[autoexec]

Eventually they can just re-enable it as part of an "important update". They can even stop you from being able to disable it entirely. If you're using Windows, it's not really your computer. At least you aren't the administrator of that device. Microsoft can access any file, install any software, change any setting, or remove any access at any time for any reason with no notice or indication to you that it happened. They can even shutdown your computer. Any device which works like that is not one that's under your control.

Every internet connected windows computer is insecure by design and cannot be trusted to protect your privacy or security.

[wilsonnb3]

> Microsoft can access any file, install any software, change any setting, or remove any access at any time for any reason with no notice or indication to you that it happened. They can even just shutdown your device. Any device which works like that is not one under your control.

Having this power is inherent in making the OS. Whoever is the vendor of your particular Linux distribution has the same powers, it is just that you trust them not to use them (or, in a very small theoretical minority of cases, you’ve audited the code and binaries yourself).

So yes, you shouldn’t use an OS from a vendor you don’t trust, I agree completely.

I don’t understand why people are acting like this is earth shattering news though, this has always been the case since people started using software they didn’t write themselves.

[autoexec]

> Having this power is inherent in making the OS.

No, it really isn't. For decades I owned computers with operating systems which didn't have that capability. Once installed and configured, the OS was consistent and (reasonably) stable. Someone would literally have to break into my house or office to modify my settings or install software against my wishes.

Even after I started connecting my devices to the internet the OS itself had no ability to do these things and couldn't gain that ability unless I explicitly chose to install updates that enabled that behavior. That's entirely different from the situation today where MS forces updates and restarts, installs unwanted software on our computers, and has files and folders that we (even using administrator accounts) don't have access to.

Linux too is very different. Linux is transparent about what it does, adds, or changes. You have the power to choose which updates to apply or not. You have the power to modify any part of your OS so that it does what you want. I can't speak to all distros out there, but I've never seen a linux system force a restart in the middle of the day, or reinstall applications users removed without notice. Can't say the same for Windows. Unlike Windows, linux typically respects its users and their wishes.

You really don't have to write your own software in order to have software that respects you and leaves you in control of your own devices. It's kind of crazy that you'd think there could be no other way.

[wilsonnb3]

> I can't speak to all distros out there, but I've never seen a linux system force a restart in the middle of the day.

My point is that there isn’t a technical reason that prevents Linus distros, or any other OS, from restarting your computer whenever it feels like it.

By definition the OS has control of the hardware and software and thus whoever writes the OS inherits that control.

I completely agree that there are good reasons to not trust Microsoft and people who don’t should not be using Windows.

I just dislike the framing of this issue as a recent development rather than an inherent problem of running software you didn’t write.

[autoexec]

> My point is that there isn’t a technical reason that prevents Linus distros, or any other OS, from restarting your computer whenever it feels like it.

Go install MS-DOS 6.22 on a computer. You can leave that system up and wait your whole life and you'll never see it suddenly restart your computer without asking. The technical reason why it can't is because there is no code in that OS designed to check for and accept an order from someone at Microsoft to restart your machine without asking. It doesn't exist. You could choose to find or write and then install new software that gives that OS the capability to do it, but that capability just isn't there otherwise.

There's no rule that an OS has to include code to violate the rights and will of the people who install it on their devices. That's a choice that MS made. Far too many people have accepted that behavior from them so they keep pushing and pushing with new and increasingly user-hostile code and behavior but none of that is inevitable or unavoidable. That is what's a very recent development. For a very very long time no operating system would have dared to violate their users that way. None of them did.

Yes, at a certain level you have to be able to place some level your trust in your OS. Especially one with internet access. MS has shown themselves to be entirely untrustworthy, but they could still change all of that. They could strip out every line of code that allows them to remotely access your system without your explicit permission. They could be 100% transparent about what their updates will do to your computer if they are installed and they could give you the ability to not install any update you didn't like and revert to any previous state. They could give you full access to every file and directory and process and give you the ability to control every aspect of their OS. They could vow to never modify a setting after you've changed it. They just choose not to do those things, because they don't care about you or your privacy or your wishes, or your rights. As long as people continue to use windows, Microsoft stands to make a lot of money by ignoring those things.

[ryandrake]

Right. There is no technical reason why the OS vendor couldn’t attack you in the past, but software industry norms have changed over the years. What has changed is trust.

Today, you have to consider commercial OS vendors (and third party application developers) to be remote attackers in your threat model. More and more, they write their software to serve themselves rather than their users, and to make computers do what they want them to do, not what the users want them to do. This was not the case decades ago, even if the technical ability was there all along.

[autoexec]

> More and more, they write their software to serve themselves rather than their users

Well said! I really miss when our products served us but I can't think of a recent purchase of anything internet capable that wasn't designed to work for someone else (and against me no less). I don't see "never own an internet capable product again" as a viable option here, and I'm not sure what else we can do to protest this besides push for government intervention. In the meantime, I try to firewall off whatever I can.

[smaudet]

> My point is that there isn’t a technical reason that prevents Linus distros, or any other OS, from restarting your computer whenever it feels like it.

Wrong, the point of the operating system is to manage local state, hardware, etc.

The point of viruses, malware, and spyware is to exfiltrate data and control from a set of systems. This is getting to the point where Windows itself is a worse virus than just downloading the random shady program from the internet, with all anti-virus turned off...

