Announcement

Collapse
No announcement yet.

The State Of Linux Distributions Handling SecureBoot

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Sonadow
    replied
    Originally posted by duby229 View Post
    But now you're stretching. Secureboot will not do that for you. It looks for a signature and if it finds it, it boots. It doesnt look for hashes or modifications or viruses or anything else.. All that needs done is to make sure the signature exists. It may not have been done yet, But I'm absolutely positive it will. Everything MS does gets hacked.. You think this will be any different?

    I'll bet that in 2 years from now there will be more boot viruses than ever before -simply- because secureboot provided the temptation.
    Anything that modifies the bootloader or the boot process will cause a change in the pre-boot signature.

    Leave a comment:


  • Sonadow
    replied
    Originally posted by duby229 View Post
    I'm tired of trying new ways to say the same thing.... So I'll just say it the exact same way....

    THATS NOT OUR PROBLEM!!!

    IF MS is worried about their OS, then let them worry about thier OS. Leave ours alone please.
    You're damn right Linux is not their problem.

    That's why they are under no obligation to make sure Secure Boot plays nice with Linux. They're just looking out for Windows. Which is PRECISELY what they are doing with Secure Boot.

    Just like you don't care about Microsoft and Windows, Microsoft does not need to care about Linux users having issues with Secure Boot. Except that they ARE by offering signing services. Garett managed to get his shim signed by Microsoft, and that shim is now freely distributed to everybody and it forms the basis for the bootloaders used by Ubuntu, Fedora and SuSe (no word on OpenSUSE yet).

    But then again, most idiots in the Linux world can't even see beyond the year 2002. Thank god I jumped from Fedora 17 to Windows 8 as soon as it came out. Pure hardware bliss without the stinking political 'free shit' baggage.
    Last edited by Sonadow; 12-28-2012, 09:37 PM.

    Leave a comment:


  • duby229
    replied
    But now you're stretching. Secureboot will not do that for you. It looks for a signature and if it finds it, it boots. It doesnt look for hashes or modifications or viruses or anything else.. All that needs done is to make sure the signature exists. It may not have been done yet, But I'm absolutely positive it will. Everything MS does gets hacked.. You think this will be any different?

    I'll bet that in 2 years from now there will be more boot viruses than ever before -simply- because secureboot provided the temptation.
    Last edited by duby229; 12-28-2012, 09:16 PM.

    Leave a comment:


  • dashcloud
    replied
    Originally posted by duby229 View Post
    If the boot loader gets overwritten in linux it's just a matter of firing up grub. Dual boot works just fine as is thank you. It certainly isnt linux's fault that windows doesnt have a boot loader comparable to grub.
    But you haven't answered the important question: what if the bootloader gets changed, and you don't know because things work exactly the same, except for a small change?
    Wouldn't you like to know your system isn't your system anymore, but someone else's?

    Leave a comment:


  • duby229
    replied
    Originally posted by dashcloud View Post
    So, how do you stop a rootkit that installs a tiny Linux system, enough to boot, change stuff outside of Window's view, and ensures it always is loaded, and undetectable (because if you control the bootchain, your part of the disk could always be before the start of the disk, or after the end).

    One option is to not allow anything else to be installed, and never let your OS be in a position to have the bootloader changed.

    If you do want to allow system-level changes, or something like dual-boots, or even other OSes, you need a way to make sure only "good" operating systems and programs can make those changes.

    Another way to look at it is, how can you make sure the user is in control of the dual-booting, if it's possible for the user to not even be aware they are dual-booting/something has changed?
    If the boot loader gets overwritten in linux it's just a matter of firing up grub. Dual boot works just fine as is thank you. It certainly isnt linux's fault that windows doesnt have a boot loader comparable to grub.
    Last edited by duby229; 12-28-2012, 08:59 PM.

    Leave a comment:


  • duby229
    replied
    Originally posted by dashcloud View Post
    Microsoft's latest OSes are pretty damn good- look here:
    http://thenextweb.com/microsoft/2012...bilities-list/

    In the top 10 vulnerabilities, there is not a single MS product to be found- it's dominated by Java & Flash (which are cross-platform).

    (If you'd like to see the source article, it's here (at the bottom): http://www.securelist.com/en/analysi...lution_Q3_2012

    The Microsoft of today is not the Microsoft that put out Windows XP, and sometimes, the attackers are just so far ahead of you, there's nothing you can do (see Flame & Duqu).
    Thats what people said about XP.... "This isnt gonna be like ME"... Thats what people said about Vista. Its what people said about 7. They are ALL the same. Windows 8 -WILL- get just as badly infected as the rest of them did.

    Leave a comment:


  • dashcloud
    replied
    Originally posted by nightmarex View Post
    I'm going to play devils advocate for a second.

    Microscam software is too full of holes to protect itself from bootloaders. I understand that this is their solution and it's a great one (as long as it can be turned off via bios or jumper).

    On another note I think anyone who uses Windows is basically asking for problems like this. It has a large user base so is targeted more often. I would say the average user is less than computer savvy.
    It's far too easy to run something bad or have it hid in something that looks like a mp3. Too easy to compromise with out of the box configurations or too expensive to pay the virus scanner or spyware fees.
    Oh and hunt for your driver's scam sites come up first in google! Yup some system they got, they need to do this, it's their only hope!

    Side note Linux users have to be careful, i use su instead of sudo because you never know who will try to do what on your computer when your back is turned!
    Microsoft's latest OSes are pretty damn good- look here:
    http://thenextweb.com/microsoft/2012...bilities-list/

    In the top 10 vulnerabilities, there is not a single MS product to be found- it's dominated by Java & Flash (which are cross-platform).

    (If you'd like to see the source article, it's here (at the bottom): http://www.securelist.com/en/analysi...lution_Q3_2012

    The Microsoft of today is not the Microsoft that put out Windows XP, and sometimes, the attackers are just so far ahead of you, there's nothing you can do (see Flame & Duqu).

    Leave a comment:


  • fritzls
    replied
    Lot of HP, Lenovo, and other manufactures boards doesn't load linux disabling or not, doesn't matter if signed or not.
    This just doesn't work. There is something more than Security boot.

    Leave a comment:


  • dashcloud
    replied
    If you want to dual-boot or install over Windows, it is your problem

    Originally posted by duby229 View Post
    I'm tired of trying new ways to say the same thing.... So I'll just say it the exact same way....

    THATS NOT OUR PROBLEM!!!

    IF MS is worried about their OS, then let them worry about thier OS. Leave ours alone please.
    So, how do you stop a rootkit that installs a tiny Linux system, enough to boot, change stuff outside of Window's view, and ensures it always is loaded, and undetectable (because if you control the bootchain, your part of the disk could always be before the start of the disk, or after the end).

    One option is to not allow anything else to be installed, and never let your OS be in a position to have the bootloader changed.

    If you do want to allow system-level changes, or something like dual-boots, or even other OSes, you need a way to make sure only "good" operating systems and programs can make those changes.

    Another way to look at it is, how can you make sure the user is in control of the dual-booting, if it's possible for the user to not even be aware they are dual-booting/something has changed?

    Leave a comment:


  • nightmarex
    replied
    I'm going to play devils advocate for a second.

    Microscam software is too full of holes to protect itself from bootloaders. I understand that this is their solution and it's a great one (as long as it can be turned off via bios or jumper).

    On another note I think anyone who uses Windows is basically asking for problems like this. It has a large user base so is targeted more often. I would say the average user is less than computer savvy.
    It's far too easy to run something bad or have it hid in something that looks like a mp3. Too easy to compromise with out of the box configurations or too expensive to pay the virus scanner or spyware fees.
    Oh and hunt for your driver's scam sites come up first in google! Yup some system they got, they need to do this, it's their only hope!

    Side note Linux users have to be careful, i use su instead of sudo because you never know who will try to do what on your computer when your back is turned!

    Leave a comment:

Working...
X