This is why Windows 11 Will fail miserably with Security!

Photo by TheDigitalWay on Pixabay

Microsoft’s bad Idea

“Microsoft claims that their telemetry shows that they have seen up to a 60% reduction in malware when TPM-enabled features like Windows Hello and BitLocker encryption are used on supported devices — it’s unclear why that would be at all true, unless it’s correlation and not causation”   Steve Gibson (Security Now #825 Podcast)

I dare say it’s a terrible idea.  I have been doing some major research into secure boot and TPM and everything I’m seeing is a little bit worrying to say the least.  Even listening to others talk about what Windows 11 can do or can’t do seems quite obvious.   Afterall, I’ve even had my son get information on how to get around the security requirements for Windows 11 and install Windows a boot logged copy of it onto a USB just to play around with it.   I am quite concerned with this also because it seems Microsoft trying to force users onto a proprietary system.  Microsoft is only doing the complete opposite of what they claim.

Scrutinizing the Boot Process

The goal of a hardware root of trust is to verify that the software installed in every component of the hardware is the software that was intended.  — Jessie Frazelle

The problem with trust is that we should never trust anything and always question it.   How can a system trust that the software wasn’t installed as intended?   These are the basic problems with the premise of a TPM and even the Secure Boot process.

The goal of attestation is to prove to a third party that your operating system and application software are intact and trustworthy. — Jessie Frazelle

The problem with this is even more obvious to the security of a system.   Attestation can’t always witness or even prove a program doesn’t have the right to be run or used in boot up.   Unless Attestations can be programmed to boot Windows a certain everytime in hardware, we will always have the virus developers skirting around the boot process.

Some members of the technology industry have raised the concern that the well-documented, modern, high-level language interface provided by UEFI makes it easier to compromise a platform [12]; that the ability to add modules
and applications to the boot process could compromise security.

Richard Wilkins and Brian Richardson

I wouldn’t call some being a small amount of people but a large amount.  I’ve heard time and time again this idea and it seems to be a growing concern with UEFI and how virus writers / developers will overcome UEFI and be able to install viruses / Malware around the the Windows system to be able to do what they have always been able to do.

Security through Obscurity

Microsoft seems to have take this approach as  their next step through the security door and it’s seems quite evident that they’ve not learned their lesson from others.  I say that with the understanding that Apple tried this with their systems and they still have virus writers who can compromise their system.  It’s not like the security community doesn’t want all operating system to be secure, in fact most would want it so badly because we wouldn’t have to worry as much about the viruses or malware to being on peoples systems.   Let’s not forget we still have users who will do dumb things and that much will always be true.   There is always going to be need to teach the company users, how to be secure while using the company’s computer(s) or laptop(s).

Return-Oriented Programming

Return-Oriented Programming is a security exploit technique used by attackers to execute code on their target system. By obtaining control of the call stack, the attacker can control the flow of existing trusted software running on the computer and manipulate it to their own ends. — Secureteam UK

The ROP(return-oriented programming) has been a constant problem for several years now and will probably grow even more.   I say that not lightly because the Virus writers / Developers will have to start to use it more and more often and even find other exploits techniques to get around the Secure boot and UEFI protocols.  This is often called the Blindside attack and is most often used with IOT(Internet of Things) devices but can be used with Windows operating systems and will become more and more useful to them in the future, I suspect.

Not unlike the previous tutorial we will be crafting [ROP] the parameters to Windows API calls on the stack and then executing them.  — FuzzySecurity

As you can see, there is already programming that people can do with Windows 7 API and that’s been out for quite a while.  I am unsure when someone did this little experient and talked about the vulnerability.  This vulnerability is available on Windows 7.   It could very well be used on Windows 10 or even Windows 11, I suspect.

