Win8's Trusted Computing a backdoor for Microsoft to your computer?

Discussion in 'privacy problems' started by chimpsgotagun, Aug 22, 2013.

Thread Status:
Not open for further replies.
  1. chimpsgotagun

    chimpsgotagun Registered Member

    Joined:
    Dec 1, 2012
    Posts:
    55
    http://www.zeit.de/digital/datenschutz/2013-08/trusted-computing-microsoft-windows-8-nsa/seite-1

    Tanslation to english:
    http://translate.google.com/transla...ted-computing-microsoft-windows-8-nsa/seite-1

    The following is google-translated from German, therefore a bit clumsy:
    "Government [german] warns of Windows 8

    Windows 8 is an unacceptable security risk for companies and authorities, experts warn the government. The so-called Trusted Computing is a back door for the NSA.

    ...

    From internal documents TIME ONLINE exist, but it is clear that the IT professionals of the federal Windows 8 deem downright dangerous. The operating system contains a back door in their view, can not be closed. This backdoor is called Trusted Computing and could have the effect that Microsoft can control any computer remotely and control. And thus the NSA.

    ...

    the user has no influence on what Microsoft is allowed and what is not. Three points are decisive: First, the TPM in contrast to the current standard in the future is already activated when you first turn on the computer. Who takes care of the computer is in use, so can not decide whether he wants to use the trusted computing functions (opt-in). Second, no subsequent future, complete disabling the TPM longer possible (opt-out). Third, the operating system takes over sovereignty over the TPM, in the case of a Windows computer that is ultimately Microsoft.

    No later than 2015 will work with Windows 8.x according to the standard TPM 2.0 virtually every regular computer. What then Microsoft makes updates remotely through the system and thus the whole computer is not completely overlook for the user.

    ...

    From another document stating that Windows 8 and its successors were not used together with TPM 2.0 "already". Windows 7 after all, could "be safely operated until 2020."

    ...

    Back door for the NSA and the Chinese

    In light of the revelations Snowden accordingly it takes little imagination to see 8 TPM 2.0 and Windows as a back door for the NSA, just waiting to be opened. Rüdiger Weis, a professor at the Beuth University of Applied Sciences in Berlin, which holds for absolutely possible. Cryptography expert has been studying with trusted computing and provides the new specification from a damning testimony: At least three levels of the new trusted computing systems are vulnerable, he says in an interview with TIME ONLINE. One must assume that the NSA could compromise the corresponding computer problems - just the way the Chinese when the TPM chip would be manufactured in China.

    Microsoft defends his approach: the TPM is enabled by default, because most users now once accepted defaults. They only need to activate the function itself, which would mean that many would use a less secure system. Government regulations that provide this option, be unwise. According to Microsoft, the hardware manufacturers could also definitely build Windows devices in which the TPM is disabled. Who wants to have full control of their computer, just had to buy such a model.

    If the IT professionals of the Covenant, no such devices that are affordable and otherwise meet your expectations, you will probably only the way that, for example, the Munich city administration has taken. On their computers, a Linux operating system. The gradual transition from Windows to Linux started ten years ago and should be completed in late 2013.

    Update: The BSI has 21 August, a published opinion. It states in part: "The BSI warns neither the public nor the Federal German company prior to any deployment of Windows 8, the BSI currently provides, however, some critical aspects related to specific scenarios in which Windows 8 is operated in combination with a hardware is that has a TPM 2.0., for certain groups of users, the use of Windows 8 in combination with a TPM may well mean an increase in safety. This includes users who can not or for various reasons do not worry about the security of their systems want, but the manufacturer of the system trust that this provides and maintains a safe solution.
    "
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    http://www.zdnet.com/german-government-refutes-windows-backdoor-claims-7000019739/
     
    Last edited: Aug 22, 2013
  3. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Woah I'm totally shocked. :D
     
  4. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    This entire PRISM scandal, Microsofts arrogance towards its users and other issues are pushing me more and more towards linux. And while I am complete noob with linux, I have a spare thinkpad that I will use to experiment.
     
  5. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852

    Another ~Removed~ that thinks the evil Microsoft is out to get us. Can you elaborate exactly on what "arrogance" Microsoft has displayed?

    Let me guess, you think because they are forced to abide the the law of a country they are arrogant towards their users?

    So, you'd rather live in a world where large corporations take the law into their own hands?

    To put it simply, cut the nonsense. If you're looking for something to hate, hate the American law system and try your best to get it changed. Companies should always be forced to work under the law of the country they are operating it, it doesn't matter if you agree with it or not.

    I suggest you watch an episode or two of Star Trek to learn how important it is to abide by the customs and laws of others. People don't just decide to take the law into their own hands for an ideological idea of "what they think is right", especially not large corporations. Once that starts happening, you're royally screwed.
     
    Last edited by a moderator: Aug 22, 2013
  6. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    Windows 8 was an arrogant move. And MS didn't even bother to fight in the courts against PRISM. Lavabit did...
     
  7. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Are you suggesting that Microsoft is legally required to backdoor Windows? If so, we're supposed to just accept this?
    We are living in that world. Large companies run the government. Microsoft should have been dismantled years ago under anti-trust laws.

    Of course a government is going to refute the accusation. There's no way they'd ever admit it. Anyone at MS who knows about it has already received an NSL forbidding them to reveal it. Even if hard proof is presented, nothing will happen to MS. They'll be given immunity just like the telecoms were.

    I've long believed that the newer versions of Windows are backdoored. This backdoor completely explains why it's impossible to close certain ports on the supported versions. Anyone who is willing to open their eyes can see how Windows has increasingly become spyware disguised as an OS with each new version. Now it's crossed the line of being malware, a remote access trojan. Users have 2 choices if they want to avoid this.
    1, Switch to open source operating systems, and learn what you use well enough to recognize the characteristics of trojan.
    behavior.

    2, Don't upgrade. Stay with a version that can be controlled and stripped well enough to disable any backdoor that might exist. Learn it well enough to know what it should and shouldn't be doing.

    I am so glad that I kept 98. At least an adversary will have to fight their way in instead of using a backdoor.
     
  8. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I'm another one of those ~Removed~ that thinks the same. But I'd rather call them greedy than evil, though some would argue that there is little difference between the two of them; and also they are "selling" us out, rather than "getting us".

    I'd rather live in a world where neither corps nor governments have absolute powers.

    Back on topic. A quote from the article:
    This is the real problem here, and it's not only Microsoft's fault, because there is a complicity between them and hardware manufacturers. There is little difference between giving up (partial) control of your computer(s) in the name of security, and the same flawed way of thinking in the "real world".
     
    Last edited: Aug 23, 2013
  9. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    If by hardware manufacturers you're referring to those who build PCs, they have little choice but to do what MS tells them to. They won't survive selling PCs for Linux and BSD.
    Users have been giving up more control of their computers every time a new version of Windows comes out. In the real world, anything not controlled by government/big money is deemed a threat. If I started making a list of blatant examples of complicity between government, the laws, and big business, it would be a book and would extend far beyond computing, internet, and similar items. Here, the discussion is usually limited to those specifics affecting computing, communications, etc. Unfortunately, this limitation on discussion helps to conceal the real scope of these collaberations.

    The phrases "in the name of security" and "trusted computing" are the real problem. It's never been about the security of PCs, computing, users, the nation in general, or even the planet. The only security they're concerned with is their power, wealth, and control. Anything they don't control is regarded as a threat, be it individuals, a technology, or a nation.

    This "backdoor" very much explains the apparent desperation shown in the push to get people to "upgrade" to Win 8, zero day forever, zombie viruses, hacker heaven, etc. They're clearly desperate to get people using versions of operating systems that they can monitor and control. I'd be very interested to see what would happen if most people ignored these scare tactics and stayed with the PC they have. I'd almost bet they'd try to make this a national security issue in order to force it.
     
  10. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    Maybe I'm a bit ignorant on all this stuff, but what does a "backdoor" in your OS give anyone that your ISP can't? If all internet traffic (or most) is being monitored at the ISP level or higher, what difference does any OS "backdoor" make?
     
  11. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    A backboor can have its "advantages" over simple traffic sniffing. For instance, full access to your passwords and passphrases, so encryption is no longer an issue for the organization/attacker that installs the backdoor. Also, a list of all programs that you are running, connected or not to the internet. A backdoor can have a lot of uses, the imagination is the limit :)

    That being said, in the case of Trusted Computing it's more of a matter of control over your computer (as the article said) than a real backdoor. I can't deny the usefulness of Trusted Computing as a security solution, but as long as it takes some control over my computer, I'd rather skip that added security.
     
  12. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    689
    Hi, I'm new here, but I've been looking in on Wilders for some time. Im not new to security and privacy but I have a LOT to learn...and dare I say, keep up with o_O

    noone_particular - thankyou for these most perceptive posts above, which rate amongst the best Ive seen here so far. In particular...

    EXCELLENT DEDUCTION! especially where Ive bolded your text. If that "book" were a blog I would make for interesting reading Im sure.

