decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books

Gear

Groklaw Gear

Click here to send an email to the editor of this weblog.


You won't find me on Facebook


Donate

Donate Paypal


No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.


What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments


Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
The only real solution | 474 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
The only real solution
Authored by: jpvlsmv on Monday, July 02 2012 @ 03:06 PM EDT
I think this secure boot thingy is about IT department setting up associate's computers for high security. I don't think home users will see any benefits...
Home users will be somewhat protected against what are referred to as "Boot Sector Malware". Depending on how deeply the code signing is taken into the OS, it might even protect against some of the current rootkit malware that's in the wild today. Much of this protection is already present in various BIOS flavors, under the name of "MBR protection" or "OS Install Mode"

But it will not take long for the malware writers to adapt to this, just like they've adapted to the current protections. Perhaps they'll just add a "You have to add this certificate to your UEFI trusted store before you can see this hillarious cat video" clickbox to their malware, and *poof* there goes the protection.

Very few IT shops have enough clout over the individual (associate's) computers to enforce application whitelisting (which is basically what this is at the boot layer), and even if they did, supporting only a single signature in the UEFI software makes it completely useless for this purpose. An IT department wouldn't be able to sign "approved" OSs, they would have to trust all MS products. And MS-signature isn't necessarily proof of goodness-- look at the Flame/SkyWiper malware that used a (forged) Microsoft certificate.

--Joe

[ Reply to This | Parent | # ]

Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )