German agency warns about Windows 8 use for federal systems

Microsoft has promoted Windows 8 in the past as the most secure version of the OS that has ever been released and the upcoming launch of Windows 8.1 is supposed to include even more security improvements. However, an agency of the German government has now pushed a panic button, claiming that the use of Windows 8 could be risky for other government groups and infrastructure operators.

Reuters reports that Germany's Federal Office for Information Security issued a statement today saying that the combination of Windows 8 with PCs that have a Trusted Platform Module 2.0 chip inside could lead to "a loss of control" with both Windows 8 and the hardware. The BSI added, "The new mechanisms in use can also be used for sabotage by third parties. These risks need to be addressed."

Unfortunately, the statement from the BSI does not state how "a loss of control" would happen with Windows 8 and TPM 2.0. Microsoft did not comment directly on the BSI's security claims but did say that PC makers can disable the TPM chip so that Windows 8 computers can ship without the hardware enabled. The Trusted Computing Group, the organization that came up with TPM, also declined to comment on the BSI statement.

Source: Reuters | Image via Microsoft

Report a problem with article
Previous Story

Ballmer's biggest regret while CEO was Vista's 'loopedy-loo'

Next Story

From The Forums: Neowin reader posts 'campaign ads' for Microsoft's next CEO

52 Comments

Commenting is disabled on this article.

to put this simply someone in the German Govt is moaning about win 8 being insecure ummmm news flash for Germany anything one man can make another man can break simple as that

CygnusOrion said,
I get the feeling that German officials really despise Microsoft.

Germans despise everything and anything not being German... And unfortunately this is not a Joke

-adrian- said,
this is not a joke? you clearly have no idea

don't want to hurt your or anyone's patriotic feelings, it's just what I had experienced during my stay.

the first article is a black guy playing for a couple of year for the german national team.. all your arguments a invalid .. do you want me to look for racist things in any country now? racists tweets in england.. some guy in skandinavia killing on the island? racists in america hating all black people..

Germany has history, but this type of crap goes on everyday around the world.

In the USA alone, there has been a growing trend of racial fragmentation with even elected officials saying some really horrible racist and sexist things.

I live in the US, but have spent time a bit of time in Europe over the past 15 years, every culture has their idiots.

........

As for targeting Microsoft, Germany has been vocal, but they are not alone with the entire EU being used by various countries to take shots at Microsoft.

It is kind of sad, as Microsoft invests a lot of money into these countries and local economies, unlike other American companies that are applauded yet invest far less locally, like Google and Apple.

Isn't that the same country/department that adapted Linux and OpenOffice 2 years ago and scrapped it within short thereafter? I wonder when they will stop listening to their anti-Microsoft consultants and start thinking for themselves

vhaakmat said,
Isn't that the same country/department that adapted Linux and OpenOffice 2 years ago and scrapped it within short thereafter? I wonder when they will stop listening to their anti-Microsoft consultants and start thinking for themselves

If I remember correctly, it was over 10 years ago, with an initial 3 year plan for migration, that was extended to 5, 8 and then scrapped.

The biggest problem they had with the migration is their lack of understanding the technologies involved was embarrassing especially with regard to the secure systems they were using.

Mobius Enigma said,

If I remember correctly, it was over 10 years ago, with an initial 3 year plan for migration, that was extended to 5, 8 and then scrapped.

The biggest problem they had with the migration is their lack of understanding the technologies involved was embarrassing especially with regard to the secure systems they were using.

Oh my...

https://joinup.ec.europa.eu/co...ktop-completed-successfully

14.000 of the total 15.000 desktops migrated as of 2013, with over 10 million euro saved so far.

Mobius Enigma said,

The initial project was not a success and was halted. You are quoting a PR damage control effort using a custom LiMux that was NEVER a part of the original project.

A PR damage control that has migrated 14.000 desktops along with all the applications and saved 10 million euros? What was the original project supposed to achieve, a cure for cancer?

LiMux became part of the project only two years after the initial plannings (that is, in 2005) when SuSe was adquired by Novell and IBM stepped out.

ichi said,

A PR damage control that has migrated 14.000 desktops along with all the applications and saved 10 million euros? What was the original project supposed to achieve, a cure for cancer?

LiMux became part of the project only two years after the initial plannings (that is, in 2005) when SuSe was adquired by Novell and IBM stepped out.

You are failing to understand. I'm not sure if you are younger or just choosing to disregard that the original project was SHELVED in 2009.

The progress made in the 2011-2013 timeframe is NOT from the original project.

PERIOD.

Mobius Enigma said,

You are failing to understand. I'm not sure if you are younger or just choosing to disregard that the original project was SHELVED in 2009.

The progress made in the 2011-2013 timeframe is NOT from the original project.

PERIOD.

Well, yes, I happen to disregard arguments until any kind of proof is shown. So far all your links actually support my argument, so go, research and then come back.

I mean, really, can you show even one single proof of anything you are saying?

-Anything substantial about the project that began in 2005 not being the same as the one in 2013?
-Something about the LiMux project being shelved in 2009?
-About the project being actually scheduled to be completely finished in 2006?

Excuse me if "because I say so" doesn't get me convinced.

Germany's Federal Office for Information Security...

Here is where every reasonable person should stop reading. This is the same agency that was behind the 'brilliant' German migration to Linux and OSS.

It was a massive failure and lack of understanding of the technologies involved, with ongoing delays to where the project was eventually scrapped.

Mobius Enigma said,
Germany's Federal Office for Information Security...

Here is where every reasonable person should stop reading. This is the same agency that was behind the 'brilliant' German migration to Linux and OSS.

It was a massive failure and lack of understanding of the technologies involved, with ongoing delays to where the project was eventually scrapped.

Perhaps they should have waited for the year of linux.

Mobius Enigma said,
Germany's Federal Office for Information Security...

Here is where every reasonable person should stop reading. This is the same agency that was behind the 'brilliant' German migration to Linux and OSS.

It was a massive failure and lack of understanding of the technologies involved, with ongoing delays to where the project was eventually scrapped.

You mean the migration project in Munich? Because that one is alive and already declared a success.

ichi said,

You mean the migration project in Munich? Because that one is alive and already declared a success.

http://en.wikipedia.org/wiki/LiMux

10... years... later.

Now, if "success" is measured by "have they moved to linux" then yes. But if we're talking efficiency and cost savings... 10 years. 10. years. TEN. Nope.

It took them nearly 10 years to save 4m in licensing costs.

But hey, they really stuck it to the man.

MrHumpty said,
http://en.wikipedia.org/wiki/LiMux

10... years... later.

Now, if "success" is measured by "have they moved to linux" then yes. But if we're talking efficiency and cost savings... 10 years. 10. years. TEN. Nope.

It took them nearly 10 years to save 4m in licensing costs.

But hey, they really stuck it to the man.

That link actually cites savings of over 10 million since they started the migration planning 10 years ago, and if you bother to do some research beyond wikipedia you will see that they are actually 2.000 migrated desktops ahead of schedule.

But yeah, it must be because they "stuck it to the man" and not because of the hefty savings, lower TCO and reduction in number of support calls.

What's interesting though is that 10 years later some people like Mobius Enigma and vhaakmat below (and Hawkman as well in several old forum threads) are so utterly misinformed that keep bringing Munich as an example of a failed Linux migration that would have been supposedly scrapped, and even go to the lengths of going into a technical analysis of the reasons why it would have supposedly failed (as you can see in Mobius Enigma's post below).

And going by the "like" votes in those posts I'd guess there's some more people around equally misinformed.

Edited by ichi, Aug 25 2013, 5:50pm :

ichi said,

That link actually cites savings of over 10 million since they started the migration planning 10 years ago, and if you bother to do some research beyond wikipedia you will see that they are actually 2.000 migrated desktops ahead of schedule.

But yeah, it must be because they "stuck it to the man" and not because of the hefty savings, lower TCO and reduction in number of support calls.

What's interesting though is that 10 years later some people like Mobius Enigma and vhaakmat below (and Hawkman as well in several old forum threads) are so utterly misinformed that keep bringing Munich as an example of a failed Linux migration that would have been supposedly scrapped, and even go to the lengths of going into a technical analysis of the reasons why it would have supposedly failed (as you can see in Mobius Enigma's post below).

And going by the "like" votes in those posts I'd guess there's some more people around equally misinformed.

10M Euros over 10 years is a joke. The support calls is also subjective. I've managed too many Windows machines to realize that, when manage properly, support calls are almost always to do with forgotten passwords.

What's funny is... 10 years later, that "report card" is considered a +1 in the W column.

MrHumpty said,
10M Euros over 10 years is a joke. The support calls is also subjective. I've managed too many Windows machines to realize that, when manage properly, support calls are almost always to do with forgotten passwords.

What's funny is... 10 years later, that "report card" is considered a +1 in the W column.

Well, lets see: the OP talks about Munich as a "massive failure and lack of understanding of the technologies involved, with ongoing delays to where the project was eventually scrapped".

Reality on the other hand shows a long term project that's successfully running ahead of schedule and where, much to debunk early reports by both Microsoft and HP, the migration has not only not added extra expenses to the administration but rather saved an average of 1 million per year.

Considering all the costs involved in training and migration of applications, templates and macros, a net saving of 10 millions seems to talk about a quite noticeable lower TCO.

If a project goes as planned or better, that's what you'd consider by deffinition a success.

Regarding support calls, I don't see how the exact number of calls in your ticketing system can be subjective. If you are getting less calls you are getting less calls, there no way around it.
The point of that simple detail is that naysayers were trumpeting a expected increase in users' trouble with the new platform, which the reduction in calls seems to contradict.

ichi said,

You mean the migration project in Munich? Because that one is alive and already declared a success.

It is cute. I went back to my Linux Munich links and the top three have been acquired by 'fans' of Linux and purged the timeline of the horrendous problems and the closing of the project that was later replaced with a new initiative in 2010/2011.

So now I have to provide various links to the timeline so 'kiddies' realize they have been punked into thinking it was successful.

Start here:
http://www.zdnet.com/blog/murp...e-it-project-proposals/1074

Instead of getting to the 15,000 migrations - even today they only have a couple thousand migrated users, over 10 years later.

This is a not success. Apple has had more movement in marketshare without a complete 'migration' project.

ichi said,

Well, lets see: the OP talks about Munich as a "massive failure and lack of understanding of the technologies involved, with ongoing delays to where the project was eventually scrapped".

Reality on the other hand shows a long term project that's successfully running ahead of schedule and where, much to debunk early reports by both Microsoft and HP, the migration has not only not added extra expenses to the administration but rather saved an average of 1 million per year.

Considering all the costs involved in training and migration of applications, templates and macros, a net saving of 10 millions seems to talk about a quite noticeable lower TCO.

If a project goes as planned or better, that's what you'd consider by deffinition a success.

Regarding support calls, I don't see how the exact number of calls in your ticketing system can be subjective. If you are getting less calls you are getting less calls, there no way around it.
The point of that simple detail is that naysayers were trumpeting a expected increase in users' trouble with the new platform, which the reduction in calls seems to contradict.

Reality?

The 'reality' is you do not know what you are talking about or have been misled with the proclamation of success after 10 years of failures.

http://linux.slashdot.org/stor...on-Abandons-Linux-Migration

Better yet head over to:
http://linuxhaters.blogspot.com/

They have kept most of the timeline of the failures that I don't have time to spoon feed. Although I still find it cute that the Munich specific watch sites have been scrubbed of the archives detailing the work and laugh out loud failures.

Mobius Enigma said,

It is cute. I went back to my Linux Munich links and the top three have been acquired by 'fans' of Linux and purged the timeline of the horrendous problems and the closing of the project that was later replaced with a new initiative in 2010/2011.

So now I have to provide various links to the timeline so 'kiddies' realize they have been punked into thinking it was successful.

Start here:
http://www.zdnet.com/blog/murp...e-it-project-proposals/1074

Instead of getting to the 15,000 migrations - even today they only have a couple thousand migrated users, over 10 years later.

This is a not success. Apple has had more movement in marketshare without a complete 'migration' project.

Did you even bother to read the link I posted? They have migrated 14.000 desktops, far from your couple of thousands (and well below those 10 years as the kick-off was in 2005 and the first pilot in 2006).

Your "new initiative" that has apparently been planted around by Linux fans is listed in the very zdnet article you linked as starting in 2005 ("21.04.2005: internal kick-off meeting for LiMux migration") with a pilot planned for 2006.

Edited by ichi, Aug 26 2013, 4:26pm :

ichi said,

Did you even bother to read the link I posted? They have migrated 14.000 desktops, far from your couple of thousands (and well below those 10 years as the kick-off was in 2005 and the first pilot in 2006).

Your "new initiative" that has apparently been planted around by Linux fans is listed in the very zdnet article you linked as starting in 2005 ("21.04.2005: internal kick-off meeting for LiMux migration") with a pilot planned for 2006.

Yes I read your link... Here are the facts, please feel free to go look them up.

The project was to be FULLY completed in 2006 (7 years ago).
The project was ABANDOND in 2009 with only 2000-3000 systems migrated.

So a 'PR' release 7 years after the project was to be completed, they step forward in 2013 and proclaim it was a 'success' is dishonest as the migration they are touting is NOT FROM THE ORIGINAL project.

Ok?

Mobius Enigma said,

Yes I read your link... Here are the facts, please feel free to go look them up.

The project was to be FULLY completed in 2006 (7 years ago).
The project was ABANDOND in 2009 with only 2000-3000 systems migrated.

So a 'PR' release 7 years after the project was to be completed, they step forward in 2013 and proclaim it was a 'success' is dishonest as the migration they are touting is NOT FROM THE ORIGINAL project.

Ok?

Maybe if you bother to post any kind of source that supports your argument, because so far even the very souces you provided yourself point that the LiMux project kicked-off in 2005.

Ok?

Shadowzz said,
Doesn't matter what OS you use, I'm sure the NSA has zero-day exploits regardless of which OS or system is being used.

Every Security professional also has an extensive list of possible exploits to use when remotely cracking a compromised system/server/etc.

It isn't just the NSA that maintains a robust list of common exploits.

Mobius Enigma said,

Every Security professional also has an extensive list of possible exploits to use when remotely cracking a compromised system/server/etc.

It isn't just the NSA that maintains a robust list of common exploits.

But they have the biggest budget......

Fritzly said,

But they have the biggest budget......

Budget is fairly irrelevant unless you are also cracking encryption. I know of a three person team that can get into about anything. **

Companies pay them well, but they didn't need vast resources to acquire their knowledge.

**Side Notes...
The only systems that are nearly impossible and can be impossible are patched Windows 8/2012 systems without 3rd party desktop software. It is easier to monitor network activity to and from these systems than to crack into them.

People should remember this when they complain about Modern UI Apps as they are not creating entry points or exposing the system to exploits.

Installing just Google Chrome adds a list of about 50 exploits to try. Also remember this when installing Chrome, as it in the top five 3rd Party Apps that allow malware/remote access.

Mobius Enigma said,

Budget is fairly irrelevant unless you are also cracking encryption. I know of a three person team that can get into about anything. **

I beg to differ..... The larger the budget the easier to hire the best and the brightest, not to mention investing in R&D.

Side note: and this supposed impossibility to crack Windows was stated by.....?
The safest approach is always the same:
Assume that everything is crackable; if it has not cracked yet it is only because someone has not found the way to do it.

Fritzly said,

I beg to differ..... The larger the budget the easier to hire the best and the brightest, not to mention investing in R&D.

Side note: and this supposed impossibility to crack Windows was stated by.....?
The safest approach is always the same:
Assume that everything is crackable; if it has not cracked yet it is only because someone has not found the way to do it.

Re read my entire post...

Budget is a concern when you are from outside the industry and needing to hire someone; however, acquiring the information can be done by virtually anyone bright.

Comment on reddit about this:

Okay, going to call bull**** on this one.
I worked on TPM software for about a year. The TPM is a pile of ****, and it's got poor support on many motherboards. Some manufacturers have semi-working implementations of the protocol but don't have it working on all revisions of their chip, and other manufacturers have outright incorrect implementations. Bear in mind, the TCG has been around for over a decade now; the lack of broad support is really quite stupefying.
Now what does a TPM do? It lets you store an X.509 certificate in a very secure way. You don't get to choose the certificate; the certificate is chosen for you by the TPM. It lets you query for the public key on the certificate it chooses. It lets you update the public key with signatures. It lets you query the value of one of a collection of registers in a secured way. It lets you update some of these registers via an "extend" operation. That's it.
The bull**** thing is that, on Windows 7 and earlier, TPMs are disabled by default by the OS. They're also disabled by default in the actual f*cking BIOS which meant that basically any software designed to make use of the TPM couldn't be rolled out in an enterprise setting because you'd have to run around to a thousand machines to enable the dang TPM. And this doesn't even get into the step associated with generating the attestation certificate on the physical box, which requires certain physical security guarantees be made at the time of certificate generation. So Windows 8 has the TPM enabled by default, and requires their OEMs to enable it by default in their BIOS as well. Big deal. It makes the life of the IT service person marginally easier from an enterprise standpoint, and really nothing else.
TPMs aren't magical spy-on-you chips. This is a tpm. It's just a hardware crypto chip used by basically nobody. Some securable computing systems or embedded environments may rely on the physical security provided by a TPM to detect the presence of a machine which is counterfeit in some sense, or in a very limited capacity may be used to authenticate the boot process. They cannot generally be used to provide any other type of cryptographic service.
Edit: Holy crap first gold, thank you generous sir!
Edit #2, disclaimer: I did this work while employed for the US government. I no longer work as a defense contractor. Take that as ye will.
Edit #3: Okay so many users have pointed out that there is a TPM 2.0 spec out now, and there are chips which implement this spec. The new spec introduces more public key algorithms, and more registers, but really the only new thing is the ability to store and run symmetric ciphers on the chip--the rest of my conclusions are pretty much the same.

Source: http://www.reddit.com/r/techno...ent_warns_key_entities_not/

I didn't think TPM was an active processor of any kind?

I can see how it could be used to obscure foreign code but the computer must have been compromised already for this to happen so this surely a nonsense.

FlintyV said,
You could say the same about any closed-source piece of software.
I'm curious. At the time you pressed the "add comment" button, did you think you would sound witty or knowledgeable? Or were you making a joke. Please say you thought you were making a joke. Please.

once you physically crack the chip, and you extract the code,you can find backdoors/vulnerabilities,bugs,and you may use that to find ways to enter the chip without physically having access. for example, i cracked open the tpm, tap the bus,extract the software,find a buffer overflow. so lets say i used a 0 day vulnerability in this pcs browser,got elevated privileges, now i have access to the system and can write some code to communicate with the tpm, perform my buffer overflow and bam i can extract all the data.

If you have elevated privileges and access to the TPM chip then you have all you need at that point to extract the data.

If the operating system is able to unencrypt data via the TPM chip (for example, a user had typed in the correct passphrase at some point previously) then you could just act as the operating system and decrypt the system's data in the normal way. Finding a problem with the TPM chip's implementation is not required.

DonC said,
If you have elevated privileges and access to the TPM chip then you have all you need at that point to extract the data.

no you don't. RSA private key, EK, SRK are never in the clear,and only operate within the TPM chip. you can send in encrypted data,and the tpm will decrypt it for you with an internally stored private key,but theres no way the TPM is going to serve you that key. you can use another type of key that is unique to the TPM and will only decrypt certain code that will run only on that particular TPM. the only way to access these keys,is to either physically dump the chip,or if you physically dumped the chip,find a bug that will let you break into the chip from the outside world.