>on their EOL page it lists places you can donate your old non-working hardware to. Forcing users to do what? Buy new overpriced hardware when what they have is fine?
Devils advocate. Everyone really should be on Secure Boot / Bitlocker / TPM2.0 in the Windows space. Windows 11 is really there as a checkpoint to force people to upgrade to more secure hardware. If you dont care about security, you probably dont care about security updates, you can remain with Windows 10.
Thats not to say that they went about this in a pro consumer way. Its been bungled. But specifically on the point of hardware upgrades, for your average windows user the hardware isnt really "fine" as you put it.
>Here's the thing, I started up an old iPad last night and the e-mail no longer exists nor can be created, so I can't do a lost password, I can't log in, so I can't install apps, or even format the device without some 'Account Lock'
On the apple front, they get 10x the amount of flak for "enabling" stolen hardware to be reformatted and reused, than they get for bricking people who lose access to an account.
Recovery is expendable in Apple town. Recovery of iCloud accounts enabled identity theft and personal photos of celebs to be released. Recovery of hardware enables theft. Its a losing proposition.
>That ain't the way. Your computer. Your choice.
We really need a hardware path without conflicting priorities.
The problem is the protection against malware is rolled in with protection against the end user. This leads down a dark path and it seems we collectively have decided end users are less important than the corporate profits and protection against malware.
>Devils advocate. Everyone really should be on Secure Boot / Bitlocker / TPM2.0 in the Windows space.
nope. only useful for corporate setting. We should be able to run anything we want, however we want, without any arbitrary requirements by MS. Especially if it was proven already that it isn't a hard requirement to run the OS - just an arbitrary setting.
It just paves road for more invasive DRM and even more locked down systems.
If they have issue with crashes, and taking blame for corporate AV failures - don't give out kernel level access to them.
>Recovery is expendable in Apple town. Recovery of iCloud accounts enabled identity theft and personal photos of celebs to be released. Recovery of hardware enables theft. Its a losing proposition.
I don't care as a customer. I want my data, I don't care about corporate profit margins - and I shouldn't need to. Data theft is pure service issue of them not vetting recovery enough - due to cutting costs on it.
>nope. only useful for corporate setting. We should be able to run anything we want, however we want, without any arbitrary requirements by MS. Especially if it was proven already that it isn't a hard requirement to run the OS - just an arbitrary setting.
Right, crazy I swear I hung a lantern on that, implying you could just keep using Windows 10.
>I don't care as a customer. I want my data, I don't care about corporate profit margins - and I shouldn't need to. Data theft is pure service issue of them not vetting recovery enough - due to cutting costs on it.
Right, crazy again I swear I thought I wrapped up by saying we needed a hardware path without conflicting priorities.
Microsoft's idea of Security is security from me, not security for me. They use this overloaded language because it's so hard to argue against. It's a thought-terminating cliché. Oh you must not care about being secure huh???
Microsofts idea of security is security from being blamed for large scale breaches. I dont think they think about you or me at all tbh.
My point was, if you dont care about Secure Boot / Bitlocker / TPM2.0, then you probably dont also care about security updates. Not whatever insult you thought I was making.
If your thoughts were terminated, that was entirely self inflicted.
These so-called security features have wildly different threat models than other security features.
Secure Boot and TPM are ways to attest that what is running is what Microsoft signed. This is only useful if I think that non-nation-state attackers will have physical access to my hardware. Nation-state attackers can probably get something signed with the public secure boot keys. TPM is just more of the same — it lets the software running on a computer verify that it has not been changed from what Microsoft signed. If I controlled the signing key (perhaps every manufactured device has its own key that is sold with the device, which I can then sign whatever OS I want with), then I could gain some security without this control loss, and that would be useful.
Regarding bitlocker, I can encrypt my drive just fine with no TPM as long as I do not expect my OS to be tampered with (which requires physical access or running something untrusted as root). I can simply use a long password with many hash cycles, so if someone stole my drive they could not decrypt it without the password. But, if the key were in the TPM, then nation-state actors could probably get it back out, depending on exact implementation (for example for biometric unlock). So, in this way, using a TPM is less secure.
We should also do away with TPMs in most cases, since all that they serve to do is attest that the corporation with the keys to the TPM decided what was running and that no one interfered with that. It's DRM, plain and simple.
There are other security updates that I may want, however, even if I am not concerned about giving an attacker root of physical access. For example, Windows has had vulnerabilities which can be exploited over a network.
And how long would you expect Microsoft to write updates for computers with insecure boot chains, and secure boot chains? How much should they spend on mitigations for classes of attack that you can shut down just by updating? Why would they risk being seen to support a platform, that they consider a potential vector of incredibly bad PR, just for end user convenience? They have been browbeaten into being extremely security conscious, especially after the SMB stuff.
Personally, my Win 10 laptops are becoming Debian laptops as god intended.
Because I care that I'm secure, but I don't care that my computer isn't secure from me.
> how long would you expect Microsoft to write updates for computers with insecure boot chains, and secure boot chains?
Forever, because the same code works for both unless they go out of their way to do extra work for it not to.
> How much should they spend on mitigations for classes of attack that you can shut down just by updating?
There are basically zero attacks against ordinary consumers that SB/TPM protect from. The kinds of attacks regular people need to worry about are resolved through regular updates that don't need those things.
> Why would they risk being seen to support a platform, that they consider a potential vector of incredibly bad PR, just for end user convenience?
What are you talking about? There's no bad PR in allowing SB/TPM to be off. The bad PR comes from requiring them to be on.
> They have been browbeaten into being extremely security conscious, especially after the SMB stuff.
SB/TPM aren't actual security. They're DRM masquerading as security.
> Personally, my Win 10 laptops are becoming Debian laptops as god intended.
That's good, but it doesn't invalidate any of the above.
For secure boot and TPM, I'm not worried about someone breaking into my house and hacking my bios. I'm worried about getting a virus. Secure boot is useless but updates are important.
For bitlocker, I like it. But I use the password version that doesn't need any particular hardware.
How long do I expect updates? Well for starters, not even ten years of support for processors that were state of the art in 2018 is very bad. And windows 10 stopped being the newest option in 2021, so would ten years from that be so burdensome for security updates?
And no it's not a PR risk to release updates for windows 10. You don't need to stretch that hard, please.
Devils advocate. Everyone really should be on Secure Boot / Bitlocker / TPM2.0 in the Windows space. Windows 11 is really there as a checkpoint to force people to upgrade to more secure hardware. If you dont care about security, you probably dont care about security updates, you can remain with Windows 10.
Thats not to say that they went about this in a pro consumer way. Its been bungled. But specifically on the point of hardware upgrades, for your average windows user the hardware isnt really "fine" as you put it.
>Here's the thing, I started up an old iPad last night and the e-mail no longer exists nor can be created, so I can't do a lost password, I can't log in, so I can't install apps, or even format the device without some 'Account Lock'
On the apple front, they get 10x the amount of flak for "enabling" stolen hardware to be reformatted and reused, than they get for bricking people who lose access to an account.
Recovery is expendable in Apple town. Recovery of iCloud accounts enabled identity theft and personal photos of celebs to be released. Recovery of hardware enables theft. Its a losing proposition.
>That ain't the way. Your computer. Your choice.
We really need a hardware path without conflicting priorities.