Slashdot Mirror
Trusted Computing Rollout Hits the Desktop
Alsee writes "Previously appearing in a few rare laptops, ExtremeTech reports on the first major computer manufacturer making a full scale Trusted Computing rollout. Samsung will now install the Phoenix Core Managed Environment (cME) BIOS in every computer they make. Previous Slashdot reports on this BIOS include Phoenix Bios to Incorporate DRM and Microsoft Taking Over the BIOS."
How long do you think before this hardware gets hacked?
I would bet on 3 months.
Save your wrists today - switch to Dvorak
Fujitsu, however, chose to install the FirstWare Vault software designed by Phoenix, a trusted application designed by the company. FirstWare Vault also creates a hidden partition on the hard drive. However, Fujitsu used it to store a backup copy of the OS, in case the user needed to reinstall. Fujitsu's strategy will eliminate the need to ship the OS "reinstall" disks that have begun to ship in today's PCs. The disks don't contain a full version of the OS, but just the files needed to reinstall it in case of an error. By hiding that reinstall software on a protected partition, the company saved itself the costs of distributing the media, Fujitsu said. Wouldn't this take up quite a hefty chunk of hard drive space? I mean, it says 'doesn't contain a full version,' but wouldn't this still be quite a bit? I'm not sure I want other people making those kinds of decisions for me.
If I remember correctly doesnt the Record Industry have to label "protected" CDs?
Would be a good idea if these PC manufacturers labeled their PCs as using BIOS DRM.
That way an informed consumer can make a choice whether or not they want DRM on their system.
Just a thought.
.... ... }
int main (void) {
Good thing I build all my computers from components recycled from the dumpster bay at Texas Instruments in Austin.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
I just refuse to believe that the Trusted Computer Initiative will deliver more secure computing.
The XBOX was an attempt at some kind of DRM and it got hacked to pieces because DRM is just impossible. Plus the fact that Microsoft write overly complicated software with bad tools and bad programmers.
But Microsoft bashing aside, they aint alone. I don't think there is any company or organisation capable of deliverying decent computer security at the moment.
The tools do not yet exist to manage projects containing millions of lines of code in a way that won't introduce security flaws.
Si.
Besides anti-MS statements and rhetoric about DRM, can someone actually tell me how this will affect what I can do with my computer?
I always save my last mod point to mod up a good troll. You people are too serious.
In general, I think that most /.ers would agree that invasive DRM practices are not a Good Thing(tm), but I wonder how the general public will see these initiatives, if at all. I think that either of two things will happen:
People inexperienced with computers will see the nice friendly keywords like 'safe' and 'trusted', and favor these products out of fear, which is obviously what the manufacturers want.
Alternatively, Joe User, who neither knows nor cares about security will simply ignore such concerns as fine print, since any kind of technical explanation is of no interest.
Unfortunately, I think the principal outcome may be that, like it or not, these Trusted Computing initiatives may propagate, either from adoption by fearful masses, or simply by sliding under the average consumer's radar.
Trusted Computing, depending on what you apply the lable to, does mean that media distributors can trust the computer. But it also means you can. The idea of providing each computer with a secure cryptographic ID of some sort is pretty valuable to anyone concerned with security just as well as media distributors.
For example, if I want to filter virus and spam mail from the real thing, I can see if the e-mails I got claiming to be from my mother are really signed by her computer or not. If I want to be able to buy things online with the click of a button, I can have my credit card company authorize this particular PC to be able to make purchases online, and show my ID by being able to sign things with my unique private key.
Certainly most of this could be done in other ways, and a driving factor is certainly the desire to set up better DRM, but who cares? I don't pirate music, and I don't buy crippled CDs. So if someone wants to put unobtrusive DRM in their media and I'm OK with that, I'll buy it (like, say the protected iTMS AACs). If the DRM makes it unusable to me (like, say, Napster 2.0's), then I won't. It's all about market pressure.
Same goes for trusted computing. If I'm building my own machine, or buying one from an OEM, I'm not going to buy one with features that I don't like. So what's the big deal?
Regardless, I know IHBT, but try to at least keep the trolls creative. This post of yours is just offtopic garbage with nothing new to add to the conversation. Too bad my mod points ran out yesterday, or this would be marked down Redundant so fast your head would spin.
I would like to see whether this is, indeed, trusted computing. The article was somewhat vague in some ways. If it is the full-fledged hardware portion of the Pallidium initiative, as part of the article implies, it's very, very bad. If, instead, it's a way to save money on a system restore disk by having the hardware hide a portion of the hard drive from normal software, it's annoying, but probably fine, depending on how it is done (if there's a PKI, that's bad, but if it's just read-only, that's fine).
If trusted computers do appear in your area, I would suggest the following strategy for making them go away:
This assumes the companies have a 30-day no-questions-ask return policy (which is usually the case). You can even say that the "trusted" computing was the reason you returned it. Once they start losing tons of money, it'll go the way of DiVX (not the codec -- the old DVD standard which needed to call home to get authorization). It was pushed by Circuit City, which had a ton of people do this to them, so they introduced restocking fees, and lost a lot of customers who knew nothing about DiVX. Eventually, Circuit City backed off the DiVX thing.
If you want to be illegal (which I don't recommend), some people have a modified scheme:
This costs them a heck of a lot more, and gets around the place of returns without restocking fee. If you need to buy a DRMed product, you can also use this to make sure the company pays the manufacturing costs for 2 of 'em instead of one, and loses money on the sale. It is, however, illegal, and probably unethical.
I think Microsoft and Sony are locked in a struggle right now (hence the XBOX, Microsoft's shot accross Sony's bow), so I can't see Sony going along with this.
All the creatures will die, And all the things will be broken. That's the law of samurai. (Jubai, 1605)
The bios now has crypto features to authenticate 'trusted' applications that the OS can use, or choose not to use. IIRC, it can be completely disabled in the BIOS.
Even if MSFT, in some future version of Windows, decides that Windows won't run at all unless it's enabled, it still wont have affected linux.
I don't need no instructions to know how to rock!!!!
So what makes an application "trusted" is that it has been blessed by Microsoft, ie. any software publisher with the funds to pony up the fee to Microsoft to get the trusted seal of apporval I suppose. So that's supposed to make computing more secure... and what is a "secure" computing environment anyway? Most of us define a secure computing environment as a desktop we can work at where our data is secure, private, stable, and uninterupted by rogue applications that pop up in your face unexpectedly refuse to be ignored... this is where "trusted" vendors are trying our patience. It has become more common for every Windoze desktop application sold today to hag nag screens popping up for any number of reasons: "Do you want to check for updates?" ... "Do you want to register now or be reminded to register in the next 15 minutes?" ... "Would you like to see some exciting new offers? I'll just go ahead and add them to your bookmarks menu anyway..." ... and all this happening when the offending application is not even running! Desktop software is becoming increasingly intrusive and interupting the workflow process.
So I ask you, what's worse: having a malicous virus annoy you and interupt your workday or having an application you paid for essentially behave even worse? At least virus authors don't nag you to register.
So my point is "secure" and "trusted" computing is obviously a joke when the companies driving this initiative are more intrusive and disruptive to the average work day than most virus authors.
These things are all now flashable anyway, right?
"A microprocessor... is a terrible thing to waste." --
GeneralEmergency
Now I am compelled to take measures to ensure that no potentially illegal activities (corporate) are able to be hidden by this DRM nonsense. I will have to bring a digital camera into my workplace as soon as I start running into unprintable emails, documents, etc. As soon as I get any document with an expiration/self-destruct date. I will start taking steps to ensure that all such items are "documented" via digital photography, if need be, so that I can safely be a whistleblower as required. I will not, under any circumstances, EVER be party to illegal activities by any corporation for the sake of money. I will not be party to unethical activity of any kind. If I come across such, I am compelled to blow the whistle and if M$ and other corporations feel the need to try to cover their unacceptable, illegal, unethical behavior via DRM crap, then I WILL sidestep it one way or another. I am honor-bound to do no less.
On a personal note, it is automatic that I will never ever again purchase any system that contains a phoenix bios chip in it. Old or DRM-enabled new, phoenix has ceased to exist as far as my money is concerned.
In Bushworld, they struggle to keep church and state separate in Iraq as they increasingly merge the two in America.
http://www.research.ibm.com/gsal/tcpa/
Please do buy only hardware which lets you choose your OS.
This situation sucks because the only way we can fight it is by being Good Consumers - but since non-MS users are in a minority, the value of our informed consumerism is limited.
GNU/Linux is proof that if freedom only requires hard work, people will work for freedom - now the proprietary world realises that freedom must be made either illegal or obsolete.
Please help publicise swpat.org - the software patents wiki
Absolutely. I've often thought it would be nice if non hegemony users would collectively buy hardware that was completely free & open. For maximum effect, "everyone" waits three months for their next purchase, and buys identified, free, open, performant and well supported hardware at the same time, hopefully causing a blip on screens somewhere. With the number of vendors that are out there, it could make some realize the advantages of opening up.
Of course, this is somewhat contrary to the hacker goal of supporting everything that has an (electrical) pulse.
Unethical, though? Think about the future we'll all have to deal with if this comes to pass. I don't want to live there, do you? These corporations don't have the right to do this to humanity, or even to make the attempt. Therefore, they lost their right to make a living, to own property, or to continue to exist as organizations when they started doing this.
