German IT officials reportedly deem Windows 8 too ‘dangerous’ to use

[ibm650]

The National Security Agency’s snooping practices may be costing American companies a lot of money. German publication Zeit Online has obtained leaked documents that purportedly show that IT experts within the German government believe that Windows 8 contains back doors that the NSA could use to remotely control any computers that have it installed.

The German officials specifically worry about how Windows 8 interacts with Trusted Platform Modules (TPMs) and are concerned that once Windows machines are paired with TPM 2.0 in 2015, they won’t be able to deactivate it on their machines if they don’t want it. Once TPM 2.0 is in place, Zeit says that German researchers fear that there will be “simply no way to tell what exactly Microsoft does to their system through remote updates.” Because of this “loss of control over [the capabilities of] information technology,” the researchers conclude that ”the security-oriented principles of ‘confidentiality’ and ‘integrity’ are no longer achievable” in machines that have TPM 2.0 installed.

Interestingly, the researchers say that they’ll still be able to use Windows 7 securely “until 2020,” so it seems the German government may be using the legacy version of Microsoft’s platform for years to come if it takes up its IT experts’ recommendations.

Original Article/Source

Added a source

http://news.yahoo.com/german-officials-reportedly-deem-windows-8-too-dangerous-183059602.html

Edited August 22, 2013 by ibm650
Source

[rudrax]

You have to add a source for the news :)

They need to update TPM 2.0 to TPM 2.1, nothing else.

Edited August 22, 2013 by rudrax

[Ambrocious]

Posted 14 December 2012 - 10:03 PM

I haven't tried Windows 8 yet and from all that I hear, I wont. My College Professor who had worked part time for Washington DC (government dealings) informed me that Windows 8 has so many direct lines to the FBI and CIA. He told me that he was going to share details with me...but then something weird happened. He got skittish and then kept putting it off. I even once posted a topic here in the forms about Windows 8 having backdoors but at the time I had no proof of that and I seriously thought that I was going to get the proof.

I can't tell what happened and why he never gave me the info...I'm guessing he was threatened.

Aside from the backdoor unpleasantness, it's missing features that should not be missing and also, Microsoft has been in the business of creating a Good OS followed by a crap OS for as far back as I can tell. Windows 8 is all looks, less function.

Who knows...maybe one day I'll transition to a better OS...whenever windows 9 comes around. I'm really hoping that a completely new, kick ass OS will emerge and just dominate.

SOURCE

I already had a heads up on this for the most part, as you can see my post above.

Edited August 22, 2013 by Ambrocious

[Ambrocious]

Full translation:

Windows 8 may not be used in German authorities, IT experts say. | © REUTERS / Lucas Jackson

How trustworthy is Microsoft? For the federal and all of the German authorities, businesses and private users who want to continue to work with the Windows operating system, this question is now more than ever. Because sooner or later they would have to use Windows 8 or its successor. From internal documents TIME ONLINE exist, but it is clear that the IT professionals of the federal Windows 8 deem downright dangerous. The operating system contains a back door in their view, can not be closed. This backdoor is called Trusted Computing and could have the effect that Microsoft can control any computer remotely and control. And thus the NSA.

Trusted computing is anything but a new phenomenon. Over the past decade, the technology is on the market. Simply put, it's about trying to protect the computer against manipulations by third parties, for example from viruses and trojans. The user is having to care about anything anymore. To achieve this, first, it needs a special chip that is called a Trusted Platform Module (TPM), and secondly a coordinating operating system. Together, they do not regulate, among other things, the user can install the software on a computer and which. Exactly how it works and what features are part of the Trusted Computing else, is explained for example here and here.

The way how the chip and the operating system work together is standardized. The corresponding specification is defined by the Trusted Computing Group (TCG). The TCG was founded ten years ago by Microsoft, Intel, Cisco, AMD, Hewlett-Packard and Wave Systems - all U.S. companies.

The current TPM specification is soon replaced by a new one, it is just 2.0 TPM. What is common already in smartphones, tablets, and game consoles, is the combination of TPM 2.0 and Windows 8 on PCs and laptops becoming the norm: hardware and operating system are matched, and the manufacturer of the operating system determines installed the applications on a device may be and which are not. In other words, trusted computing is a way, a digital rights management (DRM) to enforce.

