Windows and Locked Bootloaders: Should we care?

There has always been controversy over the released hardware requirements of each Windows Operating System, but it seems that Windows 8 has sparked more controversy than usual. There is one little piece within Microsoft’s requirements that were published last month that states that both x86 systems and ARM systems running Windows 8 must have UEFI BIOS with “secure boot” enabled which will mean there will be BIOS level security verifying that Windows 8 is the only OS on the machine and that it is not tampered with.

It’s All About Security

It’s not secret that Windows has been subjected by virus attacks for what seems like all of eternity. With the internet being tantamount to the use of any computing device, the problem may only get worse. However, Microsoft is trying to nip the problem in the bud with some interesting decisions in Windows 8.

Peter Bright over at Ars Technica wrote a great article an day ago that thoroughly discusses the technical details of the security upgrades, but I’ll summarize the details for brevity and also simplicity.

Microsoft currently uses a Certificate Authentication system for verifying the legitimacy of its own .exe files (program installers) and also hardware drivers (on 64-bit Windows) to make sure that malware has not modified critical system files. You’ll get the idea if you’ve ever had to (or seen someone on a movie) swipe a card through an automated door system before you can go inside. Windows will require that any system files “swype” their certificate before they run at every boot. The major problem with this system is that the mechanism for checking certificates, aka the card reader, is not guarded or checked for accuracy or tampering. Furthermore, it is located in the bootloader, which a type of malware that has become popular lately, the rootkit, is known for modifying. By modifying the bootloader to disable the “card reader” system, a piece of malware can then run amok modifying system files and essentially take over the user’s computer.

Microsoft will be expanding this system to include applications within Windows 8. Windows 8 apps (those that run in the Metro UI rather than the Windows 7-environment) will all be sandboxed, meaning that they are run in a separate environment and any changes made will not impact the rest of the system. For instance, if an app crashes, then Windows can kill the environment like closing a web page and prevent Windows from crashing.

Of course there will be times when legitimate apps do need to make changes to the operating system. Microsoft will be providing a lot of quality control to make sure that apps that are downloaded are good, but what about after an app is installed? Microsoft will most likely be using the certificate system to verify the security permissions of the app. But if a piece of malware (spyware and cookie based threats will still be a possibility here) is able to modify the bootloader, then it can also disable the certificate authentication system and therefore get full access to the system.

To kill this problem, Microsoft is requiring that all Windows 8 systems (ARM and x86) have UEFI BIOSes and have secure boot enabled. For all intents and purposes, UEFI gives them secure boot(although it also makes the BIOS a bit prettier) and secure boot creates another “card reader” that checks the bootloader (and therefore checks the integrity of the Windows “card reader”) and the OS. If there is problems with either, it simply will not let the code run or at the worse, it will not let the system boot.

Is There a Problem?

This is a good way to solve the problem, but it does lock the hardware, preventing you from loading anything other than Windows on the machine. Linux users are worried that they will be locked out of computers completely and developers such as Cyanogen are worried that users will not be able to modified OSes on ARM hardware. There really isn’t a problem though and here’s why:

x86

First of all, the requirements that were posted are only for systems seeking “Made for Windows 8” certification. The only ones worried about that are OEMs such as ASUS, Lenovo, HP and Dell who are making computers and selling them with Windows 8. Retail computers will have UEFI and Secure Boot enabled but Microsoft is not requiring this for user built computers. This, honestly, should alleviate most concerns about x86 computers. Most people who dual boot Linux or just use Linux on a desktop will probably be savvy enough (and smart enough) to build their own desktop.

Laptops will be a bit of a different story. However, the one caveat is that Microsoft will be allowing users to turn off secure boot on x86 machines. The process is mentioned in the above article, but it should be a simple switch within the BIOS to disable secure boot. So should you want to buy a Dell XPS or some such and put Linux on it for some reason, you will be able to.

ARM

This is where the real problem lies. Since the first tablet, the iPad came out, there have been numerous attempts to modify it, jailbreak it, put different OSes on it, etc. The hackers were at first thwarted by a locked bootloader, but eventually they got around it. Then Android tablets came to the fray and offered a customizable open source platform designed for ARM processor based machines. Since then, the hacker community has been a bit spoiled with the concept of an “unlocked bootloader.” Whenever a new Android phone or tablet is released with a locked bootloader, the masses scream and yell and the manufacturer may either unlock the bootloader (as ASUS did with the Transformer Prime and HTC did with almost all their phones) or just say “screw hackers” as Motorola, Samsung and Sony tend to do. I don’t use anything other than official builds for my phones, but I can understand that an unlocked bootloader gives unprecedented freedom for custom mod makers and custom mod users.

