+ Post New Thread
Page 3 of 4 FirstFirst 1234 LastLast
Results 31 to 45 of 53
General Chat Thread, [News] UEFI and Secure Boot - The Linux users are not happy! in General; ...
  1. #31


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    8,872
    Thank Post
    226
    Thanked 2,666 Times in 1,965 Posts
    Rep Power
    785
    Quote Originally Posted by SYNACK View Post
    HP ElitePad which is their businessy one has not only no ethernet port but no keyboard, no HDMI and not even a USB port.
    Why include all of those legacy ports on the actual tablet? They only make it thicker, heavier, uglier and unnecessarily expensive. It's far better for manufacturers to milk customers dry by selling hundreds of additional overpriced proprietary accessories (just like car manufacturers do with their options).

    I reckon HP are banking on the fact that a lot of enterprise customers will probably want most of the accessories. Once they have bought the tablet for £442, they can spend another £200-£300 on accessories.



    If you want Ethernet, you can buy an Ethernet dongle for £20.83 or the ElitePad Docking Station (Ethernet, HDMI, VGA and USB) for just £78.33 (ex. VAT). Or better still, both!
    Last edited by Arthur; 30th March 2013 at 10:03 AM.

  2. #32

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,143
    Thank Post
    863
    Thanked 2,695 Times in 2,285 Posts
    Blog Entries
    9
    Rep Power
    772
    Quote Originally Posted by Arthur View Post
    Why include all of those legacy ports on the actual tablet? They only make it thicker, heavier, uglier and unnecessarily expensive. It's far better for manufacturers to milk customers dry by selling hundreds of additional overpriced proprietary accessories (just like car manufacturers do with their options).

    I reckon HP are banking on the fact that a lot of enterprise customers will probably want most of the accessories. Once they have bought the tablet for £442, they can spend another £200-£300 on accessories.



    If you want Ethernet, you can buy an Ethernet dongle for £20.83 or the ElitePad Docking Station (Ethernet, HDMI, VGA and USB) for just £78.33 (ex. VAT). Or better still, both!
    Shakes fist, iPaditis, dirty manufacturers bleeding everyone dry with their latest useless tat. If nothing else I want something like the x2 with a stylus, 3g and gps. I can buy a cheap usb ethernet adapter if I have to but they have dropped so much connectivity they have made it useless for IT diagnostics. Chained to WiFi and their silly ipadesk expencive adapter for everything. Can't the EU actually apply some of their nany stating to Apple for a change, how is it that they have got away with nonstandard chargers, changing docks and custom dongles. How much ewaste is that, why must everyone but Apple follow the rules. Oh well hopefully with the above it the EU will take a swing at hp and the hipocricy will poil over and splash on Apple.
    Last edited by SYNACK; 30th March 2013 at 10:35 AM.

  3. #33


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    8,872
    Thank Post
    226
    Thanked 2,666 Times in 1,965 Posts
    Rep Power
    785
    Quote Originally Posted by SYNACK View Post
    they have dropped so much connectivity they have made it useless for IT diagnostics.
    At the very least, Windows 8 tablets should include a Thunderbolt port so you don't have to buy non-standard adapters or docks from the manufacturer. Surely this would be a big selling point for enterprises since the docks wouldn't be rendered useless after 2-3 years?

    Quote Originally Posted by SYNACK View Post
    how is it that they have got away with non-standard chargers, charging docks and custom dongles.
    Because the EU allowed it.

    The European Standardisation Bodies CEN, CENELEC and ETSI (independent of the OMTP/GSMA proposal) defined a common External Power Supply (EPS) for use with smartphones sold in the EU based on micro-USB. 14 of the world's largest mobile phone manufacturers signed the EU's common EPS Memorandum of Understanding (MoU). Apple Inc., one of the original MoU signers, make micro-USB adapters available - as permitted in the Common EPS MoU - for its iPhones equipped with Apple's proprietary 30 pin dock connector or (later) "Lightning" connector. (Source)
    Apple's Lightning connector does seem better designed than micro-USB, so it's easy to see why they didn't go with that.


  4. #34

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,143
    Thank Post
    863
    Thanked 2,695 Times in 2,285 Posts
    Blog Entries
    9
    Rep Power
    772
    Quote Originally Posted by Arthur View Post
    At the very least, Windows 8 tablets should include a Thunderbolt port so you don't have to buy non-standard adapters or docks from the manufacturer.
    Apple's Lightning connector does seem better designed than micro-USB, so it's easy to see why they didn't go with that.

    Agreed, good luck with it now that Apple is involved though, even though Intel designed the tech though Apple may have designed that specific - no doubt patented - connector.

    To be fair it would not be hard to be a better connector than micro USB which is flimbsy and forceable in the wrong way - have seen teachers do it more than once.

    Thunderbolt would be great especially for the future when stuff was avalible, I think they still need USB though just to keep options open currently for all the hardware that is avalible for it. Internal memory card is also great to give it a little more memory. I still think that there should be more with built in 3g and gps.
    Last edited by SYNACK; 30th March 2013 at 11:48 AM.

  5. #35


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    8,872
    Thank Post
    226
    Thanked 2,666 Times in 1,965 Posts
    Rep Power
    785
    Quote Originally Posted by Michael View Post
    Just think from a customer point of view
    In a school or business environment, I am sure most techies would appreciate the time saved from not having to deal with the rootkits listed below?

    • Kernel mode drivers hiding themselves, like TDL1, TDL2/TDSS, MaxSS, Srizbi, Necurs, Cutwail, etc.
    • Kernel mode driver patchers/infectors, embedding malicious code into core files of an Operating System, such as TDL3, ZeroAccess, Rloader, etc.
    • Master Boot Record infectors such as TDL4, Mebroot/Sinowal, MoastBoot, Yurn, Pihar, etc.
    • Volume Boot Record/OS Bootstrap infectors like Cidox.
    • Disk Partition table infectors like SST/Alureon.
    • User mode patchers/infectors like ZeroAccess.
    Isn't one of the reasons people switch from Windows PCs to Mac's because they are fed up dealing with viruses and malware? From a customers point of view, Secure Boot is a good thing. All they have to worry about now is keeping their browser and various plug-ins up-to-date.

  6. #36
    markwilfan's Avatar
    Join Date
    Feb 2009
    Posts
    165
    Thank Post
    34
    Thanked 20 Times in 16 Posts
    Rep Power
    15
    Correct me if I'm wrong but there isn't much malware or virus's can do if the user has a limited account so long as your updates are rolled out effectively.

  7. #37

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,143
    Thank Post
    863
    Thanked 2,695 Times in 2,285 Posts
    Blog Entries
    9
    Rep Power
    772
    Quote Originally Posted by markwilfan View Post
    Correct me if I'm wrong but there isn't much malware or virus's can do if the user has a limited account so long as your updates are rolled out effectively.
    How many consumers run as limited users though and actually understand the importance of updates. There have been more rootkits etc. floating about simply because the security has got better. Despite all updates I have had to clean up a few rootkits of peoples machines. This is needed, if not now then defiantly in future as they become more prevalent. Malware is still an issue and it is getting more advanced all the time, there are also a stack of attack vectors that have been found and not used (as far as we know) yet. Hell Mac keyboards in laptops supported unsigned keyboard firmware updates while the system was running. Any additional measures are a good thing as I don't want to be pulling a laptop to its constituent parts to individually and safely reflash every little bit of firmware in it to expunge a hardware rootkit. Secureboot won't stop this but will stop one more vector.

  8. #38
    markwilfan's Avatar
    Join Date
    Feb 2009
    Posts
    165
    Thank Post
    34
    Thanked 20 Times in 16 Posts
    Rep Power
    15
    Quote Originally Posted by Arthur View Post
    In a school or business environment, I am sure most techies would appreciate the time saved from not having to deal with the rootkits listed below?
    Sorry synack. Should have made myself clearer, my reply was in response to Arthur's statement above.

    I agree with secure boot in principle but who are ms to dictate what I do with the hardware I buy! That's my beef. And again if you could reliably turn it off on ALL uefi devices then fine, but as previously posted I know of 1 device you can't. How many more to follow?

