Announcement

Collapse
No announcement yet.

Linux Group Files Complaint With EU Over SecureBoot

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Originally posted by duby229 View Post
    So what prevents a malware author from using an existing key? (Or having a list of known keys for that matter)
    Where would the malware author get that key?

    Comment


    • Originally posted by mjg59 View Post
      Where would the malware author get that key?
      Microsoft distributes and manages all the keys.

      Comment


      • Originally posted by frign View Post
        What this leads to is the thought: Why force the hardware-vendors to implement a "security"-mechanism when the actual problem is the OS it is bound to? Isn't it Microsoft which should fundamentally change the security-model of their still-based-on-NT-OS to fullfil contemporary security-demands?
        If you believe that Linux is somehow immune to the types of attacks used against Windows, you're wrong. http://cve.mitre.org/cgi-bin/cvename...=CVE-2013-1848 was last month, for instance.

        Comment


        • Originally posted by nomadewolf View Post
          Microsoft distributes and manages all the keys.
          What does that have to do with the question?

          Comment


          • Originally posted by mjg59 View Post
            If you believe that Linux is somehow immune to the types of attacks used against Windows, you're wrong. http://cve.mitre.org/cgi-bin/cvename...=CVE-2013-1848 was last month, for instance.
            Yes, but this requires the user to run malicious code in the first place. And most common sense prevents this from happening, even if you ignored the fact that OpenSource is generally safer and faster in regards to fixing security issues.

            Comment


            • Originally posted by Sonadow View Post
              (anecdotal example: in my country, more and more people are asking for touchscreen enabled notebooks even though they plan to wipe Windows 8 and replace it with Windows 7)
              Therefore do they want touch-enabled devices for using with a touch-unfriendly OS?

              Originally posted by Sonadow View Post
              and Office 2013 will finally use the OOXML Strict specification which they pushed to be recognized as a standard some time back.
              Do you mean that defective specification approved in that broken standardisation process involving the most controversial and unusual ballots ever convened, vote buying, policiy violations, Microsoft submitted misinformation, and other very unusual behaviour in standards bodies?



              I only can say WOW!

              Comment


              • Originally posted by mjg59 View Post
                What does that have to do with the question?
                Q: Where would the malware author get that key?
                A: Microsoft distributes and manages all the keys.


                Am I missing something?

                Comment


                • Originally posted by frign View Post
                  Yes, but this requires the user to run malicious code in the first place. And most common sense prevents this from happening, even if you ignored the fact that OpenSource is generally safer and faster in regards to fixing security issues.
                  We're not talking about who's better. We're talking about whether Linux is vulnerable to the kinds of attacks that Secure Boot protects against. The answer is yes, it is.

                  Comment


                  • Originally posted by frign View Post
                    even if you ignored the fact that OpenSource is generally safer and faster in regards to fixing security issues.


                    Comment


                    • Originally posted by nomadewolf View Post
                      Q: Where would the malware author get that key?
                      A: Microsoft distributes and manages all the keys.


                      Am I missing something?
                      Yes. Microsoft don't distribute keys.

                      Comment

                      Working...
                      X