- Last Active
GeorgeBMac said:OutdoorAppDeveloper said:I did some research into the TPM issue. None of my Windows PCs have TPM enabled. The reason is that I like to boot Windows on an external SSD to test beta versions of the OS but in order to do that you have to change the firmware to boot using legacy mode rather than UFEI. You have to enable UFEI to enable TPM. If you do enable UFEI the firmware warns that you will probably have to reinstall Windows.
My conclusion is that a large number of users may have TPM disabled in their firmware for various reasons and enabling it may require them to reinstall Windows. That's a significant hurdle for most people. If they can do it themselves, they should expect to spend a weekend to get their system up and running again. If they can't they should expect to pay a lot of money to someone to do it for them and lose access to their system and quite possibly risk their personal data getting lost or stolen.
The work around presented here may not last forever. Microsoft seems to be motivated to close security holes like this one.
There is a very real possibility that users may avoid upgrading to Windows 11. This in turn may cause developers to not support the new version if there are not enough users who have upgraded to it. If users that have migrated find that their software won't run on the new version they could downgrade back to Windows 10. Microsoft could be forced to continue to support for Windows 10 in parallel with Windows 11. Imagine how big of a mess that would be.Excellent analysis....I found it interesting that on Microsoft's Windows 11 page they suggested buying a new PC! I though that was odd for a software company.There will, of course, be people out there who will justify getting a new PC in order to run WIndows 11. I say "Go for it!". That'll just leave more used PCs out there for me. Will they be as secure as a new PC running Windows 11? Probably not. But I use other methods to gain security: mostly I use different PCs for general use versus secure stuff like financials. My financial PC is locked down and only visits a limited number of secure sites. It's not bullet proof - but then nothing is.
nadriel said:Yes, free up sideloading. This won’t kill App Store nor create some kind of plague of “cool” apps to be sideloaded that are actually Trojan horse, malware or whatever.. for example this would open up open source apps, it does cost to put apps on App Store you know? And finally I’m really skeptical of any success of outside stores.
Answer how to do this? Just keep sandboxing stuff in and make it even safer, make toggles in the settings that shout at you that do this at your own peril and separate toggle to allow running per executable. It’s not as if App Store itself is curated well enough not to have malicious crap in there.
Opening sideloading wouldn’t open some Pandora’s box like some think. And finally, I want iOS better (for me and I think I’m not alone, optional is not forcing others to do it) and just saying I should just pick Android if I’m not happy with something with iOS/macOS/watchOS in general is just lazy and unimaginative. They’re not perfect nor are any of Apples hardware.
Security is always a trade-off. ALWAYS. Make things too hard for your users and they will find a way to bypass what you have put in place to safeguard them because you've accidentally made it too difficult to do what they want/need to do. Make it too easy and bad actors will bypass it.
Apple's approach is working pretty well, all things considered. Frankly, if you're interested enough to install whatever software you want on your iPhone, you're interested enough to set up a developer account, grab an IPA file and re-sign it so that you can install it on your device. Not convenient? Too bad, you're trading the convenience Apple already gives you for the freedom to do what you want - decide which is more important to you. No action is free from unintended consequences.
OutdoorAppDeveloper said:Hold on a sec. Many people have side loaded apps on several platforms without anything bad happening. I side loaded apps on the Oculus Quest. It was a great way to try technology, such as wireless VR, that was not yet ready for most users. Mr. Neuenschwander's arguments are ingenuine. First, there is no actual protection from scam apps on the iOS App Store. There is only the perception of safety. Scam apps keep making their way through the app review process no matter what Apple claims. Second, there is little evidence of users getting scammed by side loaded apps. The truth is that the kind of user that would choose to side load an app is the same type that would be careful and only download them from reputable sites having read reviews from other users. Apple could allow side loaded apps if it fire walled them from the rest of iOS. Give them their own file system and network access but do not allow them to share data with App Store apps.
I have far more faith in Apple's analysis of the outcomes than I do in any individual commentator: Apple have data from hundreds of millions of devices, collected over years. And the risk of a significant proportion of those devices being compromised by the requested functionality has to be proven to be exceedingly small before it's worth experimenting with (small risk multiplied by large possible impact = big risk).