(¥) you might have to figure out some details

Unfortunately not for anyone who has activated the auto-update feature on his/her Xbox, as the latest system software version seems to include a higher kernel version than supported by the collateral-damage exploit.

> No action may be brought under this subsection for the negligent design or manufacture of computer hardware, computer software, or firmware.

I guess Microsoft could argue their entire operating system business, app store, and update infrastructure are intentionally negligent, and so not covered.

I’d think a reasonable court would say that it’s working as designed, and therefore not covered by the carve out.

https://www.law.cornell.edu/uscode/text/18/1030

Can you manually modify the system clock? If so you could roll the calendar back every 3-6 months.

There's a timing argument - that unless you're at risk of zero days (like you're the DOD) - that you probably don't need to upgrade immediately. But it seems unarguable to me that the longer you wait, the greater the risk from a security perspective.

As always, security is a trade off. Risk of breaking from an update has to be balanced against risk of exploit. I'd argue the latter is going up more quickly than the former.

on a more serious note though I don't think machines with ipv6 enabled that are behind a NAT are likely to be vulnerable to this, i suppose maybe wormable if you can natpunch through some p2p voip or gaming service, it's the sort of patch i would probably install if i were made aware of it (if i had ipv6 enabled), but being made aware of it doesn't like, leave me worried, and i don't consider it to be likely to affect me unpatched

I suspect it's because I don't use many common software packages so the attack surface is small-ish.

Agree in general that people wildly overestimate the risk leaving things alone. e.g. nginx hasn't had a security advisory affecting basic http 1.1 serving static content without TLS in many years. And of course desktops are behind stateful firewalls.

I only let my browser autoupdate (somewhat reluctantly) since I view that as the most likely security issue on my winpc but when I used to let win10 autoupdate (and other garbage dell drivers), things would start breaking after each update

this also applies to phone app updates - I only update if there's a reason to, not just for the sake of updating...

and people wonder why I have the best working phone and pc at the office...

Boxes get popped all the time. Why are you painting such a dishonest picture?

> and people wonder why I have the best working phone and pc at the office...

Probably because you know about computers. Nothing to do with your poor security practice.

And this still doesn’t say anything about the explicitly absolutist advice in the parent comment. “No matter the circumstance, turn auto-update off! Just in case you want to partake in some piracy!”

Is that a common usage /auf Deutsch/? Such use is listed on the Wikipedia page, but it's a use I don't ever recall having seen before.

Especially on sites like this one, which have no previews.

§ is a bit less common but iirc used in some legal texts. It's also easy to use on ANSI German keyboards with shift+3.

From my understanding, if you have the license, then you can still download it but it's not available for new users.

Right now, I'm using an android emulator to be able to run the app on a laptop (we don't have tablets) but it's a janky experience compared to a native windows app.

ms-windows-store://pdp?productId=9N4WGH0Z6VHQ

ms-windows-store://pdp?productId=9PMMSR1CGPWG

ms-windows-store://pdp?productid=9MVZQVXJBQ9V

ms-windows-store://pdp?productid=9N4D0MSMP0PT

ms-windows-store://pdp?productid=9N95Q1ZZPMH4

The double irony is that, even if it works, I may not be able to read my own game-saves since the Console's own public key is on the revocation list. I could sidestep this by resigning the CON files with the default value, 0.

The triple irony may be forthcoming yet. this all looks very familiar indeed.

fuckin brilliant

this bug is essentially a retro-active pivoting platform for the lucky day you combine unsanitized input and context escape.

seems like just trivial digital sticker-swapping, but MS over-leveraging its successes, refusal to break things (to maintain backwards compatibility, and it's own technical debt..), mean that some mistakes, however trivial, yet affecting, are immortalized

One example that stands out was the hacking/modding scene of the GTA Vice City with Multi Theft Auto, and even GTA SA, which gained a massive player base that would have never experienced the game and created emotional bonds with it. I can't prove this of course, but I bet a huge portion of the GTA V success was from users who played a moded version of the game in the past "for free".

Another example is the Adobe Suite, like Photoshop, and Illustrator, which allowed many people to become proficient with the Adobe tools and be part of a qualified workforce using that same suite of tools. A lot of these professionals from low-income countries would never had access to these tools otherwise in their formative years.

Price is a barrier to entry for many users who wouldn't have paid for the software.

Take World of Goo. Very popular game. Released in 2008; got a sequel in 2024. Why so long for a sequel? In part, because when they experimented with a DRM-free release, they had a piracy rate of over 90%. Can you prove that's lost sales? No. Would any reasonable person say that is lost sales? Absolutely.

https://arstechnica.com/gaming/2008/11/acrying-shame-world-o...

Ever wonder why mobile games failed, and why every mobile game is seemingly full of ads? The Android piracy rate is enormous (over 60%); and freemium allows money to be earned while denting piracy rates. Let's not forget also why Nintendo went after Yuzu - over 1 million illegal downloads of Tears of the Kingdom before the game even launched. How many do you think paid afterwards?

And before anyone quotes the one or two studies showing an increase in sales from piracy; that ignores the 30+ studies showing a moderate to severe sales impact from piracy, that we also have. Nobody talks about those though, because that's a rather unpopular conclusion. However, you can't pick and choose studies to show it is a good thing.

Of course not. People pirate more than they consume. The amount of series and movies in my backlog is insane. I have them physically on a RAIDZ2 (RAID6) and I have access to various streaming services. But what I lack is time. I used to watch the same stuff in the 90s cause of not having access to more (or very mediocre stuff on TV). Then piracy came into play and I could download many stuff I couldn't afford. Now I have more money available, but I don't have the time anymore. It is the same with regards to my Steam library. However, a lot of that is stuff bought on sale, and that is not 1:1 compared to a gained sale as the profit wasn't full price.

And seems like they learned nothing from this terrible experience, because they've also released World of Goo 2 DRM-free: https://worldofgoo2.com/

Could you cite a few of the best such stories that are not sponsored by media giants please and thank you.

It sure is, and those people should promptly return their stolen Photoshop bits to the front door of any local fire station so Adobe can put them back into their bit warehouse and ship them to paying customers next day air

If you think copyright infringement and theft are synonymous then presumably you'd be happy with people paying for copyrighted goods with a picture of some money, because a copy that doesn't involve a transference of control is identical with the actual item, right?!

Digitization doesn't somehow transform my limited time and resources into something you're suddenly entitled to.

I would expect Adobe would be nothing but a forgotten brand name list to the annals of time at this point, considering their Suite has been the most pirated application every year since the early days of Windows 95... And yet....

Oh and by the way Pluton is now on the latest batch of Intel laptop chips. And has been on AMDs for a while. How soon until Windows requires it?

I never did. The worst part is explaining it to people drinking the MS coolaid. I'm an MS admin so people at work love Win11, Intune etc all that max lockdown shit. To me that's not what Windows is about, for me Windows is excellent because of the admin tools and backwards compatibility. But hey that's just me.

Proton will be another TPM thing, introduce it, wait 5 years, then mandate it. They have time.

you know how google and apple dropped actual totp 2nd factor for their own accounts and force you to sign on another device to confirm signing on new devices? same thing.

They probably dropped totp because non-technical people can’t figure it out.

It's not their fault though. Every web site or service that offers totp and the most user-facing apps like google authenticator all scrupulously avoid telling you to save the seed value in the initial setup qr code.

That short random string is all you need to have working totp on as many different devices as you want, set up a new one any time you want, and it's nothing but a simple static never-changing secret exactly like a password.

You can wake up naked in a foreign country and be all back in a few minutes and without having to re-setup any sites or anything like that.

That is, IFFFFF you have previously saved all the totp initial setup seed values right along with the passwords for those same accounts. If not, you can go do it right now.

That string is not just one-time use. You can just save it and enter it into totp apps all over the place all day for the next n years.

keepass apps all support it now for one example, so you could save the string in a notes field in keepass, but they have a dedicated totp field now too. You paste it in, and now that password entry not only stores your name & password for that site, it stores the totp seed for setting up totp apps, and also displays the current totp time code just the same way the totp app like google authenticator does.

It's all stored in the keepass db file just like the normal passwords, so to set up a new device, all you need is access to any copy of the keepass db file. Install any keepass app like keepassxc on a laptop, load the db, and there's your working current totp codes for all sites. You want a more convenient dedicated totp app than having to dive in to keepass, just copy the totp seed from keepass into gnome authenticator or whatever. The different apps have different ways to supply the string when not taking a picture directly with the camera. Some like google hide it from direct access. Last time I used google authenticator I think it had no usable export, but it just recently got the ability to store the seeds in googles cloud, but not like in an ordinary google drive file that would be useful, just some internal magic that all it does is if you can somehow manage to log in to your account on a new phone, it will pull the seeds down and start working on the new phone. It doesn't let you set up any other apps or devices, and Google has a copy of your seeds in a form they can read, even though you can't!

But the same seeds could be just as cloud-enabled by being inside a password manager db, which is still sitting on a google cloud server, but this time in a file that you own, and in a form that google can't read but you can.

So, uh... Lenovo?

Yet you can still install Linux on PCs sold with Windows, you can still install third party software on Windows not from a Store, you can still watch pirated movies downloaded from torrents.

You can even run an unregistered/unpaid version of Windows if you don't mind that it will not let you change the desktop background image.

The reasonable, fair, common-sense pro-consumer thing to do is to split the online play in two: a non-anticheat server and an anti-cheat server. Players can opt-in to installing a rootkit/sharing their SSN/whatever if they want to play on the hardened server. This costs nothing, and makes all types of gamers happy.

But doing this has less upside for the publisher than forcing anti-cheat on everyone. The only risk is that they might get dragged through the mud by a handful of influencers peddling impotent rage to viewers who are just looking for background noise while sleepwalking on their Temu dopamine treadmill live service of the month.

This is a very good point! And I'd like to point out that there is an analogue to the problem of smurfing in online video games, and the corresponding solution, which is to require semi-unique ID to play (e.g. a phone number which can only be tied to one account at a time with a cool-off period when transferring between accounts). Valve does this for Dota 2, and smurfing is far, far less common than it is in League of Legends.

Some League players complain that they don't want to give their phone number to Riot (which is entirely reasonable given that it's a subsidiary of Tencent), but if enough people don't want that, then Riot could simply split the ranked queue into two: one where (soft, ie phone #) identity verification is required, and one where it isn't.

Riot won't do this, though, not because it wouldn't fix the problem (it would, as demonstrated by Valve), but because they profit from smurf accounts buying skins.

Citation needed.

Whose these gamers ? I surely didn't ask for this neither any of the gamers I know, nor seen any demand about that in gaming forums.

> The game companies couldn't care less if there are cheaters in the game, but it's the players which put huge pressure on the game companies to detect and ban cheaters.

The jump from this to "requiring TPM" is quite a long one.

Hell, blatant cheaters literally stream themselves cheating and their own communities do not recognize the cheating till the stream makes a mistake and selects the wrong scene. This also means that VAC methods of sending footage to random players is ineffective, as some streamers who are very obviously actually cheating do so in front of tens of thousands of people, and those people do not recognize the obvious cheating happening.

We also know game companies don’t care about cheating, as activision admitted in their lawsuit that they leave cheaters on a safe list so long as the cheaters have any semblance of an audience streaming.

That is absolutely wild, and completely characteristic of Activision.

Do you have a link that I can share with my CoD-playing friends?

Truth be told, if the exploiter-class of your game would even consider a kernel-level exploit, your game is fucked from the start. Seriously, go Google "valorant cheating tool" and your results page will get flooded with options. You cannot pretend like it's entirely the audience's fault when there are axiomatically better ways to do anticheat that developers actively ignore.

That's akin to saying that, as people want security on the street, mandatory strip search as soon as your exit your home is fair game.

Asking for a result doesn't give a blank-check for all the measures taken toward this result.

There plenty of way to mitigate cheating in game, but the game industry is focusing on the ones where they don't bear the cost and only the customer will (and this view is in part due to the model of F2P games, where banning cheater is useless as it doesn't cost them anything to create a new account).

Letting game developer having complete control and spying on the device playing the game is fine in a physical tournament were they provide the device, but it's insanity when it's the user own device in its home.

I'm not really sure I buy this. I can't really give a way that can guarantee no cheating but I know for example games like Genshin Impact run almost all the code (dmg calculation etc) server-side. Perhaps something that's an extension of Geforce Now might be the best "anti-cheat" technically speaking.

But as you are pointing out, forcing client-side intrusive anti-cheat is cheaper, thus this as nothing to do about preventing cheating, but about reducing cost.

Ideally player A shouldn't be networked player B if there is a wall between them but what happens when they're at the edge of the wall? You don't want them to pop in so you need some tolerance. But having that tolerance would also allow cheaters to see players through walls near edges. Or your game design might require you to hear sounds on the other side of the wall (footsteps, gunshots, etc.) which allows cheats to infer what what may be behind the wall better than a person would.

Yes, and you cannot prevent this except in in-person tournament.

Any output send toward the player, even a faint audio queue could be analyzed, and use to trigger an action or display an overlay to the screen, and no amount of kernel-level stuff will prevent that, as you can do this outside of the computer running the game.

You will own nothing and like it.

You can even do this calculation on community-run private server.

Now everything is matchmaking, private servers, live service and that sense of community is gone.

Small communities still exist, it's just that vacant places are now filled with strangers.

Perhaps secure boot by itself isn't enough, but I would imagine it would be a relatively large bump, when combined with a kernel-level anti-cheat. I presume such anti-cheats would e.g. disable the debugger access of game memory or otherwise debugging it, accessing the screen contents of the game or sending it artificial inputs.

What vectors remain? I guess at least finding bugs in the game, network traffic analysis, attempting MitM, capturing or even modifying actual data in the DRAM chips, using USB devices controlled by an external device that sees the game via a camera or HDMI capture.. All these can be plugged or require big efforts to make use of.

The state of game cheating has professionalized A LOT, it is extremely competitive and cheating companies produce extremely good quality tools compared to what we had 20 years ago. There is a lot of money to be made, we are at the point where you can just pay a cheap monthly subscription and you get access to actively maintained cheating tools. I know people working on the anti-cheat side, it is a really messy, highly dynamic (the bad actors are constantly adapting), complicated problem that isn't solved once and for all. We are far from the situation where just a few people are using some hacked-together software that will obviously be spotted as cheaters.

Game dev companies (at least US/European ones) have zero interest in developing or paying for kernel-level anti-cheat. That's a massive barrier of entry for the player base and they know this. It's also far from being cheap.

(Note: ignoring geopolitical factors, Chinese companies such as Tencent or Russian companies could definitely have interests in developing kernel-level anti-cheat for information gathering)

Riot has a pretty indepth blogpost about their anti-cheat systems, they've had years to mature them on some of the most demanding competitive gaming platforms ever made. Requiring players install kernel anti-cheat was very far down the list of possible solutions, but that's what it came to. It was either this or stop being free to play.

It's impossible to tell in-game if a baseball player is using steroids, yet there's a laundry list of banned substances and players who got banned for taking them because the MLB believes it gives them an unfair advantage. It's called competitive integrity.

Since it sounds like you don't play games, at least not competitively, I'll clarify that "cheating" in this case isn't the obvious stuff like "my gun does 100x damage" or "I move around at 100mph" or "I'm using custom player models with big spikes so I know everyone's location" that you would've seen on public Counter-Strike 1.6 servers in 2002. Cheating is aim assistance that nudges your cursor to compensate for spray patterns in CS, it's automatic DPs and throw breaks in Street Fighter 6 that are just at the threshold of human reaction timing, it's firing off skillshots in League of Legends with an overlay that says if it's going to kill the enemy player or not. All of this stuff is doable by a sufficiently skilled/lucky human, but not with the level of consistency you get from cheating.

This is relative to meat-space, not videogame, but we could go there and say caffeine or Adderall use is cheating, thus making anti-cheat a little more invasive…

And there another difference, you're referring to professional sport. I have no problem with invasive anti-cheat for professional gamer, even better it the gaming device is provided by tournament organization.

But we're talking about anti-cheat used for all players, akin to asking people playing catch in their garden or playing baseball for fun an the local park to take a blood sample for drug test.

> All of this stuff is doable by a sufficiently skilled/lucky human, but not with the level of consistency you get from cheating.

That's the point, there no difference for the other players between playing against a cheater and playing against a better player. Any ELO-based matchmaking will solve this, cheater will end-up playing against each-other or against very skilled player.

You could argue that they could create new account or purposely cripple their ELO ratting, but this is the exact same problem as smurfing.

> Any ELO-based matchmaking will solve this, cheater will end-up playing against each-other or against very skilled player.

Well, first, you're wrong, because cheating only makes them good at one part of the game, not every part of the game. e.g. in League of Legends, a scripting Xerath or Karthus who hits every skillshot is going to win laning phase hard. However, scripting isn't going to help if they have bad macro and end up caught out in the middle of the game, causing their team to lose. Most cheaters don't end up at the top of the ladder, they end up firmly in the upper-middle.

Secondly, you're basically saying "cheating is OK because they'll end up at the top of the ladder." You don't realize how ridiculous this sounds?

Third, ranked and competition aside, playing against someone who's cheating isn't fun, even if you end up winning because they make mistakes that their cheats can't help them with.

You don't play competitive games, that's fine, but a lot of people do and they demand more competitive integrity than casual players.

Little difference : I don't play competitive game with completes strangers on company run servers.

I've played competitively on community based server, with people being screened by other players and the community able to regulate itself (ban or unban players).

The problem space is vastly different, you don't need intrusive ring 0 anti-cheat for this.

The whole kernel-level anticheat stuff is a poor solution to a self-made problem by the developer : they wanted to be the one in charge of the game and servers, so they needed to slash human moderation need. They also wanted to create a unique pool of player and didn't want the community to split between itself and play how they want.

People don't consider playing around with your friends to be competitive. You don't get to choose who else is competing in the game or what strategies they use. This is just an area that you are clearly not familiar with.

> The whole kernel-level anticheat stuff is a poor solution to a self-made problem by the developer : they wanted to be the one in charge of the game and servers, so they needed to slash human moderation need. They also wanted to create a unique pool of player and didn't want the community to split between itself and play how they want.

This wasn't self-made by the developer, it was demanded by the players. Competitive games have almost exclusively moved to online, skill-based matchmaking with a ladder system because that's what players want.

Those technical shenanigans clearly aren't working, be ready to be disappointed if you thought that a TPM would help against cheaters. Cheaters always find a way, what those game needs is proper moderation.

Yes that does cost money but that's the only known thing that works in the long run.

It’s like saying seatbelts are useless because some people still get hurt, so instead of seatbelts we need a lot more ambulances and hospitals.

Like any complex system, games have a funnel. These technical measures reduce (but not to zero) the number of cheaters. Then moderation can be more effective operating against a smaller population with a lower percentage of abuse.

Alternatively, it's like saying poisoning your customers is a bad way to reduce complaints, because some of them survive. Matter of perspective.

Isn't this the argument used against non-kernel-level anticheat and server-side anticheat in the first place ?

On the other hand, all the games / servers I've seen which are successful against cheater have some very good moderation.

Look at Counterstrike with regular VAC based matchmaking and then with kernel level anti cheat in FACEIT. One is overrun with cheaters and one isn't. It's the same game.

But guess what is happening now that MS requires TPM for Windows? All virtualizers now have some support for TPM. The time will come.

This requirement will only hit multiplayer games where cheating and security threats are rampant.

Also, if you have a PC with secure boot enabled, there are popular Linux distributions like Ubuntu that have a signed key. Or, you can add a signing key to the firmware, depending on your hardware. And of course, most commercially available PCs will let you disable secure boot entirely.

(Most multiplayer games with anti-cheat software don’t really work on Linux anyway.)

They have shipped ARM Surfaces where alternative operating systems could not get installed, enforced with Secure Boot permanently on. Have they been through any such "antitrust ringer" in the past 10 years?

> Also, if you have a PC with secure boot enabled, there are popular Linux distributions like Ubuntu that have a signed key

Note that there's one key MS uses for Windows and one key they use for everything else. They actually advise OEMs not to install this second key by default ("Secured Core" PCs), and some vendors have followed the advice, such as Lenovo. Resulting in yet another hoop to install non-MS OSes.

Even recently, a Windows update added a number of Linux distributions to the Secure Boot blacklist, resulting in working dual boot systems being suddenly cripped. Of course, even _ancient_ MS OSes are never going to be blacklisted.

True, 3rd party not trusted by default is a "Secured-Core PC" requirement, but so is the BIOS option for enabling that trust [0]. On my "Secured-Core" ARM ThinkPad T14s it's a simple toggle option.

> Even recently, a Windows updated added a number of Linux distributions to the Secure Boot blacklist, resulting in working dual boot systems being suddenly cripped. Of course, _ancient_ MS OSes are never going to be blacklisted.

Actually they are in the process of blacklisting their currently used 2011 Windows certificate, i.e. the Microsoft cert installed on every pre-~2024 machine, also invalidating all Windows boot media not explicitly created with the new cert. It's a manually initiated process for now, with an automatic rollout coming later [1].

It'll be very interesting to watch how well that's going to work on such a massive scale. :)

[0] https://learn.microsoft.com/en-us/windows-hardware/design/de...

[1] https://support.microsoft.com/en-us/topic/kb5025885-how-to-m...

As I said, yet another increase in the number of hops for no reason.

Before you say anything else: until this you could install _signed_ Linux distributions without even knowing how to enter your computer's firmware setup. Now you can't.

The trend is obviously there. First, MS forced Linux distributions to go through arbitrary "security" hoops in order to be signed. Then, MS arbitrary altered the deal anyway. Even mjg59 ranted about this. And the only recourse MS offers to Linux distributions is to pray MS doesn't alter the deal any further.

Maybe at no point they will make it impossible on x86 PCs, but they just have to keep making it scary enough. And in the meanwhile keep advertising how WSL fits all your Linux-desktop computing needs. While at the same time claim they have nothing against opensource.

> Actually they are in the process of blacklisting their currently used 2011 Windows certificate

No, they are NOT in the process, and that is precisely what I was referring to. They have not even announced when they are going to even start doing the process. All you quoted is instructions to do it manually. So I'll believe it when I see it.

And besides, just clearing the CMOS is likely to get you a nice ancient DBX containing only some grub hashes on it, and the Windows MS signature on DB. Not so much luck for the MS UEFI CA signature, as discussed above. So "recovery" will be trivial for Windows, not so much for anyone else..

Not all. I know for a fact you could not in the RT/2.

This is despite the fact that people _do put effort_. This is how I know, for example, that some Linux workarounds for "funny" ACPI interpretations had to be also "ported" to the ARM architecture in ACPI ARM Linux because Windows is literally making the same "bugs" all over again. Except, this time, Windows hardware is in the _minority_, and there's plenty of ARM ACPI devices that do not require these workarounds...

> It was due to a bug/and or not being able to detect all manners of dual boot correctly.

Sure. It is also a bug they just applied these blacklists automatically in the first place? It is also a bug that the list of blacklisted bootloaders mostly comprises non-MS oses, despite the fact there are well-known issues in many Windows versions?

The libertarian maximalist i-can-do-what-i-want-with-my-computer ignore the many use cases where I want to trust something about someone else's computer, and trusted computing enables those use cases.

How is it great? Vanguard is extremely invasive; having kernel access, you have to relinquish your PC to this chinese-owned company at all times (whether you're playing the game or not), and just trust in their good faith.

And for what? Cheaters are more rampant than ever, now that they have moved to DMA type cheats, which can't (and never will) be detected by Vanguard.

So you give away complete control of your PC to play a game with as many cheaters as any other game. I wouldn't call that "great".

Now, the amount of DMA cheaters may still be unacceptably high, but that’s a different statement than “the same amount as”.

So, it’s not “giving up something for nothing”, it’s giving up something for something, whether that something is adequate for the trade offs required will of course be subjective.

