Page 9 of 10 FirstFirst ... 78910 LastLast
Results 81 to 90 of 94

Thread: The State Of Linux Distributions Handling SecureBoot

  1. #81
    Join Date
    Mar 2011
    Posts
    344

    Default

    Quote Originally Posted by dashcloud View Post
    Microsoft's latest OSes are pretty damn good- look here:
    http://thenextweb.com/microsoft/2012...bilities-list/

    In the top 10 vulnerabilities, there is not a single MS product to be found- it's dominated by Java & Flash (which are cross-platform).

    (If you'd like to see the source article, it's here (at the bottom): http://www.securelist.com/en/analysi...lution_Q3_2012

    The Microsoft of today is not the Microsoft that put out Windows XP, and sometimes, the attackers are just so far ahead of you, there's nothing you can do (see Flame & Duqu).
    I know they're trying. I know M$ is making inroads into security. Linux have their own repos which is a boon to thwart a rouge application and Windows8 is trying hard for it's version (well more like an Apple walled garden). To be honest I feel
    is necessary instead of ooops I installed what? Java and Flash are both dangerous no doubt.

    With that said I don't trust them anymore. To each their own however.
    Last edited by nightmarex; 12-29-2012 at 01:46 AM.

  2. #82
    Join Date
    May 2010
    Posts
    21

    Default but MBR Boot viruses aren't 'new'

    I remember the Stoned MBR boot virus, but it was easy to fix, as is many of them *if* you have a bootable CD/DVD, you can just clobber the MBR accordingly (tough, if the virus installed DLLs/DSOs, kernel modules whatever then you need to do a audit of system which isn't too difficult with deb or RPM based packages (checksums), worse if those got compromised somehow, while on a recovery DVD, you could just clobber the essential DSOs (libraries), kernel modules etc (with compatible older package versions)

    So my question is, since we've had bootsector viruses for YEARS, even old BIOS uses to have MBR bootsector virus detection (limited).

    Why the fuss for SecureBoot all of a sudden? It's not like any of this is new, be it MBR or kernel level rootkits.

  3. #83
    Join Date
    Dec 2012
    Posts
    459

    Default

    Quote Originally Posted by spstarr View Post
    I remember the Stoned MBR boot virus, but it was easy to fix, as is many of them *if* you have a bootable CD/DVD, you can just clobber the MBR accordingly (tough, if the virus installed DLLs/DSOs, kernel modules whatever then you need to do a audit of system which isn't too difficult with deb or RPM based packages (checksums), worse if those got compromised somehow, while on a recovery DVD, you could just clobber the essential DSOs (libraries), kernel modules etc (with compatible older package versions)

    So my question is, since we've had bootsector viruses for YEARS, even old BIOS uses to have MBR bootsector virus detection (limited).

    Why the fuss for SecureBoot all of a sudden? It's not like any of this is new, be it MBR or kernel level rootkits.
    I think that the original intention is in good faith. I think that this is a first small step into a future where everything, from start to shutdown, is verified by digital signatures.

    This is to prevent rootkits and other malicious programs from being ran.

    I just don't think this a good approach against this virus problem. You are more effective by focusing on application security before it even reaches the user. Let applications run in different containers, make sure there is no cross contagion between different pieces of software. Let the end-user decide whether this is allowed or not. People need to more self conscious about this. You can throw a lot of technlogy at a certain problem, but in the end it's the user who makes the (fatal) mistakes.

  4. #84
    Join Date
    Nov 2008
    Posts
    149

    Default

    Quote Originally Posted by mjg59 View Post
    Again, please describe a solution that Microsoft could have used to prevent bootloader malware without also preventing booting of unsigned Linux. They worried about their OS. They came up with a solution that works for their OS. If you don't like their solution, describe a better one.
    Microsoft fixed their problem by restricting others freedom.

    It is like I (microsoft) am the richest and nasties guy in town and because of that kids don't like me and throw rocks on my windows. So what I do? I make the mayor (OEMs), which I hold by the balls, put barriers and guards on the public road so nobody can walk around without my permission.

  5. #85
    Join Date
    Dec 2012
    Posts
    459

    Default

    Quote Originally Posted by zoomblab View Post
    MicroSuck fixed their problem by restricting others freedom.

    It is like I (MicroSuck) am the richest and nasties guy in town and because of that kids don't like me and throw rocks on my windows. So what I do? I make the mayor (OEMs), which I hold by the balls, put barriers and guards on the public road so nobody can walk around without my permission.
    Then please explain Microsoft distributing signed bootloader binaries.

    To put it in analogy with your story: You can throw rocks at my window as long as I inspected and signed them...

  6. #86
    Join Date
    Nov 2007
    Posts
    1,353

    Default

    Quote Originally Posted by Rexilion View Post
    Then please explain Microsoft distributing signed bootloader binaries.

    To put it in analogy with your story: You can throw rocks at my window as long as I inspected and signed them...
    That is sooooo much crap. What if you need to boot a small linux distro thats sole purpose is to circomvent windows user passwords? I do it on a regular basis as a repair tech. Is secureboot going to allow that perfectly valid usage? I doubt it.

  7. #87
    Join Date
    Apr 2011
    Posts
    114

    Default

    Quote Originally Posted by duby229 View Post
    That is sooooo much crap. What if you need to boot a small linux distro thats sole purpose is to circomvent windows user passwords? I do it on a regular basis as a repair tech. Is secureboot going to allow that perfectly valid usage? I doubt it.
    It already does.

  8. #88
    Join Date
    Oct 2008
    Posts
    3,175

    Default Wow

    I read half this thread, and now feel dumber for doing so.

    It's incredible how completely stupid some people are, how they are so sure of themselves when they are talking complete crap that is factually wrong.

  9. #89
    Join Date
    Dec 2012
    Posts
    459

    Default

    Quote Originally Posted by smitty3268 View Post
    I read half this thread, and now feel dumber for doing so.

    It's incredible how completely stupid some people are, how they are so sure of themselves when they are talking complete crap that is factually wrong.
    Care to elaborate your insult? This is a forum, people state opinions. Those cannot be wrong. What facts are incorrect?

  10. #90
    Join Date
    Oct 2008
    Posts
    3,175

    Default

    Quote Originally Posted by Rexilion View Post
    Care to elaborate your insult? This is a forum, people state opinions. Those cannot be wrong. What facts are incorrect?
    I really don't think that would be worthwhile. It wouldn't be anything that hasn't already been said 100 times.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •