German Government Warns Key Entities Not To Use Windows 8

[Renegade]

Uh... Yeah. No comment from me. Enjoy.

http://www.testoster...ot-to-use-windo.html

According to leaked internal documents from the German Federal Office for Information Security (BSI) that Die Zeit obtained, IT experts figured out that Windows 8, the touch-screen enabled, super-duper, but sales-challenged Microsoft operating system is outright dangerous for data security. It allows Microsoft to control the computer remotely through a built-in backdoor. Keys to that backdoor are likely accessible to the NSA – and in an unintended ironic twist, perhaps even to the Chinese.

The backdoor is called “Trusted Computing,” developed and promoted by the Trusted Computing Group, founded a decade ago by the all-American tech companies AMD, Cisco, Hewlett-Packard, IBM, Intel, Microsoft, and Wave Systems. Its core element is a chip, the Trusted Platform Module (TPM), and an operating system designed for it, such as Windows 8. Trusted Computing Group has developed the specifications of how the chip and operating systems work together.

...

Original German article:

http://www.zeit.de/d...indows-8-nsa/seite-1

[tomos]

That'll be a big boost for the other options. I see in the Zeit article, they say that Munich municipal administration is completing a move to Linux.

I was looking up my German/English dictionary lately, and noticed this page header - seems appropriate here:

[Vurbal]

Uh... Yeah. No comment from me. Enjoy.

http://www.testoster...ot-to-use-windo.html

According to leaked internal documents from the German Federal Office for Information Security (BSI) that Die Zeit obtained, IT experts figured out that Windows 8, the touch-screen enabled, super-duper, but sales-challenged Microsoft operating system is outright dangerous for data security. It allows Microsoft to control the computer remotely through a built-in backdoor. Keys to that backdoor are likely accessible to the NSA – and in an unintended ironic twist, perhaps even to the Chinese.

The backdoor is called “Trusted Computing,” developed and promoted by the Trusted Computing Group, founded a decade ago by the all-American tech companies AMD, Cisco, Hewlett-Packard, IBM, Intel, Microsoft, and Wave Systems. Its core element is a chip, the Trusted Platform Module (TPM), and an operating system designed for it, such as Windows 8. Trusted Computing Group has developed the specifications of how the chip and operating systems work together.

...

Original German article:

http://www.zeit.de/d...indows-8-nsa/seite-1

-Renegade (August 23, 2013, 01:34 AM)

I'd be willing to bet this is one of the big revelations I've been talking about that explains why companies who outside the Internet infrastructure industry spent so much money lobbying for CISPA. Just from memory I know Intel, Cisco, Microsoft, and IBM each spent more than a billion dollars on it prior to this year and this year's spending dwarfed that. IBM, in particular, sent 200 executives to Washington when CISPA was being debated.

The hidden purpose for CISPA, in case anyone didn't already know, was providing immunity for giving the government access to customer data. Like I've been saying. This is why all the spooks and faux regulators in Congress are so panicked about their secrets getting out.

[TaoPhoenix]

I've followed the Trusted Computing angle for years now, though they managed to keep it out of the limelight for quite a while now!
(Remember, we're already discussing Windows 8.1 Blue!)

This is just becoming another reason to box in users still on XP.

[Vurbal]

I've followed the Trusted Computing angle for years now, though they managed to keep it out of the limelight for quite a while now!
(Remember, we're already discussing Windows 8.1 Blue!)

This is just becoming another reason to box in users still on XP.

-TaoPhoenix (August 23, 2013, 07:40 AM)

It certainly changes my plans to show people how to make Windows 8 more user friendly. Leaving it as-is would seem to make this a self correcting problem. Good thing I was starting with Windows 7 anyway.

[TaoPhoenix]

It certainly changes my plans to show people how to make Windows 8 more user friendly. Leaving it as-is would seem to make this a self correcting problem. Good thing I was starting with Windows 7 anyway.

-Vurbal (August 23, 2013, 07:53 AM)

Bingo. If it was *just* a stupid interface, whatever. But if there's TPM junk in there, then it has active reasons not to adopt it.

Does anyone know for sure if Win7 had the same module, or if Win8 is the first one?

[Vurbal]

It certainly changes my plans to show people how to make Windows 8 more user friendly. Leaving it as-is would seem to make this a self correcting problem. Good thing I was starting with Windows 7 anyway.

-Vurbal (August 23, 2013, 07:53 AM)

Bingo. If it was *just* a stupid interface, whatever. But if there's TPM junk in there, then it has active reasons not to adopt it.

Does anyone know for sure if Win7 had the same module, or if Win8 is the first one?

-TaoPhoenix (August 23, 2013, 08:49 AM)

If I understand correctly, and assuming both the German government and the folks who reported on the leaked document do as well, the backdoor is only in TPM 2.0. It appears Windows XP, Vista, and 7 all have implementations of TPM 1.x, the latest version being 1.2.

Reading between the lines a little, and knowing just enough about TPM in Windows 7 / Server 2008 to make a barely educated guess, it seems like the difference isn't so much in what version is supported (I think it's mostly a driver issue) as whether it's enabled by default and whether it is ultimately under the user or administrator's control.

I would definitely be concerned about Windows 7, though, since that's the first version where the old monolithic OS was separated into smaller, semi-independent parts. Theoretically that makes major alterations to the kernel of the type which might be necessary for backporting TPM 2.0 more likely than for previous versions. OTOH it's not nearly as much of a modular design as Windows 8 so I wouldn't bet on it.

[40hz]

Use a proprietary closed operating system, and that's a risk you take.

With Microsoft, you get what you pay for. And a whole lot more besides.

[Vurbal]

After some additional reading this is my (only slightly) more educated assessment.

• 1.x versions of TPM use encryption keys generated by the motherboard's TPM chip at the request of the OS while the keys for TPM 2.0 chips will be pre-generated (by the Trusted Platform Computing Group?) and supplied to the chip makers to hardcode into their chips.
• TPM, regardless of version, can theoretically be disabled by the motherboard's BIOS settings. Whether that option is available is, of course, up to the vendors. [1]
• TPM support can be disabled via the registry, at least through Windows 7. There's even (apparently - I can't be bothered to check) a Group Policy setting for it. The option may or may not exist in Windows 8 and setting it may or may not actually work as advertised. I suspect it is still there and, at least for the moment, still effective.
• The standards development process (within the TPCG) changed for version 2.0 and third parties, including the German government, were excluded. However it appears one of the documents shared with some of those excluded includes a statement suggesting the NSA was still involved. [2]
• The secrecy surrounding development of the standard combined with the implications of giving Chinese chip manufacturers direct access to the encryption keys and the lack of transparency in Windows code makes it impossible to know whether there might be:
  • An existing TPM 2.0 backdoor in Windows which just needs the appropriate hardware to become an active threat.
  • An existing TPM 2.0 backdoor which isn't active but could potentially be unlocked by an OS update - particularly difficult to detect for a major update like Windows 8.1.
  • A way for Microsoft to add a TPM 2.0 back door via an OS update without it being detected until it's too late.
• Because of the necessity for tight integration into the kernel, it's more or less impossible for any of those to be true of older Windows versions simply because TPM 2.0 wasn't anywhere near complete at the necessary point in time. [3]

1 With UEFI and Secure Boot even access to the BIOS settings to begin with is an open question. Except for Windows RT devices since it's disallowed by licensing requirements.

2 The NSA's involvement, in and of itself, isn't at all unusual. It's the combination of shutting out foreign governments while still including the US government that's notable.

3 On this point the German government probably has more accurate information than any non-governmental entity outside the TPCG. However that also means there's no way to confirm that there aren't errors in their analysis.


Based on all that I'd say it's a non-issue for any current hardware, regardless of what Windows version you use. For future hardware it's a big concern, and regardless of what version of Windows you have the default assumption should be that TPM 2.0 is a vulnerability simply because of where the attack points are.

Since TPM 2.0 also matches Microsoft's completely public agenda to transform Windows into a Walled Garden in the hopes of replacing their dying Windows/Office licensing revenue streams, it's reasonable to assume forcible use of TPM 2.0 is closely aligned with their interests in any case. The safest bet is to avoid both TPM 2.0 and Windows 8 completely. With most of that being purely in the control of companies who have a vested interest in TPM 2.0 adoption that leaves simply avoiding Windows 8 as the safe bet since that is in your control.

[Stoic Joker]

Did/does Windows 7 support TPM? Yes. The BitLocker drive encryption is dependent on it. The more important question here I think, is does you hardware have a TPM chip?

Honestly I'm more than just a bit skeptical about the articles claims about what TPM is capable of. Seems more like they're lumping several different (and somewhat unrelated) technologies into one story with just a bit of straw. The phrase "jumping at shadows" comes to mind... *Shrug*

Remember there was a time when hardware based viruses were discovered and folks yelled for an encrypted/protected boot sector ... Now they have one ... and they're mad about it. I really just don't get that part.

[Vurbal]

Did/does Windows 7 support TPM? Yes. The BitLocker drive encryption is dependent on it. The more important question here I think, is does you hardware have a TPM chip?

-Stoic Joker (August 23, 2013, 01:12 PM)

It uses TPM by default but can also be configured to operate without it. There have also been no assertions that it can't be turned off other than in Windows 8, although it's equally possible that the German government would be worried purely because they don't have the keys this time around.

