For a while now, folks have listened to me “talk dirt” about the direction many software companies (especially those in the PRISM program) have gone in terms of opening giant holes in YOUR control of YOUR machine.
Microsoft now “takes it up a notch” with Windows 10.
The “agreement” you must agree to to use the software you bought, grants to Microsoft effective admin rights on your computer. Then they go rummaging around and if they find software they don’t like, they delete it. (They claim it is for pirate software, but what is to stop them from deciding, say, OpenOffice infringes on their file format by being able to read it, and deleting that, too?)
But the real bad thing is that you are one (not very hard) DNS Hijack away from anyone wanting to pretend to be Microsoft rummaging around on your machine. Do they have World Class keys and encryption to prevent this? I doubt it. Does the NSA have a set even if they do? Count on it.
Well, I was only going to include a quote / teaser, but since those folks have some kind of ‘right click select block’ you get the whole front page. Force me to use GIMP and I’m not going to spend a lot of time quoting small parts and multiple snips… One of the stupider ways to attempt to prevent quoting around. Often I’ll just go to the next link down and quote them, instead.
Click the image for an even larger more readable image.
OK, the point here is pretty simple. AVOID Windows 10. If it grants ANYONE admin privs over the internet, it is only a matter of enough time and it grants EVERYONE admin privs. Even stellar encryption methods ‘age out’ in a matter of years. Often on the order of 5 to 10, and that isn’t even including blatant bugs, subtle bugs, and NSA inspired ‘back doors’.
Windows 7 is still the better choice.
But Wait, there’s MORE!
On tips, we had this nice link (and a h/t to Nick Fiekowsky) :
You get points for prescient UEFI paranoia. Windows and UEFI Anti-Theft Mechanism Makes Systems Less Secure.
Lenovo uses this pre-OS-boot environment to ensure its system management utility is installed. Even if you’re doing a “clean” install with a Windows version downloaded from Microsoft.
I’ve worked in small & large tech vendors. Can imagine Lenovo’s view that this is good customer service, eliminating all those pesky Support calls stemming from absent or back-level drivers…
Which includes a link to this article:
The original is full of nice links and more that I’m not reproducing here, so ‘hit the link’ for the real deal.
Windows and UEFI anti-theft mechanism makes systems less secure
Features added in Windows 8 were misused by Lenovo to install unwanted software on top of a clean OS install, introducing a critical vulnerability.
By James Sanders | August 13, 2015, 9:37 AM PST
With the litany of free trial programs, adware, and other unwanted “features” that come with the factory images of Windows computers, it has become standard procedure for many users to wipe the system drive of a new PC and install Windows from the Microsoft-published media. However, these attempts by the user to have a clean installation are turning out to be less secure than they should be.
Windows Binary Platform Table
Windows 8 introduced a feature called Windows Binary Platform Table (WBPT), which allows OEMs to insert small executables into the Unified Extensible Firmware Interface (UEFI); these executables are copied into the filesystem and executed by Windows. There is no way to prevent this behavior in Windows using the Group Policy Editor or other obvious system management tools.
That’s the basic “magic sauce” that had led me to state I would never trust a UEFI boot box for anything that actually needs to be secure. It comes from the factory “pre hacked”, and if you think that various TLAs have not requested they have a special chunk in there, you don’t have what it takes to work in computer security.
According to Microsoft’s documentation for WBPT (DOCX file):
“The primary purpose of WPBT is to allow critical software to persist even when the operating system has changed or been reinstalled in a “clean” configuration. One use case for WPBT is to enable anti-theft software which is required to persist in case a device has been stolen, formatted, and reinstalled. In this scenario WPBT functionality provides the capability for the anti-theft software to reinstall itself into the operating system and continue to work as intended.”
In this intended use, this type of behavior is beneficial — an anti-theft system is vital to organizations that deal with sensitive data, and to end users concerned with personal property protection. An anti-theft system that can be overridden by a disk format and Windows reinstallation would not be useful. However, if an OEM were to use it for the installation of a system management utility that the user would ostensibly be trying to avoid by wiping the factory OS image, this would be a substantial problem for the user.
The abliity to have “anti-theft” software persist is the ability to have ANY software persist, and the ability to install “anti-theft” software is the ability to install ANY software…
Now, we all implicity trust the Chinese Government, right? And the fact that any company in China exists only so long as they do EXACTLY what the government requests is no reason to worry they would not stand up for us, right? ( ;sarc> for the sarc impaired…)
Lenovo is using this to install a system management utility
As if the public fallout from the Superfish debacle wasn’t enough of an issue, the only OEM known to be using WBPT improperly (so far, and I’m not optimistic) is Lenovo. Certain consumer-grade desktops and laptops have a WBPT entry that copies a small dropper executable to the filesystem called the Lenovo Service Engine; the executable replaces autochk.exe, which writes two additional files to the filesystem, which in turn creates a service that downloads the Lenovo OneKey Optimizer (PDF) through an unencrypted HTTP connection.
Lenovo is a Chinese company. Nuff said.
And this is a great example of how to hack in from that small bit of WBPT code. Note, too, that it arrives unencrypted. I doubt they are using strong keys and defending against “man in the middle” attacks. An obvious line of attack is to capture any router along the way to Lenovo including those at the Chinese telcos or in the USA at NSA monitored exits from our telcos and substitute your own “dropper executable” that points to your server and load your root kit.
Considering the method by which this is installed, and the difficulty with which it can be removed, Lenovo has instructions for disabling the WBPT entry in desktops and removes it entirely using a firmware update for laptops, this behavior is tantamount to installing a rootkit. The desktop version doesn’t install OneKey, though it does transmit information to Lenovo.
Bold added by me. And it’s nice to see I’m not the only one thinking this is a root-it path.
This is Microsoft’s fault too
This is actually what “working as designed” looks like — Microsoft provided a means in WBPT for OEMs to force the execution of a program in Windows without user consent. Concerns about Windows 10’s overreach on privacy settings have been high since it was released.
Welcome to the PRISM Prison… "All your data are belong to us! – NSA and friends in China"…
The move to UEFI was already controversial, as it was seen as a way to prevent the user from installing alternatives to Windows, such as Linux distributions. Having the option to disable UEFI Secure Boot was a requirement for OEMs with Windows 8, though Microsoft is allowing OEMs to enforce Secure Boot for Windows 10. There are plans to sign Linux in a way to be compatible with UEFI Secure Boot, but the search continues for a solution that is intelligent enough such that Linus Torvalds won’t go on a tirade.
Dear Linus: Please continue to tirade.
Everyone else: Please, when shopping, stop by the computer department and ask what they have for sale without UEFI and Microsoft? Just state that since they are riddled with security holes and crap, you won’t buy one, but a nice Linux box with a non-UEFI bootloader would be fine. Then wait a polite amount of time before moving on…
In the meantime, I’m going on with my development of a secure enough and cheap enough alternative based on NON-PC non-corrupted hardware and software.
Microsoft and UEFI: Just Say NO! (Or better yet WTF #((*#%)! No!)