that your computer is sick. Using Azure is the first sign that the sysop is sick. And not in the "good" way hipsters currently misuse the word.

      • by Anonymous Coward on Tuesday November 07, 2017 @01:02AM (#55504359)

        This is not about security: this is about locking down the system to a vendor. It's right there in TFS:

        ...trusted platform modules (TPM), platform boot verification... UEFI 2.4 or later, Secure Boot, Secure MOR 2 or later, and support the Windows UEFI Firmware Capsule Update specification.

        Words like "trusted", "secure" etc in computer salesdroid-speak are like "people's" and "democratic" when they get shoe-horned into a country's name - they're a warning sign, a veneer to hide a darker truth.

        • by TheRaven64 ( 641858 ) on Tuesday November 07, 2017 @04:35AM (#55504679) Journal

          Words like "trusted", "secure" etc in computer salesdroid-speak are like "people's" and "democratic" when they get shoe-horned into a country's name - they're a warning sign, a veneer to hide a darker truth.

          Trusted, as a technical term, means exactly what you'd expect from its use as a non-technical term: it is a thing which is expected to be correct and which can compromise (at least part of) the system if not. It is not the same as trustworthy. For example, the trusted computing base is the set of all things (microcode, bootloader, firmware, kernel, privileged daemons) that must be correct for the system to be secure. A system that uses a formally verified microkernel to provide isolation has a component that is both trusted and trustworthy.

          Secure in this context also means what you'd expect. A system supporting secure boot can only boot an OS (or, at least, a second-stage bootloader) that is signed by a trusted party. There's nothing stopping such a system from allowing you to provide your own public keys, and many do, but if malware corrupts your on-disk kernel image then the system will refuse to boot unless you've also installed the malware vendor's key.

          There's always a tension between user freedom and security, which goes right back to Stallman complaining about users on shared systems not being given the root password: was it better to allow users of the system to fix issues even at the expense of making all of their files wide open to every other user of the system? In the MIT AI lab, it was probably fine for everyone to have the root password, but it's not fine for everyone on the Internet to have my root password.

          • by gtall ( 79522 )

            Some pacemakers run Linux. I wonder if Stallman had one of these, he'd be happy to advertise the root password.

            • by stooo ( 2202012 )

              If it has no network and no physical access, you can divulge the root password as much as you like.
              Hint : pacemakers running Linux have no network and no physical access

      • by AmiMoJo ( 196126 )

        There is no excuse for your computer to be less reliable than the outlet it gets its power from.

        There is: Applications.

        If your staff need to run QuickBooks or Visual Studio or the quality of LibreOffice's .docx output isn't good enough for them, just telling them "sorry, Windows is crap" probably won't fly. So there are a lot of people who are interested in securing Windows as much as possible.

        The big issue that no-one seems to have mentioned yet is updates. Telemetry is one thing, but for IT people the forced, random updates that can't be adequately controlled are a massive security problem and suppo

    • Do these standards say anything about turning off all the telemetry?
    • Well, you've got at least 2 out of the 3.
    • by stooo ( 2202012 )

      Yeah.
      Windows.
      Secure.
      Windows.
      Nope.
      There are only two ways to do that:
      1. Air Gap. No That doesn't work. Try vacuum gap.
      2. Hammer. If It ain't broken, you didn't hit hard enough. If it's broken into small enough pieces, then it's secure.

  • Telemetry (Score:1, Insightful)

    by Anonymous Coward

    Which of these new standards turns off Telemetry? Without that, Windows 10 can never be secure. Bet everything you do on "your" computer is on a server somewhere. Maybe you are a straight arrow. Best hope the laws don't change against you some day. Believe the 3 letter agencies have their arms elbow deep in some MS pussy.

    • Which of these new standards turns off Telemetry? Without that, Windows 10 can never be secure.

      You appear to not understand. They are talking about secure from the user. Is it simple to replace the OS, or is Windows secure?

    • by jez9999 ( 618189 )

      Exactly. And forced reboots. Personally I think forced reboots is a security hole. It means I can lose my data without warning, something that used to be considered a bug in an operating system.

  • by Anonymous Coward

    These will have all telemetry and Cortana disabled or not installed at all? I'd guess it also requires a site license with yearly renewal and not available for individuals?

    • by Z00L00K ( 682162 )

      If those parts don't exist in the secure system then there's a possibility to figure out how to disable them in your personal system.

  • Missing... (Score:4, Insightful)

    by msauve ( 701917 ) on Monday November 06, 2017 @09:18PM (#55503579)
    Mysteriously (!?) missing are what IPs/DNS to block to keep MS from collecting info on you.
  • Does it strip telemetry off tho?

  • by PhantomHarlock ( 189617 ) on Monday November 06, 2017 @09:28PM (#55503631)

    The chances of it coming with a version of windows that doesn't send any data back home to mama is pretty much nil.

    It should be able to download security patches without sending any identifying information, tell you when it wants to do it, and be highly selective about what it does download from windows update servers.

    • Re:Sure, but... (Score:4, Interesting)

      by rtb61 ( 674572 ) on Monday November 06, 2017 @09:39PM (#55503679) Homepage

      The PR=B$ messaging secure for you, the corporate reality, secure from you. M$ securing your PC from you, compulsory software installs even firm ware upgrades, that cannot be refused. Each and every log in to the server that controls your PC capable of altering all configurations to what ever M$ corporate demands and that includes, deleting files off your computer or even bricking you computer. M$ securing your computer from you and they mean it, fuck you, you install Windows, they own your computer and your digital life, learn to pay rent fuckers or else.

    • by hughankers ( 1889658 ) on Tuesday November 07, 2017 @12:53AM (#55504335)

      The chances of it coming with a version of windows that doesn't send any data back home to mama is pretty much nil.

      It should be able to download security patches without sending any identifying information, tell you when it wants to do it, and be highly selective about what it does download from windows update servers.

      But if my system isn't sending back any data, how will Microsoft know when to phone me and tell me when they've found viruses on my computer?

      It's so helpful when that nice foreign sounding gentleman calls me to help me get everything fixed up..... which reminds me.. I hope he rings again soon, after the last time, I don't seem to be able to log into my email or Bitcoin wallet :/

  • by Anonymous Coward

    I'll take oxymorons for 500, Alex.

  • Did anyone RTFA? (Score:3, Insightful)

    by subanark ( 937286 ) on Monday November 06, 2017 @09:40PM (#55503681)

    Every post I see so far is the generic: see Windows in the title, bash Windows in comments. I mean I'm not sure anyone even read the summary, as all the comments could be made about any article about Windows. And this article doesn't have a lot to do about Windows, its mostly about secure hardware.

    Yes, yes I know most of you hate Windows, if not Microsoft as a whole, but is it necessary to remind people of this every article?

    • Yes, yes I know most of you hate Windows, if not Microsoft as a whole, but is it necessary to remind people of this every article?

      I think that independent of hating/not hating MS/Windows, there is some real irony here that is worth recognizing. When MS publishes a detailed and quite serious specification about how to secure your computer, but ensures that, unless you take special steps, some of them highly technical (like blocking phone-home IP addresses at your router), they themselves have unfettered access to your computer.

    • Every post I see so far is the generic: see Windows in the title, bash Windows in comments. I mean I'm not sure anyone even read the summary, as all the comments could be made about any article about Windows. And this article doesn't have a lot to do about Windows, its mostly about secure hardware.

      Yes, yes I know most of you hate Windows, if not Microsoft as a whole, but is it necessary to remind people of this every article?

      Yes. The list given is to keep Windows from being hacked, the TPM chip rams it home.
      I have an empty TPM socket.

      For a secure windows I wait for the governments release of what to disable for secure areas, Last I've seen was for XP.

      • The list given is to keep Windows from being hacked, the TPM chip rams it home.

        Hacked as in using Windows for free.

    • by nyet ( 19118 )

      Since when has "secure hardware" meant anything except "make sure nobody can install anything but windows"?

    • by jezwel ( 2451108 )
      The article content is fine, the irony is the title of it - "Highly Secure Windows 10 Devices".

      As we all (should) know, security is only as good as the weakest link - and having a telemetry ridden Windows 10 OS on a device means the security of the hardware itself is essentially irrelevant.

    • Re:Did anyone RTFA? (Score:5, Interesting)

      by WaffleMonster ( 969671 ) on Tuesday November 07, 2017 @01:55AM (#55504425)

      Every post I see so far is the generic: see Windows in the title, bash Windows in comments.

      Fair enough.

      The processor architecture requirement is to have a 64-bit processor so that Windows can take advantage of VBS, or Virtualization-based security, which uses the Windows hypervisor.

      The idea of using hypervisors rather than operating systems for isolation is both sad and absolutely necessary. What should happen is the operating system should provide these services in a tractably verifiably secure manner. Since that seems to be practically impossible at the moment the hypervisor is the only game in town.

      Highly secured Windows 10 devices should support Intel VT-d, AMD-Vi, or ARM64 SMMUs in order to take advantage of Input-Output Memory Management Unit (IOMMU) device virtualization

      Not a chance in hell so long as Intel AMT exists. While I agree MMUs are necessary for security they are currently a massive enabler of insecurity.

      Another recommended component is a Trusted Platform Module, or TPM â" a hardware module that is either integrated into a computer chipset or can be purchased as a separate module for supported motherboards that handles the secure generation of cryptographic keys, their storage, a secure random number generator, and hardware authentication.

      I don't like TPM because if it breaks everything it protects is gone and I neither need nor want my systems to be secured against physical access in a way that can't stand alone. (e.g. passphrase)

      In addition, Microsoft recommends platform boot verification, which is a feature that prevents the computer from loading a firmware that was not designed by the system manufacturer. This prevents attackers from uploading a malicious or compromised firmware to the computer.

      I have always hated the idea of using complex cryptography guarded by keys that are bound to be compromised with global repercussions. It's a massive house of cards that seems more and more likely to fail as the profit motive for it's compromise increases.

      There is a much easier way to protect operating systems from persistent threats.

      1. Forbid all hardware from physically possessing any means of self-contained persistent field upgradability. All necessary firmware updates must be loaded during or after boot and they must not survive a reboot.

      2. Provide an option for protected storage area the operating system boots from and is then hardware fused to read only prior to becoming available to the end user until next reboot when the process repeats.

      This has the following advantages over secure boot.

      1. Easier to implement.

      2. Future proof, no worries about protecting crypto from unforeseeable threats.

      3. Offers maximal flexibility since the OS gets to decide when to blow the fuse it can trade safety for convenience per OS preferences and whims of the end user as allowed by OS.

      4. This is more secure because it does not depend on thousands of companies guarding secrets (encryption keys) that have a history of being stolen and prove difficult to practically recall. Also secure boot requires that all signed drivers that can be loaded remain secure against compromise... The attack surface is simply too big to practically address.

      5. System can not be misused to deny owners of computing hardware access to load their own systems. Users always retain full control over what operating systems get loaded into the protected area.

      • by AmiMoJo ( 196126 )

        I don't like TPM because if it breaks everything it protects is gone and I neither need nor want my systems to be secured against physical access in a way that can't stand alone. (e.g. passphrase)

        You are doing it wrong then. The way Windows uses the TPM allows for recovery, for example.

        The TPM stores the encryption key and is able to verify that the OS is unmolested before accepting a key (typically a hash) to release the encryption key. To protect against TPM loss Windows will prompt you to make a backup of the encryption key somewhere. It might be kept by the IT department, or you might print it out and lock it away.

      • Not a chance in hell so long as Intel AMT exists.

        It's never going away. Disable it if you're so inclined, as it is not necessary for the other items.

        I don't like TPM because if it breaks everything it protects is gone and I neither need nor want my systems to be secured against physical access in a way that can't stand alone. (e.g. passphrase)

        TPM-protected disks will have a recovery key generated by default. For home users, this key is saved to a text file and is intended to be stored offline. For enterprise users, the recovery key is pushed into either Active Directory or the MBAM database.

        You can add and remove key protectors with Bitlocker after enabling it, so you have a choice of: password, Smart Card, recovery keys, or a recovery certificate

  • "Highly", "secure", "windows". I've heard those words before but never in the same sentence.
    • "Highly", "secure", "windows". I've heard those words before but never in the same sentence.

      Just think "Democratic People's Republic of Korea".

    • "Highly", "secure", "windows". I've heard those words before but never in the same sentence.

      I have, when discussing windows on the 80th floor that don't open -- these are highly secure windows.

  • Unplug the power cable from the device.

    If the system has a battery let it run out of power.

    Voila! Your Windows system is now secure.

    If you want something with more security while being able to actually use the computer then I would suggest installing an operating system with a Linux or BSD base.

  • HaahAHAHahhahahaha hAHAHahahaHhaHAhahahaaaaa haaa haaaa.... haaaaaaaaaa.haahahahahaa. Good one Microsoft.
  • Under no circumstance QA anything in secure Windows 10.
  • by jbn-o ( 555068 ) <mail@digitalcitizen.info> on Monday November 06, 2017 @11:46PM (#55504131) Homepage

    Only free software (software the user is free to run, inspect, share, and modify) can be assessed for security, fixed or improved, shared (even commercially), and run at any time for any reason. Without software freedom you're not being treated ethically and you deserve full control over your computers.