They aren't taking away our rights with just bad hardware and software, that wouldn't be a threat. They are taking a two pronged approach, making the bad hardware and software and changing the structure of laws and legal rights to make the alternative illegal. (If it was just the former, I wouldn't care.)
The sad thing is, where this is really being lost is on the legislative front. Everyone brings up DIVX, but these companies all learned from DIVX. DVD is hardly purchaser-rights friendly, but it has won.
What we really need is some way to attack this problem that is as effective as the GPL was for software, but part of the problem is that the GPL was based on previously existing copyright law, not custom crafted laws created by the adversaries themselves.
All the creatures will die, And all the things will be broken. That's the law of samurai. (Jubai, 1605)
Remember "eXistenZ?" It's like that - half the world's computers are under the control of anyone willing to run regular nessus scans and a few backdoor control panels. So.. yeah, maybe some in the linux crowd resent this because the boon won't last more than a few more years. But honestly, something HAS to be done. If that means creating software and system that then set the precedent of forcing corporations to become responsibe administrators of the systems they market on wide scale, so much the better.
This doesn't mean I have to buy one, or that there won't always exist other mechanisms for connecting to the public internet. But most people don't know a fucking thing about free specch - hell, many of them believe "free software" is illegal in any form. All they want is a terminal in their home that feeds them the latest buzz from aol and msn and ebay - and the internet is a fucking mess today because of these users and their five year old Windows 98 and ME security siphons.
The internet exists well outside the US, and many countries are making a giant leap in the direction of OSS. Combine that with a giant push toward obsoleting those fucked up "legacy" systems and we all move closer to a more secure AND more usable internet for everyone.
Sorry... I'll go put my chicken little costume back on now and join you all back at the shack...
No, that paper is a basically a bunch of mis-leading propaganda designed to obfuscate the truth that TCPA exists solely for the purpose enabling Palladium and Palladium type DRM and user controlling mechanisms.
Read the EFF report to see why if TCPA were not designed with user control in mind, they could have implemented some very simple changes (user override) to make sure that the user had access and control over all aspects of his own machine. They didn't: instead they opted for to create a system whereby the TCPA chips can be used exactly for the things they claim they have nothing to do with (shipping them with so called "Endorsement keys" which are vendor signed, user inaccessible keys that can verify to third parties that you are using an Operating System that they like).
The logic of the rebutle is backwards all over the place. For instance they claim that TCPA is not for DRM since the chips are not tamper resistant to hardware attacks: This rather shows, unlike what some people have argued, that the chips are not designed to help against things like hardware theft and corporate espionage. For DRM you don't need tamper resistance since laws like the DMCA will keep the means of tampering out of the hands of most of the population.
Also, the argument against the endorsement keys being used for DRM is something like "nobody has a system to running for signing and verifying them today" which is supposed to convince us that such a system will not exist when they are widely deployed (note that as a feature they are 100% useless without such a system.)
This has been covered in a previous discussion, but it may be appropriate to revisit the topic.
If Windows is integrated into the BIOS, then presumably the computer makers would have to pay M$ for the privilege of selling this BIOS. Fine. No problem because the computer makes will be able to sell systems with regular BIOS.
But Wait! Now M$ tells the manufacturers that if they do use regular BIOS, then they won't sell them the rights to use the "Trusted" BIOS or they charge more for the "Trusted" BIOS. It's Deja Vu all over again.
So then all the manufacturers stop selling anything that does not use the "Trusted" M$ owned BIOS, which or course will not work with Linux, or anything else other than an M$ OS. And maybe even the latest one. No more foregoing those paid upgrades.
Just Say No
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
you mean the way Windows XP is cheaper than previous versions since it has activation codes?
As we've seen recently in Intel vs. China regarding China's own wireless standard (labelled GB15629.11-2003 for those interested), we can probably at least count on China to get hissy about this.
:?
Simply put, whether the threat they perceive is real or not, there is no way they are going to allow American proprietary rubbish (with evil spyware code to boot) to penetrate the Peoples' Republic. So if we have to start importing all our parts from the commies, then so be it, but even if dumbass consumers in the West buy this kinda rubbish (and, as others have said, they undoubtedly will), it simply will not fly politically elsewhere.
The push for Linux in Asia is clear - HP are going to ship Linux boxen, China has variously shown its keenness towards the open OS, NTT DoCoMo are putting Linux in phones and so on - this kind of stuff really does matter. At the very least, American hardware manufacturers are going to consider the bigger picture before alienating large numbers of potential consumers.
Microsoft is not invincible. It has failed in the mobile phone market, failed to crush Java (now, of course, flourishing on mobiles) and has a long time to examine consumers' reactions before Longhorn comes out. I really don't think it will try to push this too hard...
iqu