Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Security GM Talks NGSCB (Palladium)

Posted by timothy on from the neckbone-connected-to-ankle-bone dept.

An article at IT Manager's Journal (along with Slashdot, part of OSDN) reports on John Manferdelli's recent talk at Stanford on what Microsoft is calling for now its "Next Generation Secure Computing Base," or NGSCB (formerly Palladium). Manferdelli is the general manager for Windows security at Microsoft, and his presentation was mostly about the technical, not ethical or other considerations involved in this system. His position is understandably different from those of privacy and free software advocates who assert that Microsoft's elaborate security is designed to lock users into Microsoft software at the expense of privacy and choice.

16 of 281 comments (clear)

  1. What it's about: by iantri · · Score: 5, Insightful
    "Trusted Computing" basically means "you TRUST us, we don't trust you."

    A great victory for consumers everywhere.

    1. Re:What it's about: by hanssprudel · · Score: 5, Insightful

      More accurately it means:

      "People who don't trust you can trust your computer to control you."

    2. Re:What it's about: by IthnkImParanoid · · Score: 4, Insightful

      More like: If you work with us*, we'll trust you.



      *"Working with us" is defined as not competing with any of our products and offering appropriate compensation by not working with our competitors and agreeing to only develop only for our latest products, helping us enforce the upgrade cycle.

      --
      It's nothing but crumpled porno and Ayn Rand.
    3. Re:What it's about: by garcia · · Score: 5, Insightful

      yup. and it means that they are going to do everything in their power to stop us from having any freedom. That includes forcing us to use a BIOS that will only "trust" their OS and thus render most hardware useless except for Windows.

      See more here.

      (Please note that this comment mentions that we have to trust them and they don't trust us.)

    4. Re:What it's about: by DickBreath · · Score: 5, Insightful

      Actually it means that people who do not trust your computer configuration can pass data to you and be confident at some level that it is not exposed.

      That is one element of what it is about.

      If they can trust the programs on your computer to do what they want, then those programs can also be trusted to control your behavior and actions.


      Palladium turns out to be very useful for meeting a real business need which in most cases is completely legitimate. I do not want communications with my lawyers to be disclosed. Confidentiality is in general a good thing, it is occasionally a bad thing.

      There is this thing called cryptography that meets the business need you speak of.

      The "business need" that Palladium meets is the need to control users behavior, what software they can run, and perhaps most importantly, what software they can NOT run.


      But one thing to consider is that the greater the confidence that people have that their communications are secret the greater the probability they will say something in a permenant form that later compromises them.

      If you can't stand up for what you say, then don't say it. And please do not run for public office. Let your "yes" mean yes and your "no" mean no. Say what you mean and mean what you say.

      Yeah, wonderful thing here. The ability to say something, and then later take it back, knowing that one can trust other users computers to obey.


      Where would the world be without corporate whistleblowers?

      This is an interesting issue. What whistleblowers are about is someone who is involved or exposed on some level to wrongdoing and then decides to blow the whistle. Palladium will never stop this. Whistleblowing is about one of a bunch of thieves developing a momentary feeling of guilt. I am not aware of any whistleblowers who obtained their information by snooping in information they were not supposed to have access to. Palladium won't stop whistleblowers. It will just stop you from doing things with your computer that Microsoft does not like.

      --

      I'll see your senator, and I'll raise you two judges.
  2. Perfect article! by onyxruby · · Score: 3, Insightful

    It's the perfect article, touches Microsoft, DRM and the evil once known as Palladium! Best of all no one can read the article because it justs links back to slashdot. Everybody can shoot from the hip on this one, because once again the only link in the article wasn't even checked to see if it works. Do stories here get reviewed and selected by a seven line perl script?

  3. Upgrade or "Surreptitiously Copy"? by josquin00 · · Score: 5, Insightful
    Files within the NGSCB architecture will be encrypted with secret coding specific to each PC, making them useless if stolen or surreptitiously copied.

    My concern with this would be what happens when you upgrade? How do they differenciate between new hardware and "surreptitiously" copying files to a different system? I remember all of the Office XP Activiation nightmares, and I can't help but think this will turn into a complete fiasco, too.

    1. Re:Upgrade or "Surreptitiously Copy"? by peragrin · · Score: 5, Insightful

      Actually what scares me most about this is what happens when your motherboard dies, you now have a new pc with the old hardware and no access to your files. Also what happens if you upgrade to longhorn 2010 do you lose access to those files. it is a standard microsoft tatic.

