Slashdot Mirror
Microsoft Drops Next-Generation Security Project [updated]
grooveFX points to this CRN article which starts "After a year of tackling the Windows security nightmare, Microsoft
has killed its Next-Generation Secure Computing Base (NGSCB)
project and later this year plans to detail a revised security plan for Longhorn,
the next major version of Windows, company executives said..." grooveFX writes "Glad to see they actually listen to the gripes from the media and users." Update: 05/05 19:13 GMT by T : phil reed writes "Oops. According to this article on Microsoft Watch, Microsoft really isn't giving up on NGSCB (aka 'Palladium') after all. Microsoft spent much of Day 2 of its Windows Hardware Engineering Conference (WinHEC) here refuting a published report claiming the company has axed its Next Generation Secure Computing Base (NGSCB) security technology."
If this goes well, they plan to cancel all security projects.
Isn't NGSCB Palladium?
Surely this is pretty good news and indicates that MS might not be so able to force these kind of security measures on their custimers.
Although I imagine knowing Microsoft, the problems were at least as much technical than political, and they just gave up considering it to be "too hard and we can't be arsed", just like WinFS.
This sig has been deprecated.
This is Palladium, and it has not been "dropped", only shelved because it was too ambitious. They say they've invested too much on this not take advantage of it.
I'm out of my mind right now, but feel free to leave a message.....
Trusted computing, therefore, facilitates reduction of competition.
Don't blame Durga. I voted for Centauri.
Microsoft also lowered the hardware requireements for longhorn from 2x4ghz procs to a single 1ghz proc, citing the decrease in complexity of drm will free up much of the needed processing power.
I tried for 5 years to come up with a clever sig...only to realize that I am not clever.
What makes you think they are listening. They are presumably publically "killing the project named NGCSB", quietly inventing a new name and happily keep working on that, less publically this time now that they have used the publicity of Palladium/NGCSB to make initial "front door" contacts in the entertainment industry, they know who to expect at the "back door".
The ol' "keep renaming the thing so people don't have a steady label for what they are fighting". The british sellafield->windscale->thorp nuclear shenanigans, the last Palladium->NGCSB namechange, TIA->something-or-other. All the same propaganda trick.
The solution for opponents is to either keep using the old name so that the public latches onto it (everyone still calls it "Sellafield" and, to an extent, "TIA"), or invent your own name and get it to penetrate the public consciousness (much harder, only example I can think of it "Infidel")
What we need is "No Executive" security technology. Even the greatest security tools can be hogswaddled by the pointy hair types.
[/obligitory upper-management jab]
This one gang kept wanting me to join cause I'm pretty good with a bo staff.
Like the airlines think Saftey, Saftey, Saftey - Microsoft need to adopt the slogan.. Security Security Security
...
And some sort of chant -- maybe a dance
Handy Travel Hint: avoid flying on any airline whose motto is "Saftey, Saftey, Saftey"
Linux breaks all three of your suggestions and it still seems pretty secure.
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
Can we please get this modded past all the responses that seem to think that NGSCB has something to do with security. NGSCB aka Palladium is/was Microsoft's locked down "trusted" computer project, meant to facilitate DRM. It never had anything to with security save for in name and spin.
This is a good thing of course, but I seriously doubt it means that that Microsoft won't find other ways of sneaking locked down computer on us in the future...
We are getting to the stage where a fair chunk of PCs connected to the Internet are destined to die. It's reasonable to assume that MS has performed a kind of triage: - Home PCs are beyond the reach of any help. Whatever is done is already too late. Home PC users will have to migrate to Linux within 6-12 months or face working without the Internet. - SMEs can be protected with additional work. SMEs need better firewall security and better patching methods. - Most enterprise computing is safe as is. Many data centers will switch away from Windows for cost and reliability issues but the ones that can't will remain faithful Windows clients. So Microsoft has to concentrate on helping the people who can still be saved, namely SMEs that have several PCs behind a shared internet connection. Having seen three of my friends' PCs dead today from Sasser (MSIE rebooting without end, and no way to do anything else on the system), I'm rather sceptical that home computing can be saved.
Sig for sale or rent. One previous user. Inquire within.
First off:
1. Dumping Features would break lots of stuff. I suggest that they don't ADD any more and fix what they got!
2. Um, gcc prevents this?? There's no language that prevents these types of things. Even if you write with a language that supposedly does not have Buffer Overflows, you still rely on other modules that were written in a language that does allow them ot happen.
