Martin Brinkmann over at ghacks.net brings us info on Windows 10 security changes:
The company started to open up only recently and reveal additional information about Windows 10. It published a lengthy blog post today on the Windows For Your Business blog that details security improvements coming to the operating system.
Aimed at business and enterprise customers, it provides insight for consumers as well.
One of the changes discussed in the blog post is how Microsoft plans to change how users identify themselves on the system. Microsoft plans to eliminate single-factor authentication systems such as user/password log ins by building improved protection right into the operating system.
Yeah, I know we're way off normal in Linux usership around here but we still have relatives whose computers we have to fix, so...
(Score: 1) by deimios on Thursday October 23 2014, @12:44PM
"This enables organizations to only allow trusted apps to run on a device. Trusted in this regard means signed using a Microsoft provided signing service. Apps in this context includes desktop (Win32) applications as well."
Didn't windows 2000 have this capability already?
(Score: 0) by Anonymous Coward on Thursday October 23 2014, @02:33PM
No. It didn't. Signed drivers came later in Vista. Which is still not signed apps.
(Score: 3, Interesting) by Thexalon on Thursday October 23 2014, @03:11PM
I'm sick and tired of them spreading the myth that proper security is based on the concept of trust. Quite the opposite - it's based on the concept of distrust!
For example, if somebody contacts me and tells me they need access to a system that I control, I'm not just going to take their word on the fact that (a) they are who they say they are, and (b) they legitimately have a right to the access they are requesting. Instead, I'm going to ask them some questions that help verify who they are, I may ask that they talk to me in person, and I'm going to check with a colleague who knows such things to determine whether they in fact should have access to the system. That's precisely because I don't trust them.
Similarly, if I'm running a new application, I don't want it to have any ability to overwrite system files (and indeed, I might sandbox it to think that nothing important even exists). Even for applications I've had around for a while, I'm going to get suspicious if it tries to do something it's never done before that affects something it's never touched before.
Microsoft's real goal is to collect a nice fee for their signing services for all applications that run on Windows machines. In fact, I wouldn't be surprised if they were dreaming up ways of requiring their signing certificate to be a per-copy license rather than a one-time fee. And have them have to pay again each time they issue a new release. This would put them in a position of controlling every other businesses' ability to sell to Windows users, which means they could effectively blackmail any desktop application company they wanted to into paying them a nice chunk of change. And open-source offerings like Cygwin? Fuggedaboudit!
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by emg on Thursday October 23 2014, @03:31PM
Bingo. The last company I trust to tell me what software I should run on my computer is... Microsoft.
OK, maybe second last after Google... it's kind of a toss-up between them.
(Score: 0) by Anonymous Coward on Thursday October 23 2014, @05:29PM
The issue is that if you only allow trusted code, then you will not get haxed as easily because some moron clicked on some email "screensaver".
It means, computers should not trust their users on what to do. Security problems tend to be concentrated between the computer and the chair anyway.
(Score: 2) by monster on Friday October 24 2014, @07:04AM
If the "screensaver" used a Microsoft provided signing service, it doesn't protect at all.
App signing has been around since XP at least and all it means is that it is slightly more difficult to get some malware to run on a system (unsigned would mean a warning, but signing certificates are easy to get if you fork the money), but it also means many false positives (a lot of software isn't signed, specially old programs) and a money grab to the developers, who now have to buy that signing service to not get said warnings.
What Microsoft should do instead is a category-based permission system, like smartphones. So this "screensaver" app requires: Install device drivers, access to system files, read private folders and access to the net? Let the user choose if that is reasonable for a screensaver, or even if she wants to deny some of them. Legacy software would require custom manifest files, but that's not all that different from the current situation with compatibility modes, so it would be doable.
(Score: 2) by urza9814 on Monday October 27 2014, @04:39PM
I can't tell you how much software I've installed that has included an instruction along the lines of 'If you get a security exception saying this program is not signed, tell it to install anyway'
So now they'll just include instructions saying how to disable the whitelist feature, and users will blindly follow along whether they're installing Free Puppy Screesaver 2000 or an Oracle database...
Not that I'm not a bit concerned -- at work we're using Windows XP laptops, and I don't have admin rights to mine (apparently *some people* have admin rights, there doesn't appear to be any logic in place on that.) It's also fairly common for us to pass around software like WinSCP or Notepad++ or portable browsers. Right now that works fine even without admin rights, because these programs don't need to be installed into the system itself. But if they change to only allow running signed apps?
Maybe it'll be a big enough problem that they'll give me a Linux system. I mean I'm doing all my work on *nix servers anyway...well, that's a nice dream at least...
(Score: 2) by frojack on Thursday October 23 2014, @07:10PM
For example, if somebody contacts me and tells me they need access to a system that I control, I'm not just going to take their word on the fact ... Instead, I'm going to ask them some questions that help verify who they are, I may ask that they talk to me in person, and I'm going to check with a colleague who knows such things to determine whether they in fact should have access to the system. That's precisely because I don't trust them.
Really?
You's give them that much time? Are you crazy?
Just. Hang. Up.
No, you are mistaken. I've always had this sig.
(Score: 2) by Thexalon on Tuesday October 28 2014, @04:11PM
Well, just in case they work for my organization, I want to know who's files to delete, like any good BOFH.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 3, Insightful) by PizzaRollPlinkett on Thursday October 23 2014, @12:47PM
My alarm bells rang at "the computer or device itself is being used as a factor in the authentication process" since this suggests commodity hardware won't work with Windows 10 - you know, like what you'd buy at Newegg and build your own system with. The "journey to eliminate the use of single factor identity options like passwords" sounds like the destination is locked-down, Surface-like hardware under Microsoft's control.
Then I saw "enroll" and my first question was - enroll where? Even going from the blogspam link here to the actual article doesn't really give you a clue.
Windows 8 makes it almost impossible to create a local user account. You can do it if you jump through a lot of hoops. I noticed 8.1 made the process even harder when I upgraded my machine. But MS wants you to register with their online servers and leads you along that path.
Now MS wants you to "enroll" your biometric data - where? With their servers? They want my fingerprints?
All of this is vague, but doesn't sound good. I wish there were more details. All of this sounds like MS is using the excuse of "cyber" in the headlines to lock down Windows so you can't build your own computers. I hope I'm wrong.
(E-mail me if you want a pizza roll!)
(Score: 2) by PizzaRollPlinkett on Thursday October 23 2014, @12:53PM
And it just gets better - "apps that are signed using a Microsoft provided signing service" - have we already forgotten that the whole Stuxnet thing propagated by using an official MS signed binary? The trust-until-revoked model of signing things has never worked, because valid keys you sign against can't be controlled. So this is really MS trying to end general-purpose computing, by requiring their approval and signing process for apps? "Access to the signing service will be controlled using a vetting process similar to how we control" our OEM device driver signing process, which gave the world Stuxnet. "Organizations will have the flexibility to choose what apps are trustworthy" just like Iran and their contractors chose to block malware - wait, did George Orwell write this? Right now, this lockdown stuff seems aimed at businesses, but is already in the Microsoft app store. How long before MS pulls the plug on general-purpose computing?
(E-mail me if you want a pizza roll!)
(Score: 3, Insightful) by WizardFusion on Thursday October 23 2014, @12:56PM
Then it will be the year of the Linux Desktop (again?)
(Score: 2) by Nerdfest on Thursday October 23 2014, @02:30PM
iOS has proven that people are completely open to it.
(Score: 2) by tangomargarine on Thursday October 23 2014, @03:05PM
Well if Windows and Mac both make it impossible to run YOUR OWN FUCKING CODE without getting the Holy Microsoft Turkey-Slap of Quality, we'll have to go *somewhere.*
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 0) by Anonymous Coward on Thursday October 23 2014, @08:11PM
Settle down...
iOS and Mac both allow you to run your OWN code and give you the full featured compiler for free.
What they don't want you to do is run someone else's BINARY. But on Mac, just right-click on the actual file, choose open, and then open again and it runs just fine.
Behavior roughly analogous to UAC on Windows.
full_disclosure:
My primary workstation is a Mac containing (at the moment) Debian, CentOS, RedHat, Windows 7, and the Windows 10 preview in VMs
(Score: 0) by Anonymous Coward on Thursday October 23 2014, @07:03PM
It will never be the year of the Linux Desktop until its easily usable by everyone, especially those without advanced programming and debugging skills. From what I can tell, the mass-implementation SystemD is trying to take things in that direction, but like with Gnome's attempts to optimize for non-power-users, its causing a lot of people to throw fits because they don't like what's being done with their toys or something.
You Linux guys have a choice - optimize for non-power-users or forever have a small userbase.