We gave up something real. But it has not been proven whether we got anything. Maybe we got nothing, maybe we stopped a few of the laziest cheaters, but we still see tons of cheaters. The number of possible cheaters is based off the quality of the software. No amount of aftermarket software will magically improve the quality of your game in a way that 100% deters cheaters. I’m positive that their marketing claims they reduce cheaters by an order of magnitude, but I have not observed them successfully catching cheaters with these tools.

You're right, a game with no anti-cheat or a bad one will have more cheaters. But as you said, it's about the tradeoff, and that's what isn't "great". It was for a period of two years or so, since the tradeoff was "lose all control of your PC by installing a rootkit, play a game completely free of cheats", which was compelling, but now that the game isn't sterile anymore it's hardly worth it, at least for me.

I don't really buy the gaming one, in every other domain where a community of people are gathering to do a thing they enjoy together it's on the community and not the tool maker to figure out how to avoid bad behavior. If you don't wanna play with cheaters then just play with somebody else.

Relying on the community to police cheaters is not an effective strategy for online skill-based matchmaking games. There's a reason game companies spend money and effort on anti-cheat and it's not because they're ignoring cheaper alternatives.

LUKS also only protects an online system. So why are you using it?

Oh, I think I know, if you are on Windows it's bad to use BitLocker because it's made by Microsoft and it doesn't protect against malware, but if you're on Linux of course you use LUKS, it's a sensible thing to do. Got it.

To that customer, Bitlocker itself was a threat.

In my small sample size, I’ve seen that more often than lost laptops. I’ve also seen many more malware infections.

Tying encryption to the TPM, which is the default, makes it easier to lose those keys. With LUKS I choose my own password.

It’s an important implementation difference, especially if it is going to do it by default. Warning a person “you will lose all data if you don’t write this down” in big bold red text is sometimes not enough.

Does tying those keys to your MS account fix that failure method?

Yes. Bitlocker recovery keys are escrowed to the Microsoft account. I've relied on this recover data from a family member's PC when it failed and they had unknowingly opted-in to Bitlocker (a Microsoft Surface Laptop running Windows 10 S Mode).

Which then opens the door to other attack vectors, even government.

So one scenario, everyone can access the data if they get the drive. The other, the government might get Microsoft to release the encryption keys.

You are presenting a false dilemma where either Bitlocker is in use or the drive is entirely unencrypted; there are other ways to ensure data integrity in the face of physical compromise.

2. Bitlocker can totally be used without a MS account and without sending keys anywhere and without TPM... But seeing how most people fail to RTFM we're back to point 1.

I’m vulnerable to the $8 wrench attack, but enjoy knowing it is only a VISA problem if I leave it a laptop the bus.

Same with MS's recall feature.

A Windows PC is just C but not P anymore.

it's important to ask which one of the motivations will allow them to lock users down and ask for ongoing rent. one of these two will, and that's what will always drive the decision.

Amazing.

This is probably the most egregious/impactful manifestation of it, though, especially if it applies to Xbox.

Allowing piracy at that level is actively safer in the long run.

The large OEMs have contracts to pay 9 cents per license.

They'll never crack the individual enthusiast building his own PC from Newegg parts and installing a hack, but he's small potatoes.

But back in the day, there there was a fair chance your local midsize business, government, university, didn't necessarily buy from Dell or HP-- they bidded out a few hundred PCs to a local shop, which had both the motivation and technical knowledge to use the same license key on each one, and the scale where it could represent significant lost revenue.

Introducing activation was probably a significant sabotage for them. Although I'd suspect the stick on license certificate was almost as big a deal in that regard.

So yeah LTSC was never meant to be available for single desktop users at home yet it's best version of Windows available.

For a person, yes go for it they won’t bother.

For a company… we have had some annoying MS audits. So how everything has to be retail WITH the cards. I have a stack ready for our next audit if it ever happens again.

It's more of a business move, than a technical move. Microsoft has plenty of capable people, they don't need such software to be FOSS to successfully inspect it.

Another example of this: the leaked Windows source code is available straight from GitHub.

I guess the method described here does „more“ since it’s much more elaborate. Not super familiar with the different levels of win licences