Microsoft Releases Standards For Highly Secure Windows 10 Devices (bleepingcomputer.com) 173
An anonymous reader writes from a report via BleepingComputer: Yesterday, Microsoft released new standards that consumers should follow in order to have a highly secure Windows 10 device. These standards include the type of hardware that should be included with Windows 10 systems and the minimum firmware features. The hardware standards are broken up into 6 categories, which are minimum specs for processor generation, processor architecture, virtualization, trusted platform modules (TPM), platform boot verification, and RAM. Similarly, firmware features should support at least UEFI 2.4 or later, Secure Boot, Secure MOR 2 or later, and support the Windows UEFI Firmware Capsule Update specification.
Secure Windows is a phrase that doesn't feel right (Score:3, Funny)
Like "President Trump". Or "First Post"
Re: (Score:2)
"Secure" for who . . . ? One of the NSA's jobs is to make sure that any devices used by US government employees are "secure". Gee, if Microsoft wants to sell millions of licenses to the US government . . . guess who gets to show up a Microsoft, to build in the backdoors . . . ?
Yeah, the Microsoft executives and lawyers could squeal a bit . . . but with those National Security Letters . . . those Microsoft folks prefer the Cayman Islands as opposed to Guantanamo.
Re: (Score:2)
I'd be more concerned about boot signing being locked down, first and foremost. I personally like the Google Nexus/Pixel approach where you're given a big warning that you're bootloader is unlocked. This allows tinkerers to play around, while at the same time making people who don't need/want for it unlocked (for tighter security) aware of it.
Even better, it allows security researchers to do a low level audit for NSA backdoors (give it the ol' blue pill.)
Re: (Score:2)
Agreed here. The Google "fastboot oem unlock" approach has worked extremely well for years. With that, I'd like to see an easy way to "sanitize" a machine, where I can do a "fastboot oem lock", install a signed OS, and have all factory security items intact.
Secure UEFI has its benefits. It stops attacks like NotPetya cold, for example.
Re: (Score:2)
Being able to add your own signing keys would be good, but there should be a separate message to the effect that the custom user code has been validated, but to exercise caution if you didn't load said code. Otherwise it would be pretty trivial to blue-pill the user.
Re: (Score:2)
"Secure" in the sense that only Microsoft or the US Government (or China or Russia) can see what you're doing.
It's sad. In 1789, the Founding Fathers went to great lengths to make sure the government could not do these things without a warrant. Yet here we are.
And even if they get a warrant, China and Russia won't, and their citizens will get the joy of living the 1984 dream of not just imagining, but having a boot stamping on their face...forever. All so our prosecutors can get a few more (and we mean
Re: (Score:2)
" One of the NSA's jobs is to make sure that any devices used by US government employees are "secure"."
No, it isn't. NSA is strictly comms interception and analysis with a bit of certification for DoD devices. But they are getting out of the latter fast as the COTS world is moving a lot faster than can NSA.
Re: (Score:2)
Re: (Score:2)
Yeah, SMM CPU, TPM chip, UEFI, Windows 10, line to Microsoft... doesn't sound like the security we usually think of at all
SMM is a bit odd, but something like a TMP is pretty important as it allows you to protect secret keys from a compromised OS. A TPM provides some write-only storage for keys and an API that allows you to use them for encryption / decryption / signing / verification, but doesn't allow you to extract the keys. UEFI at least allows the OS to replace the running firmware, which can reduce the attack surface by removing most of the vendor-provided functionality.
BTW, is there a open-source FPGA
Nope. There are no open source FPGAs and no vagu
Re: (Score:2)
Maybe we need something similar to a SIM card (in both form and function) that can be moved between PCs? It would function as a low level HSM allowing for encryption/decryption/signing/verification in a place physically off the main computer, and in a container that is both resistant to physical attacks, and narrows down the attacks that can be done from remote.
Re: (Score:2)
The keys are useless if you don't use them for encryption / decryption / signing / verification, so allowing that but preventing extraction is pretty much useless.
Not true. Offline attacks are almost always worse than online attacks. If I can compromise your OS and use your keys, then the damage I can do is bounded by the amount of time between the compromise and the fix and by the amount of bandwidth that you have. If I can exfiltrate your keys, then even if you fix the vulnerability and remove my exploit code 10 seconds after the compromise then I can keep using your keys until you update any other system that accepts these credentials (and once I start noticing
To properly *secure* Windows 10, one has to ... (Score:1)
Look, no matter how you hate the thing, the only way to properly secure Windows 10 is to include systemd in it
Re: (Score:2)
Hey, if it can't start it can't be hacked.
Re: (Score:2)
Zoiks! Soon even switching it off won't be enough.
Secure Windows? as in C3, maybe? (Score:3)
The old "orange book" standards defind four letter grades, just like in school. A was excellent, B was good, C was a comfortable pass and D was a bare pass. Windows struggled to make C with networking turned off.
The standards have been replaced with easier ones, and this bundle of hardware might make D...
Re: (Score:1)
Despite your insightful post, I just came here to post:
ROFLMAO
BTW, as an aside, I did setup a supposed Orange Book C test system. With Windows NT 4.0. It was largely unusable. Windows NT 4.0 reached C2 certification in Dec, 2000. Note that Win 2K had already been released as had the first betas of XP. AFAIK those were never certified.
Re: (Score:2, Insightful)
Like "President Trump". Or "First Post"
I think you got First Post. :)
Secure Windows is a contradiction in terms, like "Hurricane-Proof House of Cards".
You will never, never, never see a self-driving car with a Windows operating system doing the driving. Because Windows is crap.
If you use Microsoft garbage, you're either stuck by spec or an idiot. If you spec Microsoft garbage, you're not worth the electricity it took your monitor to display this reality of your uselessness to you.
There is no excuse for your computer to be less reliable than the
Re: (Score:2)
Seems to run Azure just fine.
Re: (Score:2)
Seems to run Azure just fine.
Running Azure is the first sign that your computer is sick. Using Azure is the first sign that the sysop is sick. And not in the "good" way hipsters currently misuse the word.
Re:Secure Windows is a phrase that doesn't feel ri (Score:4, Insightful)
This is not about security: this is about locking down the system to a vendor. It's right there in TFS:
...trusted platform modules (TPM), platform boot verification... UEFI 2.4 or later, Secure Boot, Secure MOR 2 or later, and support the Windows UEFI Firmware Capsule Update specification.
Words like "trusted", "secure" etc in computer salesdroid-speak are like "people's" and "democratic" when they get shoe-horned into a country's name - they're a warning sign, a veneer to hide a darker truth.
Re:Secure Windows is a phrase that doesn't feel ri (Score:5, Interesting)
Words like "trusted", "secure" etc in computer salesdroid-speak are like "people's" and "democratic" when they get shoe-horned into a country's name - they're a warning sign, a veneer to hide a darker truth.
Trusted, as a technical term, means exactly what you'd expect from its use as a non-technical term: it is a thing which is expected to be correct and which can compromise (at least part of) the system if not. It is not the same as trustworthy. For example, the trusted computing base is the set of all things (microcode, bootloader, firmware, kernel, privileged daemons) that must be correct for the system to be secure. A system that uses a formally verified microkernel to provide isolation has a component that is both trusted and trustworthy.
Secure in this context also means what you'd expect. A system supporting secure boot can only boot an OS (or, at least, a second-stage bootloader) that is signed by a trusted party. There's nothing stopping such a system from allowing you to provide your own public keys, and many do, but if malware corrupts your on-disk kernel image then the system will refuse to boot unless you've also installed the malware vendor's key.
There's always a tension between user freedom and security, which goes right back to Stallman complaining about users on shared systems not being given the root password: was it better to allow users of the system to fix issues even at the expense of making all of their files wide open to every other user of the system? In the MIT AI lab, it was probably fine for everyone to have the root password, but it's not fine for everyone on the Internet to have my root password.
Re: (Score:2)
Some pacemakers run Linux. I wonder if Stallman had one of these, he'd be happy to advertise the root password.
Re: (Score:2)
If it has no network and no physical access, you can divulge the root password as much as you like.
Hint : pacemakers running Linux have no network and no physical access
Re: (Score:2)
There is no excuse for your computer to be less reliable than the outlet it gets its power from.
There is: Applications.
If your staff need to run QuickBooks or Visual Studio or the quality of LibreOffice's .docx output isn't good enough for them, just telling them "sorry, Windows is crap" probably won't fly. So there are a lot of people who are interested in securing Windows as much as possible.
The big issue that no-one seems to have mentioned yet is updates. Telemetry is one thing, but for IT people the forced, random updates that can't be adequately controlled are a massive security problem and suppo
Re: (Score:2)
That's not true.They crash for a reason.
either this reason is Windows, or it isn't.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Yeah.
Windows.
Secure.
Windows.
Nope.
There are only two ways to do that:
1. Air Gap. No That doesn't work. Try vacuum gap.
2. Hammer. If It ain't broken, you didn't hit hard enough. If it's broken into small enough pieces, then it's secure.
Re:Secure Windows is a phrase that means... (Score:5, Funny)
Re: (Score:1)
In most of the world, highly secure windows mean 1/2" to 3/4" steel bars...
In "most of the world", people wouldn't know or care about anything measured in inches or even fractions of them.
Why not use 0.00746269-0.1119403 Smoot bars? That is as equally logical and no less a user friendly unit.
Re: (Score:2)
In most of the world, you'd be slapped in the head with a 1/2" steel bar until it was a pulpy mess. You're lucky to live where you are, but no one else is.
Re: (Score:2)
This could happen in Myanmar I suppose. Do they produce many steel bars? I'm sure that there is a third country that has not got rif of this hand-me-down from the dark ages. I bet they don't make many either.
The US population is perhaps under 4.5% of the planet. That means that 95.5% of us don't use that numerically illiterate system of measurement. If this offends you, this is not my intention but neither is it my problem. 1 mile, 1,760 yards, 5,280 feet, 63,360 inches. (You seem to avoid, fathoms,
Re: (Score:2)
Snowflakes are not a left or right phenomena. If you voted for Hillary because she promised you healthcare or for Trump because he promised you jobs, you are not a snowflake. You are just a victim of a two party system and, although you are unlikely to get what you want, you went with a candidate who was at least talking about it. If you personally wearing a black or white hood and carrying a bicycle lock to a street protest, you are an idiot and a criminal, but you at least have some personal courage of te
Re: (Score:2)
So what was Hillary's plan to get people suffering from loss of manufacturing/mining jobs new jobs to support themselves? Trump promised protectionism and immigration curbs. Bernie promised free education to aquire new skills. I am not saying these are realistic plans, but at least they talked about the issue. What use is Hillary's maternity leave if you don't have a job to take a maternity leave from?
Telemetry (Score:1, Insightful)
Which of these new standards turns off Telemetry? Without that, Windows 10 can never be secure. Bet everything you do on "your" computer is on a server somewhere. Maybe you are a straight arrow. Best hope the laws don't change against you some day. Believe the 3 letter agencies have their arms elbow deep in some MS pussy.
Re: (Score:3)
Which of these new standards turns off Telemetry? Without that, Windows 10 can never be secure.
You appear to not understand. They are talking about secure from the user. Is it simple to replace the OS, or is Windows secure?
Re: (Score:3)
Exactly. And forced reboots. Personally I think forced reboots is a security hole. It means I can lose my data without warning, something that used to be considered a bug in an operating system.
Re: (Score:2)
Finally, if you're using Windows for a life- or business-critical task that cannot be shut down, you're not using it appropriately. Windows isn't designed for that.
A very interesting admission. I doubt Microsoft would make it publicly.
"Windows: don't use it for business-critical tasks. It's not designed for that."
missing parts (Score:1)
These will have all telemetry and Cortana disabled or not installed at all? I'd guess it also requires a site license with yearly renewal and not available for individuals?
Re: (Score:2)
If those parts don't exist in the secure system then there's a possibility to figure out how to disable them in your personal system.
Missing... (Score:4, Insightful)
Erm... (Score:1)
Does it strip telemetry off tho?
Sure, but... (Score:3)
The chances of it coming with a version of windows that doesn't send any data back home to mama is pretty much nil.
It should be able to download security patches without sending any identifying information, tell you when it wants to do it, and be highly selective about what it does download from windows update servers.
Re:Sure, but... (Score:4, Interesting)
The PR=B$ messaging secure for you, the corporate reality, secure from you. M$ securing your PC from you, compulsory software installs even firm ware upgrades, that cannot be refused. Each and every log in to the server that controls your PC capable of altering all configurations to what ever M$ corporate demands and that includes, deleting files off your computer or even bricking you computer. M$ securing your computer from you and they mean it, fuck you, you install Windows, they own your computer and your digital life, learn to pay rent fuckers or else.
Re:Sure, but... (Score:4, Funny)
The chances of it coming with a version of windows that doesn't send any data back home to mama is pretty much nil.
It should be able to download security patches without sending any identifying information, tell you when it wants to do it, and be highly selective about what it does download from windows update servers.
But if my system isn't sending back any data, how will Microsoft know when to phone me and tell me when they've found viruses on my computer?
:/
It's so helpful when that nice foreign sounding gentleman calls me to help me get everything fixed up..... which reminds me.. I hope he rings again soon, after the last time, I don't seem to be able to log into my email or Bitcoin wallet
Re: (Score:2)
You didn't wire him enough money.
Highly Secure Windows 10 Devices (Score:1)
I'll take oxymorons for 500, Alex.
Did anyone RTFA? (Score:3, Insightful)
Every post I see so far is the generic: see Windows in the title, bash Windows in comments. I mean I'm not sure anyone even read the summary, as all the comments could be made about any article about Windows. And this article doesn't have a lot to do about Windows, its mostly about secure hardware.
Yes, yes I know most of you hate Windows, if not Microsoft as a whole, but is it necessary to remind people of this every article?
Re: (Score:3)
Yes, yes I know most of you hate Windows, if not Microsoft as a whole, but is it necessary to remind people of this every article?
I think that independent of hating/not hating MS/Windows, there is some real irony here that is worth recognizing. When MS publishes a detailed and quite serious specification about how to secure your computer, but ensures that, unless you take special steps, some of them highly technical (like blocking phone-home IP addresses at your router), they themselves have unfettered access to your computer.
Re: (Score:2)
Every post I see so far is the generic: see Windows in the title, bash Windows in comments. I mean I'm not sure anyone even read the summary, as all the comments could be made about any article about Windows. And this article doesn't have a lot to do about Windows, its mostly about secure hardware.
Yes, yes I know most of you hate Windows, if not Microsoft as a whole, but is it necessary to remind people of this every article?
Yes. The list given is to keep Windows from being hacked, the TPM chip rams it home.
I have an empty TPM socket.
For a secure windows I wait for the governments release of what to disable for secure areas, Last I've seen was for XP.
Re: (Score:2)
The list given is to keep Windows from being hacked, the TPM chip rams it home.
Hacked as in using Windows for free.
Re: (Score:2)
Since when has "secure hardware" meant anything except "make sure nobody can install anything but windows"?
Re: (Score:2)
As we all (should) know, security is only as good as the weakest link - and having a telemetry ridden Windows 10 OS on a device means the security of the hardware itself is essentially irrelevant.
Re:Did anyone RTFA? (Score:5, Interesting)
Every post I see so far is the generic: see Windows in the title, bash Windows in comments.
Fair enough.
The processor architecture requirement is to have a 64-bit processor so that Windows can take advantage of VBS, or Virtualization-based security, which uses the Windows hypervisor.
The idea of using hypervisors rather than operating systems for isolation is both sad and absolutely necessary. What should happen is the operating system should provide these services in a tractably verifiably secure manner. Since that seems to be practically impossible at the moment the hypervisor is the only game in town.
Highly secured Windows 10 devices should support Intel VT-d, AMD-Vi, or ARM64 SMMUs in order to take advantage of Input-Output Memory Management Unit (IOMMU) device virtualization
Not a chance in hell so long as Intel AMT exists. While I agree MMUs are necessary for security they are currently a massive enabler of insecurity.
Another recommended component is a Trusted Platform Module, or TPM â" a hardware module that is either integrated into a computer chipset or can be purchased as a separate module for supported motherboards that handles the secure generation of cryptographic keys, their storage, a secure random number generator, and hardware authentication.
I don't like TPM because if it breaks everything it protects is gone and I neither need nor want my systems to be secured against physical access in a way that can't stand alone. (e.g. passphrase)
In addition, Microsoft recommends platform boot verification, which is a feature that prevents the computer from loading a firmware that was not designed by the system manufacturer. This prevents attackers from uploading a malicious or compromised firmware to the computer.
I have always hated the idea of using complex cryptography guarded by keys that are bound to be compromised with global repercussions. It's a massive house of cards that seems more and more likely to fail as the profit motive for it's compromise increases.
There is a much easier way to protect operating systems from persistent threats.
1. Forbid all hardware from physically possessing any means of self-contained persistent field upgradability. All necessary firmware updates must be loaded during or after boot and they must not survive a reboot.
2. Provide an option for protected storage area the operating system boots from and is then hardware fused to read only prior to becoming available to the end user until next reboot when the process repeats.
This has the following advantages over secure boot.
1. Easier to implement.
2. Future proof, no worries about protecting crypto from unforeseeable threats.
3. Offers maximal flexibility since the OS gets to decide when to blow the fuse it can trade safety for convenience per OS preferences and whims of the end user as allowed by OS.
4. This is more secure because it does not depend on thousands of companies guarding secrets (encryption keys) that have a history of being stolen and prove difficult to practically recall. Also secure boot requires that all signed drivers that can be loaded remain secure against compromise... The attack surface is simply too big to practically address.
5. System can not be misused to deny owners of computing hardware access to load their own systems. Users always retain full control over what operating systems get loaded into the protected area.
Re: (Score:2)
I don't like TPM because if it breaks everything it protects is gone and I neither need nor want my systems to be secured against physical access in a way that can't stand alone. (e.g. passphrase)
You are doing it wrong then. The way Windows uses the TPM allows for recovery, for example.
The TPM stores the encryption key and is able to verify that the OS is unmolested before accepting a key (typically a hash) to release the encryption key. To protect against TPM loss Windows will prompt you to make a backup of the encryption key somewhere. It might be kept by the IT department, or you might print it out and lock it away.
Re: (Score:2)
Not a chance in hell so long as Intel AMT exists.
It's never going away. Disable it if you're so inclined, as it is not necessary for the other items.
I don't like TPM because if it breaks everything it protects is gone and I neither need nor want my systems to be secured against physical access in a way that can't stand alone. (e.g. passphrase)
TPM-protected disks will have a recovery key generated by default. For home users, this key is saved to a text file and is intended to be stored offline. For enterprise users, the recovery key is pushed into either Active Directory or the MBAM database.
You can add and remove key protectors with Bitlocker after enabling it, so you have a choice of: password, Smart Card, recovery keys, or a recovery certificate
Re: Did anyone RTFA? (Score:4, Insightful)
Re: (Score:1)
I don't see a helluva lot of flamebait in the summary. MS releasing security standards that are legitimate is actual news and deserves legitimate consideration.
The ridiculousness of the standard "M$=bad" bullshit responses doesn't help anyone and make things better for computing in general. Simply saying that (not saying you do, using "you" as a generalization) "you use Linux and everyone else should to" simply shows that you have no grounding in pragmatic reality.
It's not a matter of "using Linux". The crux of the matter: Microsoft has a terrible track record with Windows being hands-down the most often 0wned software in history. This doesn't just go away because they decided to release a new set of standards. Just like, if you ("you" generalized, of course) have lied to me the last twenty times we spoke, well maybe you really are telling the truth this time, but don't be surprised if your track record comes up. Same concept. It's a reasonable concept. In fac
Re: (Score:2)
Those responses do make me feel twenty years younger though. Slashdot was filled with threads like this back then.
Re: (Score:2)
MS releasing security standards that are legitimate is actual news and deserves legitimate consideration.
The ridiculousness of the standard "M$=bad" bullshit responses doesn't help anyone
It is because we are weary of Microsoft's continuous record of lies and dirty tricks. I cannot be bothered to read the detail of MS's scheme, I only know that it is 99.99% likely to be yet another way of shafting users. MS is like some long-term, well-known, neighbourhood con-man who comes knocking on the door for hundredth time, with some new scheme like buying a bridge, and pleading to be given credit because he is a "reformed man". That is the bullshit; we were not born yesterday.
"Highly", "secure", "windows" (Score:2, Interesting)
Re: (Score:2)
"Highly", "secure", "windows". I've heard those words before but never in the same sentence.
Just think "Democratic People's Republic of Korea".
Re: (Score:2)
"Highly", "secure", "windows". I've heard those words before but never in the same sentence.
I have, when discussing windows on the 80th floor that don't open -- these are highly secure windows.
How to secure any version of Windows (Score:1, Troll)
Unplug the power cable from the device.
If the system has a battery let it run out of power.
Voila! Your Windows system is now secure.
If you want something with more security while being able to actually use the computer then I would suggest installing an operating system with a Linux or BSD base.
Re: (Score:2)
Only Appropriate Response: (Score:2)
Oblig. Turnoff (Score:2)
https://turnoff.us/geek/smart-... [turnoff.us]
Standard #1 (Score:2)
If Windows is proprietary it can't be secured. (Score:5, Informative)
Only free software (software the user is free to run, inspect, share, and modify) can be assessed for security, fixed or improved, shared (even commercially), and run at any time for any reason. Without software freedom you're not being treated ethically and you deserve full control over your computers.
Nonfree software is never trustworthy, no matter how long you've run it, how much you're used to its interface, or how much you feel like you can trust it. You have no idea what nonfree software is doing when it runs, you have no permission to alter it, share it, or inspect it no matter how technical and willing you are to do these things. You might not even have permission to run it anytime you want for any reason.
So there is no way to secure Windows 10 so long as Windows 10 is nonfree software. The same applies to any other nonfree software too. No amount of public relations changes how computers and software work.
Re: (Score:1)
Only free software (software the user is free to run, inspect, share, and modify) can be assessed for security, fixed or improved, shared (even commercially), and run at any time for any reason. Without software freedom you're not being treated ethically and you deserve full control over your computers.
I mostly agree, but I take issue with a few specific details here, and I find those details important.
To assess security, the user does not need to be able to run, inspect, share, and modify, at least not in the free software foundation sense.
Someone can give me a commercial service with a client application I can inspect and run, but not distribute modifications of, or use modified versions of it. Such an application can have its security assessed accurately. An example of such a service is Tarsnap.
Freedom
Re: (Score:2)
I understand what you're saying, but I only partly agree. I realise the term 'secure' means 'secure from hackers, the government and the system vendor' to most of us, and Microsoft is doing some redefinition here because they're really only saying it's secure from the user and common-or-garden hackers.
However, if you are the US government, then Microsoft does quite a nice job for you here - it's not going to work for classified material particularly, but for the thousands of minions that work in government,
Yes you can secure windows (Score:2)
Step 2: Reboot
Step 3: ????
Step 4: 100% Secured Windows!
