Hard on the heals of the news that Windows RT can be modified to run unsigned desktop applications, we have the exploit packaged and ready to run by almost any user.
As if to underline how pointless it is to attempt to lock down a system, the difficult-to-use jailbreak method that was invented a few days ago has been packed up into an easy to use tool.
An XDA user Netham45 has released an RT Jailbreak Tool which he describes as:
"an all in one program to jailbreak Windows RT tablets using the method that the original researcher discovered earlier this week."
All you have to do is download the tool, unpack it and run the batch file it installs. A few seconds later you should have a machine that can install and run Windows desktop applications - as long as they are recompiled for ARM.
The only problem is that you have to run the batch file every time you reboot the machine, but this is easy enough to automate making the tool a more-or-less complete solution to the lockdown problem.
It is claimed that this isn't a security risk because standard Windows store apps don't have the permissions to run the exploit.
There is also a list of x86 apps that have already been ported to Windows RT:
- Bochs. x86 Emulator.
- TightVNC. VNC server and client.
- PuTTY. SSH/Rsh/telnet client.
- SciTE. Code editor
- IP Messenger. Peer-to-peer chat/file transfer
- Unikey 3.1. Vietnamese character entry tool.
- CrystalBoy. Nintendo Gameboy emulator.
You can see that there are already some useful desktop apps and more will undoubtedly follow.
If you plan to recompile an existing x86 desktop app, then all you need is a copy of Visual Studio 2012 and a few additional ARM libraries. The XDA community has already produced a C# app that converts DLLs on the Windows RT device into libraries that can be used with the compiler.
Microsoft is in a very difficult position at the moment. It could patch the operating system to stop the tool working, but the chances are it would be possible to modify and make it work again. In any case determined jailbreakers could simply roll back to the previous version of the OS. Given that the exploit resets on reboot it would even be difficult to threaten users with invalidating their machines' guarantees - how could you detect or prove that the exploit was in use other than the user confessing.
There is one sanction that Microsoft has which might prove effective. With the introduction of Visual Studio 2012, programmers have needed a developer license to create programs. So far the license has been granted automatically to anyone asking for it. However, Microsoft does have the ability to revoke a license and this could be used as a punishment for jailbreaking programmers. I doubt this would go down well in the programming community, however.
Rather than trying to make the lockdown more effective, it would be much better to allow access to the Windows RT ARM-based desktop and make the Surface and similar tablet machines much more useful. After all, it makes Windows RT into a proper Windows system which really would be an advantage over and above competing Android and iOS systems.
Somehow I don't really think Microsoft is going to budge on this one.