Windows 8 is an unacceptable
security risk for companies and authorities, experts warn the
government. The so-called Trusted Computing is a back door for the NSA.
How trustworthy is Microsoft? For the federal and all of the German
authorities, businesses and private users who want to continue to work
with the Windows operating system, this question is now more than ever.
Because sooner or later they would have to use Windows 8 or its
successor. From internal documents TIME ONLINE exist, but it is clear
that the IT professionals of the federal Windows 8 deem downright
dangerous. The operating system contains a back door in their view, can
not be closed. This backdoor is called Trusted Computing and could have the effect that Microsoft can control any computer remotely and control. And thus the NSA.
Trusted computing is anything but a new phenomenon. Over the past
decade, the technology is on the market. Simply put, it’s about trying
to protect the computer against manipulations by third parties, for
example from viruses and trojans. The user is having to care about
anything anymore. To achieve this, first, it needs a special chip that
is called a Trusted Platform Module (TPM), and secondly a coordinating
operating system. Together, they do not regulate, among other things,
the user can install the software on a computer and which. Exactly how
it works and what features are part of the Trusted Computing else, is for example here and explained here .
The way how the chip and the operating system work together is
standardized. The corresponding specification of the Trusted Computing
Group set (TCG). The TCG was founded ten years ago by Microsoft, Intel,
Cisco, AMD, Hewlett-Packard and Wave Systems – all U.S. companies.
The current TPM specification is soon replaced by a new one, it is
just 2.0 TPM. What is common already in smartphones, tablets, and game
consoles, is the combination of TPM 2.0 and Windows 8 on PCs and laptops
becoming the norm: hardware and operating system are matched, and the
manufacturer of the operating system determines installed the
applications on a device may be and which are not. In other words,
trusted computing is a way, a digital rights management (DRM) to
enforce.
Microsoft could thus theoretically determine that no word processing
program other than Microsoft Word works on Windows 8th The competition
may be legally problematic. But it also has security implications,
precisely because the user has no influence on what Microsoft is allowed
and what is not. Three points are decisive: First, the TPM in contrast
to the current standard in the future is already activated when you
first turn on the computer. Who takes care of the computer is in use, so
can not decide whether he wants to use the trusted computing functions (opt-in). Second, no subsequent future, complete disabling the TPM longer possible (opt-out).
Third, the operating system takes over sovereignty over the TPM, in the
case of a Windows computer that is ultimately Microsoft.
No later than 2015
will work with Windows 8.x according to the standard TPM 2.0 virtually
every regular computer. What then Microsoft makes updates remotely
through the system and thus the whole computer is not completely
overlook for the user.
In summary, the user of a trusted computing system lose control of
their computer. While this is to some extent the basic idea of trusted
computing, explains how the Federal Office for Information Security (BSI) here in great detail . The BIS recommends that governments, businesses and private users even if they use this technique to certain conditions met. These conditions include the options but the opt-in and opt-out – and the drop off in the future.
“Confidentiality and integrity is not guaranteed”
Instead, Microsoft could decide which programs can be installed on
the computer, make already established programs unusable and
subsequently help intelligence to control other computers. The competent
professionals in the Federal Ministry of Economics, in the federal and
the BSI as well as unequivocally warn against the use of trusted
computing the new generation of German authorities.
Thus, according to an internal document from the Ministry of Economic
Affairs of the beginning of 2012: “The loss of full sovereignty over
information technology” are “the security objectives ‘confidentiality’
and ‘integrity’ is no longer guaranteed.” Elsewhere are phrases like:
“Significant impact on the federal IT security can go with it.” The
conclusion is therefore: “The use of ‘trusted Computing’ technique in
this form … is unacceptable for the federal administration and the
operators of critical infrastructure.”
Source / Translated : Zeit – Online
No comments:
Post a Comment