After all, #Windows incudes not just the #_NSAKEY and #GoldenKeyBoot #backdoors but #Microsoft is a #PRISM collaborator and falls under #CloudAct, thus is not more trustworthy than [insert random tech company from "P.R." China here]...
@hon1nbo @foone yeah, but all these things would essentially necessitate a fundamentally incompatible #Fork of the #USB standard, creating #costs, #fragmentation and lessen the likelyhood of success.
I gues a sort-of "Secure HID Port" that mandates proper authentification and does full #E2EE from the Keyboard Matrix / Pointing Device controller up is an option, but you'd have to expect state-sponsored attackers willing to do "Kamikaze" Hacks...
#TLDW: It requires custom silicon and a hard root of trust…
@puppygirlhornypost2 @navi And whilst it's easy to blame #GoldenKeyBoot, a leaked #PrivateKey that was impossible to be removed, the problem is that #Windows is architecturally "insecure-able" because any changes necessary to make this not a problem would inherently mean the end for Windows as it's known to most.
Shure, you get some #Cryptojacking and some #CMS|es like #WordPress that are constantly being attacked but generally, the way #updates and #distribution of #Software works on Linux Distros for the most part is completely antithetical to Windows.
And anything #Microsoft could do at this point if they weren't horny for money but avtually cared is to scrap Windows and instead invest into #Wine to ease the transition...
@JenWithGravy #CensorBoot was already irrevocably fucked when #Microsoft lost the #PrivateKeys for that.
And Microsoft admitted to that #insecurity with the #XboxOne's design in their own words!
https://youtu.be/U7VwtOrwceo&t=663
#TLDW: Don't trust any #blackbox to do what it claims to do!
@bedast My problem is that these people refuse to take the correct consequences and migrate away from garbage:
You just don't install such garbage on #Unix-esque Systems like #Linux!
#CrowdStrike is just yet another #Scareware #Scam.
The entire business model of #AntiVirus and other Scareware shouldn't exist to begin with.
3rd party #BinaryBlobs on a non-#FLOSS'd kernel are just bad!
It should be #Microsoft's sole tesponsibility to just not allow #Rootkits / #Bootkits like that to exist eith their blessing aka. #Signature on.
#Windows & #WindowsServer are unbelieveably #cursed and unmaintainable mess that'll make even #Solaris 7 look clean and sleek.
The diversity of Linux and Unix-esque distros like #BSD's make it basically impossible to bmhave such a giant and direct effect.
The whole issue should've been avoided throug extensive testing because it's certainly so rampant that it would've been picked up by #QA testers.
The fuckedup-ness of #CensorBoot aka. "#SecureBoot" (which is insecure af - see #GoldenKeyBoot!) is the reason why this results in such catastrophic failures, whereas on #Linux one just uses #LUKS and can easily recover files.
Most Windows users & -#sysadmins neglect #Backups of Windows machines because there is no good way to backup them!
3rd party kernel binaryblobs are #malware, regardless if "Anti-Malware" or "#AntiCheat" is the claimed functionality.
If I don't trust #WindowsDefender then I don't trust Windows or rather Microsoft and thus have to cease using it!
@Quinnypig the sheer fact that #Microsoft and #Windows11 ain't banned across the #EU to this day is an indictment to the #TechIlliteracy of politicans in the @EUCommission & @europarl_en despite
and now
And since @GossiTheDog managed to get it running on a system w/o "#AI" acceleration aka. "#NPU" it's safe to assume that it'll be perfectly possible to retroactively shove it down everyones' throats without recourse!
Like: Stop using #Windows and get some help migrating away from it to a good #Linux distro!
Also #Microsoft is criminally incompetent in handling their #CensorBoot #Keys, so #GoldenKeyBoot killed that whole security as unpatchably broken!
https://www.tomshardware.com/news/windows-secure-boot-golden-key,32450.html
https://www.reddit.com/r/netsec/comments/4wybax/writeup_of_secure_boot_bypass_which_i_dub_secure/
https://www.extremetech.com/internet/233400-microsoft-leaks-secure-boot-credentials-demonstrates-why-backdoor-golden-keys-cant-work
https://www.xda-developers.com/microsofts-debug-mode-flaw-and-golden-key-leak-allows-disabling-of-secure-boot/
https://gist.github.com/acepace/df34b5213f1e0fae6529eb703d947187
https://openrt.gitbook.io/open-surfacert/common/boot-sequence/uefi/secure-boot
@glynmoody @thomasjorgensen @quincy Exactly.
It's basically a #Govware #Backdoor mandated into basically everything because in the end everything uses #SSL / #TLS (with fewer and fewer exceptions like @torproject #Tor )...
And since that would be mandatory, it would be trivial to plant false evidence under people.
Not to mention what happens when the certs get solen (see #EthernalBlie and #GoldenKeyBoot)...
Also #Microsoft evidenced their incapability to guard the keys themselves by literally loosing control over them.
See #GoldenKeyBoot...
@enigmatico also yes, you can get #Linux to run on basically anything - and thanks to #goldenKeyBoot #Microsoft failed with #CensorBoot being effective at all...
@stux #YecureBook aka. #CensorBoot was unfixably broken with the #GoldenKeyBoot.
Also "client-sode encryption" one #GMail - like @protonmail - is just a literal lie to customers: NOTHING is being encrypted at all!!!
