Microsoft has blamed an unlikely target for Surface devices not having Thunderbolt ports or removable RAM: security.
According to WalkingCat on Twitter, a Surface engineering webinar says that security is the main reason for both features being missing from Surface tablets and laptops.
The engineer says that removable RAM poses a threat since an individual could freeze it with liquid nitrogen, remove it and then put it in a memory reader and access all the contents that were stored in memory. Similarly, because Thunderbolt is “a direct memory access port,” Microsoft does not include it over concerns someone could use a memory stick plugged into the port to gain direct access to the device’s memory, bypassing the OS and security.
The Verge was able to verify the authenticity of the leaked presentation, as well as the fact that the person narrating it is a 10+ year Microsoft veteran. Even so, as The Verge point out, it’s still surprising to hear Microsoft blaming security as the reason for not including Thunderbolt, especially since virtually every other major manufacturer deems it safe enough to include in their business-oriented machines.
A long-standing rule of computer security is that once physical access has been achieved, all bets are off. Most computer security focuses on keeping bad actors from gaining remote access. In contrast, once a device physically falls into a bad actor’s hands, aside from full-disk encryption, there’s virtually nothing to prevent them from eventually gaining access to what’s on the disk. As a result, Microsoft’s reason seems like a pointless, and possibly self-serving, justification.