Comment by blackcatsec
Comment by blackcatsec 3 days ago
The articles surrounding the insider builds gaining "ads" are from 2024--now 1.5 years ago. So whatever was implemented is in the OS at this point--particularly items that showed up in the "Beta" channel of Windows. There's nothing new or current surrounding new ad placement on Windows except some Copilot items throughout 2025, if you consider copilot an "ad" and not a useful tool similar to Notepad, or Office.
The TPM2 requirement (and kind of by extension the IOMMU requirement, which is the one itself that bit most people) has significantly more benefits than "DRM" or "planned obsolescence". For one, did you know that TPM1.2 didn't include SHA2? Would you be okay relying on SHA1 hashing in 2026 to be used for digital signing? Of course you wouldn't. If I told you today to go generate an X.509 certificate with SHA1 you're going to look at me funny. Did you know it also didn't include ECC? Also much more useful in this day and age for cryptographic speed. There are many other features I don't feel like digging into at the moment, but you get the point.
I would counter that the downstream requirement for the IOMMU (useful for Hypervisor Enforced Code Integrity), in which Windows itself is broken up into "Virtual Trust Levels" (VTL0, VTL1, and I think there are some newer ones now as well); is extremely useful for securing early parts of the platform boot.
Or did we collectively forget about the early rootkit era of Windows XP from 2005-2010 when running with legacy/MBR boot mechanisms?
Establishing a trust boundary as early as possible to force possible attackers into userspace as much as possible (where it can be more easily removed and remediated) is significantly important in modern operating system security--and this goes for any platform: MacOS, Windows, Android, iOS, or Linux.
Apple, Google, and Microsoft have some form of integrity control over their platforms along with dedicated security chips. Short of some exploits, the most common vector to get into Windows' early boot process is to steal or abuse code IHV kernel driver signing certificates; or in some cases, be maliciously issued one from Microsoft (lol, now THAT is indeed a problem, but a tough one).
This is just part of modern platform security at this point so I don't really see the issue.
In addition, TPM2 offers significantly more storage and
> Establishing a trust boundary as early as possible to force possible attackers into userspace as much as possible (where it can be more easily removed and remediated) is significantly important in modern operating system security
I notice you omitted the BSDs and with OpenBSD in particular I’d argue your point is correct for the majority school of thought but not necessarily most correct whatever that means. Correct for a certain set of priorities.
Modern OS attack surface is an insane nightmare. The concept of securing it at all is.. idk what it is. OpenBSD default install you run ps you get 12 processes. You can reason about the OS. You focus on you boundary. You don’t admit scenarios where your attacker is poking around usedland. That’s game over on these byzantine OSes we have now. Even better NetBSD where the arch is the security. The SELinux idea makes the best with what we have where you need Linux for driver whatever support. So I’m not disagreeing necessarily but adding context. As far as generating certs users are better off with piv yubikey etc for pki so it’s in their hands, literally