Microsoft could thus theoretically determine that no word processing program other than Microsoft Word works on Windows 8th The competition may be legally problematic. But it also has security implications, precisely because the user has no influence on what Microsoft is allowed and what is not. Three points are decisive: First, the TPM in contrast to the current standard in the future is already activated when you first turn on the computer. Who takes care of the computer is in use, so can not decide whether he wants to use the trusted computing functions (opt-in). Second, no subsequent future, complete disabling the TPM longer possible (opt-out). Third, the operating system takes over sovereignty over the TPM, in the case of a Windows computer that is ultimately Microsoft.

No later than 2015 will work with Windows 8.x according to the standard TPM 2.0 virtually every regular computer. What then Microsoft makes updates remotely through the system and thus the whole computer is not completely overlook for the user.

In summary, the user of a trusted computing system lose control of their computer. While this is to some extent the basic idea of ​​trusted computing, explains how the Federal Office for Information Security (BSI) here in great detail. The BIS recommends that governments, businesses and private users as well, provided it meets certain conditions the use of this technique. These conditions include the options but the opt-in and opt-out - and the drop off in the future.

"Confidentiality and integrity is not guaranteed"

Instead, Microsoft could decide which programs can be installed on the computer, make already established programs unusable and subsequently help intelligence to control other computers. The competent professionals in the Federal Ministry of Economics, in the federal and the BSI as well as unequivocally warn against the use of trusted computing the new generation of German authorities.

Thus, according to an internal document from the Ministry of Economic Affairs of the beginning of 2012: "The loss of full sovereignty over information technology" are "the security objectives 'confidentiality' and 'integrity' is no longer guaranteed." Elsewhere are phrases like: "Significant impact on the federal IT security can go with it." The conclusion is therefore: "The use of 'trusted Computing' technique in this form ... is unacceptable for the federal administration and the operators of critical infrastructure."

SOURCE

Edited August 22, 2013 by Ambrocious

[dMog]

well gee ambro if windows 8 has back doors why would windows 9 not...not to mention windows 7 and XP..could be toe prof was just playing with your mins then realized you are far too deep into the conspiracy theories and realized he had to stop toying with you

[Ambrocious]

well gee ambro if windows 8 has back doors why would windows 9 not...not to mention windows 7 and XP..could be toe prof was just playing with your mins then realized you are far too deep into the conspiracy theories and realized he had to stop toying with you

The way he explained it to me (trying to recall correctly) is that his team of forensic cyber analysts ( not sure if he is part of it ) detected

this activity early on in the BETA of Windows 8, the back doors.

He is the reason why I steered away from Windows 8 to begin with.

In case your wondering, I gave him copies of the Alex Jones documentaries and he was fairly impressed telling me that most of the info in them was true, the rest he felt was being "sensationalized".

As for your question about Windows 9, I was being hopeful of course that they WOULDN'T put direct back doors in but of course they probably would. He didn't tell me anything much about Windows 7 other than it's a bit harder to gain access and monitor you, with Windows 8, it's all set and ready for the government voyeurs to have fun. I didn't ask about WindowsXP but I assume it's less compatible (outdated) with the back-end hardware/software they use to do all this stuff.

I knew this would come out eventually, all of it will. Some info will take longer to be discovered I am afraid though.

Edited August 22, 2013 by Ambrocious

[OrbingStorm]

I want my back door to be safe from prying... :wedgie:

[stylemessiah]

Generally most people who were even aware of TPM were those using corporate level laptops (i.e. marketed and designed for use in corporate enviroments ) to provide security for logon, email and disk encryption to safeguard corporate data.

I used to have TPM in my old laptop, and as part of the HP security software, i would enable it (and receive an encryption key and certificate on the screen and for backup in case i failed my windows logon too many times) for logon, then i would choose to enable the disk enryption as well for further anti theft protection....anyone stealing it would not be able to logon, they wouldnt be able to access the data on the disk even if they put it in another machine, and replacing the hard drive would still make the machine unusable as the TPM chip with its sturdy encryption keys wouldnt accept any other drive that wasnt present when the TPM was enabled and the encryption key was generated. and BIOS and logon protection was enabled

So from a personal/corporate data security point of view quite handy.

