Reports from earlier in the week suggested that Windows RT had been “jailbroken” by hackers, an event I ignored because the outcome was so obvious. And, as expected, Microsoft has confirmed the hack and will simply fix it in a pending update. But why does everyone take this stuff so seriously?
The issue is that Windows RT is essentially a sealed environment, like the iPad, where users cannot install apps willy-nilly as they can on traditional Windows versions, but can instead only select trusted and tested apps, in this case from the Windows Store. While power user will bristle at this limitation, it’s arguably one of Windows RT’s biggest strengths, since it helps bolster consumer confidence in the platform.
(By the way, blogger Hal Berenson argues, incorrectly I think, that There is no ARM in Windows RT, meaning that what will eventually differentiate Windows RT from is the desktop, in that RT will shed the desktop. Windows RT may indeed lose the desktop first, but the codename for Windows RT was Windows On ARM, or WOA. And I think that if you want to look past the chipset for a differentiator between Windows 8 and RT, it’s not so much the desktop as it is the Windows Runtime apps architecture, which is what enables the security functionality at the heart of this story. Anyway.)
Functionally, the problem with Windows RT’s sealed environment is that it comes with some pretty serious limitations, at least for now. You can’t install popular desktop applications like iTunes or Photoshop, for example. And you can’t install full-featured alternative browsers, like Google Chrome, let alone any browser plug-ins, including, humorously, Microsoft’s own Silverlight.
Microsoft argued at the Windows RT introduction, back when it was still called WOA, that it could not offer a way for users to run Intel applications on ARM because the latter chipset simply wasn’t powerful enough to virtualize or emulate x86. And this is certainly true. But it hasn’t stopped hackers from trying to get traditional (x86) Windows applications running on ARM. That’s what this jailbreaking is all about: Usurping the Windows RT protections and allowing users to install any application on the OS.
They succeeded. And this cued up the weirdest, but most easily predicted tech blog posts I’ve ever seen.
My favorite, however, was the hilariousHas Microsoft Tried To Make Windows 8 Too Secure?, which appeared on the Forbes web site. The argument here, which had been hashed out by others over a year earlier, was that “the great selling point for a Windows machine is simply the vast numbers of programs out there for it. Why cut off that great competitive advantage?” Why indeed. Security? Reliability? Performance? You know, the same reasons why smart phone and tablet makers do the same thing.
Anyway, the reason I didn’t write a sensational headline like “Hackers bring Windows RT to its knees” is because this kind of thing happens all the time. Put a sealed environment out in the world, and hackers will bend it to their will. If it’s a new, supported, and important platform like Windows RT, those holes will be fixed quickly. And that’s exactly what’s happening here. So the real story is, sorry: Nothing to see here.
“The scenario outlined [by the hackers that jailbroke Windows RT] is not a security vulnerability and does not pose a threat to Windows RT users,” a Microsoft statement notes. “The mechanism described is not something the average user could, or reasonably would, leverage, as it requires local access to a system, local administration rights and a debugger in order to work. In addition, the Windows Store is the only supported method for customers to install applications for Windows RT. There are mechanisms in place to scan for security threats and help ensure apps from the Store are legitimate and can be acquired and used with confidence. We applaud the ingenuity of the folks who worked this out and the hard work they did to document it. We’ll not guarantee these approaches will be there in future releases.”
Expect a fix. End of story.