Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The name “Secure Boot” is such an effective way for them to guide well-meaning but naïve people's thought process to their desired outcome. Microsoft's idea of Security is security from me, not security for me. They use this overloaded language because it's so hard to argue against. It's a thought-terminating cliché.

Oh, you don't use <thing literally named ‘Secure [Verb]’>?? You must not care about being secure, huh???

Dear Microsoft: fuck off; I refuse to seek your permission-via-signing-key to run my own software on my own computer.



Agreed.

Also Secure boot is vulnerable to many types of exploits. Having it enabled can be a danger in its self as it can be used to infect the OS that relies on it.


Could you elaborate? This is news to me?


> Dear Microsoft: fuck off; I refuse to seek your permission-via-signing-key to run my own software on my own computer.

No one is stopping you from installing your own keys, though?


I do not want to be in the business of key management. This is not something that needed encryption. More encryption ≠ better than.

I also dual-boot Windows and that's a whole additional can of worms; not sure it would even be possible to self-key that. Microsoft's documentation explicitly mentions OEMs and ODMs and not individual end users: https://learn.microsoft.com/en-us/windows-hardware/manufactu...


> This is not something that needed encryption. More encryption ≠ better than.

Securing the boot chain protects against a whole range of attacks, so yes, it is objectively better from a security POV.


Name a single prevented bootkit that wasn't able to avoid the encryption and signature verification toolchain altogether.

Malware developers know how to avoid this facade of an unlocked door.

Users do not.

That's the problem. It's not about development, it's about user experience. Most users are afraid to open any Terminal window, let alone aren't even capable of typing a command in there.

If you argue about good intent from Microsoft here, think again. It's been 12 years since Stuxnet, and the malware samples still work today. Ask yourself why, if the reason isn't utter incompetence on Microsoft's part. It was never about securing the boot process, otherwise this would've been fixed within a day back in 2013.

Pretty much all other bootkits also still work btw, it's not a singled out example. It's the norm of MS not giving a damn about it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: