|Windows 11 The Lockdown|
|Written by Mike James|
|Wednesday, 07 July 2021|
It is a surprise that Windows 11 is a thing at all, given that Microsoft promised that Windows 10 would be the last version of Windows. The idea of a continuous update has been abandoned, but why does Microsoft need Windows 11? The answer is almost certainly lockdown.
One of the trends in computing is that as time ticks on we lose more and more control over the hardware. Back in the days of the home computer revolution you bought a computer and did what you like with it. The idea that you couldn't run some software due to artificial restrictions was silly. The machine was yours to do what you like with and if you created a program you could give it away or sell it without hindrance from the company that made the hardware.
Today, of course, things are very different. Cryptography has provided methods that allow hardware to be locked down in such a way that you don't really own your computers any more. This is almost always presented to the user as "protection". The idea being that the user can only run software that has been checked and validated by a "higher power".
Many users, and not just those ignorant of tech, regard this as a good swap - freedom they rarely exercise in return for security. Many others, mostly tech savvy, regard it all as an unnecessary security ploy that is in fact all about keeping the customer penned inside a walled garden of profit.
Windows was too early to catch the crypto boat that allows this sort of lockdown. It was only later that Apple introduced us to the idea that software was exclusive to its hardware. Ever since, however, we have had the impression that Microsoft would like to follow Apple down that particular road. Repeated attempts to lock down Windows, via activation numbers and hardware finger printing, secure booting and using crypto hardware, have been watered down at the last minute due to user objections. Window 11 is another attempt to lock the OS down so that only Microsoft truly controls it.
The tech world was a little shocked to discover that Windows 11 would only run on the latest processors. This in itself will probably create mountains of tech waste as large PC users simply opt to upgrade to new hardware.
Until Windows 11 Microsoft issued guidelines on what processor was required and it was up to you to decide if a system was too slow to use. The reasons for restricting Windows 11 to 8th generation devices isn't clear, but what is clear is that a range of security hardware is needed including TPM 2.
TPM - Trusted Platform Module - has been around for a while and it is a requirement for Window 10, but it is mostly disabled in the BIOS. Even if you switch it on it has to be coupled with an 8th generation processor to satisfy Windows 11 - and Windows 11 won't work without it. TPM is basically a hardware crypto device with a burned-in identity key. It can be used to generate random numbers, look after keys, generate hash codes and encrypt data. It is already used to enforce licensing in Office 360 and Exchange. It also has an Attestation Identity key that can be used not only to prove identity, but the integrity of installed software. This could be used to lock down a Windows machine so that only valid and unmodified software was running on a verified user's machine. Clearly this has security value, but it also has commercial value if used to enforce rules for what software runs on what device.
Clearly, TPM 2 coupled with other security features has the ability to both improve security and reduce a desktop machine to the status similar to that of a carrier and vendor-locked mobile phone.
Using security to sneak in features which are of a commercial advantage is not a new game. EU digital competition chief, Margrethe Vestager, recently said that Apple must not use privacy excuses to limit competition. Easy to say, but much more difficult to spot and even more difficult to take action against.
So how will Microsoft make use of this?
The key indicator, for me, is that WIndow 11 Home edition cannot be used with a local account. You have to have a Microsoft account to use it and this locks you to Microsoft. This is a sufficient signal, for me at least, to give up on Microsoft Windows and finally move 100% of the time to Linux. For Microsoft the gain from insisting on Microsoft accounts is clear, but I wonder if it takes the dangers at all seriously. It was bad enough when the only browser you could easily use was Microsoft's, what will be made of the fact that the only sign-in authority for Windows 11 is Microsoft? Why can't I sign in with my Google account? This might be a monster that Microsoft are about to lose control of. Unless, of course, there are some U-turns in the road ahead.
or email your comment to: firstname.lastname@example.org
|Last Updated ( Wednesday, 07 July 2021 )|