And the technical distinction? You can turn off everything in linux, you can make it so the computer cannot update itself. The Operating System is unable to change itself in this configuration, the only way around this is for you to choose to update it.

This cannot be done with Windows, not without resorting to technical tricks that look at lot like what malware and viruses have to do. This a is pretty, and important technical distinction:

Operating Systems don't have built-in backdoors that you cannot turn off by design.

Malware and botnets, have built-in backdoors that you cannot turn off by design.

[wilsonnb3]

> Wrong, the point of the operating system is to manage local state, hardware, etc.

Yes, and to manage local state and hardware it needs to be able to control the hardware and other software.

You can build an OS that doesn’t take advantage of those capabilities but you can’t build an OS that doesn’t have them. Hence why the key is trusting your OS vendor.

> And the technical distinction? You can turn off everything in linux, you can make it so the computer cannot update itself. The Operating System is unable to change itself in this configuration, the only way around this is for you to choose to update it.

Sure you can do all that but what you can’t do is make it so your Linux based OS can’t control your hardware and software. At the end of the day, the key is still trust, either in your vendor or in your own audit.

You have presented a great many reasons why Linux is more trustworthy than Windows to many people but you cannot get around the problem of having to trust someone.

[smaudet]

> but you cannot get around the problem of having to trust someone.

You still don't get it...

At the end of the day, I don't have to trust anyone with an OS that I fully control, with hardware that I fully control, because I can verify every bit of hardware, every bit of software, even stop the kernel from doing things if I want to (yes its possible, technically).

Sure, I can place some temporary trust in some components, but it doesn't matter really, because I can always swap/disable/remove audit/reaudit any component. You can choose to trust, as much or as little as you want. I don't have to use the kernel at all if I don't want to, I could swap in another one and still be good to go (more or less).

This is different from the case here, where by default, not of my choosing, actively and persistently nearly every aspect of a Windows computer is obfuscated, un-auditable, actively and without consent doing things that are not operating system things but spyware, bloatware, crapware, or just straight up malware. You can wave your hands around as much as you like waffling about "trusting someone" but there is a big big difference between someone acting reasonably, and choosing to allow them into your home, and "trusting" someone with a knife to your back not to shiv you.

One is reasonable, a choice, and low risk, the other is clearly none of those things. You don't have to "trust" low risk situations, they are just low risk, no trust involved.

[Terr_]

There's still a big difference between "a surreptitious hack is technically possible with future development and getting you to accept a bad patch" versus "the company is actively using sketchy powers and trying to make them constant and socially normalized."

In one case, someone discovering sketchy secret backdoor code causes a huge flap and damage to the company's brand and stock price etc.

In the other, some corporate drone bafflegabs about it enabling superior customer satisfaction synergies, while pointing to a tiny clause in an enormous contract of adhesion to claim everybody knowingly agreed to it.

[gryn]

I don't think msft will give you the code for windows to review it if you ask nicely, unlike linux where it's already available.

if you're paranoid about the distribution of your pre-built distro you can compile everything by hand and some do that for fun.

so putting them on the same pedestal is weird mind gymnastics.

[wilsonnb3]

Yes, if you compile your own binaries, audit the source code, and for good measure audit your compiler and the system you are using to compile it, then there is a meaningful difference*.

Since 99% of users don’t actually do any of that, then in practice there isn’t actually a difference.

* I am aware that there are shades of grey between the scenario I describe and proprietary software - I am just being hyperbolic for rhetorical reasons.

[autoexec]

> Since 99% of users don’t actually do any of that, then in practice there isn’t actually a difference.

I understand the hyperbole, but in practice we have strong evidence that MS is willing to intentionally use their OS against you, while we don't for your typical linux OS. That really means a lot.

When linux distros disrespect their users even a little (see for example https://www.pcworld.com/article/436097/ubuntus-unity-8-deskt...) users really don't put up with it and they can switch to another distro with very very little effort/change and even have the ability to modify the source and fork the OS. That helps to keep people a little more honest.

The backdoored compiler problem is a bit harder. We can write our own, but it's turtles all the way down. Increasingly we also have to put a lot of trust in our hardware. There are only a small number of companies making CPUs and wireless chips. I imagine they're under enormous pressure from governments to compromise the privacy and security of the people using that hardware and we have less trust in our own devices the more we have "trusted computing" forced on us.

[throwaway22032]

Trust is earned.

Your partner always has the capability to screw you over, cheat on you, embezzle from the shared account, whatever.

Linux is like a nerdy guy who stays at home, plays with Warhammer figures and cooks you dinner.

Windows is an OnlyFans model who goes on vacations for weeks at a time and ignores your calls.

[pcdoodle]

Yes. This is why they renamed "My Computer" to "This PC".

It's finally here. It's been fun, I love windows but this is the end IMO.

[autoexec]

I know how you feel. I was a fan of DOS, Win89SE, Windows 2000 Pro, and Windows 7 Pro (until 7's updates started including Win10's invasive telemetry). The good news is that alternatives are better than ever and the few windows applications I still use can run using wine (or worst case a VM)

[rgrmrts]

Yeah this is my problem with windows. I’ll delete or disable things that were added to my machine only to have windows update restart my computer and those things show up again. I’m using a legit copy of Windows 11 Pro and it’s absurd that I’ve had to delete or disable random shit like social media apps multiple times.