But TPM chips have been creeping into desktops for a while.and the reason why this is now making people a little nervous, especially in the wake of the NSA spying whistleblowing is that if you were to have a backdoor into the TPM chip, you would have a serious security issue, especially in the sense that TPM operates at a hardware level. If say Windows 8 did have a backdoor software interface into TPM then nothing would be secure, and you would never know it had been compromised, because once you installed the TPM driver for the TPM chip, windows would have access to the cryptographic keys of the chip. Any data you encrypted with TPM turned on after that be it files or emails would be in reality completely unencrypted and at the mercy of Windows claimed backdoor. Certainly a bit of a worry. if true, for corporations.

Mind you this is not the first conspiracy theory over TPM, its been waged ever since it came into being......

So at the moment you can voluntarily disable the chip in BIOS, or not install or uninstall the TPM driver, but what the story is getting at is that there seems to be a push, true or not, to have TPM a requisite for future Windows versions.

Interestingly Apple only installed TPM chips for a few years, im guessing loooking at using fit or software licensing anti piracy/drm (certainly nothing user space for encryption of data that might have actually been useful), and then did absolutely nothing with it, there wasnt actually a driver installed for it to be active as far as im aware.

Edited August 22, 2013 by stylemessiah

[ande]

I was made aware of this somewhat earlier in April 2012, reading topic - Windows 8 and TPM: a frustrating tale of astonishing stupidity.

Debian and RHEL are, if you are looking for security and stability, right choices.

Peace.

[Mr Orus]

Note: Each topic of news always insert: Original Article/Source. :)

[tezza]

Updated statements of the BSI

https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2013/Windows_TPM_Pl_21082013.html

Translated

Opinion of the BSI for current reports to MS Windows 8 and TPM
Bonn, 21.08.2013.

Media reports currently about Windows 8 and Trusted Platform Module (TPM) that the federal government would warn against Windows 8. According to the reports keep "IT experts of the federal Windows 8 for downright dangerous." In Media Reference is also made to a paper by the Federal Ministry of Economics and Technology (BMWi) and states: "The competent professionals in the Federal Ministry of Economics, in the federal and the BSI caution because even unequivocally against the use of trusted computing the new generation of German authorities."

Explained in this respect, the Federal Office for Information Security (BSI):
The BSI warns neither the public nor the Federal German company prior to any deployment of Windows 8 The BSI is currently facing, however, some critical aspects related to specific scenarios in which Windows 8 is operated in combination with a hardware that has a TPM 2.0.

For specific user groups in the use of Windows 8 in combination with a TPM may well mean an increase in safety. This includes users who for various reasons can not take care of their security or want but trust the manufacturer of the system that this provides and maintains a safe solution. This is a valid use case, however, the manufacturer should provide sufficient transparency about the potential limitations of the provided architecture and possible consequences of the use.

From the perspective of the BSI, the use of Windows 8 in combination with a TPM 2.0 is accompanied by a loss of control over the operating system and the hardware used. This result for the user, especially for the federal government and critical infrastructure, new risks. In particular, on a hardware, which is operated with a TPM 2.0, with Windows 8 caused by accidental errors of the hardware or operating system manufacturer, is also the owner of the IT system error conditions that prevent further operation of the system. This can cause such an extent that in case of error in addition to the operating system and the hardware used is permanently no longer be used. Such a situation would not be acceptable for the federal nor for other users. In addition, the newly established mechanisms can also be used for sabotage of third parties. These risks need to be addressed.

The BSI considered complete control over the information used technique that a conscious opt-in and the possibility of a subsequent opt-out includes, as a basic condition for a responsible use of hardware and operating systems. The resulting demands on operating systems and hardware has formulated the federal government in its issues paper on Trusted Computing and Secure Boot.

Generally it should be possible IT users to maintain a self-determined and autonomous dealing with information technology. Example This example also includes the ability to use alternative operating systems and applications at its discretion.

Thus, these conditions continue to modules can be achieved with Windows and the Trusted Platform, the BSI remains with the Trusted Computing Group, as well as with the manufacturers of operating systems and hardware in exchange for the user as well as for use in the federal and critical infrastructure to find appropriate solutions.