      --
      i thought once I was found, but it was only a dream.
  4. repeat after me... by BubbaTheBarbarian · · Score: 5, Insightful

    Ok, repeat after me...

    Every attempt to lock down ID's, every attempt at DRM, every attempt at hardware ID (remeber Intel's great Proc Id idea?) has failed.

    Not only has it failed, but the backlash they have caused has made the problem they were to solve worse. True, this is a real threat to peace, love and freedom, but in the end, the consumer decides, and while the unwashed are unwashed, if you piss them off enough, they will find something else, and the tend to find it with a speed that is previsouly to be unthought of (remember Napster?).

    Does that preclude us fighting these type of initiatives? No, but at the same time announcing the End Of The World is a bit rash...

    What's Next - Scheduled Meetings
    Thursdays 2600 GMT

    1. Re:repeat after me... by GoofyBoy · · Score: 4, Insightful

      >every attempt at DRM,

      Not sure if you would consider this as DRM but CD-key which are verified online such as HalfLife or Quake3 are pretty succesful.

      Also Windows XP activation would also be considered "succesful enough".

      --
      The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
  5. Sealed storage by Kefaa · · Score: 4, Insightful

    Say anything else, but sealed storage is a simple concept, we control what can be saved. What we need to be concerned with is how they secure it. If sealed storage is at the hardware level, then the "sealed PC" MS has been seeking for years will be a reality.

    How can you install Linux, BSD or WinXP if the device itself requires the OS to authenticate? You can't. Sure you may be able to crack a work around, but what company will run software that is in place via crack?

    This brings up the next issue, what happens when you replace your box? We have heard of all the fun people have had with XP licensing and system upgrades. Do you get to keep all those MP3s or do they not belong to the box. If you can authenticate on a second box, then you really don't have a secure system using the box.

    While MS likes to dismiss these as "we are working on it" they will again be in a position to dictate their use. By the time grandma learns all here files are now secure and she must pay to move them to her new box, it will be too late. This idea that we can somehow wait for MS to figure out a solution in secret that we can all live with is crazed.

    If we are going to take a secure machine approach it will need to be a standardized one, open for all to use. I don't think we will see MS jumping to support that concept.

  6. Yes, and No by Bill,+Shooter+of+Bul · · Score: 4, Insightful

    Granted all systems of non trivial size have bugs, but it would seem that microsoft in integrating so many of its products together have left themselves vunrable for many chain reactions. So each bug in windows can have a much more severe effect than an equivelent one in a different enviorment.

    --
    Well.. maybe. Or Maybe not. But Definitely not sort of.
  7. Absurd by DonkPunch · · Score: 4, Insightful

    Microsoft sells an OS vulnerable to buffer overflow exploits.

    The obvious solution for secure computing -- better quality control on their code.

    The Microsoft solution -- anything but better quality control. Limit the user's control of the machine. Enact a code-signing scheme. But, whatever you do, don't make us audit millions of lines of our own code.

    --

    Save the whales. Feed the hungry. Free the mallocs.
  8. Trust doesn't enter into it at all... by Alphanos · · Score: 4, Insightful

    Isn't it more like "you MUST 'trust' us or you cannot access the internet"? That's the eventual goal, anyway.

    --
    Alphanos
  9. Re:Doomed from the start by The+Snowman · · Score: 4, Insightful

    I see no reason why human ingenuity is supposed to freeze at the point this technology is released...

    I see a reason: DMCA. It won't stop people, but it will chill public disclosure and freedom of speech, as we know from experience. It can stop the knowledge from reaching a critical mass. People who would circumvent DRM and Trusted Computing are a minority, and if the DMCA can keep it that way, we will never reach critical mass and stop DRM and TC.

    --
    24 beers in a case, 24 hours in a day. Coincidence? I think not!
  10. Re:What it's REALLY about: by hummer357 · · Score: 5, Insightful

    Will we keep our right of private ownership of computers?
    Will we keep our right of free use of our Net?

    ehm... i think it's grotesque that someone would even think of asking these questions.

    i also think that the whole 'Next Generation Secure Computing Base' thing is about who will be pimping who.

    some time before we'll get the final version of longhorn stuffed down our throats, msft will probably have decided that it's in everyone's (*) interest to expand the trusted compiting base to the full operating system, and we'll be able to forget about using any software that wasn't okay'ed by msft to run on the system. (= signed code?)

    maybe we'll see modchips for regular computers in the future too?

    better start stroking the penguin sooner than later!

    h357 - paranoia est. 1977

    (*) everyone = riaa/mpaa members, msft themselves, anyone who pays premium prices to develop software using msft tool