Slashdot Mirror
Windows Security GM Talks NGSCB (Palladium)
An article at IT Manager's Journal (along with Slashdot, part of OSDN) reports on John Manferdelli's recent talk at Stanford on what Microsoft is calling for now its "Next Generation Secure Computing Base," or NGSCB (formerly Palladium). Manferdelli is the general manager for Windows security at Microsoft, and his presentation was mostly about the technical, not ethical or other considerations involved in this system. His position is understandably different from those of privacy and free software advocates who assert that Microsoft's elaborate security is designed to lock users into Microsoft software at the expense of privacy and choice.
A great victory for consumers everywhere.
Rumour has it, he only works one day a week :o)
Avantslash - View Slashdot cleanly on your mobile phone.
Manferdelli is the general manager for Windows security at Microsoft
The title is also called 'The guy who sits round doing nothing' at Microsoft HQ.
When anger rises, think of the consequences.
Confucius (551 BC - 479 BC)
So I guess slashdot has gotten to the point where they don't even bother linking to an article since no one actually visits the sites anyway.
All your BIOS are belong to us.
Fix the link
The link above appears to be to /.
Here is the article on the IT Manager's Journal site.
"It is dark. You are likely to be eaten by a grue." -- Zork
Next Generation Secure Computing Base.
Microsoft is equiping all its people and MCSEs with early version of this stuff along with glossy brochures to hand out to the dumb suits that sign the checks. They won't sell this on technical merit, they're selling it to the PHBs. As always.
If you're forced to install this crap, break it, make sure it doesn't work. That's how we got rid of Exchange and had free software come into our company with just over 4500 people.
... when Microsoft earns the trust of the computing public then we'll trust Microsoft. Of course by then the Sun will be a red giant and humanity will be living on distant worlds.
http://www.goatse.cx.
Do you even lift?
These aren't the 'roids you're looking for.
It's the perfect article, touches Microsoft, DRM and the evil once known as Palladium! Best of all no one can read the article because it justs links back to slashdot. Everybody can shoot from the hip on this one, because once again the only link in the article wasn't even checked to see if it works. Do stories here get reviewed and selected by a seven line perl script?
NGSCB = "Now Gates Sticks Cock in your Bum"
Can anyone else reach the site?
Next Generation Sporadic Crashy Crash or NGSCC (Formerly Blue Screen of Death).
My concern with this would be what happens when you upgrade? How do they differenciate between new hardware and "surreptitiously" copying files to a different system? I remember all of the Office XP Activiation nightmares, and I can't help but think this will turn into a complete fiasco, too.
>>Fix the link
Perhaps it's working as designed -- in which case you're only permitted access to this information if you have a Trusted Computing(tm) BIOS+OS. Otherwise, you get nothing.
Isn't this essentially what the Trusted Computing alliance is promoting; control over information?
Lecture on "Trusted Computing"
I hate to break it to you, RIAA, but the problem isn't people re-distributing DRM music from iTMS, Napster 2.0, etc.
Do you even lift?
These aren't the 'roids you're looking for.
Don't be so lazy. The link to the article takes maybe 3 seconds with a google search, less if you use the toolbar. Cripes, if I wanted to google shrikle I'd use the word "dipshit."
Surely that'd be the job of one William Gates?
The problem with the link seems to be that they put an extra quote in the href tag, like:
<A HREF=""http://itmanagaerworld..."> ... </a>
Apparently <A HREF=""> just points the link to the page it's on. I didn't know that until just now.
This post cannot be rebroadcast without the express written constent of Major League Baseball.
For those who don't understand what "Trusted" Computing, DRM, NGSCB and friends are all about, but do want to be awakened to reality - here's a red pill.
-
Things the /. editors did right;
1. Disclaimer that both sites are owned by the same company.
2. No obvious grammer/spelling problems.
3. Not a dupe.
Keep up the good work!
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
Ok, repeat after me...
Every attempt to lock down ID's, every attempt at DRM, every attempt at hardware ID (remeber Intel's great Proc Id idea?) has failed.
Not only has it failed, but the backlash they have caused has made the problem they were to solve worse. True, this is a real threat to peace, love and freedom, but in the end, the consumer decides, and while the unwashed are unwashed, if you piss them off enough, they will find something else, and the tend to find it with a speed that is previsouly to be unthought of (remember Napster?).
Does that preclude us fighting these type of initiatives? No, but at the same time announcing the End Of The World is a bit rash...
What's Next - Scheduled Meetings
Thursdays 2600 GMT
Windows Security GM Talks NGSCB (Palladium)
Was I the only one who initially read GM as Game Master?
If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
First of all, this whole Palladium thing sounds pretty scary in terms of computer use and what kind of control a user has on a system.
... it's an industry problem," Manferdelli said. "Microsoft is hit harder simply because we have more systems out in the world."
Anyway...my point...
"All operating systems sustain these same attacks
I have to totally agree with Manferdelli. You hear about Windows problems because that's what people use. Heck, as far as the media is concerned (mainstream, anyway) Windows is the only system of choice out there. Other systems do have bugs. It happens. However, when Windows has a bug, everybody knows about it because it affects just about everybody.
if the article is accurate, MS says the trusted computing feature can be optionally enabled/disabled. glad to hear this. what is more relevant is whether the user will have the option to run certain applications in untrusted mode. i fear that software makers will bind users hands.
smd4985
Say anything else, but sealed storage is a simple concept, we control what can be saved. What we need to be concerned with is how they secure it. If sealed storage is at the hardware level, then the "sealed PC" MS has been seeking for years will be a reality.
How can you install Linux, BSD or WinXP if the device itself requires the OS to authenticate? You can't. Sure you may be able to crack a work around, but what company will run software that is in place via crack?
This brings up the next issue, what happens when you replace your box? We have heard of all the fun people have had with XP licensing and system upgrades. Do you get to keep all those MP3s or do they not belong to the box. If you can authenticate on a second box, then you really don't have a secure system using the box.
While MS likes to dismiss these as "we are working on it" they will again be in a position to dictate their use. By the time grandma learns all here files are now secure and she must pay to move them to her new box, it will be too late. This idea that we can somehow wait for MS to figure out a solution in secret that we can all live with is crazed.
If we are going to take a secure machine approach it will need to be a standardized one, open for all to use. I don't think we will see MS jumping to support that concept.
With the current rate of reinstall on windows (about once a year), what happens if you need to reinstall the OS?
.NET which allows you to change security permissions with a little bit of undocumented code?
Do you lose all your encrypted files since you can no longer access them due to different user IDs or something similar?
How much of a pain will it be to transfer a document between two computers (e.g. laptop and PC ). Will I have to grant myself permissions on 3 (or more separate computers?
What about buffer overflows in trusted/signed applications? Will this suddenly become not possible?
What about the "secret security API". Is this similar to the one in
Too many unanswered questions to "TRUST" MS.
Granted all systems of non trivial size have bugs, but it would seem that microsoft in integrating so many of its products together have left themselves vunrable for many chain reactions. So each bug in windows can have a much more severe effect than an equivelent one in a different enviorment.
Well.. maybe. Or Maybe not. But Definitely not sort of.
It is optional.
MS is not forcing you to read the DRMed word document you've just received.
MS is not forcing you to use the only music players that drive your soundcard properly.
MS is not forcing you to read your emails after you accidentaly clicked on the nice friendly 'make my emails private' button.
If anyone else forces you to do any of these things, that's not Microsoft's problem. This is really clever. They're creating a situation in which there's a strong ecenomic incentive for people like the MPAA to write monopoly software that only runs on Windows, but if MS don't do it and don't have any relationship with the people who do it, have they leveraged a monopoly?
(IANAL)
In soviet russia stale jokes recycle you!
Why does everyone think it is "somebody set us up the bomb"??? Is it because that would make sense in modern day slang? The whole humor in it was how it did NOT make sense.
Jeez.
Microsoft sells an OS vulnerable to buffer overflow exploits.
The obvious solution for secure computing -- better quality control on their code.
The Microsoft solution -- anything but better quality control. Limit the user's control of the machine. Enact a code-signing scheme. But, whatever you do, don't make us audit millions of lines of our own code.
Save the whales. Feed the hungry. Free the mallocs.
If this really did take off then the option to run in "untrusted" mode would probably be worthless since everything else you needed to connect to or use would probably not accept you unless you were in "trusted" mode.
So you'd have the option to use your computer with the feature disabled provided all you wanted to do was stare at the screen and not actually do anything.
It might not start off like this immediatley but it'd be the thin end of the wedge. MS and others probably realise that people will not immediatley leap at the idea of having their computer use subject to outside control so what I'd expect them to do is think of a lot of cool things users would really like to use which are only available once they activate the palladium device to get them used to doing it. Then once this was the widespread normal mode of operating we'd all be f@cked and they can do what they like.
Isn't it more like "you MUST 'trust' us or you cannot access the internet"? That's the eventual goal, anyway.
Alphanos
The bottom line: Do you trust Microsoft? That's ultimately what this is all about.
I don't understand what it is about these technologies and their evangelists that makes it so easy for them to wooll over listeners and analysts eyes. I mean, the author of the article quotes Stallman's and Sulzberger's comments, but they seem to go in one ear and out the rest.
This isn't about whether one trusts Microsoft. People who dislike Palladium and TC are not tinfoil hatters who think that once it is deployed Microsoft will use it to take over the world, or whatever. The bottom line is exactly what Sulzberger says: How much control should users have over their own systems.
Microsoft's representative covers this up in invented technical terms, and talks about "security" and "trust" because those words sound good to the uninitiated, but that is just a smokescreen for the true neature (not a lie - they are upfront about what the system includes, they just spin it so people Chris Preimesberger will miss the point).
The point is this: every piece of "security" and "trust" that can be gained from Palladium is gained by palladium taking away from the user control of his own computer. Once that control is removed, ISPs can "secure" and "trust" that the user has his system configured as they mandate (see the Cisco router story). Microsoft can "secure" and "trust" that their software is licensed and registered. The record companies can "secure" and "trust" that their songs cannot be copied, ALL BECAUSE ULTIMATELY THE COMPUTER, NOT THE USER, IS IN CONTROL!
The question he asked "Does Microsoft have a back door" is stupid. Nobody serious believes that Palladium contains a backdoor so that MS can take over the computer. They believe the point with Palladium's design is that software can be installed with restrictions that the user cannot circumvent, and that people will be forced into installing such software, hostile to themselves, on their own PCs, in order to exchange data and connect to the Internet.
The reported responses from the MS representative give us absolutely no reason to answer "no" to either of Sulzberger's questions, even though the article claims so. In fact, when MS say things like, "We are building a scalable, distributed credential-based security model here," and list features of "attestations with authenticated code that is affiliated with only that particular process" - that is exactly what Sulzberger and Stallman are talking about. The Palladium computer will attest - BEYOND THE USERS CONTROL - whether the computer is running software that is "trusted" by the counterpart and hostile to the user, exactly so that the counterpart can mandate the use of such software (read DRM).
The fact that Microsoft tell us that the code will be open for review gives absolutely no confort. It is not the code, but the very concept of Palladium that is frightening beyond belief. Apparently Microsoft have nothing to fear regarding being open about it, as for some reason so many people cannot seem the grasp the point that Stallman, Sulzberger, and myself scream into the void!
I'm getting the message
"Citizen 6767323#2 you do not have sufficient security clearance to access this page, your local Police have been automatically informed of this infraction. Have a nice day"So I don't think it's Slashdotted.
Manferdelli is the general manager for Windows security at Microsoft, and his presentation was mostly about the technical, not ethical or other considerations involved in this system. His position is understandably different from those of privacy and free software advocates who assert that Microsoft's elaborate security is designed to lock users into Microsoft software at the expense of privacy and choice.
