←back to thread

The Dangers of Microsoft Pluton

(gabrielsieben.tech)
733 points gjsman-1000 | 2 comments | | HN request time: 0.42s | source
Show context
userbinator ◴[] No.32234457[source]
What is to prevent school WiFi from one day requiring a Pluton assertion that your Windows PC hasn’t been tampered with before you can join the network?

Remote attestation is the true enemy of your freedom. The power of the authoritarian corporatocracy to force you to use only the (entire) systems they control. It's worth reading https://www.gnu.org/philosophy/right-to-read.en.html again just to see how prescient Stallman was.

replies(12): >>32234704 #>>32235241 #>>32236203 #>>32236379 #>>32236408 #>>32237069 #>>32237245 #>>32238451 #>>32239672 #>>32239680 #>>32239999 #>>32240046 #
aplanas ◴[] No.32235241[source]
Windows security models and policies are the enemy, not remote attestation (RA).

RA is a technology that has its fair use, and can be desired for other systems, like in Linux. With a pure RA system your services can decide to trust or not those devices on your network that can be compromised, and report to other devices that there is something suspicious.

As anything, this can be used properly to increase the security of your edge architecture, or wrongly to limit the users actions.

Let me put another example. With RA I should be able to authorize validated systems in my R&D VPN. If you are using your own laptop with the company certificate, and the verifier tag the systems as "unknown" or "unhealthy", it will not allow the access to the internal network, but sure you can still use your laptop for anything else. This, IMHO, is a fair use of this technology.

replies(2): >>32235470 #>>32235515 #
fulafel ◴[] No.32235515[source]
Yes, lots of Linux devices apply it like that today: You can't use your banking app or consume DRM crippled media on your Android phone if you have root or run a open source Android distribution.
replies(1): >>32235557 #
Aeolun ◴[] No.32235557[source]
> if you have root

Because god forbid you have control of your own PC?

replies(6): >>32235581 #>>32235770 #>>32235990 #>>32236047 #>>32236569 #>>32237462 #
1. api ◴[] No.32237462[source]
This is the root of the pro market / mainstream market split.

For the pro market people want control. Pros also generally know a bit more about how to use that control and tend to be less likely to end up getting pwned immediately.

For regular users people just want shit that works. Not having control is a feature, because if you have control then the malware you are tricked into installing from "ɡeτflrêfox.com" also has control.

You can see it in the Apple ecosystem with iOS vs. macOS. Macs and iPads are now almost the same hardware. (The M chips are just A chips on 'roids.) But Macs can run other OSes and you can "sudo root." That's because Macs are for pros.

replies(1): >>32238821 #
2. katbyte ◴[] No.32238821[source]
You can also disable all the system integrity protection stuff on macOS pretty easily if you do want to mess around where apple rather people not.