Luke Martinez <me@luke.asia> wrote:
Afaik we cant sue unless its actually happening, not based on future prepositions.
Correct - no legal action can be taken, as far as I am aware, until vendors start excluding competing operating systems with their code signing practices. As an aside, how strong is the security argument for so-called "secure" booting? Boot sector viruses come to mind, but I haven't heard any mention of those for a very long time. Based on my reading, most root exploits don't involve modifying operating system code at all, and requiring a signed operating system in memory won't address application vulnerabilities, macro viruses, etc., which seem to be the largest threats. Thus I'm not persuaded that the security argument is particularly strong, but I might be mistaken. I can think of installation scenarios such as high-security environments where assurance is needed that the code supplied is identical to the code being run, but most of us aren't in those scenarios.