Mitigation

I will say there has been talk about mitigating this and other attacks but it requires a constant updating of the operating system and CPU (Secureteam UK).   As you know CPU manufacturers will take years to update a problem just because people will not want to go buy a new cpu or even a new computer until the old computer isn’t able to run or something actually breaks in the system.   I know Virus writers / developers will always be having to be a head of Windows updates and that might be what they are already doing.   Looking for vulnerabilities in the UEFI and Secure boot area.  I suspect they are already doing that now.   I can’t say if they’ll succeed but I know the virus writers make so much money on ransomware and getting those companies systems compromised.   So who really wins?  I would hazard a guess no one in the end, the security that Microsoft is trying to force will still fail miserably and I will be there saying “I told you so!

 

 

What is a TPM and why do you need to know you have one?

Photo by TheDigitalArtist on Pixabay

Trusted Platform Module

Everything about TPM screams security and ominous, some would call it.   I am sure everyone is thinking about this and wondering, why Microsoft is doing this.   We’ve heard them say it is  a requirement and thus far it seems to be a sure as gold that it will be a necessity to be able to upgrade to Windows 11.   So what is a TPM.  According to Wikipedia,

“[TPM] is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys

In other words, it basically is a hard encryptions and not a software encryption in your system.   If you have bitlocker without TPM, than your system has to decrypt and encrypt files on the fly and slow your system down.   If you had a TPM onboard it would be much faster and much safer because there would be no way a Man in the Middle attack could work, not saying it will never happen but I think it is far less likely.

Windows 11 Requirement

If you haven’t figure out if you have it on your motherboard.   There are several websites where they talk about how to find out if you already have a TPM on your Motherboard.  The real problem is if you haven’t no TPM and would like to be able to install Windows 11 on your computer.   There are several options you can do.   I’ll list them for you:

  • Install a Motherboard that has TPM
  • Check to see if you can Enable TPM on your current Motherboard
  • Install a TPM chip to be able to use Windows 11. Check out my Affiliate link if you need one!
  • Keep Windows 10 until the end of life which will be Year October 2025.

Scalpers a plenty

Scalping has seen an increase all over the net.   When Microsoft, released the information needed to upgrade to Windows 11.  It seemed to bring out the people who will charge even more than what you should be paying for it.   Obviously they did the same thing with Graphics Unit Processors in the past, they seemed to do the same thing with TPM Chips to install on Motherboards and other such systems.   I’m seeing more places that it cost more than you’d paid normally for a chip.   So that is  problem now with people wanting to get ready for Windows 11, there seems to be more people trying to make a buck out of this.  In the end, they will get out of trying to make a buck because the demand will drop and we won’t have to worry about this anymore.

 

Is Windows 10 being put on the chopping block?

Windows II Logo

Microsoft readies launch

It’s like trying to stuff a van into a mini cooper and then selling it for more than it’s worth.   If you haven’t been paying attention lately, Microsoft decided to create Windows 11 and that got leaked all over the internet.   I’ve not had a chance to sit down and play with it but I am impressed with the screenshots of the UI and even hearing some of the other things.   I am sure Microsoft will always try to stuff everything they can into Windows 11 and then some.   The event is actually June 24th, 2020 at 11am and you can watch like everyone else and hear all about it.  So what does that mean for people who want to upgrade and It looks like it will be an upgrade feature for people who have Windows 11 but that might change.

Design of Windows 11

If all the screenshots I’ve seen online are correct and I don’t know just yet, I have request to be put back into the beta program from Windows upgrades.  I will tell you what I think when they finally release it.   I am quite curious as to how well it reacts to upgrade if that’s going to happen or will we have to buy it?  I don’t know just yet.   There are several videos of the Windows 11 leak and people showing it off, I am unsure of how reliable these videos are but I figured it would be something to at least look at and see for yourself.

The Next Windows

So I am going to say that it is probably going to be like Windows 12 and so on.   They will probably do this from time to time and if the current product cycle holds it will probably be every 5 to 6 years.   So you can bet it will probably progress from 12 to 13 and so on.   I am sure this will be interesting to see just what they have planned on June 24th and even be able to see it in person when it is finally released.