This is a classic example of a propaganda technique. An organization with an goal that is unpopular casts a spokesman as an authority on that goal, but only on a narrowly defined scope. This serves to limit the terms of the debate, as well as to get people to accept tenets of the organizations goals.
In this case, Manferdelli is only an expert on the technical aspects of secure computing. The concept of secure computing is something that a lot of people opposed to Palladium actually accept. It's possible to win converts or at least marshall good PR by getting people to "agree" with Microsoft's technical goals, even when they disagree with the larger implementation and motivation.
This technique is common in totalitarian countries. For example, you may be opposed to Nazi eugenics, but Dr. X, who is only an expert on the medical problems associated with poor breeding, can quickly have you agreeing that birth defects and disease are bad. Once you're that far, why, the overall issues and conclusions of eugenics are much more reasonable and less objectionable.
Overall, this technique works great, and you might even find it in use in your place of work. You limit the scope of debate, removing the things that people really object to, and then get them to agree to things "on their own merits", which makes the overall plan more palatable.
"Trusted Computing"
The term is pure genius, it implies security/safety but doesn't address who is protected from what.
In fact the whole thing seems to be founded on the dubious premise that information (programs/data) can be transferred without transferring complete freedom as to it's use (physically if not legally).
This is patently nonsense.
A case in point is the remarkable lack of electronic money on the planet (like Mondex).
Banks/governments do not trust that real but virtual "cash" can be transacted and stored safely and securely from device A to device B without fear of fraud or loss.
And if you can't do it "safely" with an electronic representation of $0.42 then how can you do it with programs or office documents?
Don't forget that a system is being invented that RELIES on the decryption keys being in the hands of the enemy (that's us by the way) but just too hard to get at.
People have found ways to pull decryption keys directly off the data bus and even out of embedded processors. I see no reason why human ingenuity is supposed to freeze at the point this technology is released, especially if there is a financial incentive to do so.
DRM is never going be as extreme as FAQ says, consumers won't take it. Look at DIVX. And it also won't work. I remember when disney would only release movies on DIVX and said they would not release movies DVDs. Look what happened. Consumer choice prevails. Only time i would start worrying is when the industries start putting DRM chips into speakers and monitors, and so far i have not seen any of that happening.
Have you ever been to a turkish prison?
The problem with this article is that Sultzberger, the "token freedom fighter" in the discussion, asked two essentially moot questions. Firstly, from most users' standpoints, they haven't had "ownership of their computers" for a long time. The hardware, yes...but that's nothing more than a doorstop without the OS. In the case of Windows (and most other commercial software), the customer DOESN'T "own" it, but uses it under a revocable license from the vendor.
Secondly, the Internet since its inception has been "free" in the First-Amendment sense simply because the entities running it haven't paid much attention to the nature of the traffic. In the other sense, it's really never been "free"--someone has had to pay the freight. This essentially makes control of it open to the highest bidder.
The TCP system generates a hash based on the hardware and software configuration of each computer, right? I wonder how extensive its inspection of the hardware is, and whether it could be used to deny access to material or software rental in the future. For example, could a media player decide that your system was not up to the task of rendering a media file as the content provider intended and deny you the file? Or maybe Steam would say "your hardware configuration appears to be inadequate to provide you with a satisfying gameplay experience." I could be way off.
RaviWhen the axe came to the forest, the trees said, "Look out - the handle was once one of us."
You will not have to worry about your files when your motherboard dies, etc.
By the time Longhorn comes out Microsoft will be generously offering a ".mac+" Service where you can store all of files.
When you roast your PC, just buy a new one, and pay MS a fee to "borgify" your new PC and you can have access to your files once again.
kudos to microsoft for coming up with another business model. it wasn't enough to force vendors and users to pay for windows, and break all kinds of anti-trust laws. those damn pesky linux cd's still work. and even though they get their $50 or whatever OEM fees, it still isn't the same. now, they've got the perfect strategy, force manufacturers to make hard that can only run windows and nothing else. if you can't beat, beat them over the head. awesome. think i'm going to buy some microsoft stock.
My problem? I was perfectly gruntled, until some numbnuts came by and dissed me.
For years, it's always been the same. "Whatever we're selling, it's what you need".
I wonder if Trusted Computing could be applied to SMTP to help stop spammers. The problem with spam is the internet's email system has no accountability and, often enough, little or no SMTP authentication (some ISPs filter by IP, but there is no login).
The Slashdot community always says we need digital signing of all emails. While I trust Trusted Computing about as much as I trust John Ashcroft, it just might be a step toward stopping spam.
24 beers in a case, 24 hours in a day. Coincidence? I think not!
With more power comes more responsibility - just because they have more systems does not mean that they have the same responsibility as everyone else to ensure public safety and trust, it means they have more.
The pager is vibrating, but nobody's home - so to speak.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
TCP is a great idea in theory from a technical security point of view, with computers or systems which are only allowed to run authenticated, sanctioned programs you can easily cut out viruses, spam and all manner of other 'rogue' programs.
In practice however all this security relies on the trustworthiness of whatever government organisations, or more likley corporations are running the system.
It would be a fair bet that any website with instructions on how to defeat TCP measure would be effectivley barred from being viewed by TCP systems and from their we would likley see anything which was not approved of by our guardian corporations also disappearing from sight.
Given the general behaviour of most large companies in pursuit of their only goal in life ( to make money for shareholders ) and governments ( let's all start some wars and look for 'terrorists' ) it would seem like an incrediably stupid idea to give them control over what is probably the greatest medium for mass communication ever invented.
It seems like Microsoft is all about emphasing the technical benefits ( to themselves ) and is totally ignoring the social implications.
RTFA mods, parent post is not offtopic and actually is funny... mod +1: funny, or I'll send you to a Microsoft pound-me-in-the-ass prison!
As I read through the articles on MSFT and thier plans for "trusted computing," I keep wondering why does MSFT feel that they are the only ones capable of providing this functionality. It just seems that MSFT feels that they are the "golden boys" when it comes to writing secure / safe software. Take for example the early days of IE and the whole activeX thing. It seemed like the only thing that would prevent a control from monopolizing your system would be a certificate. Most of the controls I ever bothered to look at where either self-signed, or so obscure that you couldn't guess where the code was coming from.
The worst company seemed to be MSFT itself, it seems that there certificates are self recursive. Signed by, Issued by, Authenticated by MSFT. My question is, is that enough to be called "trusted computing"? Haven't the MSFT certificates been "hi-jacked" before? Even if they used verisign to issue and authenticate, I still wouldn't find anything they have signed as "trustworthy", since it seems the only thing you need to gain Verisigns trust is money.
So the question becomes, who really needs the trust in TC? Is it the software houses who are looking to lock you into a specific configuration, or is the user who is looking for a truly secure (not able to be rooted in 10 secs or less) computing environment.
Personally, I believe that TC should mean a more secure environment for me to operate in, but I am not willing to give up any functionality or choice in the matter. In my mind, TC would more resemble something like the openBSD project, where the emphasis is more on code review.
--WooooHoooo--
I'll trust Microsoft with my computer security when they trust me when I say "The check is in the mail"
Does the Nexus have a back door to Microsoft or anybody else, I asked Manferdelli directly following the presentation. "No" was his simple answer.
Am I supposed to trust this answer ?
Ya, right.
3.243F6A8885A308D313
Damn -- didn't take too long for the thread to hit Nazis
If people think the whole thing with usernames/passwords for every damn web site on the net is bad, I'd say that the level of annoyance and frustration associated with this is only the tip of the iceberg. Just wait until you can't use your own computer or access your own documents because you can't be authenticated for some reason.
NGSCB = Now Gates Spews Computer Bullshit NGSCB = No Good, Sucks Cock Bigtime NGSCB = Now Get Sweeeet Commodore Bargain NGSCB = News Gets Slashdot Crazy Boys NGSCB = Now Go Screw Computer Buyers
Yes, it was successful at encouraging me to build my next PC with Linux as the only OS.
I'm on the Gentoo IRC channel a lot, getting help and giving help when I can. But when I try to bring up the pitfalls of trusted computing, all I get is a 'huh'? or "nah, it will be ok I'm sure".
It's like everyone has their heads in the sand. When the major BIOS makers are going to trusted only computing, where are we going to run our Linux?
Some people say "just buy a Mac". I'm sorry, if I could afford a Mac I would. But since I can't build a brand new Mac for $475 like I did the machine I'm using now, it's going to be a while. And the only reason I built this so cheaply is because I didn't have to pay a Microsoft tax.
I want a machine I can build myself. An OS that I build myself. When I do that, I'M THE ONE WITH CONTROL! Not MS or Dell or Gateway or Pheonix.
"Music is everybody's possession. It's only publishers who think that people own it." - John Lennon.
DRM and Trusted Computing would be a reasonable idea if it wasn't being designed and advocated by Microsoft. They do have an agenda to "get Linux" in any way they can, it would be convenient for them to say that the Trusted Computing model can't work if the code is made public.
The Grand plan of MS obiviously is that first they make current Windows boxes too dangerous to connect to the internet for normal non-techie people (all the worms, viruses, ad- and spyware etc).
Then they introduce Palladium, and any user who agrees to run only MS-signed code is safe, and any user who at least enables Palladium is safe from running non-signed code at any time (such as a virus trying to start automatically when the computer boots) without being prompted.
And it'll even work as long as they manage to keep their private signing key really private, and as long as there aren't an unpatchable hardware security hole that would allow the processor to run code that is unsigned or with invalid signature, things look good. Ok, there are still possibilities like a signed interpreter (like Visual Basic) running malicious code, unless that interpreter check that also all script code is signed.
But now if they make it all or nothing, either everything has to be signed or no signatures will be used for anything (or just make it a real confirmation dialog hell to run any unsigned code, like asking confirmation every time such software tries to write to disk etc). And then if they charge administrative fee of, say $10000 per software package for signing code. And suddenly you don't have any non-commercial software you can use if you want to enable security offered by Palladium, as I imagine most corporate customers of MS might do anyway.
I want hardware and software crypto, but I can only reasonably trust people who share the same values as I do.
If ASUS and A-BIT start putting out motherboards that only support the NGSCB BIOS (is it more than BIOS? is there hardware too?), you can bet I'll be supporting the underdog motherboard manufacturer that uses verifiable code built from open source.
save us linuxbios! What other open source BIOS projects are out there?
I don't know what all the fuss is about, the linked to "software" looked pretty "open" to me.
This so-called "security" software has little to do with security. The largest single source of data loss / theft is mis-configured systems allowing people to get into them, or allowing virii and worms to steal info from them.
The second largest source of data loss / theft is software holes (defects, bugs, or features if you are a MS marketing droid) allowing people to break into systems, using worms, virii, etc.
The third largest source of data loss / theft is people on the inside selling or giving away the info (spies of the mole sort).
As far as I know, the biggest cause of mis-configured systems is Microsoft shipping OS installs that are wide open, and difficult / complex to secure.
The same goes for MS bugs.
The third problem, moles, is not being addressed except through password protection.
wake up and hold your nose
It seems like this is all keen on locking a specific piece of content down to a specific operating system on a specific computer.
It seems to me like this would play havoc on some of our backup/restore procedures. If something happens that causes you to need to replace your entire PC (hosed motherboard or processor, or the thing's still a PII 200), it seems like you wouldn't be able to use your files any more. Your new PC (or maybe even the old PC with a new motherboard, or maybe even just FORMAT C:) will have a different installation of the operating system, which will create a new unique key which will not match the one used when your files were backed up. So even though you technically wouldn't have any trouble restoring them, you'd have a hell of a time using them again.
I don't know... maybe I just don't understand it enough... but it seems like this whole idea is a bit of us cutting off our own nose to spite our face.
But they do claim that all this is OS independent, while I'm taking *that* particular comment with a grain of salt, it's enough to dismiss the litany of m$ monopolist claims
Will we keep our right of private ownership of computers?
Will we keep our right of free use of our Net?
ehm... i think it's grotesque that someone would even think of asking these questions.
i also think that the whole 'Next Generation Secure Computing Base' thing is about who will be pimping who.
some time before we'll get the final version of longhorn stuffed down our throats, msft will probably have decided that it's in everyone's (*) interest to expand the trusted compiting base to the full operating system, and we'll be able to forget about using any software that wasn't okay'ed by msft to run on the system. (= signed code?)
maybe we'll see modchips for regular computers in the future too?
better start stroking the penguin sooner than later!
h357 - paranoia est. 1977
(*) everyone = riaa/mpaa members, msft themselves, anyone who pays premium prices to develop software using msft tool
Is that really a bad idea ?
I mean, of course, these are examples that show what very wrong stuff can be done with the technology...
However, this technology, if it could be really trusted (meaning: open source, and not proprietary), could help us against viruses, worms, etc.
For example, I don't see why a workstation in a corporate environnement should answer to the laptop of a consultant or intruder that is scanning the network; that is basic recognition of the other system as part of a domain (wheter it is a Kerberos or Windows domain).
I suggest that the open-source community does not only talk out loud and comdamne the Palladium; but we should be working on our plan to do something similar, before Microsoft, and that gets us certified by third partys.
For example, we already use SSL certificates, that are signed by Verisign or other entities, and we choose wheter or not we should trust Verisign as if the server we are trying to access is effectively whom it is supposed to be.
Well, the Palladium stuff is, at it's base, only expanding that stuff to software. Software binaries are signed and you can then verify with someone you trust that the code as been reviewed, and that this is effectively a non-modified version of the binary (read: non-infected).
Also, if the open-source community works on this kind of process, it will force Microsoft to reveal some stuff (for example, the encrypted Word documents that could not be opened by open source software), and we could bring them to court to open their encryption keys to the world, because this idea is not a "revolution", it is simply using certificates to verify everything.
Mathieu Lachaine
Let's take this apart:
do not really completely control their computer. They run a Microsoft OS...
Quite true - those who run an MS OS have very little control over what their machine does. They don't have the source, so they can't fix the bugs, and their machine is constantly prone to virus infection.
In general, it is hard to get any Microsoft system to do what you want.
Nothing new, this has been the case for quite some time...
But some folk actually have pretty good control of their computers.
Translation: some folks use Linux.
Palladium is designed to ensure the continuation of the situation for most users, and to prevent the sale and use of computers which can be controlled by the user.
Translation: Party's over folks. We're going to make it so that you can't install Linux, because we don't like it. I really can't say enough about how evil this is: they want to take control of a person's PC away from the owner?! Consider what kind of mindset would want complete control over someone else...
Some features Microsoft will introduce in the future:
This is evil, pure and simple. It's not merely designed to stop copyright infringement - this is designed to force anyone who uses a PC to pay annual or monthly subscription fees to Microsoft.
Yeah, I know. But what should we expect from a convicted felon?
I guarantee I will not buy a Palladium equipped PC. I'm serious - I'll start building my own from processor and circuit board if I have to.
The society for a thought-free internet welcomes you.
Isn't that like finding someone who's homeless and giving them the title of National Economic Advisor? Isn't it like the NTSB giving Firestone an exemplary safety award?
Windows Server 2003 is a small step in the right direction, except it's 10 years late. [by the way - I LOVE the caption on the Windows 2003 page - I initially misread it as "do less with more".
I like to tell users the reason they are paying me $xxx to repair their computer is because Microsoft was busy working on Clippy instead of fixing the mess they call "Content Zones" in IE/OE. In all fairness, if users would "just keep up to date on their patches" then this wouldn't be (as much of) an issue...
And this is Microsoft's fatal flaw: They look at computers/software completely differently than the typical user.
Microsoft: Install the OS, update drivers occasionally, Check for system security fixes daily, and upgrade when a new OS comes out.
Typical User: OK, this envelope thing with the blue recycle signs around it is what I have to click to get mail, right?
(most) People want to use computers like any other appliance: their vcr, tv, radio -- they don't want to schedule updates and check for vulnerabilities and install firewalls -- they just want it to work.
As long as Microsoft (or ANY admin, for that matter) depends on the end-user to secure their equipment, they will be sorely disappointed.
I was told that I could listen to the radio at a reasonable volume from nine to eleven...
You see, if we had trusted computing, this wouldn't be an issue!
Lovely. Now we can be subjected to another barrage of alternate meanings from people who for some strange reason think themselves witty.
Part of any marketshare and mindshare battle is PR spin. The phrase Digital Rights Management makes me feel protected and secure, while it obscures the limitations and long-term beneficiaries of such protection.
Lately, the acronym DRM makes me think Data Restriction Machine. And this phrase immediately makes me wonder: Whose data is it? Who's restricted? Is the hardware still a computer, or just an appliance?
This has already happened. About 4 years ago, my college was re-imaging a bunch of Compaq servers with Windows NT when half of them suddenly died.
Turns out, the servers were sold when Compaq still sold a version of Windows NT, at prices considerably more expensive that Microsoft. To keep people from buying the machines without an OS and installing their own, the BIOS detected the OS, and if it was not a signed, Compaq-built copy of Windows NT, it refused to load it.
Fortunately, we had a support contract with Compaq, and we were able to flash the BIOS'es of the affected machines. But this was before the DMCA - today, flashing the BIOS to install an operating system of choice would be illegal.
We stopped buying Compaq machines shortly after that...
The society for a thought-free internet welcomes you.
Microsoft's elaborate security is designed to lock users into Microsoft software at the expense of privacy and choice
I think the correct syntax is "Doing something good, at the expense of a bad side-effect"
Where as this sentence literally reads "Doing something bad, at the expense of a bad side-effect"
This comment does not represent the views or opinions of the user.
we call it .Niet
be problematic to NGSCB. I mean if VMWare is installed, and is able to isolate the OS from the hardware, it would seem a reasonable avenue for attacking any 'secure' environment created on top of an OS that supposedly bases its security/drm on the uniqueness of the platform on which it's running. One of the main selling points of VMWare is to present a uniform platform to the OS.
Question 1:
Did Microsoft create a new secure network protocol, better than any that have come before, or are they simply reusing existing ones?
Question 2:
Is it ever wise to simply accept that a given Desktop system is inherently secure and cannot be compromised and therefore should be just simply trusted?
Question 3:
When features are introduced into an OS under the heading of "improving security", should these features be trusted by the consumer when they serve a dual purpose, the second of which, DRM, will primarily enrich the OS vendor?
Question 4:
Are all OS's so fundamentally flawed that only something like this will guarantee a secure system?
Question 5:
Given that the executable code for this must be available on a user's system, will the executable code for this, ultimately, be comprimised?
The article states: "But the other part...called the 'Nexus mode' ... is entirely optional for the user, is the 'trusted computing' model..."
It sounds like the difference between a mandatory access control system and a discretionary access control system. How is this different from what MAC extensions like TrustedBSD are to FreeBSD?
Is there a blue pill?
I'm going back to sleep...
How about skynet?
-- Fratz, human
Can we get an article that is based in fact, rather than stating alarmist prophesies without any actual facts to back them up.
I attended a discussion on NGSCB yesterday in DC at a Security Summit held by msft. Most of the audience members were from government agencies, which is where I see this being applied more realistically, though I imagine it will be applied everywhere microsoft can think of.
At any rate, a few things I thought were of note (outside of the moral aspects of Palladium):
- NGSCB is included in, and will be released with Longhorn. Your hardware will have to support NGSCB (speaker referred to the intel prototype "LaGrande") to take advantage of it. Otherwise, traditional hardware upgraded to longhorn wont be able to take advantage of (darn!) of NGSCB.
- NGSCB is shipped in the preview release of longhorn (the PDC release that is), interestingly enough. I think its for developers to begin using the API's.
- NGSCB puts a serious hit on performance. I asked the speaker specifically regarding this issue, which he confirmed.
With the addition of the "nexus" (read second kernel), your essentially running two operating systems at once: the traditional windows portion, and the NGSCB portion. When you switch system context to a NGSCB program, you have to switch the entire context of the system, writing the traditional programs to disk, wiping memory, and starting fresh. Plus, with all the checks and balances put into place to make sure memory is encrypted and unaltered, your system is working very hard to be secure.
Seems like MSFT may be using this NGSCB as the Next Greatway to Sell Computers to Buyers. I could imagine msft writing their programs to require hardware support of ngscb, or else your computer would be wicked slow and unusable, and you'd be forced to upgrade anyways.
If you don't read that closely, it might look like he's talking about how viruses and worms reduce many people's control over their computer. But he's really saying that Microsoft wants to ensure that everyone doesn't really control their computer.
What's not clear? He all but says that Microsoft wants to control your computer to stop you from copying songs - and, I assume, software.
Really, I was expecting something at least a little subtle.
Human/Ranger/Zangband
Having today just dealt with the latest round of Unforeseen Consequences of data backups and restores in the forest of scripts that our Resident Geniuses {tm} made for our new Windows XP client base, I can say with great confidence that Microsoft et al are digging themselves a hole so deep that not even they can DirectX (used as a verb) themselves out again.
Humans perform technical work in various ways, and all this security blather break, breaks, and breaks those modes of behavior. Version 1.0 of whatever monstrosity they produce will be "ungodly", and further frenzied servicepacking and hotfixing will only reduce that to "horrible".
The consumer, unsuspecting as always, will have to find this out the hard way.
[You have a stable society when some nut guns down a schoolyard and the law doesn't change.]
... someone will supply it. Look at DVD players. When they first came out, they were only made by major players and strictly enforced region codes.
Soon after that, smaller companies like Apex found a niche making DVD players that can handle discs from all regions. Do the DVD Consortium companies like this? Hell no. But there's not much they can do about it.
The same thing will happen with computers if it boils down to that. As long as there's a demand, someone will step forward to make money off that demand.
Some people say "just buy a Mac". I'm sorry, if I could afford a Mac I would.
Freedom is not free.
Linux already has Palladium, NGSCB or Nexus .. or what ever they want to call it next..
..
......zzzzzz..
Think User Mode Linux (kernel within a kernel that is locked out) and read the following
NGSCB is an operating system kernel within an operating system kernel -- the larger of which will resemble the conventional Windows system. But the other part, which Manferdelli called the "Nexus mode" and said is entirely optional for the user, is the "trusted computing"
Files within the NGSCB architecture will be encrypted with secret coding specific to each PC, making them useless if stolen or surreptitiously copied.
"You can initialize a Nexus while the regular operating system is running," Manferdelli said. "Since it is isolated from the rest of the OS, you can load the Nexus into physical memory; the computer will use a cryptographic hash for authentication -- the user doesn't have to worry about that. The Nexus will open its own window on the screen, and from there, much more secure computing environment will start. You can use any application in a Nexus that you would normally use in the regular system, and it will be free of any virus or worm."
Can viruses circulate within the Nexus structure? "The characteristics of the Nexus window are similar to the parent system, so of course they can," Manferdelli said. "But the system isn't open, it's completely closed. They (viruses) have to get past a formidable security wall first, and we intend to make that extremely difficult."
You make some glib comment and three semi-bright moderators give you teh +1, funnay... (which doesn't add to increase your karma)
Then some hardasses ram you with the -1, Overrated. (Which does decrease your karma).
So, for no fault of your own, you get raked for -3 karma because of a disagreement about what's funny. Not that the idiots that alledgedly run this place give a shit about screwing legitimate posters. It's all about shitting on the trolls.
...if as he says, it's optional. I have no problem with an online music distributor requiring me to play its music files on a computer secured this way. I may choose to not do business with them, but at least it's my own choice. This is basically what DRM wants, and I don't see a problem with it.
I haven't seen this issue raised anywhere. I presume Intel will have to make some new instructions for their CPU's (and perhaps the DMA controller also) to prevent memory writes to various parts of memory.
AFAIK, the x86 has a non-writable page flag that isn't currently used by Windows but to be truely safe they will have to start using it to protect the code segment. Also, locking the instruction pointer to the code segment (no executing the heap or stack) will be necessary.
DRM, Palladium, and NGTCB (jebus, what an acronym) all scare the crapola out of me on general principle.
The very idea that anyone can tell me what I can and can't do with this rather expensive piece of hardware on my desk is.... unfathomable. I didn't think anyone had the sheer audacity to dictate what I can do with something I own (I mean hardware, not licensed software. But, even then...). This whole "protecting the people" crap facade they've got going has got to stop.
Even more, to tell me what software I can and can't run! If I'm going to pay for software that performs a task I desire, I'll be damned if I have to run it past Redmond's "are-they-giving-us-enough-money" approval department first!
To top it all off, some people in the world at large are being convinced this is a *GOOD THING*. In the vein of "I can't live without this once it's released".
Abominable, the whole concept.
I'm seeing a rather undesirable future here:
1) Microsoft introduce Palladium.
2) Political pressure (read bribery) from Microsoft and RIAA/MPAA/BSA/etc. results in the US government banning all non-TCPA computers and ways of circumventing TCPA.
3) Other governments across the world follow suit.
4) All computers in the world use TCPA and Palladium.
5) Microsoft control all computer use.
6) Microsoft then start playing off countries against one another, demanding a country surrender to Microsoft - by saying that they'll threaten their neighbours with a complete shutdown/wipe of all computers unless they invade the country.
7) Many countries start surrendering their sovereignty to Microsoft.
8) Eventually Microsoft controls enough small nations to force the superpowers to surrender, or just shuts off their computers and has it's nations invade.
9) Microsoft dominates the world, and Bill Gates become Emperor Gates.
Now, I accept that I may be looking at this the wrong way, so please feel free to point out any holes in this argument. Please.
Oops, you're right. Never mind....
Human/Ranger/Zangband
All these discussions of TC seem to emphasize how useful TC is for those with established power. Reading them, it's easy to believe that TC is as unavoidable as an approaching storm. The prose is so compelling that after reading that "red pill" I am convinced that TC will become implemented in fact and by law. How does anyone think they can stop it? Clearly this is already paved by the DMCA and it's enforcement.
What is more interesting now is to think about what IS will look like in the future. I imagine we will see a resurrection of the old dial-up BBS for awhile, home-grown isolated networks, and isolated wireless networks. At some point these things will become illegal, which will be really funny.
There is a sentence in the "red pill" article that is clearly in error:
"How do you stop someone recording a track - if necessary by putting microphones next the speakers of a TC machine, and ripping it into an MP3? The proposed solution is that protected content will contain digital watermarks..."
Perhaps the writer meant analog watermarks, which should be easy to filter out. In any case renegade players will not care about _analog_ watermarks.
I imagine an entire sub-culture or side-culture will develop of non-TC complient machines and networks. Wether it is a sub culture or a side culture depends on the legal issures. If non complient hardware is illegal, things are going to be really interesting.
The fact is that complexity and control diminish usefulness (Duh, that's the whole point, right.) But most people don't need usefulness -- they just need a couple of functions: play the song, watch the movie, surf the net. Consumers. Those who advocate TC are just talking about making exclusively consumer appliances, and about making general purpose computers illegal. This is why Mr. Fritz came _first_, Before the technology. The law is more important than the product.
Simply stated, what those TC guys ACTUALLY want to do is make the computer illegal. Period. They don't like it. Too much power in uncontrolled hands. The technical aspects do not matter at all -- who cares what devices they make, or how they are implemented. You will never stop that anyway. The real issue is with the legal aspects, and appropriate civil disobedience.
It seems impossible, but it is convievable that in 10 years it will be illegal to sell a regular old fashioned CPU, one that reads some instructions and executes them, without Fritz. Cpu's, et. al. will become black market items? Like pot??
Reality is stranger than fiction.
You say Disney failed. What makes you think the game has even begun? Do you have any idea how much money you are talking about? Do you know what industry generates the largest revenue in the Los Angeles area? Media industry in general, including Software, is the largest growth revenue item there is. Why do you think there is so much noise about all of this? Why is there a DMCA, and a Fritz, and all this constant noise. THEY CANNOT AFFORD TO FAIL. The United States (for instance) NEED IP to be productized -- it is the only export product the US has.
By the way, I think IP productization is a good thing. I'm an IP producer.
...part of your company's computing environment so that you could push your own personal software agenda? Your company's buying software and paying you to install it and you're sabotaging the effort?
What if the next step is a huge backlash against the internet. A bursting of the bubble (to quone a phrase) of a completely different style. It could turn people off of the hassle of the internet, thus driving its marketability into the ground and leaving it a desolate wasteland for businesses and the common man alike.
...now if we could only get Microsoft (or whomever ...yeah, Microsoft) to pay reparations, we'd be set!
Stay with me...
From within that wasteland, and on the backs of the technologically adept, a new (more secure? more well thought out?) internet can be born. Kinda like the restructuring of countries after a devastating war.
fs
video still has to be output to either analog monitor output or digital to the DVI output
You said you'd start worrying when the connection between a computer and its display fell subject to digital restrictions management. Have you looked into DVI's DRM?
I don't have to worry about someone running a hack version of my application
But you do have to worry about losing goodwill when your users yell about not being able to get THEIR DATA out of your program.
Every bios maker thats aggreed to produce these chips are allowing people to turn it off.
How long do you think that promise will last?
But if i was IT manager I would make sure it is on, I don't want my employees running unsigned software.
Easy: give them programs that can handle negative numbers. But seriously, much of what starts on business computers eventually spreads to the home market. What if the top five PC vendors that "sell" computers to residential users change to a 10-year rental model, claiming to be those users' "IT manager"?
You're by far not the first to think of it
There's only one solution to this problem, and that is to boycott and completely abstain from this system. I'm not just talking about Palladium PC's, I'm talking all the parties, services and technologies involved.
DRM is digital tyranny, and I will not willingly submit to a system that infringes on my privacy, nor forces me to pay for a computer that will not obey me, nor gives me freedom of choice and that eliminates competition in the operating system market that was there before (Linux).
As a freedom loving individual, I cannot stand for this travesty of justice! I will protest, boycott and wholeheartedly refuse to consciously particiate in this wholesale anti-capitalist, anti-democratic, anti-community (ie Open-Source) and anti-freedom conspiracy.
If this get implemented, I vow never again to buy:
1) RIAA music, in any form.
2) MPAA movies, in any form.
3) Software or hardware made by Microsoft.
4) Software or hardware made by any Palladium partners.
5) Publications by those who endorse this system.
6) Any participating consumer electronics.
7) Any participating service.
I'm going to hit these bastards where it hurts most, in the wallet. I'm hopping mad, and you have no idea of the extent to which I am determined to rebel against, and abstain from this system.
I'm presently a computer programmer. If I have to change careers in order to do this, then so be it. There's more to life than computers and technology, and I imagine that in the next few years I will discover just how much MORE there is to life than computers and technology when I'm no longer involved in any significant way in either one.
There are alternatives to every single one of these systems in place, whether it be telephone banking, snail mail, community events, live music, theatre, travel, etc. I plan to explore and use every single one of these alternatives when the time comes.
The failure of the Slashdot readership (in general) to objectively consider anything Microsoft does is the number one reason why I consider Slashdot merely an ordinary forum rather than a valuable resource.
Flamebait. -1. Hit me with your best shot. No one actually needs to read what I have to say.
...Microsoft is gaming the security situation instead of taking reasonable steps to fix their OS. So his job title probably should be game master.
Eternal vigilance only works if you look in every direction.
If we had trusted computing, we never might have seen the message.
(*) everyone = riaa/mpaa members, msft themselves, anyone who pays premium prices to develop software using msft tool
That is just the stupidest thing, ever.
The whole point of this whole system is that you dont have to run trusted software, that the *hardware* physically will protect the system from divulging that data which is protected. Using encryption and a special piece of hardware, data that is sealed can only be accessed by software that has the proper key. The point being that there is no required central authority. Any piece of software that runs in the trusted mode of hardware would create it's own sealed data storage area (effectively just hard drive storage space but tightly protected using strong encryption.. but possibly this could be flash, optical media, anything).
I am sure there will be pimping involved, but essentially, the idea of the system is that hardware allows code to execute on the CPU in a way that it can't be spied on (debugged, register checked, etc), allows that code to easily open encrypted storage that only it can access in the future, and communicate securely over a network with a host for data interchange.
For a good example, see the iTunes hack dreamed up Jon. Under a Palladium/NGSCB system iTunes would run as a trusted mode app, and therefore, the code could not be spied in on. It would create storage space for the music you download and store it using strong encryption. It would decode and playback music using the sealed storage and protected code mechanisms of the nexus and send music through a protected pathway (essentially an all digital sound-system which only coverts back to analog at the last late phase - in the speaker itself).
The bottom line being that the iTunes hack of tapping into the stream of music after decryption and writing to a parallel file would be impossible. Additionally most decent analog hole tricks would be eliminated.
Now, this begs a bigger question about the ethics of copy protection - meaning essentially, are we serious about it or do we just like to pretend we have it - but on a technical level and a practical level, it is *very* secure in terms of unauthorized access to code and data.
I'd love to run a personal finance package as a trusted app with my data stored as sealed storage. I could ensure that no other app could spy on my data, it wouldn't be comprised if I forget to apply the latest ssh or kernel patch, and that it wasn't going to be corrupted, accidentally deleted, etc.
But before you go off on a total rant, I defy you to provide any documentation that shows this system would require central signing. It doesn't, and I dont think its even feasible to be modified to support it. If you have such a link, I'd love to see it (really, not sarcastic.. I'd like to know about it)...
About what this stuff really is? Or do you just bash it because a) its Microsoft and b) it prevents you from stealing music?
Now look, like it or not Microsoft doesn't have billions in the bank because they are dumb. This is something a large portion of their customers want. Don't any of you work with sensitive information? Hell, even the Pr0n collectors out there should be able to relate.
Maybe if there was a non-Microsoft DRM you could hide your stolen music and prevent the RIAA from dragging your butt into court.
Again, fact is this is something a lot of people want. If there was a decent 'open' standard addressing the functionality I'm sure MS would jump on it - embrace and extend if needed. But there isn't. This is true, useful inovation. Stop whining and start figuring out how to use it constructively.
Look at the friggin moderation - I can't believe some of the useless babbling that gets moderated as insightful.
slashdot troll = you make a compelling argument I do not like the implications of.
I know that most Slashdot readers rarely care for ACCURATE info, instead preferring to read incredibly biased editorials like the one linked above...
But, just in case anyone really does want the real info about TCG, here is a link to v.1.1b of the TCG specification, straight from the horses mouth so to speak.
Warning: this is a 300+ page technical document, might take a while to get through it!
When a product changes from a name (Palladium - nice sounding eh) to an acronym with no vowels (NGSCB - can't pronounce it = can't remember it), it shows MS don't want it discussed.
It's no longer a 'feature' to hype, it's now a spec point to hide from customers.
I could ensure that no other app could spy on my data, it wouldn't be comprised if I forget to apply the latest ssh or kernel patch
Yes, fortunately NGSCB will be bug free thus eliminating these issues. Once the programmers had thought of not including any bugs or design flaws security became a lot easier.
And if it isn't bug free you won't be able to patch it anyway so no point in wasting time trying.