Just want to thank microsoft for screwing me

So basically I cannot upgrade to windows 11, thanks to microsofts requirement for something called TPM. It's stupid, and it's dumb.

Everyone! Can you believe we made it 29 years without bullshit like this to simply use an operating system? I mean, wow!

To be honest though, I hear windows 11 is the worst operating system ever. So in that respect, microsoft did me a favor. Now, it forces me to use Linux Mint, and move away from the CEO of microsoft, I think Nutella is his last name or something like that.

Anyway, great job microsoft. You've successfully pushed away your customers since the days of DOS. I'll be glad once I'm away because then I won't have to worry about forced updates all of the time. I hear there is a ton of stuff that is just literal trash with windows 11.

I'll be sticking with Windows 10 for as long as I can, I'll probably end up using the services of 0patch for updates. Our Wi-Fi is password secured, and I run Malwarebytes Premium, Adblocker Ultimate and uBlock Origin. So I feel as if I'm already well protected.

This page is a permanent link to the reply below and its nested replies. See all post replies »

Northwest · M

Prior to TPM (Trusted Platform Module), Microsoft relied on some very unreliable methods, to make sure that all the modules that are supposed to be part of the OS, or applications running under windows (and that relied on some self-policing by app developers), are what they're supposed to be.

This made it possible for hackers, or malicious developers, to insert "fake" modules, with the same name as the modules that are supposed to be there, and then next thing you know, your data is stolen, or worse.

TPM to the rescue, which required a HW/SW integration, allowing encryption keys to be included in the OS/App modules, that can only run if the HW provides the green light. Initially, these were separate chips on the motherboard, or a PICe card. Eventually, the CPUs from AMD and Intel, provided this functionality, eliminating the need for additional circuitry.

This first appeared 20 years ago.

If you got along prior to TPM, consider yourself lucky, though there's a possibility that you don't know what you don't know.

There are plenty of reasons you may have a gripe with Microsoft, including how they bundle SW, but this is probably not one of them.

Linux and iOS both use TPM and variations thereof as well to ensure the software you're running is not lying about where it came from.

So while you think you may be protected by malware detectors, an application you're using, may actually be a fake application.

twiigss · M

@Northwest It sounds like what Google has been dealing with lately. Developers will upload a camera app or a QR code scanner app and the app is completely legitimate, so it gets by the checks and is put up on the Play Store. It's not until the app is installed and asks for permissions, like this app needs to access your contacts, but it's a solitaire app, for example.

But yeah I get what you are saying. Malicious code could be inside of a program, and when you run that program, the malicious code runs. Like from days of old you would install a file and if your computer was on, on a specific day and time, it would run special code. And unfortunately something like that WILL get by malware detectors.

I've only heard about this with phone apps, haven't really had the experience with it on computer.

Northwest · M

@twiigss

I've only heard about this with phone apps, haven't really had the experience with it on computer.

Phones are more "recent", this has been around far longer. Let's say for instance, that one of those ".dll" components, is called 046yVrnx445, and it has a length of 42,793 bytes, and it has a date of sep-12-2002.

When your Chinese OEM vendor gets it, they replace it with their own, with the same date, name and file size. When Windows requests it (Windows loads modules dynamically, in order for the memory footprint to be as small as possible), a different piece of code is loaded, one that "appears" to be work fine, but is doing no one knows what.

t's not until the app is installed and asks for permissions, like this app needs to access your contacts, but it's a solitaire app, for example.

That is a slightly different issue. The APIs allow a third party to access your data, if you let them. They have a legitimate need to use some of it, to authenticate, or act on the problem on your behalf (for instance), but they don't need all that data. Initially, developers were told to request everything, either out laziness or because some product manager said they should.

And that's how you end with Solitaire asking if it's OK to get your social security number. Originally, they didn't even ask.

Remember that it all starts with a "legitimate" reason, until it gets abused.

twiigss · M

@Northwest Yeah, that makes sense. I agree with developers requesting everything, probably out of laziness of the company. They just go right to, we need all permissions, when in reality they don't. So I'm very cautious about what I install, and what kinds of permissions are being asked for.

I only learned a couple of years ago that your phone's camera can also scan QR codes, no need for a QR scanner app. I guess unless your camera doesn't scan for those.