Windows 8 shouldn’t be used on government computers, say IT experts

Internal documents of the German Ministry of Economic Affairs perused by a reporter of news outlet Zeit Online show (via Google Translate) that IT professionals working for the government don’t consider computers running Windows 8 secure enough for government and business use.

The problem lies in Trusted Computing – a technology used to make the computer’s behavior consistent by loading the hardware with a unique encryption key inaccessible to the rest of the system, and to make the computer secure against third-party manipulation – both by attackers and users.

The latest version of the Trusted Platform Module (TPM) has, so far, found its way into smartphones, tablets and game consoles, and is now slowly but surely being included into desktops and laptops. It assures that Microsoft can choose which software can be installed on the device and which not.

One of the goals of the technology is to make the computer safer by ultimately allowing Microsoft to update the OS remotely to close security bugs for users who might forget to or don’t know how to keep their software updated. But while that might be great for private users, the German government worries about what it means for business and government computers, as well as those used for critical infrastructure.

Given the latest news about Microsoft collaborating with US intelligence agencies, the German Ministry of Economic Affairs believes that the company can ultimately be forced to allow the agency direct access to foreign computers.

Following this revelations the Federal Office for Information Security (BSI) has issued a statement saying (via Google Translate), among other things, that:

From the perspective of the BSI, the use of Windows 8 in combination with a TPM 2.0 is accompanied by a loss of control over the operating system and the hardware used. This result for the user, especially for the federal government and critical infrastructure, new risks.

In particular, on a hardware, which is operated with a TPM 2.0, with Windows 8 caused by accidental errors of the hardware or operating system manufacturer, is also the owner of the IT system error conditions that prevent further operation of the system. This can cause such an extent that in case of error in addition to the operating system and the hardware used is permanently no longer be used.

Such a situation would not be acceptable for the federal nor for other users. In addition, the newly established mechanisms can also be used for sabotage of third parties. These risks need to be addressed.

Still, they say, “the BSI warns neither the public nor the Federal German company prior to any deployment of Windows 8.”

The IT experts says that Windows 7 can be safely used until 2020 since its adhering to the older -and more limited – version of the Trusted Computing standard, but that the Windows 8 / TPM 2.0 combination should be considered unsafe for federal use.

Microsoft has, naturally, responded by denying the claims made in the documents.

“Windows has made a fundamental bet on trustworthy hardware and TPM 2.0 is a key component. Based in no small part on lessons learned in the TPM 1.2 timeframe, TPM 2.0 is designed to be on by default with no user interaction required. Since most users accept defaults, requiring the user to enable the TPM will lead to IT users being less secure by default and increase the risk that their privacy will be violated. We believe that government policies promoting this result are ill-advised,” they stated.

“It is also important to note that any user concerns about TPM 2.0 are addressable. The first concern, generally expressed as ‘lack of user control,’ is not correct as OEMs have the ability to turn off the TPM in x86 machines; thus, purchasers can purchase machines with TPMs disabled (of course, they will also be unable to utilize the security features enabled by the technology). The second concern, generally expressed as ‘lack of user control over choice of operating system,’ is also incorrect. In fact, Windows has been designed so that users can clear/reset the TPM for ownership by another OS of they wish. Many TPM functions can also be used by multiple OSes (including Linux) concurrently.”