[kbolino]

Not all malware is ransomware.

"They" will absolutely push more locked down computers, indeed this has become the norm in many areas of computing already, like smartphones, tablets, and video game consoles. For that same regular user, though, this is irrelevant: they're never going to install a different operating system.

A computer once compromised by a bootkit is also e-waste. It can never be trusted again. Now, I think an argument can be made that Secure Boot as implemented on most PCs isn't enough to truly protect against bootkits, but that just leads us to even more aggressive ways of locking people out of fully controlling their own computers.

Ultimately, Microsoft (and any PC O/S vendor that might supplant them in the future) will be expected by enterprises, judges, legislators, average home users, etc. to take responsibility for exploitation of "their" systems. Computers connected to the Internet 24/7 cannot rely on end-user discretion alone, and the effectiveness of such discretion varies widely anyway.

[nottorp]

Responsability would mean no services open to the internet by default and not running arbitrary code from any random web site though.

What you're describing is more like security theater.

Does the TPM protect grandma from malicious javascript? :)

[kbolino]

"Services open to the Internet" is more of a 2000s problem than a modern problem. Operating systems default to being a lot less trusting of local networks today, and nearly every place you'd connect to WiFi already has a router with a "drop all unsolicited packets" policy. MITM is the big risk here, and the best way to address it is by using secure protocols (HTTPS, SSH, etc.) everywhere.

Mandatory code signing for web sites would go a long way to addressing some of the most common types of exploits we see today, and that doesn't require a TPM. I'd love to see it, but it is going to require some infrastructure and enforcement to work, and it too could become user-hostile (e.g., you can't block ads, because that would change the code).

[nottorp]

Are we philosophising?

> "Services open to the Internet" is more of a 2000s problem than a modern problem.

Then why does Windows need a firewall that's on by default, if it has no open services?

> Mandatory code signing for web sites would go a long way to addressing some of the most common types of exploits we see today

All the spam I'm filtering today has their DKIM and domain whatever and and and ... in order. I'm sure it would be the same for $random_phishing_site. They do have legit looking SSL certs don't they?

> it too could become user-hostile (e.g., you can't block ads, because that would change the code)

Or even worse, you'd need to submit your site to a review from some authority, App Store style. Pay for the signature. Pay for the review process.

Can you spell barrier to entry and speech that's restricted via financial means?

[kbolino]

Yes, the software firewall is one of the defense mechanisms of modern versions of Windows. I don't know what point you're driving at. "Regular users" don't care about any of these power-user arguments. The question is, do Secure Boot and other end-to-end trust mechanisms allow the software and hardware vendors to better ensure that people who don't know what they're doing are protected? This is the model that has been adopted or is being adopted in nearly every other consumer-facing Internet-connected device already.

The question of what's good for people who do know what they're doing is an important one but it is a bit beside the point. These security measures have a purpose and it's not just to take control away from the end user. There are some other paths that could be taken, of course, but many of them seem to be starting from the point of willful naivete about the reality of computer security today.