Honestly I'm more than just a bit skeptical about the articles claims about what TPM is capable of. Seems more like they're lumping several different (and somewhat unrelated) technologies into one story with just a bit of straw. The phrase "jumping at shadows" comes to mind... *Shrug*

I'm not prepared to make any claims as to the validity of anything absent the sort of information we don't have about the German government's reasoning. However if the keys are pregenerated and hardwired into the chips that's something I wouldn't trust no matter who does or doesn't have access to them.

Remember there was a time when hardware based viruses were discovered and folks yelled for an encrypted/protected boot sector ... Now they have one ... and they're mad about it. I really just don't get that part.

If a chain of trust has links which are intentionally obfuscated the default assumption is, or should be, that they're potential vulnerabilities. If those links happen to be in the control of organizations with an established pattern of both failing to be trustworthy and lying to cover it up, there's no reason to give them the benefit of the doubt and every reason not to.

[tomos]

I had another look at the Zeit article and went to the source link they give (from the BSI= German Department for Security etc.):

https://www.bsi.bund...6907EA4F378.2_cid359

My "officous" German isn't that great, but I can tell you that it talks about the dangers of:
-
certain scenarios where, due to "unintended flaws" [unbeabsichtigte Fehler] of the OS and the hardware, the OS may no longer work properly. These can even lead to permanent hardware failure.
[Insbesondere können auf einer Hardware, die mit einem TPM 2.0 betrieben wird, mit Windows 8 durch unbeabsichtigte Fehler des Hardware- oder Betriebssystemherstellers, aber auch des Eigentümers des IT-Systems Fehlerzustände entstehen, die einen weiteren Betrieb des Systems verhindern. Dies kann soweit führen, dass im Fehlerfall neben dem Betriebssystem auch die eingesetzte Hardware dauerhaft nicht mehr einsetzbar ist. Eine solche Situation wäre weder für die Bundesverwaltung noch für andere Anwender akzeptabel. Darüber hinaus können die neu eingesetzten Mechanismen auch für Sabotageakte Dritter genutzt werden. Diesen Risiken muss begegnet werden.]
-
=> On top of that, the new mechanism/structure could be used by third parties for sabotage.
[Darüber hinaus können die neu eingesetzten Mechanismen auch für Sabotageakte Dritter genutzt werden.]

From that page, there's a link to a PDF - a "Eckpunktepapier" (Benchmark paper?)
http://www.bmi.bund....blob=publicationFile
dated "August 2012".

It seems to be a combination of summarising TPM and how it works: saying what they would expect (in tenders I guess) of it (interopability with other systems, etc.); warning about it's possible dangers; asking people to continue research into it.

There is one line stood out for me - under heading #17 Datenschutz (Data protection):
saying basically that you've got to weigh up the choices/interests before choosing TCP - in the context of data-protection.
[Der Schutz personenbezogener Daten ist eine wichtige Voraussetzung für die Steigerung der Sicherheit im IT-Bereich. Daher sind die Bestimmungen des Datenschutzes bei Entwicklung und Einsatz (Privacy by design) von „Trusted Computing“-Anwendungen zu berücksichtigen und können im Rahmen einer verfassungsrechtlichen Güterabwägung Vorrang vor wirtschaftlichen Interessen haben.]

[40hz]

Remember there was a time when hardware based viruses were discovered and folks yelled for an encrypted/protected boot sector ... Now they have one ... and they're mad about it. I really just don't get that part.

-Stoic Joker (August 23, 2013, 01:12 PM)

That's not what they're yelling at. The complaint stems from Microsoft co-opting UEFI, adding their own proprietary Secure Boot to the mix - when the fully open CoreBoot already existed and was fully compatible with UEFI - thereby attempting to force Secure Boot down everybody's throat using Microsoft's classic "Embrace/Extend/Extinguish" strategy.

People don't object to having a more secure OS. But they are objecting to Microsoft setting itself up as the de facto gatekeeper when it's not even their technology or initiative.

What's hard to get about that?

[40hz]

If a chain of trust has links which are intentionally obfuscated the default assumption is, or should be, that they're potential vulnerabilities. If those links happen to be in the control of organizations with an established pattern of both failing to be trustworthy and lying to cover it up, there's no reason to give them the benefit of the doubt and every reason not to.

-Vurbal (August 23, 2013, 01:41 PM)

This.

"Fool me once - shame on you. Fool me twice - shame on me."

[IainB]

^^ Yup. +1 from me. Kinda obvious, and goes without saying, but seems to need to be said in any event. We can sometimes be soo gullible.