ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Windows 10 Build 14342

    Scheduled Pinned Locked Moved News
    windows 10microsoft
    39 Posts 12 Posters 11.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Deleted74295D
      Deleted74295 Banned @Dashrender
      last edited by

      @Dashrender said

      Well, they just did that to Windows 7 so I heard

      My point exactly, they've changed direction.

      DashrenderD 1 Reply Last reply Reply Quote 0
      • DashrenderD
        Dashrender @Deleted74295
        last edited by

        @Breffni-Potter said in Windows 10 Build 14342:

        @Dashrender said

        Well, they just did that to Windows 7 so I heard

        My point exactly, they've changed direction.

        Agreed - MS, at least with the Secure Boot, is changing direction. I use so little of the built in option, I can't recall if they have removed things in the past or not.

        1 Reply Last reply Reply Quote 0
        • nadnerBN
          nadnerB
          last edited by

          @Dashrender that patch only effected some Asus boards. It's due to how Asus implemented secure boot... which was outside their arrangement with Microsoft... According to a press release/the register's interpretation of it.

          If I can find a link when I get into the office, I'll post it.

          1 Reply Last reply Reply Quote 1
          • nadnerBN
            nadnerB
            last edited by

            Righto, here it is: http://www.theregister.co.uk/2016/05/06/microsoft_update_asus_windows_7/
            🙂

            DashrenderD 1 Reply Last reply Reply Quote 0
            • bbigfordB
              bbigford @scottalanmiller
              last edited by

              @scottalanmiller said in Windows 10 Build 14342:

              Sadly it wasn't because "it was the right thing to do" but only because it cost too much to make a feature everyone was ignoring.

              Definitely. The right thing to do, was to never put it in the build in the first place.

              1 Reply Last reply Reply Quote 0
              • DashrenderD
                Dashrender @nadnerB
                last edited by

                @nadnerB said in Windows 10 Build 14342:

                Righto, here it is: http://www.theregister.co.uk/2016/05/06/microsoft_update_asus_windows_7/
                🙂

                Well, this article doesn't really go far enough to say who made the mistake here. Did Asus, by creating their own special personal version of Secure Boot-Like environment that supported Windows 7? So this is really Asus's fault? But MS changed the way some part of Bit locker reporting - so is MS to blame?

                travisdh1T 1 Reply Last reply Reply Quote 0
                • travisdh1T
                  travisdh1 @Dashrender
                  last edited by

                  @Dashrender said in Windows 10 Build 14342:

                  @nadnerB said in Windows 10 Build 14342:

                  Righto, here it is: http://www.theregister.co.uk/2016/05/06/microsoft_update_asus_windows_7/
                  🙂

                  Well, this article doesn't really go far enough to say who made the mistake here. Did Asus, by creating their own special personal version of Secure Boot-Like environment that supported Windows 7? So this is really Asus's fault? But MS changed the way some part of Bit locker reporting - so is MS to blame?

                  Welcome to unsecure boot. Just hearing the devs talk about that cluster made me wonder what was going on with it. It's larger and more complicated than an entire OS, all available right in our BIOS code. Nothing bad could happen with that, right?

                  1 Reply Last reply Reply Quote 0
                  • DashrenderD
                    Dashrender
                    last edited by

                    Actually I really like the idea of Secure Boot - kill off Root kits.

                    travisdh1T bbigfordB 2 Replies Last reply Reply Quote 0
                    • travisdh1T
                      travisdh1 @Dashrender
                      last edited by

                      @Dashrender said in Windows 10 Build 14342:

                      Actually I really like the idea of Secure Boot - kill off Root kits.

                      Yeah, the idea is great. Looking at the actual implementation made me go, wtf?

                      DashrenderD 1 Reply Last reply Reply Quote 0
                      • DashrenderD
                        Dashrender @travisdh1
                        last edited by

                        @travisdh1 said in Windows 10 Build 14342:

                        @Dashrender said in Windows 10 Build 14342:

                        Actually I really like the idea of Secure Boot - kill off Root kits.

                        Yeah, the idea is great. Looking at the actual implementation made me go, wtf?

                        I guess I'm not sure why you say that?

                        travisdh1T 1 Reply Last reply Reply Quote 0
                        • travisdh1T
                          travisdh1 @Dashrender
                          last edited by

                          @Dashrender said in Windows 10 Build 14342:

                          @travisdh1 said in Windows 10 Build 14342:

                          @Dashrender said in Windows 10 Build 14342:

                          Actually I really like the idea of Secure Boot - kill off Root kits.

                          Yeah, the idea is great. Looking at the actual implementation made me go, wtf?

                          I guess I'm not sure why you say that?

