Comment by protocolture
3 months ago
>on their EOL page it lists places you can donate your old non-working hardware to. Forcing users to do what? Buy new overpriced hardware when what they have is fine?
Devils advocate. Everyone really should be on Secure Boot / Bitlocker / TPM2.0 in the Windows space. Windows 11 is really there as a checkpoint to force people to upgrade to more secure hardware. If you dont care about security, you probably dont care about security updates, you can remain with Windows 10.
Thats not to say that they went about this in a pro consumer way. Its been bungled. But specifically on the point of hardware upgrades, for your average windows user the hardware isnt really "fine" as you put it.
>Here's the thing, I started up an old iPad last night and the e-mail no longer exists nor can be created, so I can't do a lost password, I can't log in, so I can't install apps, or even format the device without some 'Account Lock'
On the apple front, they get 10x the amount of flak for "enabling" stolen hardware to be reformatted and reused, than they get for bricking people who lose access to an account.
Recovery is expendable in Apple town. Recovery of iCloud accounts enabled identity theft and personal photos of celebs to be released. Recovery of hardware enables theft. Its a losing proposition.
>That ain't the way. Your computer. Your choice.
We really need a hardware path without conflicting priorities.
The problem is the protection against malware is rolled in with protection against the end user. This leads down a dark path and it seems we collectively have decided end users are less important than the corporate profits and protection against malware.
Microsoft wants you to have a laptop with the goal that you will use it to log on to work services or play games.
Apple wants you to have a tablet to spend money on apps.
You need hardware built outside of that paradigm to have a hope of avoiding a mess of locked down anti consumer nonsense.
>Devils advocate. Everyone really should be on Secure Boot / Bitlocker / TPM2.0 in the Windows space.
nope. only useful for corporate setting. We should be able to run anything we want, however we want, without any arbitrary requirements by MS. Especially if it was proven already that it isn't a hard requirement to run the OS - just an arbitrary setting.
It just paves road for more invasive DRM and even more locked down systems.
If they have issue with crashes, and taking blame for corporate AV failures - don't give out kernel level access to them.
>Recovery is expendable in Apple town. Recovery of iCloud accounts enabled identity theft and personal photos of celebs to be released. Recovery of hardware enables theft. Its a losing proposition.
I don't care as a customer. I want my data, I don't care about corporate profit margins - and I shouldn't need to. Data theft is pure service issue of them not vetting recovery enough - due to cutting costs on it.
They're not "arbitrary requirements". They're requirements to enable VBS, one of the largest leaps in kernel security history.
arbitrary requirements as in they could be disabled quite easily in early w11 builds by flipping a flag.
There's nothing depending on it that prevents OS to run.
>nope. only useful for corporate setting. We should be able to run anything we want, however we want, without any arbitrary requirements by MS. Especially if it was proven already that it isn't a hard requirement to run the OS - just an arbitrary setting.
Right, crazy I swear I hung a lantern on that, implying you could just keep using Windows 10.
>I don't care as a customer. I want my data, I don't care about corporate profit margins - and I shouldn't need to. Data theft is pure service issue of them not vetting recovery enough - due to cutting costs on it.
Right, crazy again I swear I thought I wrapped up by saying we needed a hardware path without conflicting priorities.
> If you dont care about security
Microsoft's idea of Security is security from me, not security for me. They use this overloaded language because it's so hard to argue against. It's a thought-terminating cliché. Oh you must not care about being secure huh???
Microsofts idea of security is security from being blamed for large scale breaches. I dont think they think about you or me at all tbh.
My point was, if you dont care about Secure Boot / Bitlocker / TPM2.0, then you probably dont also care about security updates. Not whatever insult you thought I was making.
If your thoughts were terminated, that was entirely self inflicted.
These so-called security features have wildly different threat models than other security features.
Secure Boot and TPM are ways to attest that what is running is what Microsoft signed. This is only useful if I think that non-nation-state attackers will have physical access to my hardware. Nation-state attackers can probably get something signed with the public secure boot keys. TPM is just more of the same — it lets the software running on a computer verify that it has not been changed from what Microsoft signed. If I controlled the signing key (perhaps every manufactured device has its own key that is sold with the device, which I can then sign whatever OS I want with), then I could gain some security without this control loss, and that would be useful.
Regarding bitlocker, I can encrypt my drive just fine with no TPM as long as I do not expect my OS to be tampered with (which requires physical access or running something untrusted as root). I can simply use a long password with many hash cycles, so if someone stole my drive they could not decrypt it without the password. But, if the key were in the TPM, then nation-state actors could probably get it back out, depending on exact implementation (for example for biometric unlock). So, in this way, using a TPM is less secure.
We should also do away with TPMs in most cases, since all that they serve to do is attest that the corporation with the keys to the TPM decided what was running and that no one interfered with that. It's DRM, plain and simple.
There are other security updates that I may want, however, even if I am not concerned about giving an attacker root of physical access. For example, Windows has had vulnerabilities which can be exploited over a network.
> if you dont care about Secure Boot / Bitlocker / TPM2.0, then you probably dont also care about security updates
Huh? I certainly care about the latter but not the former, and I doubt I'm in the minority.
3 replies →