SoylentNews is people
SoylentNews
Martin Brinkmann over at ghacks.net brings us info on Windows 10 security changes:
The company started to open up only recently and reveal additional information about Windows 10. It published a lengthy blog post today on the Windows For Your Business blog that details security improvements coming to the operating system.
Aimed at business and enterprise customers, it provides insight for consumers as well.
One of the changes discussed in the blog post is how Microsoft plans to change how users identify themselves on the system. Microsoft plans to eliminate single-factor authentication systems such as user/password log ins by building improved protection right into the operating system.
Yeah, I know we're way off normal in Linux usership around here but we still have relatives whose computers we have to fix, so...
(Score: 3, Insightful) by PizzaRollPlinkett on Thursday October 23 2014, @12:47PM
My alarm bells rang at "the computer or device itself is being used as a factor in the authentication process" since this suggests commodity hardware won't work with Windows 10 - you know, like what you'd buy at Newegg and build your own system with. The "journey to eliminate the use of single factor identity options like passwords" sounds like the destination is locked-down, Surface-like hardware under Microsoft's control.
Then I saw "enroll" and my first question was - enroll where? Even going from the blogspam link here to the actual article doesn't really give you a clue.
Windows 8 makes it almost impossible to create a local user account. You can do it if you jump through a lot of hoops. I noticed 8.1 made the process even harder when I upgraded my machine. But MS wants you to register with their online servers and leads you along that path.
Now MS wants you to "enroll" your biometric data - where? With their servers? They want my fingerprints?
All of this is vague, but doesn't sound good. I wish there were more details. All of this sounds like MS is using the excuse of "cyber" in the headlines to lock down Windows so you can't build your own computers. I hope I'm wrong.
(E-mail me if you want a pizza roll!)
(Score: 2) by PizzaRollPlinkett on Thursday October 23 2014, @12:53PM
And it just gets better - "apps that are signed using a Microsoft provided signing service" - have we already forgotten that the whole Stuxnet thing propagated by using an official MS signed binary? The trust-until-revoked model of signing things has never worked, because valid keys you sign against can't be controlled. So this is really MS trying to end general-purpose computing, by requiring their approval and signing process for apps? "Access to the signing service will be controlled using a vetting process similar to how we control" our OEM device driver signing process, which gave the world Stuxnet. "Organizations will have the flexibility to choose what apps are trustworthy" just like Iran and their contractors chose to block malware - wait, did George Orwell write this? Right now, this lockdown stuff seems aimed at businesses, but is already in the Microsoft app store. How long before MS pulls the plug on general-purpose computing?
(E-mail me if you want a pizza roll!)
(Score: 3, Insightful) by WizardFusion on Thursday October 23 2014, @12:56PM
Then it will be the year of the Linux Desktop (again?)
(Score: 2) by Nerdfest on Thursday October 23 2014, @02:30PM
iOS has proven that people are completely open to it.
(Score: 2) by tangomargarine on Thursday October 23 2014, @03:05PM
Well if Windows and Mac both make it impossible to run YOUR OWN FUCKING CODE without getting the Holy Microsoft Turkey-Slap of Quality, we'll have to go *somewhere.*
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 0) by Anonymous Coward on Thursday October 23 2014, @08:11PM
Settle down...
iOS and Mac both allow you to run your OWN code and give you the full featured compiler for free.
What they don't want you to do is run someone else's BINARY. But on Mac, just right-click on the actual file, choose open, and then open again and it runs just fine.
Behavior roughly analogous to UAC on Windows.
full_disclosure:
My primary workstation is a Mac containing (at the moment) Debian, CentOS, RedHat, Windows 7, and the Windows 10 preview in VMs
(Score: 0) by Anonymous Coward on Thursday October 23 2014, @07:03PM
It will never be the year of the Linux Desktop until its easily usable by everyone, especially those without advanced programming and debugging skills. From what I can tell, the mass-implementation SystemD is trying to take things in that direction, but like with Gnome's attempts to optimize for non-power-users, its causing a lot of people to throw fits because they don't like what's being done with their toys or something.