However, Microsoft’s policy towards ARM based Windows 8 machines is to completely lock the bootloader. Yes this provides security as stated above, but Microsoft seems totally willing to let x86 users to use their hardware with any software, so what gives?

1. The Legacy

The biggest problem Microsoft faces when locking the bootloader for x86 is the fact that when someone buys a computer, 9 times out of 10 it has Windows on it. Locking the bootloader on 9 out of 10 x86 computers will cause huge anti-trust issues. Also, people are used to dual booting or buying a Windows machine to run Linux. As far as Microsoft is concerned, hackers won’t buy Windows apps anyway, but at least they are getting paid by the OEM for the operating system. Locking the bootloader of x86 machines only causes them trouble and with very little benefit.

2. It’s All About Money

When considering ARM, the first thing to consider is where the money comes from for all three platforms. Apple’s revenue comes from hardware and App store sales. It could make sense that Apple might unlock the bootloader since they get money from hardware anyway, but they’re Apple, so they won’t. Apple’s “walled garden” approach to computing (read: user experience and quality control controlled by Apple) prevents them from even considering such a proposition.

Google gives away their operating system. Yes they require registering with an advertising partnership but most companies building devices do anyway. Android is free. Google makes almost nothing off app store purchases. Their money is made off advertising both in the OS, Google Searches, the Market, and within free Apps. Most OEMs modify Android in some way before they put it on the device, so obviously Google doesn’t care about changing the OS or locked bootloaders. They kept Android open so that the developer community could play with it as they want and be happy and use Google’s services and other things that get Google money from advertising. Google even gets money from iOS and Windows 8 if the user uses Google Search. They don’t care about locked bootloaders.

Microsoft is looking at a different approach here. They sell software, but excepting their accessory division, they don’t sell hardware. Microsoft’s only revenue will come from the sale of Windows 8 and App Store purchases. Microsoft has a vested interest in keeping Windows on their tablet because, though they get initial revenue from the sale of OS, they could get continued revenue through App Store purchases. When considering whether to lock the bootloader, they had to decide between losing App Store revenue and making Google-loving hackers happy or providing a more secure platform that happens to guarantee App Store revenue from the users of their devices. Not a hard decision.

3. ARM’s Legacy vs. Microsoft’s Strategy

Also, when it comes to ARM, Microsoft is the new kid on the block. Unlike with x86, if they lock Windows 8 tablets, no anti-trust lawyers will come see them. There’s also the fact that the biggest kid on the block, Apple does run a locked bootloader. Android tablets are under constant pressure not to, but that’s because Google has positioned themselves as the Open Source alternative, thus appealing to the Linux crowd and thus needing to cater to their desire for an open and customizable platform. Microsoft does not pretend to be such. And they don’t need to. Android is open source, Windows is not, therefore if someone wants open and customizable, one will go to Android, not Windows.

Microsoft is trying to position themselves as a viable and different 3rd choice. They are trying to provide the security of iOS, integration (hopefully) with a legacy platform that 90% of computer users are already invested in, but are also offering a platform that is much more friendly to customization than iOS. It’s not totally secured and controlled like iOS, but its also not as chaotic and insecure as Android. The only rule, is that your Windows 8 tablet must have Windows 8. That’s not really so bad, and it makes sense.

4. Who cares?

I question whether those who have a problem with the locked bootloaders on Windows 8 tablets really plan on putting Android or Linux on a Windows 8 tablet. Why? Can’t these same people buy an Android tablet and do what they want with it? It makes logical sense, to me, that if you buy a Windows 8 tablet, then it will have Windows 8 on it and that’s it. You will buy apps from the Windows Marketplace, you will sync your Windows stuff with it, and you will use it like a Windows tablet. If you don’t want Windows 8 on your tablet, don’t buy a Windows 8 tablet. Simple as that.

Are Microsoft’s new security measures the end of the world? No. It will mean nothing for x86 other than a more secure Windows then ever before. Microsoft already has locked bootloaders for Windows Phone 7. It’s just business as usual.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: