Slashdot Mirror
Windows Security GM Talks NGSCB (Palladium)
An article at IT Manager's Journal (along with Slashdot, part of OSDN) reports on John Manferdelli's recent talk at Stanford on what Microsoft is calling for now its "Next Generation Secure Computing Base," or NGSCB (formerly Palladium). Manferdelli is the general manager for Windows security at Microsoft, and his presentation was mostly about the technical, not ethical or other considerations involved in this system. His position is understandably different from those of privacy and free software advocates who assert that Microsoft's elaborate security is designed to lock users into Microsoft software at the expense of privacy and choice.
if the article is accurate, MS says the trusted computing feature can be optionally enabled/disabled. glad to hear this. what is more relevant is whether the user will have the option to run certain applications in untrusted mode. i fear that software makers will bind users hands.
smd4985
The bottom line: Do you trust Microsoft? That's ultimately what this is all about.
I don't understand what it is about these technologies and their evangelists that makes it so easy for them to wooll over listeners and analysts eyes. I mean, the author of the article quotes Stallman's and Sulzberger's comments, but they seem to go in one ear and out the rest.
This isn't about whether one trusts Microsoft. People who dislike Palladium and TC are not tinfoil hatters who think that once it is deployed Microsoft will use it to take over the world, or whatever. The bottom line is exactly what Sulzberger says: How much control should users have over their own systems.
Microsoft's representative covers this up in invented technical terms, and talks about "security" and "trust" because those words sound good to the uninitiated, but that is just a smokescreen for the true neature (not a lie - they are upfront about what the system includes, they just spin it so people Chris Preimesberger will miss the point).
The point is this: every piece of "security" and "trust" that can be gained from Palladium is gained by palladium taking away from the user control of his own computer. Once that control is removed, ISPs can "secure" and "trust" that the user has his system configured as they mandate (see the Cisco router story). Microsoft can "secure" and "trust" that their software is licensed and registered. The record companies can "secure" and "trust" that their songs cannot be copied, ALL BECAUSE ULTIMATELY THE COMPUTER, NOT THE USER, IS IN CONTROL!
The question he asked "Does Microsoft have a back door" is stupid. Nobody serious believes that Palladium contains a backdoor so that MS can take over the computer. They believe the point with Palladium's design is that software can be installed with restrictions that the user cannot circumvent, and that people will be forced into installing such software, hostile to themselves, on their own PCs, in order to exchange data and connect to the Internet.
The reported responses from the MS representative give us absolutely no reason to answer "no" to either of Sulzberger's questions, even though the article claims so. In fact, when MS say things like, "We are building a scalable, distributed credential-based security model here," and list features of "attestations with authenticated code that is affiliated with only that particular process" - that is exactly what Sulzberger and Stallman are talking about. The Palladium computer will attest - BEYOND THE USERS CONTROL - whether the computer is running software that is "trusted" by the counterpart and hostile to the user, exactly so that the counterpart can mandate the use of such software (read DRM).
The fact that Microsoft tell us that the code will be open for review gives absolutely no confort. It is not the code, but the very concept of Palladium that is frightening beyond belief. Apparently Microsoft have nothing to fear regarding being open about it, as for some reason so many people cannot seem the grasp the point that Stallman, Sulzberger, and myself scream into the void!
Also Windows XP activation would also be considered "succesful enough".
They were successful? Oddly, I seem to remember licence keys to corporate/enterprise versions of Windows XP before I could even try and purchase a copy.
This didn't change much with SP1, despite the fact that said master keys were removed.
If you only look at Windows XP Home, it isn't pirated much (due to Windows XP Professional being freely available anywhere). Everyone I knows hate it due to the fact that one has to call Microsoft Support every once in a while.
HalfLife didn't check keys in LAN. And I never had problems with Quake3 servers.
So, I'd have to say they aren't in the very least successful.
Actually it means that people who do not trust your computer configuration can pass data to you and be confident at some level that it is not exposed.
Palladium is no better for DRM copyright enforcement applications than any other hardware technology. The problem with DRM is that it is break once run anywhere. Palladium like any other hardware enforcement system is breakable, the catch is that you have to break a system that is trusted by the sender of the data.
For copyright control you cannot be any more selective about the destination machine than requiring it to be a palladium machine. So it only taks one palladium machine ever to be broken and you are toast.
For control of sensitive company documents the issue is very different. I can configure my systems so that they only deliver sensitive data to specific palladium pcs that I have designated as trusted and to obtain my documents you have to break those specific machines.
There are still people who complain about this sort of thing. Where would the world be without corporate whistleblowers? Pretty much where we are today, there were no shortage of whistleblowers on Enron, Krugman reported repeatedly in the New York Times, few took notice until Enron collapsed and suddenly it was open season, everyone acknowledged that Enron and co had ben ripping off California...
Security is security, you can't expect technology to enforce your particular set of ethical constraints. Palladium turns out to be very useful for meeting a real business need which in most cases is completely legitimate. I do not want communications with my lawyers to be disclosed. Confidentiality is in general a good thing, it is occasionally a bad thing.
But one thing to consider is that the greater the confidence that people have that their communications are secret the greater the probability they will say something in a permenant form that later compromises them. Nixon discovered this. I don't think that security will prevent disclosure of information about criminal activities and frauds.
Take Diebold for example, if they were cluefull enough to have used DRM to control their internal documents they might have been cluefull enough to secure their Web site to stop an attacker from compromiseing their software to rig the vote. What we need in the Diebold case is not internal company memos with incriminating information. What we need is a reliable security audit.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Actually it means that people who do not trust your computer configuration can pass data to you and be confident at some level that it is not exposed.
TO YOU. That it is not exposed _to you_.
Why do the MS apologists always leave out those little important words that make all the difference!
I'm on the Gentoo IRC channel a lot, getting help and giving help when I can. But when I try to bring up the pitfalls of trusted computing, all I get is a 'huh'? or "nah, it will be ok I'm sure".
It's like everyone has their heads in the sand. When the major BIOS makers are going to trusted only computing, where are we going to run our Linux?
Some people say "just buy a Mac". I'm sorry, if I could afford a Mac I would. But since I can't build a brand new Mac for $475 like I did the machine I'm using now, it's going to be a while. And the only reason I built this so cheaply is because I didn't have to pay a Microsoft tax.
I want a machine I can build myself. An OS that I build myself. When I do that, I'M THE ONE WITH CONTROL! Not MS or Dell or Gateway or Pheonix.
"Music is everybody's possession. It's only publishers who think that people own it." - John Lennon.
"The internet is great but it suffers from being based around the notion of naive trust instead of verifiable, secure trust. While this worked in the eary days of the internet, it simply does not work now."
"Simply put, the internet is no longer a hobby. It is quickly becoming as important a part of our infrastructure as electricity and roads, to name a few."
Indeed. That's why my telephone will not allow me to dial someone while it registers that I'm playing music in the background. It's also why all my mail is opened by the post office to ensure I'm not shipping any copyrighted material in it, and why my electricity shuts off when I try to use it to play a CD I've borrowed from a friend. And why my car will shut down if I go over the speed limit.
Oh, wait, that's not at all how it works, is it?
Secure, verifiable trust has never been part of our infrastructure, and the internet does not increase the need for it.
Communication over the internet is not secure, but then neither is any other form of communication wether by mail, fax, phone or physical delivery, unless you take certain steps to ensure it is.
If you're allowed to...might have to download the "Windows secure BIOS update tool" and only be allowed to flash "trusted" BIOS images
"Murphy was an optimist" - O'Toole's commentary on Murphy's Law
If you don't read that closely, it might look like he's talking about how viruses and worms reduce many people's control over their computer. But he's really saying that Microsoft wants to ensure that everyone doesn't really control their computer.
What's not clear? He all but says that Microsoft wants to control your computer to stop you from copying songs - and, I assume, software.
Really, I was expecting something at least a little subtle.
Human/Ranger/Zangband