 

Windows 10 is the baby in the corner

Photo by Lisa Fotios from Pexels

Windows 10 is a child still

Microsoft has been making great strides with Windows 10, but even now they still need to improve. If you haven’t been paying attention lately. Some of the things that people are having issues are like not being able to shutdown due to permissions. That issue seems to be an issue with Adobe and not really a Microsoft issue, you have to update your Adobe Creative Cloud to the newest version to solve this issue.

Microsoft’s Update Bugs

The update KB4532693 has been making headway after this late update because it is reporting that users are seeing their desktop and files are missing but that isn’t really true.   It seems this update was causing problems with removing the temporary user.   If you are having issues like not finding your files or desktop.   You should try to remove KB4532693 update and restart.   If you do that you could very well see everything back to normal.  Follow bleeping computers website and how to restore your data if this is has happened to you.

The other update in February seems to be KB4524244 which is also causing issues such as Freezes, boot problems, and installation issues.   Microsoft has removed this update.  It is an issue with UEFI and third party hardware.  This update also breaks the push button reset or Reset this PC in which you will get an error “There is a problem resetting your PC”.  To be able to reset your PC you will need to remove KB4524244 update and restart your PC.  You can go to Bleeping Computers and follow their instructions on how to solve this but it is a simple fix!

Windows 10 needs to grow some more

This is why I have issues using Windows 10.   I always encourage people to use Linux because I haven’t had any issues like I have seen with Microsoft.   I am hopeful that Microsoft fixes some of these issues and begins growing Windows 10 into an adult operating system.   If you would like to try Linux, I suggest trying these free Operating systems and finding one that is a good fit for you!  What do you think about Windows 10?  Do you use Linux?  Why not leave a comment and tell me what you like to use.

Installing a Windows 10 in VirtualBox on Linux!

Windows 10 in Virtualbox (LinuxMint)

Windows 10

Sometimes I hate to admit this but I need Windows 10 to do stuff with. Like making a multiple bootable USB key or Something like that! If you are like me and need it for a certain app that isn’t available on Linux. This solution seems to work well. It also doesn’t hurt that Microsoft is giving away Free Windows 10 to people. I didn’t have to do anything but put my email address in the system and it activated without a problem. It could just be that I have been in the beta for Windows 10 and it is associated with my account. Either way its a win for me. I decided to install Windows 10 because Windows 7 end of life was January.   I’ve never really liked Windows operating system so I tend to use it from time to time.  You could possible make it a dual boot also where Windows 10 and Linux Mint boot separately.   If that’s an option for you than it will be a whole lot faster.

Install VirtualBox on Linux

The first part of this post is how do you install Virtual Box on your Linux Mint Machine.  This might seem hard to understand but once you do it a few times you will understand it.

sudo add-apt-repository “deb [arch=amd64] https://download.virtualbox.org/virtualbox/debian <mydist> contrib”

Now to install the right version of Virtual box you will need to know your distro of your Linux Mint. You can easily find that out by doing the “lsb_release -cs” command and it should say Tricia, Tina, Tessa, Tara, Sylvia, Sonya, or Serena”.   You’ll put that instead of the <mydist>  So like mine it would be:

sudo add-apt-repository “deb [arch=amd64] https://download.virtualbox.org/virtualbox/debian tricia contrib”

It would also be a good idea to know if you have a 32 bit or 64 bit system Linux System.   You can find that out either through command line or desktop.   The command line is “arch“.  You might have to change the arch line to 32 but more than likely you are running a 64 bit system.

Now you need to Add the Keys to the repository and that command is easy.

wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add –
wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add –

The last step is to install Virtual Box on your Linux Mint system.

sudo apt-get update
sudo apt-get install virtualbox-6.1

A Good tip for those who might want to install an older version is to hit the tab button after you type the app you are wanting to install it will show you all available versions that you can install.

Installing Windows 10

You’ll need an ISO of windows 10.   I got mine from Microsoft directly.   You can download the ISO from them directly and get the latest version.  Once you have the ISO, you’ll want to run Virtualbox and set it up.   There are many Tutorials that will show you how to do that.   This one was just install Virtualbox on Linux MInt.