Re:If Windows is proprietary it can't be secured. (Score:4, Insightful)
Only free software (software the user is free to run, inspect, share, and modify) can be assessed for security, fixed or improved, shared (even commercially), and run at any time for any reason. Without software freedom you're not being treated ethically and you deserve full control over your computers.
Nonfree software is never trustworthy, no matter how long you've run it, how much you're used to its interface, or how much you feel like you can trust it. You have no idea what nonfree software is doing when it runs, you have no permission to alter it, share it, or inspect it no matter how technical and willing you are to do these things. You might not even have permission to run it anytime you want for any reason.
So there is no way to secure Windows 10 so long as Windows 10 is nonfree software. The same applies to any other nonfree software too. No amount of public relations changes how computers and software work.
There are so many counter examples to this claim, but why bother. A cult is a cult. All Hail the True Scotsman.
Re: (Score:2)
Nonfree software is never trustworthy
Ooooh so close. You made it through the entire paragraph before collapsing with your logical fallacy right in the following sentence.
You don't seem to understand the word "trust". You don't "trust" free (by that I assume you mean open source) software. By its nature if you trusted it you won't be wanting to see the source.
Ultimately what you're saying is that nothing is for you trust worthy, especially not the free software you are so happy to be able to audit.
LOL MS (Score:2)
How does any of that help you if you are running easily exploited bad code from MS?
Protecting devices from their "owners" (Score:2)
The idea of security standards when Windows is loaded to the hilt with malware is hilarious. Like leaving the vault door open 24x7x365 and bragging about the security features of your high tech safe.
Except of course... (Score:2)
Anything that could interfere with telemetry...
The "security" they mean (Score:2)
I somehow doubt that they mean that the system can keep your data secure. It seems more that their definition means that whatever content you might sell to the "owner" (I'll use the term loosely here) of the device is safe from him actually owning it.
Security is easy (Score:2)
An internet connection should be an automatic fail in any security audit.
TPM (Score:2)
I do not want a "trusted platform mobile" in anything that puports to be secure. It is widely known as a back door for US spooks. This immediately makes the whole system hyper insecure.
Best way of securing a Windows 10 device (Score:1)
Contradiction in terms (Score:2)
They Shouldnâ(TM)t Bother (Score:1)
I am not confident that Microsoft is capable of creating secure software. I am not even sure they could release a secure, bug-free version of âoeHello, world!â
Re: (Score:2)
I was going to suggest removing the plug, but this would be more useful.
Re: (Score:2)
Yep. Linux.
BusyBox/Linux (Score:5, Informative)
GNU tools are required to have a usable system
How so? These reddit users find BusyBox/Linux usable [reddit.com]. It's what you get when you replace glibc with uClibc, Newlib, or Bionic, and then drop Bash and Coreutils (GPL) in favor of BusyBox (also GPL, but not part of GNU).
the need for the GNU Compiler Collection to compile the kernel
Clang has been compiling Linux for seven years [archive.org].
CI compiles again and again (Score:2)
I didn't say Clang compiled Linux only once in those seven years. Continuous integration tools such as Tinderbox and Buildbot start compilation over once the last job finishes or when changes are submitted, whichever comes later.
Re: (Score:2)
Re: (Score:1)
Nor Hillary. Let's be bipartisan: Hillary would put it on her personal closet server and T would give it to Putin. Putin would then announce he already got a copy from H's server and hand it back to T.
Re: (Score:2)
Re: (Score:1)
She never got the proper training for some reason. State Dept. messed up.
Re: (Score:1)
If she is allowed to refuse it, the system is screwed up. Focus on fixing the system rather than just punishing one individual.
Re:Sponsored by NSA (Score:5, Interesting)
Which raises the question "Secure for Whom?".
If you want a secure system, look at OpenVMS.
Re: (Score:1)
Secure from user, who might try to prevent telemetry and other spyware from working. And secure from competing spyware vendors, as MS wants to ensure monopoly for selling and monetizing the user's data.