    Nonfree software is never trustworthy, no matter how long you've run it, how much you're used to its interface, or how much you feel like you can trust it. You have no idea what nonfree software is doing when it runs, you have no permission to alter it, share it, or inspect it no matter how technical and willing you are to do these things. You might not even have permission to run it anytime you want for any reason.

    So there is no way to secure Windows 10 so long as Windows 10 is nonfree software. The same applies to any other nonfree software too. No amount of public relations changes how computers and software work.

    • by Anonymous Coward

      Only free software (software the user is free to run, inspect, share, and modify) can be assessed for security, fixed or improved, shared (even commercially), and run at any time for any reason. Without software freedom you're not being treated ethically and you deserve full control over your computers.

      I mostly agree, but I take issue with a few specific details here, and I find those details important.

      To assess security, the user does not need to be able to run, inspect, share, and modify, at least not in the free software foundation sense.

      Someone can give me a commercial service with a client application I can inspect and run, but not distribute modifications of, or use modified versions of it. Such an application can have its security assessed accurately. An example of such a service is Tarsnap.

      Freedom

    • I understand what you're saying, but I only partly agree. I realise the term 'secure' means 'secure from hackers, the government and the system vendor' to most of us, and Microsoft is doing some redefinition here because they're really only saying it's secure from the user and common-or-garden hackers.

      However, if you are the US government, then Microsoft does quite a nice job for you here - it's not going to work for classified material particularly, but for the thousands of minions that work in government,

    • Step 1: Delete System32
      Step 2: Reboot
      Step 3: ????
      Step 4: 100% Secured Windows!
    • by luis_a_espinal ( 1810296 ) on Tuesday November 07, 2017 @06:05AM (#55504839)

      Only free software (software the user is free to run, inspect, share, and modify) can be assessed for security, fixed or improved, shared (even commercially), and run at any time for any reason. Without software freedom you're not being treated ethically and you deserve full control over your computers.

      Nonfree software is never trustworthy, no matter how long you've run it, how much you're used to its interface, or how much you feel like you can trust it. You have no idea what nonfree software is doing when it runs, you have no permission to alter it, share it, or inspect it no matter how technical and willing you are to do these things. You might not even have permission to run it anytime you want for any reason.

      So there is no way to secure Windows 10 so long as Windows 10 is nonfree software. The same applies to any other nonfree software too. No amount of public relations changes how computers and software work.

      There are so many counter examples to this claim, but why bother. A cult is a cult. All Hail the True Scotsman.

    • Nonfree software is never trustworthy

      Ooooh so close. You made it through the entire paragraph before collapsing with your logical fallacy right in the following sentence.

      You don't seem to understand the word "trust". You don't "trust" free (by that I assume you mean open source) software. By its nature if you trusted it you won't be wanting to see the source.

      Ultimately what you're saying is that nothing is for you trust worthy, especially not the free software you are so happy to be able to audit.

  • by nyet ( 19118 )

    How does any of that help you if you are running easily exploited bad code from MS?

  • The idea of security standards when Windows is loaded to the hilt with malware is hilarious. Like leaving the vault door open 24x7x365 and bragging about the security features of your high tech safe.

  • Anything that could interfere with telemetry...

  • I somehow doubt that they mean that the system can keep your data secure. It seems more that their definition means that whatever content you might sell to the "owner" (I'll use the term loosely here) of the device is safe from him actually owning it.

  • If a computer is connected to anything you don't control (including people) then it isn't secure.

    An internet connection should be an automatic fail in any security audit.

  • by Gonoff ( 88518 )

    I do not want a "trusted platform mobile" in anything that puports to be secure. It is widely known as a back door for US spooks. This immediately makes the whole system hyper insecure.

  • The best way of securing a Windows 10 device is not to switch it on.
  • 'Windows' and 'secure' don't belong in the same sentence, regardless of what version it is -- especially when you're discussing Windows 10, which spies on you and removes your ability to truly be in control of your own hardware.
  • I am not confident that Microsoft is capable of creating secure software. I am not even sure they could release a secure, bug-free version of âoeHello, world!â

You are in a maze of little twisting passages, all different.

Working...