Windows Security GM Talks NGSCB

An article at IT Manager's Journal (along with Slashdot, part of OSDN) reports on John Manferdelli's recent talk at Stanford on what Microsoft is calling for now its "Next Generation Secure Computing Base," or NGSCB (formerly Palladium). Manferdelli is the general manager for Windows security at Microsoft, and his presentation was mostly about the technical, not ethical or other considerations involved in this system. His position is understandably different from those of privacy and free software advocates who assert that Microsoft's elaborate security is designed to lock users into Microsoft software at the expense of privacy and choice.

Link to article

[Chalybeous]

The link above appears to be to /.
Here is the article on the IT Manager's Journal site.

Re:What it's about:

Fixed link to the article - is here

Re:This is a test, right?

try this.

At least some people do understand what's at stake

[MikShapi]

For those who don't understand what "Trusted" Computing, DRM, NGSCB and friends are all about, but do want to be awakened to reality - here's a red pill.

Re:Glimpse of the future

[Chalybeous]

SF author Cory Doctorow made a similar point in a story /. posted some considerable time ago - it's called 0wnz0red .
Doctorow's story calls it "Honorable Computing", and perhaps stretches the capabilities a little further (writer's hyperbole?), but in essence what he's talking about is DRM and piracy:

"Got it: so if the OS and the CPU and so on are all 'Honorable'" -- Liam described quote-marks with his index fingers -- "then you can be sure that the execution environment is what the software expects it to be, that it's not a brain in a vat. Hollywood movies are safe from Napsterization."

Not 100% on-topic, to be sure, but I like Doctorow's story a hell of a lot better than Microsoft's. Go read it, and see where the future might be headed!

Re:Absurd

[stubear]

Actually they're doing both. Much of the .Net initiative is about managed code which will eliminate buffer overflows, thus eliminating security exploits. Longhorn will be built with a lot of managed code.

Palladium, however, is about extending this security at both ends. The internet is great but it suffers from being based around the notion of naive trust instead of verifiable, secure trust. While this worked in the eary days of the internet, it simply does not work now. With computers being connected via broadband and always connected to the internet, OSes and the way they communicate internally and externally have to begin to build a system whereby they can verify, and thus trust, those communicating with the system, whether it be via IM, e-mail or through VPN.

Simply put, the internet is no longer a hobby. It is quickly becoming as important a part of our infrastructure as electricity and roads, to name a few. To this end, there must be a way to ensure that communication via the internet is secure and can be trusted. Palladium is only one method to obtain this trust.

Re:What it's about:

[dspeyer]

You left out:

Copyright (C) 2002 Richard Stallman.

Verbatim copying and distribution of this entire article is permitted without royalty in any medium provided this notice is preserved.

When you're copying an entire essay, is it really too much to include a few lines at the end, so that people know who wrote it and what they're allowed to do with it? It's not like you have to copy-type it, we have copy-and-paste working reliably now? :-)

Incidentally, the original article included a few footnotes, and is available on GNU's site.

Re:No one seems scared by this! I'm terrified.

[Chriscypher]

Bullshit.
You can buy a refurb eMac for $600 at CompUSA or similar prices at the Apple store online.

Just buy a Mac.