  9. #39
    markwilfan's Avatar
    Join Date
    Feb 2009
    Posts
    165
    Thank Post
    34
    Thanked 20 Times in 16 Posts
    Rep Power
    15
    In addition to this in my current post of 5 1/2 years I haven't seen a single root kit on our hardware

  10. #40

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,460
    Thank Post
    646
    Thanked 1,614 Times in 1,444 Posts
    Rep Power
    419
    Quote Originally Posted by markwilfan View Post
    Correct me if I'm wrong but there isn't much malware or virus's can do if the user has a limited account so long as your updates are rolled out effectively.
    There are always attacks that can elevate privelleges so running as a limited user is not 100% protection.

    Ben

  11. #41


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    8,872
    Thank Post
    226
    Thanked 2,666 Times in 1,965 Posts
    Rep Power
    785
    Quote Originally Posted by markwilfan View Post
    Correct me if I'm wrong but there isn't much malware or virus's can do if the user has a limited account so long as your updates are rolled out effectively.
    If there's a privilege escalation vulnerability in your browser or its plug-in's, limited user accounts won't be of much use since the malware or trojan will be running as the SYSTEM user and can do anything they want (as @plexer mentioned above).

    Keeping on top of updates won't help you...

    In 2012, 80% of vulnerabilities had a patch available on the day they were disclosed. This means that it is possible to remediate the majority of vulnerabilities, and that organizations and private users alike have a solution available for the root cause of security issues: vulnerabilities in software.

    The fact that 20% of vulnerabilities are without patches for longer than the first day of disclosure, however, means that patch management is not sufficient protection – vulnerability intelligence and alternative remediation measures are required, if organizations wish to keep their IT infrastructure watertight.

    It is unlikely that many more than 80% of vulnerabilities will have a patch available in the future, and it is realistic to assume that 20% is a representative proportion of software products that are not patched quickly – for example as a result of the lack of vendor resources, uncoordinated releases, zero-days or vulnerabilities in End-of-Life products.

    Increased cooperation between vendors and researchers
    That 80% of vulnerabilities have a patch available on the day of disclosure is an improvement to the previous year, 2011, in which 72% had a patch available on the day of disclosure.

    The most likely explanation for this improvement in Time-to-Patch is that more researchers coordinate their vulnerability reports with vendors, which mean that patches are available immediately. (Source)
    Browser security took a drubbing during the first day of an annual hacker contest, with the latest versions of Microsoft's Internet Explorer, Google's Chrome, and Mozilla's Firefox all succumbing to exploits that allowed attackers to hijack the underlying computer.

    The Pwn2Own contest, which is sponsored by HP's Tipping Point division, paid $100,000 for the successful exploitation of IE 10 running on a Surface Pro tablet powered by Windows 8. The attack was impressive because it was able to bypass a variety of anti-exploit technologies Microsoft has added to its flagship operating system and browser over the past decade. To succeed, researchers from France-based Vupen Security had to combine multiple attacks, a technique that is growing increasingly common.

    "We've pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass," the firm announced by Twitter on Wednesday.

    Day 1 also saw the full compromise of Chrome 25 on Windows 7, another impressive feat because it also required contestants to bypass security defenses Google developers have invested considerable resources in. The exploit also fetched its creators $100,000.

    "We showed an exploit against previously undiscovered vulnerabilities in Google Chrome running on a modern Windows-based laptop," the winning, two-man team from MWR Labs wrote in a blog post. "By visiting a malicious webpage, it was possible to exploit a vulnerability which allowed us to gain code execution in the context of the sandboxed renderer process. We also used a kernel vulnerability in the underlying operating system in order to gain elevated privileges and to execute arbitrary commands outside of the sandbox with system privileges." (Source).
    Quote Originally Posted by markwilfan View Post
    In addition to this in my current post of 5 1/2 years I haven't seen a single root kit on our hardware
    Like @SYNACK, I have also had to clear several rootkits from school PCs (Mebroot and Alureon come to mind).

  12. #42


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    8,872
    Thank Post
    226
    Thanked 2,666 Times in 1,965 Posts
    Rep Power
    785
    There's actually a higher chance of getting infected with malware by visiting primary school websites than there is from going to a porn or gambling site.

    Malware injected into legitimate JavaScript code on legitimate websites « Naked Security

    As recently mentioned in the Sophos Security Threat Report, 80% of the websites where we detect malicious content are innocent sites that have been hacked.

    A trend that we have observed is that hackers will insert their malicious code into legitimate JavaScript (not to be mixed up with Java!) hosted on the website.

    The JavaScript is automatically loaded by the HTML webpages and inherits the reputation of the main site and the legitimate JavaScript.

    Recently SophosLabs has seen a flurry of detections of Troj/Iframe-JG on legitimate websites, including:

    • Primary School websites in England
    • Small community websites in Italy
    • A nightclub website in London
    • The website of an East African nation's TV company
    • The website of trade association of Financial Advisors in the US
    Last edited by Arthur; 1st April 2013 at 11:15 AM.

  13. #43
    markwilfan's Avatar
    Join Date
    Feb 2009
    Posts
    165
    Thank Post
    34
    Thanked 20 Times in 16 Posts
    Rep Power
    15
    Fair enough, point taken. But why can't I still install a different os onto hardware I have bought, which I believe is the original point

  14. #44

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,143
    Thank Post
    863
    Thanked 2,695 Times in 2,285 Posts
    Blog Entries
    9
    Rep Power
    772
    Quote Originally Posted by markwilfan View Post
    Fair enough, point taken. But why can't I still install a different os onto hardware I have bought, which I believe is the original point
    A very poorly made point originally and generally as it is not wholely correct and not the whole story. Why can't manufacturers make machines that only 'support' running Windows. Apple has no problem with it.

    They make diesel cars that only run diesel, and petrol cars that only run petrol - now I know that in the past you could actually make a petrol engine run on diesel after warming it up with petrol. Now this was in no way supported by the manufacturer, required modification as it was not designed to run that and voided the hell out of any warrenty.

    I know it is not the same at all but if they want to why can't they? Do they need to market them as Windows PCs (which they do already)? Do they need to add a Windows PCs may contain Windows sticker on the side, like the hot coffee may be hot stickers on cups.

    Not saying that I agree with manufacturers blocking out the option to put other things on but why should they have to develop for a system they never intend to support, is there some UN mandated human right to install Linux on everything with a power cord that I am not aware of. Yes you have brought the hardware but with Windows, if you asked the shop if it would run Linux and they said yes, then it did not you can just take it back. Why can't I install Windows on my blackberry or someone's ipad, they are also computers which have much heavier lockouts than this. Again not that I agree, it's just that all this is because it is MS, everyone else has been getting away with it for years now with no action at all.

    EDIT: as below it looks like MS has gone out of their way to make it possible for other systems, by turning it off it just removes that extra layer of security that now exists and that they have chosen not to implement.
    Last edited by SYNACK; 1st April 2013 at 12:47 PM.

  15. #45


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    8,872
    Thank Post
    226
    Thanked 2,666 Times in 1,965 Posts
    Rep Power
    785
    Quote Originally Posted by markwilfan View Post
    why can't I still install a different os onto hardware I have bought
    There are two ways you can install different OSs...

    1. Use a Linux distro that supports Secure Boot e.g. Ubuntu 12.10, Fedora 18 or later
    2. Ensure you buy a Windows 8 certified PC. OEMs are required to provide a method for disabling Secure Boot in the UEFI BIOS.

    Source: Windows 8 Hardware Certification Requirements (p122)



    You can't blame Microsoft if some OEMs choose to sell non-certified Windows 8 PCs and do not allow end-users to disable Secure Boot.

SHARE:
+ Post New Thread
Page 3 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. Replies: 3
    Last Post: 12th January 2011, 12:23 PM
  2. Replies: 39
    Last Post: 28th October 2009, 09:32 PM
  3. moodle - new users are not receiving confirmation email
    By amccanny in forum Virtual Learning Platforms
    Replies: 2
    Last Post: 29th September 2009, 09:42 PM
  4. Replies: 22
    Last Post: 15th May 2006, 10:50 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •