Windows Security GM Talks NGSCB

An article at IT Manager's Journal (along with Slashdot, part of OSDN) reports on John Manferdelli's recent talk at Stanford on what Microsoft is calling for now its "Next Generation Secure Computing Base," or NGSCB (formerly Palladium). Manferdelli is the general manager for Windows security at Microsoft, and his presentation was mostly about the technical, not ethical or other considerations involved in this system. His position is understandably different from those of privacy and free software advocates who assert that Microsoft's elaborate security is designed to lock users into Microsoft software at the expense of privacy and choice.

What it's about:

[iantri]

"Trusted Computing" basically means "you TRUST us, we don't trust you."

A great victory for consumers everywhere.

Re:What it's about:

[hanssprudel]

More accurately it means:

"People who don't trust you can trust your computer to control you."

Re:What it's about:

[garcia]

yup. and it means that they are going to do everything in their power to stop us from having any freedom. That includes forcing us to use a BIOS that will only "trust" their OS and thus render most hardware useless except for Windows.

See more here.

(Please note that this comment mentions that we have to trust them and they don't trust us.)

Re:What it's about:

[DickBreath]

Actually it means that people who do not trust your computer configuration can pass data to you and be confident at some level that it is not exposed.

That is one element of what it is about.

If they can trust the programs on your computer to do what they want, then those programs can also be trusted to control your behavior and actions.


Palladium turns out to be very useful for meeting a real business need which in most cases is completely legitimate. I do not want communications with my lawyers to be disclosed. Confidentiality is in general a good thing, it is occasionally a bad thing.

There is this thing called cryptography that meets the business need you speak of.

The "business need" that Palladium meets is the need to control users behavior, what software they can run, and perhaps most importantly, what software they can NOT run.


But one thing to consider is that the greater the confidence that people have that their communications are secret the greater the probability they will say something in a permenant form that later compromises them.

If you can't stand up for what you say, then don't say it. And please do not run for public office. Let your "yes" mean yes and your "no" mean no. Say what you mean and mean what you say.

Yeah, wonderful thing here. The ability to say something, and then later take it back, knowing that one can trust other users computers to obey.


Where would the world be without corporate whistleblowers?

This is an interesting issue. What whistleblowers are about is someone who is involved or exposed on some level to wrongdoing and then decides to blow the whistle. Palladium will never stop this. Whistleblowing is about one of a bunch of thieves developing a momentary feeling of guilt. I am not aware of any whistleblowers who obtained their information by snooping in information they were not supposed to have access to. Palladium won't stop whistleblowers. It will just stop you from doing things with your computer that Microsoft does not like.

Upgrade or "Surreptitiously Copy"?

[josquin00]

Files within the NGSCB architecture will be encrypted with secret coding specific to each PC, making them useless if stolen or surreptitiously copied.

My concern with this would be what happens when you upgrade? How do they differenciate between new hardware and "surreptitiously" copying files to a different system? I remember all of the Office XP Activiation nightmares, and I can't help but think this will turn into a complete fiasco, too.

Re:Upgrade or "Surreptitiously Copy"?

[peragrin]

Actually what scares me most about this is what happens when your motherboard dies, you now have a new pc with the old hardware and no access to your files. Also what happens if you upgrade to longhorn 2010 do you lose access to those files. it is a standard microsoft tatic.

repeat after me...

[BubbaTheBarbarian]

Ok, repeat after me...

Every attempt to lock down ID's, every attempt at DRM, every attempt at hardware ID (remeber Intel's great Proc Id idea?) has failed.

Not only has it failed, but the backlash they have caused has made the problem they were to solve worse. True, this is a real threat to peace, love and freedom, but in the end, the consumer decides, and while the unwashed are unwashed, if you piss them off enough, they will find something else, and the tend to find it with a speed that is previsouly to be unthought of (remember Napster?).

Does that preclude us fighting these type of initiatives? No, but at the same time announcing the End Of The World is a bit rash...

What's Next - Scheduled Meetings
Thursdays 2600 GMT

Re:What it's REALLY about:

[hummer357]

Will we keep our right of private ownership of computers?
Will we keep our right of free use of our Net?

ehm... i think it's grotesque that someone would even think of asking these questions.

i also think that the whole 'Next Generation Secure Computing Base' thing is about who will be pimping who.

some time before we'll get the final version of longhorn stuffed down our throats, msft will probably have decided that it's in everyone's (*) interest to expand the trusted compiting base to the full operating system, and we'll be able to forget about using any software that wasn't okay'ed by msft to run on the system. (= signed code?)

maybe we'll see modchips for regular computers in the future too?

better start stroking the penguin sooner than later!

h357 - paranoia est. 1977

(*) everyone = riaa/mpaa members, msft themselves, anyone who pays premium prices to develop software using msft tool