                          Just talk to someone that's dealt with the code some time. The stated goal was more secure systems. What they actually did was create a complex beast that only Microsoft could (theoretically) actually comply with the thing. At least that's what I got from the talk the devs from RedHat gave about secureboot. Turns out not even Microsoft can get it right. Wish I could say I'm surprised.

                          1 Reply Last reply Reply Quote 1
                          • DashrenderD
                            Dashrender
                            last edited by Dashrender

                            Huh - granted I've barely brushed against it.

                            It's my understanding that you have to put the public certificate into the UEFI so that it will recognize the OS as secure, but beyond that I haven't heard of any issues.

                            Of course MS has provided the Certificate to all the manufactures, so it's included in all PCs made today - Is RH and everyone else doing the same? I'm guessing not, so of course this means more work on the side of the device owner to install the cert into UEFI first before installing a Linux variant and using Secure Boot.

                            But I suppose there could be more issues than just that involved here that I just haven't heard of.

                            1 Reply Last reply Reply Quote 0
                            • bbigfordB
                              bbigford @Dashrender
                              last edited by

                              @Dashrender said in Windows 10 Build 14342:

                              Actually I really like the idea of Secure Boot - kill off Root kits.

                              I have always had to disable Secure Boot to be able to boot from USB. Thoughts?

                              DashrenderD 1 Reply Last reply Reply Quote 1
                              • DashrenderD
                                Dashrender @bbigford
                                last edited by

                                @BBigford said in Windows 10 Build 14342:

                                @Dashrender said in Windows 10 Build 14342:

                                Actually I really like the idea of Secure Boot - kill off Root kits.

                                I have always had to disable Secure Boot to be able to boot from USB. Thoughts?

                                What OS is on the USB? I'm not surprised by this at all - in fact I expect it. Why? For starters, probably the OS isn't signed, and even if it is, the public cert isn't in the UEFI.

                                These are easy things to fix, and in a corporate setup I would highly suggest looking at possible solutions for this, but that might really not be needed, if you - IT - need to boot from USB that's not signed, that's fine because you know the UEFI password, you log into it, disable Secure Boot, do your job, re-enable it, done.

                                bbigfordB 1 Reply Last reply Reply Quote 0
                                • bbigfordB
                                  bbigford @Dashrender
                                  last edited by

                                  @Dashrender said in Windows 10 Build 14342:

                                  @BBigford said in Windows 10 Build 14342:

                                  @Dashrender said in Windows 10 Build 14342:

                                  Actually I really like the idea of Secure Boot - kill off Root kits.

                                  I have always had to disable Secure Boot to be able to boot from USB. Thoughts?

                                  What OS is on the USB? I'm not surprised by this at all - in fact I expect it. Why? For starters, probably the OS isn't signed, and even if it is, the public cert isn't in the UEFI.

                                  These are easy things to fix, and in a corporate setup I would highly suggest looking at possible solutions for this, but that might really not be needed, if you - IT - need to boot from USB that's not signed, that's fine because you know the UEFI password, you log into it, disable Secure Boot, do your job, re-enable it, done.

                                  I use a variety of boot tools to check hardware (mostly all found on HBCD). Definitely not going to sign them on every incoming PC. I usually just disable SB. 🙂

                                  DashrenderD 1 Reply Last reply Reply Quote 0
                                  • DashrenderD
                                    Dashrender @bbigford
                                    last edited by

                                    @BBigford said in Windows 10 Build 14342:

                                    I use a variety of boot tools to check hardware (mostly all found on HBCD). Definitely not going to sign them on every incoming PC. I usually just disable SB. 🙂

                                    This is a personal choice - how secure do you want your environment to be? Hiren could definitely sign his CDs and make them compliant with Secure Boot, I'm guessing he just doesn't have people requesting it, and doesn't see the value to cost as worthwhile.

                                    travisdh1T 1 Reply Last reply Reply Quote 0
                                    • travisdh1T
                                      travisdh1 @Dashrender
                                      last edited by

                                      @Dashrender said in Windows 10 Build 14342:

                                      @BBigford said in Windows 10 Build 14342:

                                      I use a variety of boot tools to check hardware (mostly all found on HBCD). Definitely not going to sign them on every incoming PC. I usually just disable SB. 🙂

                                      This is a personal choice - how secure do you want your environment to be? Hiren could definitely sign his CDs and make them compliant with Secure Boot, I'm guessing he just doesn't have people requesting it, and doesn't see the value to cost as worthwhile.

                                      Just start here.

                                      Then read about how pointless it really is.

                                      I mean, it can't be that bad, right? You can't need a different signing key for every kernel and kernel module! Try again.

                                      Yeah, with the latest Asus no-more-boot thanks to a windows update bug, not even Microsoft can stay compliant with their own system.

                                      I could go on and on with reference pages.

                                      1 Reply Last reply Reply Quote 1
                                      • 1
                                      • 2
                                      • 2 / 2
                                      • First post
                                        Last post