[Cryptography] Windows... Your choice but make it informed.

Tom Mitchell mitch at niftyegg.com
Fri Jul 31 22:11:08 EDT 2015 

On Wed, Jul 29, 2015 at 10:41 AM, Ray Dillinger <bear at sonic.net> wrote:

>
> What Microsoft is up to these days...
>
> http://thenextweb.com/microsoft/2015/07/29/wind-nos/
>


I am with you but it is more complex than just this.
That alone is troubling.

More interesting...
The answer is unfolding and not 100% clear.

There are two buckets...  corporateaccount and microsoftaccount domain
control.
A lot of companies will like this because they get to drive and
will take advantage of all the hooks you outline as places where
microsoft gets to hold keys to things.  Company IT departments might like
it a lot.   Big justification for big staff, training budgets...

If you link to a microsoft account that emailaccount can be any email
account.   Email is not diverted my win10 gmail account is still
a Gmail account... access via imap, pop in normal ways.

I was able to unwind the microsoftaccount  and get back to a local account.
That did hamper my insider status and insider patch access.  Many talking
about Win 10 are insider or have connected to MS for a win7 or win8.n
update.  That is not the only view.   I believe but cannot yet verify that
Win10 with a product key
need not connect to microsoft except for patches (not unlike the old way)

Patches are clearly managed differently and present all the good and bad
about staying
patch current.

As for backup to microsoft a fat folder of pictures will fillup the small
amount of free
cloud storage you get.  My TB file system is not going to migrate.  50GB of
random bits
might.

Security -- the security policy has been very much overhauled.  It is still
an NT kernel with that strong security design.  NT policy was near
impossible
for mortals to cope with.   This Win10 thing may prove to be a better policy
design and the forced updates should maintain it.  Time will tell.

Security was not without blunders during the insider beta program.  More
than
a few testers had to reinstall and be handy with a command line for
backups.
Backups need testing... if the security hooks break unwinding the mess
seems impossible
for a mortal and bitlocker can make it impossible.  Reinstall and reload
data will
be copied on millions of service calls.  Buy a rubber stamp... ;)

Way back in NT days I looked at that security model a bit.  It is a good
one.  On a running system
it is near impossible for a user to see enough to ask for access in a
knowledgeable
way.   Outside of the OS dissecting the policy might be possible.

So far anti virus vendors are almost on board.   The new policy might prove
a
challenge.

I will have at least three accounts:   me, me-admin-local, me-admin-ms
linked to microsoft for insider patch access.
Too many users will have just one account.

WiFi passwords... Well any troubling traffic from or to my WiFi access now
has all
my contacts as interesting parties.   A warrant to search all 100 contacts
to find one
could have trouble in court 1% and all.   I can add thousands by collecting
mailing
list contacts.   I am torn about turning it on.   News at 11:00,  the good
news is it
can be turned off.  I did.

A number of web connected learning things going on... typing, spelling...
Hmmm.

Summary:  Too new to understand yet. Too much obscurity from my desk.
There is a lock-in risk... a future EULA could be a trouble for many.





-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150731/660e2607/attachment.html>

More information about the cryptography mailing list