(Score: 1) by number6 on Thursday October 23 2014, @07:55PM
There are numerous Linux distros in existence which are 'easy' and optimized for 'non-power' users, Ubuntu is the classic example.
However, IMHO, I think the REAL reason Linux will possibly never have its day in the sun is because the key people who drive Linux development as a whole do not care enough about a particular cross-section of user-types who I would describe as 'serious power users and professionals who are not necessarily programmers'. For more info, read this post from a few days ago [soylentnews.org].
So.....it seems like 'Linux on the Desktop' will never really happen, regardless of the SystemD debate and the PulseAudio debate and all the other debates, because those debates do not address core limitations of the Linux kernel to satisfy the serious user-types I mentioned. These types of users, as a whole, exert strong influence on large swaths of computer culture and --figuratively speaking-- Linux just takes a big yawn at them. THAT IS A SHOWSTOPPER I'M AFRAID!
(Score: 2) by Nerdfest on Thursday October 23 2014, @07:19PM
I don't think a lot of people clued in that this sort of control was what the new interface was about. They made it difficult to install your own application, forcing most people to go through their store ... where they get a cut of all sales, and the ability to suppress competition. I was surprised when they backed down from the new interface in Windows 10, but of course, this helps explain why. They want that money and control. They're drooling over the sort of profits Apple is making.
(Score: 2) by Nerdfest on Thursday October 23 2014, @07:23PM
I should add this this is why the SteamBox was pushed out. Steam wants no part of giving Microsoft a percentage or any control over content.
(Score: 2) by frojack on Thursday October 23 2014, @07:27PM
Wrong.
You can sign your binaries with a microsoft service without going anywhere near their store, and you have been able to do that for well over 10 years.
No, you are mistaken. I've always had this sig.
(Score: 3, Interesting) by damnbunni on Thursday October 23 2014, @01:06PM
Steam is already capable of using the 'computer or device itself' as authentication, on hardware that supports it - it uses Intel's IPT.
Presumably Windows could use the same module.
Granted, it only works with an Intel CPU, but it's not like it needs some sort of extra-special hardware.
(Score: 2, Informative) by Jtmach on Thursday October 23 2014, @01:44PM
Almost impossible might be a bit of an overstatement.
I just did it on the Windows 10 preview.
Click start button
Type users
Select manage user accounts
Click my profile
Click disconnect
Provide a new user name and password and your done
Could it be easier? Sure, but it's not that bad (though I don't recall seeing an option in the installer to set it up as an offline account, and I wish they would allow that).
(Score: 2) by q.kontinuum on Thursday October 23 2014, @02:09PM
I configured my wifes laptop just a couple of days ago. Below the entry-field for the live account, there is a link "Create local account" (or similar). You click it, define username and password, and thats it.
Registered IRC nick on chat.soylentnews.org: qkontinuum
(Score: 2) by frojack on Thursday October 23 2014, @07:25PM
My alarm bells rang at "the computer or device itself is being used as a factor in the authentication process" since this suggests commodity hardware won't work with Windows 10
No it suggests no such thing. You've TOTALLY misread that.
This only applies in large corporate networks, not your home computer.
(Unless you log into OneDrive. Avoid OneDrive and Use SpiderOak, and this won't affect you at all).
In a corporate network your mac address, and your bluetooth mac address, and perhaps some other hardware identifiers, will be compared at login. If you log in from a computer you've never used before, you will see some extra questions asked, or you may be blocked entirely depending on your company's policy.
That's ALL it means.
And you better learn to embrace this because its not JUST windows [arstechnica.com] that is going to this level of security. Its long overdue. At my day job, we are already adding Fido Security [fidoalliance.org] capabilities to our applications.
I suspect you've bitched for years about lax Microsoft security. Come on, fess up!
Now that they are at least trying, you FUD them for trying.
No, you are mistaken. I've always had this sig.
(Score: 2) by marcello_dl on Thursday October 23 2014, @01:44PM
Windows 10 security improvements are both hindrances.
(Score: 3, Funny) by aristarchus on Thursday October 23 2014, @06:26PM
Yeah, I know we're way off normal in Linux usership around here
I'm sure Happyfeet will be hairy!
(Score: 1) by Entropy on Thursday October 23 2014, @11:02PM
...Is re-label windows 7 "windows 10", then sell it. Guaranteed market hit.