Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Lots of companies want Win10 (Score 1) 153

That may be true, but we have not yet discovered how to make a system that is truly, 100%, absolutely guaranteed secure. That means real world security is all about risk management: what risks can we identify, and what can we do to mitigate them?

Unless you are capable of building literally everything you need, from the most basic hardware components or the first line of code on up, at some point you will come to a decision between trusting some partner organisation and its staff to do what they say and looking elsewhere. And if you really need something big and you can't build it yourself, there are probably only so many potential partners to work with before you run out of options.

So, maybe no amount of assurances from Microsoft would reassure you, but if you're in charge of a hypothetical multi-year, multi-billion dollar R&D programme and you need a desktop OS to run your software on, who would you allow to reassure you? Apple? The Debian security team? A few hundred specialist developers you just hired to build you something from scratch on top of FreeBSD?

Comment Re:Lots of companies want Win10 (Score 1) 153

The real world doesn't work like that. Having independently audited the source code from a big provider, there isn't much difference between having your own background-checked people building it and having actionable assurances from senior executives at your supplier that their technicians with the same relevant background checks and security clearances have built it properly. At some point, there is always a level of trust in the individuals involved and a level of oversight in how the product is made and deployed, regardless of whose name appears on the payslip of those people.

Comment Re:The year after. (Score 1) 153

I'd guess they'd get told telemetry was optional but would be necessary for certain support functions/p>

I'm fairly sure that if you'd told them that, all of the banks I'm thinking of would have required either the ability to permanently disable all such telemetry code before going into service or, in some cases, a custom build of any relevant software with all such telemetry code removed.

or turn some automated functions (like software updates) into manual, downtime-required functions.

No-one in the environments I was dealing with would have been installing any sort of automated updates anyway. We're talking about the kind of place where taking anything out of service, other than special emergency procedures in some cases, typically requires a sign-off process that could last for weeks. Usually that would include significant amounts of lab evaluation before being put into production for literally any hardware or software change. It was also normal to require sufficient assurances to satisfy them that for large-scale deployments, what was later delivered in volume would be absolutely identical to what they had evaluated under lab conditions.

Obviously this is at the opposite end of the spectrum to "Just install it, I don't care". I'm just pointing out that in organisations with serious security or reliability concerns, this kind of thing does happen. I've encountered a similar abundance of caution in plenty of back office environments as well, say places like communications providers or the infrastructure used by big online retailers, but banks seemed like a good example here because they do also have large numbers of regular PCs accessible from front-office locations and running regular desktop OSes.

Comment Re:"Sales" = Win10 Licenses with 7 downgrade right (Score 1) 153

I think we're talking about different things here.

I'm talking about buying a new PC from a major vendor that comes with Windows 10 pre-installed but lets the customer replace that (legally) with Windows 7 or 8.1 post-sale. This is still allowed if the vendor offers it, but they aren't allowed to supply new machines with 7 or 8.1 preinstalled any more, only 10. I can't immediately find a reference, but I've seen reports that similar moves by Microsoft will prevent even selling new machines with those downgrade rights in a year or so.

I suspect you're talking about more general provisions under enterprise licensing agreements or some sort of developer programme. There are other schemes that Microsoft runs that let people do all kinds of things, but they aren't necessarily available to someone who just went to dell.com and bought a new XPS laptop.

Comment Re:"Sales" = Win10 Licenses with 7 downgrade right (Score 1) 153

Yep, for now there are still options to buy new PCs and run older versions of Windows (legally), though only if you're willing to jump through a few hoops at this point. There will be more serious questions when that possibility is also removed, which isn't far away now in business planning terms.

Comment Re:Ummm.. (Score 1) 153

Well, if you want Microsoft to automatically determine which update(s) are relevant for your system, obviously you're going to have to share some level of information about what you have installed already. If that counts as telemetry, then yes, of course the update tools won't be able to work properly if you disable it. I'm not sure how relevant this is for Enterprise users, though, since the odds of individual users managing the updates on their own systems in an environment running Enterprise must be pretty low to start with.

However, that kind of telemetry is a far cry from functions like search boxes or Cortana automatically and silently sending details of what you're doing back to the mothership even though everything else involved is local to your system. This is the kind of privacy problem that most people objecting to the increased telemetry in recent Windows versions are concerned about.

Comment Re:The year after. (Score 1) 153

It depends very much on context.

For example, I've been involved with sales to the IT groups at certain banks, and they have strict checklists where anything connected to or running on their systems must meet 100% of the hundreds of conditions or it's game over. Nothing with any sort of telemetry built in would be getting anywhere near those systems.

For Joe's Retail Business, if the systems involved aren't handling anything regulated/audited like credit card details, it might be a completely different story. I suspect a lot of businesses will also potentially be in violation of data protection/privacy laws or of commercial agreements like NDAs as a result of the telemetry, which is also somewhat worrying. However, in practice, those probably won't result in any substantial penalties unless either a major breach comes to light or Microsoft starts abusing its access to data it collects coincidentally, so as usual businesses will probably ignore potential leaks unless they think they'll get caught and suffer for having them.

In any case, it's more relevant that during 2017 we'll probably be looking at some larger organisations that will be running the Enterprise or Education versions starting to migrate to Win10, and those don't have the same problems with things like telemetry and forced updates as the Home and Pro editions.

Slashdot Top Deals

"If you can, help others. If you can't, at least don't hurt others." -- the Dalai Lama

Working...