    ...and thats because they are:
    a/ PC phrases
    b/ Smokescreens and strawmen which are an integral part of that which goes into the making up of a conditioning process.
    c/ At best only tell a minimal story. :(

    Im on XP and refuse to update it since the WGA (windoze genuine disadvantage tool) idiocy. Was this the 1st blatant case of M$ phoning home? Is XP still able to be locked down where Microshaft doesn't cause it to phone home? Im also using Kerio 2.1.5 but confess that even though it works for me ( as far as I know), I do need to understand it properly. I like that I have it set to Ask me first on everything. ALso that it is PW'd.
     
  13. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Your ISP can't access every file on your system. A backdoor with administrative privelege can add and remove software. It can utilize any external devices attached to your system, including microphones and webcams. It can capture any and all passwords.
    If you don't include Windows Update, calling home at least once became unavoidable with XP and online activation. Automatically checking for updates can be completely disabled on XP. Not sure about Vista and newer. Pre-XP systems didn't require internet access to activate them and could be used indefinitely without ever accessing the internet. XP can be locked down at least through SP2. XPLite goes a long way towards reducing it's attack surface and removing components/services that open many of the ports. Many of those services can also be disabled. Black Viper has a nice guide for that. XPLite can also remove Internet Explorer, which IMO is the most exploitable piece of software ever made. It's also the most commonly used vector for calling home.

    Before you start disabling or removing components, make a full image of your system.
     
  14. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    Yes, you can totally disable automatic updating on Vista and 7 also...
     
  15. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    689
    XP hasnt checked for updates in years as Ive set it not to, although, occasionally for some strange reason Windows Firewall activates itself.
     
  16. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Not in the UK anyway :) You could phone a MS number the activation tab gave you, & an auto voice promted for the serial # etc, then it gave you the Key # to enter. I've reinstalled XP about 3 or 4 times this way. No personnal info is requested. If you use a payphone or prepay you stay anon ;)

    Yes :thumb:

    I think so.

    Yes :thumb:

    Yes :)

    He has, & i've always used it :thumb:
     
  17. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    I haven't found a way to do this on Win 7 without the use of an outbound control firewall.
     
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    It seems that TLAs were caught off-guard by the rapid and chaotic growth of the PC industry. The ability of owners to control their own devices is apparently anathema to them. Maybe it's like BOFH -http://www.faqs.org/docs/jargon/B/BOFH.html ;) It's apparently a mistake that they've been trying to fix ever since.
     
  19. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    What do you mean? You can just set it to check for updates "never", right? or am I wrong on this??
     
  20. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    The TLAs weren't the only ones. Microsoft made the same mistake. They've been doing their best to make it harder to control their operating systems since the 9X days. Users who started out on NT systems don't realize just how much control and power DOS gave to a user, but big money sure did. DOS interfered with implementing DRM. It gave users full access to files that were locked under Windows. From DOS, any malware was removable.

    With Win ME, they tried to take away the ability to boot to DOS. With NT systems, they removed DOS altogether and changed the file system to one DOS couldn't read, a file system that could hide data, executables, and even malware from the user in alternate data streams. From there forward, users have steadily lost the ability to control the operating system. Whenever others released apps that gave the user back some of that control, MS responding by blocking the methods they used, global hooks used by classic HIPS being one of the more blatant examples.

    Since Windows (at least thru XP) doesn't appear to have a kill switch, Microsoft can't force users to upgrade. I'd be willing to bet that this will change on the newer operating systems. When you get right down to an operating systems ability to perform the tasks a user needs and rule out limitations due to hardware, the newer systems don't do much more than the older ones. If the older systems were upgraded to fully utilize newer hardware, there'd be very little if any difference in abilities.
     
  21. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    You're right about that setting, but svchost still, if memory serves and I'll have to reconfirm, calls home routinely to MS servers.
     
  22. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    Yeah, ok, that I don't doubt at all. If you're trying to stop all MS calling home behavior in 7 or 8, that could be a challenge... :)
     
  23. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    Agreed. I can confirm that today, almost a full hour after manually applying an MS patch via Windows update Control panel, svchost attempted several connections to MS remote ip addresses, port 80. It's as though there is "residual" action for a while after running updates. I did not, however, see any of these type attempts since checking the firewall logs from yesterday until I ran the update check a few hours ago that later triggered further svchost connection attempts.

    EDIT Sept. 01

    Again after logging into the desktop, several connections:

    Code:
    2013-09-01 08:26:52	accept	Microsoft Update Servers	TCP/IP	outbound connect	C:\Windows\System32\svchost.exe	192.168.1.68	64.208.186.123	49158	80	PID: 380; Connection: 43	
    
    these were followed by several "consent.exe" connections to Verisign IP addresses.
     
    Last edited: Sep 1, 2013
Loading...
Thread Status:
Not open for further replies.