JMH
Emeritus, Contributor
- Apr 2, 2012
- 7,197
Windows RT: Bug not a bug?
- Thread starter JMH
- Start date
AceInfinity
Emeritus, Contributor
Nice :) Next thing to be done would be to bypass the secure boot to have a bit of freedom on RT devices? :confused2: lol
It seems it's just a single byte that represents the minimum signing level. So this does in fact mostly rely on bypassing that. Which is an integer value of 8, representing Microsoft signing level. When changed to 0 (Unsigned), this is what allows you to bypass that authentication or validation.
I don't know why Microsoft prohibited users from doing this though. It'll only make "jailbreaking" the Surface a new trend... And if they removed this limitation I think it would improve the quality or value of the product.
Otherwise you may get frustrated users which just replicate the Microsoft authenticode to be able to run their stuff on the RT device.. :confused2:
~AI
It seems it's just a single byte that represents the minimum signing level. So this does in fact mostly rely on bypassing that. Which is an integer value of 8, representing Microsoft signing level. When changed to 0 (Unsigned), this is what allows you to bypass that authentication or validation.
I don't know why Microsoft prohibited users from doing this though. It'll only make "jailbreaking" the Surface a new trend... And if they removed this limitation I think it would improve the quality or value of the product.
Otherwise you may get frustrated users which just replicate the Microsoft authenticode to be able to run their stuff on the RT device.. :confused2:
~AI
Last edited:
I'd wager there's a few reasons this isn't allowed without a hack, some of it to due with store revenue being lost if apps don't ship from the store; some of it due to the fact that the device is designed more for touch (and desktop apps usually aren't), and the stability/security aspect of running random code on your machine.
AceInfinity
Emeritus, Contributor
"some of it to due with store revenue being lost if apps don't ship from the store" -- Ahhh!.. That is a good point. I wonder if partially, because it's a new RT (ARM-based) device, that they would like to keep things minimal just to start. Vista had initial bugs that even after being fixed, were still pointed out for why Vista "sucked" in my opinion. I don't think Vista had a good shot at success for that reason, even though I never really had any problems with it. I also think that's one of the reason for why Windows 7 came out so early afterwards. It was a new shot at success, for what I believe people were expecting Vista to be at that point in time. Windows 7 is great though (sales for this particular OS skyrocketed from what I know), but to avoid some confusion between 7 and Vista, I would assume that this is the reason why Microsoft was also more motivated to add a little bit of a different look to the OS when put side by side with Vista.
People that don't have the experience or knowledge to see what is different between 2 operating systems on a more complex level, will more likely be looking at the way it looks; the interface/design. Not that I'm criticizing less computer knowledgeable people, but I can also comfortably say that this is where the majority of the consumer base comes from.
To the point--I don't have anything bad to say about RT, so far I think my Surface is better than my Ipad to be honest. Apps are lacking though, which is why I agree with you. I just have a few questions that I can't answer for myself though, such as:
- Why did they choose to have the desktop in a tablet based device? (Filesystem, Paint, Administration tools, and various other things including the minimal office suite are the limited use it has). If they want to include it, and being that I'm basically a consumer of this product, I initially thought that there would be more that I could do with it (before I ran into certain limitations, or heard about them).
However, you do have a point. If people start developing for the desktop environment, it WILL take away from the initiative for people to develop for the MSFT Store. (It is more wise to make the Store the central focus though, otherwise the IPad will still be more dominant because it's had more time to develop. You'd have to take fast actions in order to catch up, otherwise people tend to make up their minds about the product eventually and stick with their opinions almost "permanently" in the business world.)
I think the point you've raised here is what most people don't understand, like myself, because like me and many others, we're not business people. I do however have good insight into the business side of things, for the reason that I know the most reputable business person alive where I live undoubtedly.
If Microsoft doesn't deem this as a security threat, does this mean that they will neither fix it or allow users to run their own unsigned apps on Windows RT I wonder? It seems to be a carry over from the regular Windows (Intel based, not ARM), so it affects more than just RT here don't forget.
Interesting topic JMH! I'm always curious as to what is going on in the Microsoft world :)
~AceInfinity
I've already answered your first question a few times here in other threads, but I'll reiterate - Office 2013 is a desktop app. As a selling point (inclusion with an RT device purchase), that makes it a bit difficult to not ship the desktop. Add in Windows Explorer and still having advanced settings in a Control Panel that hasn't been migrated fully, and you get a touch device with a desktop. Also, removing the desktop from the codebase means it's really different than Windows 8, which I'd guess would require a heck of a lot more testing and design than Microsoft was willing or able to do before a ship date came along.
As to fixing it, that's sort of up to Microsoft - if you really want to hack your device and take the risks, I don't see a necessary need to "fix" it as it's not a security risk that can be "exploited" without someone on the device running regedit and turning the security mechanism off until a restart (something a modern app cannot do, given sandboxing - hence there's no way short of user intervention to reach this point).
As to fixing it, that's sort of up to Microsoft - if you really want to hack your device and take the risks, I don't see a necessary need to "fix" it as it's not a security risk that can be "exploited" without someone on the device running regedit and turning the security mechanism off until a restart (something a modern app cannot do, given sandboxing - hence there's no way short of user intervention to reach this point).
AceInfinity
Emeritus, Contributor
I understand the Office part (I didn't ignore you there last time :grin1:), but as a Tablet device, I know lots of people that wonder why they have a desktop, not because they cannot install any of their own desktop programs, but because it's hard to use. Sorry I should have explained that more clearly, but that's what I meant :) As a small device, not even the IPad has a desktop interface like the Surface does, they just have that tiled app view (in their own adopted style), but the functionality and navigation was with consideration to the fact that it is seen on a small screen. So the navigation should be optimized to make it easier for the user to use on the smaller screen. I know why the office programs are for the desktop, I just don't fully understand why they haven't completely removed the desktop itself.
Without the perspective of how much work it would take to remove that, I still think it would be a good thing to do. They can keep the desktop for the Windows 8 Pro version, but for the RT version, I'm still of the opinion that it does not have a great purpose. With this desktop on my RT version, it almost would seem to me that this should have been the Windows 8 Pro version of the Surface and not the RT. Maybe it's just because i'm familiarized with the "look" that former tablets had before the Surface came out...?
I could understand the struggle behind taking the desktop view out completely, but I would rather either have it in there with more functionality (like what I assume the Windows 8 Pro version will be), or have it completely removed so I could deal with just the apps alone :thumbsup2: Just my opinion that's all. Something "in-between" just doesn't seem right.
Microsoft made the move to create a tablet device, and everything about this Surface beats the IPad except for the times that I have to use the desktop lol. I just think that they're going to have to change more than just a few things from the original Windows 8 if they want to move more into the tablet world... There's no shortcut around that I don't think. Microsoft is good in the desktop computer world, but my idea of a tablet device is that it shouldn't be like a desktop. Perhaps this is just a starting point though; they may change more in the future to make more of the Windows RT interface friendly for being a touch based tablet-like device so I haven't given up on it yet. I enjoy my Surface, but I've noticed that I used my desktop probably only 3-5 times for legitimate purposes since I've gotten it.
Take the Windows Phone as an example. There's no desktop as far as I know (I don't have one, I only seen reviews), and although it does work a bit different than the OS my Surface is running (I'm assuming), I think that this is the way my Surface (with Windows RT) should have looked as well.
I do believe I understand correctly what you're saying though, just to make that clear so there's no misconceptions here :smile9:
Personally I would work my way around not having any Office programs though on my Surface if the desktop was removed and no store apps were created to replace them. I found out they actually do have OneNote released to the store and I have that downloaded. Anything else with Excel and PowerPoint I do all from my desktop anyways.
Thanks for your responses though! These are only my opinions though, I'm not saying that you are wrong, or that Microsoft needs to do anything in regards to what I believe the Surface "should be", nor am I mocking anything about the product. I'm just a very opinionated guy. This is just my straight and non-biased view written down about the Surface.
Cheers
~Ace
---
In regards to the security "flaw" or whatever people want to call it, it indeed is Microsoft's call. There was something I had discovered today though, (once again).
I had known about this for a while, but this particular flaw in the UEFI boot (Secure boot), would be precisely what is needed in order to make this bypass for the Windows RT device perhaps a bit more "serious" in my opinion. As the only thing preventing these modifications from being a permanent change, was the security of UEFI boot. Unfortunately, UEFI boot itself is not 100% secure, as there is a known vulnerability in it, which would allow someone to bypass Driver Signing Enforcement policy and PatchGuard.
These in combination could be not so good if the reason for why Microsoft didn't think this was a security issue is because of Secure boot counteracting the changes to the kernel itself.
With some other possible techniques discovered by some random "hacker" in the future, you never know if someone finds a way to exploit it further just remotely. I wouldn't know how at this point, as I know the store apps don't run under a high enough security context to do hardly anything on the system itself, therefore, it would be tough (if "tough" doesn't indeed mean "impossible" for now). But if there's anything I know about security, it's that we've seen it broken many times before under circumstances that people thought were impossible, so I still am cautious. If somehow whoever was trying to do something harmful to the system, figured out a way to run code through a process that did have a higher security context though, then that's the only case where I could see this being a threat.
Right now, I am at a loss for how that could happen though, so perhaps it's a good thing that I know the security on my RT device isn't so bad at this point in time :smile9:
And I have not "hacked" my Surface yet cluberti :lol: I've decided to just leave it alone, but to continue reading about updates like these found by others so I have a bit more understanding of the kind of security my own device has, both, for my own curiosity, and safety at the least...
I hope that covers everything. I just woke up so hopefully after reading this over twice, it should be enough to make sure I've gotten rid of all the mistakes and such.
~Ace
Last edited:
Has Sysnative Forums helped you? Please consider donating to help us support the site!