Windows 7 to 11 How Disappointing
I still use W7 on my PC and on my DW's PC. I'm really going to be sad when it quits working but so far with the help here I have a good system. I had to enable TLS(?) 1.2 for my email but it's in there. One of my boys is crazy about Linux so I will probably use that when the time comes. I bought W10 and W11 so I don't mind paying to stay up to speed but really, they can't compare. Dual booting 7 & 10 right now and 10 rarely gets used.
I still use W7 on my PC and on my DW's PC. I'm really going to be sad when it quits working but so far with the help here I have a good system. I had to enable TLS(?) 1.2 for my email but it's in there. One of my boys is crazy about Linux so I will probably use that when the time comes. I bought W10 and W11 so I don't mind paying to stay up to speed but really, they can't compare. Dual booting 7 & 10 right now and 10 rarely gets used.
Linux makes for a fine backup system for in the event Windows fails to boot. You don't need to use terminal to browse and check your email but learning a few simple commands helps just as it does with Windows. It is a shame that maintaining a DUAL BOOT with both Windows and Linux is almost always a continuous challenge as the two systems compete to dominate the kernel. There are programs that can assist with this but sooner or later there is always a problem, I find. For this reason (and others) many moguls recommend avoiding multi-boot systems using both Windows and Linux. I am not among them.
I too am disappointed with Windows 11 as I was hoping to make for myself a fine 7-11 dual boot Work Station. It would seem that many features are thrown for the sake of Win 11, features that would not be otherwise disturbed. Optane and IRST are among them. Permanent problematic driver issues can be generated such as Turbo Boost Technology 3.0 icons that, at best, will show as unknown devices but simply cannot be made to disappear. It can get worse.
The mandatory requirement for TPM2 is bogus and Microsoft needs to come clean with it.
The Operating System will install without TPM2 and will function but for a smattering of cosmetic altercations that are completely unnecessary. TPM is an old, antiquated bit of hardware that is notorious for generating security issues despite the fact that it was designed to make industrial and commercial system boards more secure. Hence TPM2 was developed and now TPM2 is suffering as buffer exploits and stolen security keys are become the standard byproduct of this "new and improved" version of TPM.
The Consortium (IBM, INTEL, HP, AMD, LENOVO etc.) only received Microsoft's blessing on TPM recently and it isn't hard to figure out the real reason why. Security is certainly not the main motive here. Indubitably NSA, FBI, CIA, CSIS, and the rest of the alphabet soup companies love TPM2. But don't take my word for it. Here's what WIKI has to say:
Attacks
In 2010, Christopher Tarnovsky presented an attack against TPMs at
Black Hat Briefings, where he claimed to be able to extract secrets from a single TPM. He was able to do this after 6 months of work by inserting a probe and spying on an
internal bus for the Infineon SLE 66 CL PC.[SUP]
[66][/SUP][SUP]
[67][/SUP]
In 2015, as part of the
Snowden revelations, it was revealed that in 2010 a
US CIA team claimed at an internal conference to have carried out a
differential power analysis attack against TPMs that was able to extract secrets.[SUP]
[68][/SUP][SUP]
[69][/SUP]
In 2018, a design flaw in the TPM 2.0 specification for the static root of trust for measurement (SRTM) was reported (
CVE-
2018-6622). It allows an adversary to reset and forge platform configuration registers which are designed to securely hold measurements of software that are used for bootstrapping a computer.[SUP]
[70][/SUP] Fixing it requires hardware-specific firmware patches.[SUP]
[70][/SUP] An attacker abuses power interrupts and TPM state restores to trick TPM into thinking that it is running on non-tampered components.[SUP]
[71][/SUP]
Main
Trusted Boot (tboot) distributions before November 2017 are affected by a dynamic root of trust for measurement (DRTM) attack
CVE-
2017-16837, which affects computers running on
Intel's Trusted eXecution Technology (TXT) for the boot-up routine.[SUP]
[71][/SUP]
In case of physical access, computers with TPM are vulnerable to
cold boot attacks as long as the system is on or can be booted without a passphrase from shutdown or
hibernation, which is the default setup for Windows computers with BitLocker full disk encryption.[SUP]
[72][/SUP]
In 2021, the Dolos Group showed an attack on a discrete TPM, where the TPM chip itself had some tamper resistance, but the other endpoints of its communication bus did not. They read a full-disk-encryption key as it was transmitted across the motherboard, and used it to decrypt the laptop's SSD.[SUP]
[73][/SUP]
2017 weak key generation controversy
Main article:
ROCA vulnerability
In October 2017, it was reported that a code library developed by
Infineon, which had been in widespread use in its TPMs, contained a vulnerability, known as ROCA, which generated weak
RSA key pairs that allowed private keys to be inferred from
public keys. As a result, all systems depending upon the privacy of such weak keys are vulnerable to compromise, such as identity theft or spoofing.[SUP]
[74][/SUP]
Cryptosystems that store encryption keys directly in the TPM without
blinding could be at particular risk to these types of attacks, as passwords and other factors would be meaningless if the attacks can extract encryption secrets.[SUP]
[75][/SUP]
Infineon has released firmware updates for its TPMs to manufacturers who have used them.[SUP]
[76][/SUP]
https://en.wikipedia.org/wiki/Trusted_Platform_Module#By_organizations
Learning what I've learned about TPM translates to this for me: The "trusted" part of it doesn't mean that I can trust the module. The trusted part means that I agree to trust them to mess me up and essentially own the rest of my hardware. To see Broadcom's endorsement on TPM made my heart sink. All these companies have sold out to it for one main reason: PROFITS. They all have stakes in these chips they want to sell and what better way to do it than to tell you it is for your security. . . It's a tried and tested tactic, my friend. Security sells even if it isn't secure.
At best TPM should always be optional and
never ever be a mandatory feature. That Microsoft has made it mandatory in an operating system is both disturbing and depressing. The user needs to be made aware of these hitlerian tactics and the end user community should be outraged that such things are even legal. Clearly the bottom line here is profits and not security.
.
)