You Linux guys have a choice - optimize for non-power-users or forever have a small userbase.
(Score: 1) by number6 on Thursday October 23 2014, @07:55PM
There are numerous Linux distros in existence which are 'easy' and optimized for 'non-power' users, Ubuntu is the classic example.
However, IMHO, I think the REAL reason Linux will possibly never have its day in the sun is because the key people who drive Linux development as a whole do not care enough about a particular cross-section of user-types who I would describe as 'serious power users and professionals who are not necessarily programmers'. For more info, read this post from a few days ago [soylentnews.org].
So.....it seems like 'Linux on the Desktop' will never really happen, regardless of the SystemD debate and the PulseAudio debate and all the other debates, because those debates do not address core limitations of the Linux kernel to satisfy the serious user-types I mentioned. These types of users, as a whole, exert strong influence on large swaths of computer culture and --figuratively speaking-- Linux just takes a big yawn at them. THAT IS A SHOWSTOPPER I'M AFRAID!
(Score: 2) by Nerdfest on Thursday October 23 2014, @07:19PM
I don't think a lot of people clued in that this sort of control was what the new interface was about. They made it difficult to install your own application, forcing most people to go through their store ... where they get a cut of all sales, and the ability to suppress competition. I was surprised when they backed down from the new interface in Windows 10, but of course, this helps explain why. They want that money and control. They're drooling over the sort of profits Apple is making.
(Score: 2) by Nerdfest on Thursday October 23 2014, @07:23PM
I should add this this is why the SteamBox was pushed out. Steam wants no part of giving Microsoft a percentage or any control over content.
(Score: 2) by frojack on Thursday October 23 2014, @07:27PM
Wrong.
You can sign your binaries with a microsoft service without going anywhere near their store, and you have been able to do that for well over 10 years.
No, you are mistaken. I've always had this sig.
(Score: 3, Interesting) by damnbunni on Thursday October 23 2014, @01:06PM
Steam is already capable of using the 'computer or device itself' as authentication, on hardware that supports it - it uses Intel's IPT.
Presumably Windows could use the same module.
Granted, it only works with an Intel CPU, but it's not like it needs some sort of extra-special hardware.
(Score: 2, Informative) by Jtmach on Thursday October 23 2014, @01:44PM
Almost impossible might be a bit of an overstatement.
I just did it on the Windows 10 preview.
Click start button
Type users
Select manage user accounts
Click my profile
Click disconnect
Provide a new user name and password and your done
Could it be easier? Sure, but it's not that bad (though I don't recall seeing an option in the installer to set it up as an offline account, and I wish they would allow that).
(Score: 2) by q.kontinuum on Thursday October 23 2014, @02:09PM
I configured my wifes laptop just a couple of days ago. Below the entry-field for the live account, there is a link "Create local account" (or similar). You click it, define username and password, and thats it.
Registered IRC nick on chat.soylentnews.org: qkontinuum
(Score: 2) by frojack on Thursday October 23 2014, @07:25PM
My alarm bells rang at "the computer or device itself is being used as a factor in the authentication process" since this suggests commodity hardware won't work with Windows 10
No it suggests no such thing. You've TOTALLY misread that.
This only applies in large corporate networks, not your home computer.
(Unless you log into OneDrive. Avoid OneDrive and Use SpiderOak, and this won't affect you at all).
In a corporate network your mac address, and your bluetooth mac address, and perhaps some other hardware identifiers, will be compared at login. If you log in from a computer you've never used before, you will see some extra questions asked, or you may be blocked entirely depending on your company's policy.
That's ALL it means.
And you better learn to embrace this because its not JUST windows [arstechnica.com] that is going to this level of security. Its long overdue. At my day job, we are already adding Fido Security [fidoalliance.org] capabilities to our applications.
I suspect you've bitched for years about lax Microsoft security. Come on, fess up!
Now that they are at least trying, you FUD them for trying.
No, you are mistaken. I've always had this sig.