3. UNIX and Linux both have 20 ways to do things as well. It's called choice. You choose the best for your situation. I think what you mean is that ActiveX components used on the web should never be allowed to stray out of the web sandbox nor should they be allowed to execute code. And another thing...the mail client should NEVER be allowed to execute code with out asking the user forty times!
Gorkman
Please stop making the mistake of thinking that NGSCB was ever a security project. It is simply the newer name for "Palladium", Microsoft's total lockdown and DRM system to create a "trusted" (by the music industry, not by you) computer.
Microsoft dropping this is good in every way, except that it's ghost will return in other forms for sure...
In a recent interview with WinEvil.com, Gates confirmed, "Yeah, it [the NGSCB] just wasn't eeeevil enough for us. We've got a history of setting the evilbar pretty high, and our current efforts were "extremely irritating" at best... We're looking for true unadulterated mindbending evil, and we know our customers won't settle for anything less. Give us a chance -- you won't be disappointed."
Gates then proceeded to use a Windows XP CDRom as a prism to magnify his own inner evil until it was focused enough to melt a cute puppy, drawing appreciative applause from the crowd of evildoers. The crowd then had a huge WindowsXP InstallFest and cut off their own testicles in preparation for the comet Zurg's arrival to take them away.
I'm not normally an irrational zealous dickhead, but I figure "When in Rome..."
Whereas legacy systems such as Unix are finding it harder to support newer hardware features such as the NX codes in the latest AMD and Intel chips
Uh, what?
As far as I know, the so-called "NX codes" are just the ability for the MMU to mark a page of memory as non-executable.
Real architectures, such as SPARC, Alpha, and PA-RISC, have had this feature for a long time. It's used in Solaris for the non-executable stack feature, and it's the basis for OpenBSD's W^X feature.
So Intel, AMD, and Microsoft are just catching up to features which platforms you dismiss as "legacy systems" have had for years.
Ubi dubium, ibi libertas.
And another thing...the mail client should NEVER be allowed to execute code with out asking the user forty times!
And I bet you'd still have users that would click the "Yes, i'm an idiot" button forty times just so they could see the pretty new screen saver their friend so thoughtfully sent them!
Yes. I've been trying to get the C++ committee to tighten up that language for years, with little success. It's time to get more serious about this, and apply pressure via ANSI (which is supposed to insure that standards are safe) and the Department of Homeland Security's National Cyber Security Division. Like it or not, we need to go to full subscript checking for anything that could possibly be exploited. The resulting 10-20% performance hit is minor compared to the costs of dealing with these attacks.
I've sent this to the C++ committee:
The Sasser worm exploits a buffer overflow in Microsoft's LSASS service, which is, apparently, written in C++.
Perhaps more weight should be given by the Standards Committee to tightening up C++ and making it a safer language. The Committee has consistently rejected most suggestions which tighten up the language, usually on the grounds that they would impact existing code or prevent some dangerous but valid code from being used.
It is now appropriate to ask ANSI, and the Department of Homeland Security's National Cyber Security Division, to reevaluate the C++ committee's priorities in the light of the documented and substantial damage caused by weak safety features of the language. Whether the committee should be permitted to promulgate unsafe technologies with ANSI approval must be seriously questioned at this point.
That will probably be ineffective. The appropriate forum will probably be Congressional hearings on computer security, which were threatened last year after the SOBIG virus, and are likely to happen this year.
Interestingly, at the same time as this article pops up in feedreader, I get this link from e-week that refutes the claim. Net: microsoft says palladium is still very much alive.
What's the odds that Microsoft will continue to seek a way to push their concept of trusted computing onto the consumer -- by giving it another new name? Palladium got too much bad PR, so they changed the name. Enough people caught on, so now they are abandoning that name (not the project, for sure).
I was taking one day at a time, but then several days got together and ambushed me. (from a Rhymes with Orange comic)
The fact is that the only way to implement this sort of DRM is through tamper-proof hardware, and even then its not like someone with a camera phone or even a good old small film camera to get a copy of that 'private' email (which is mostly what they are touting its use for). As for music and videos theres the if-i-can-see-it-i-can-copy-it which just cant be stopped, people will tolarate surprisingly low quality. And this isnt rocket science either, most people will be able to defeat these systems, software or hardware. Its not in Microsoft's interest to pursue this unless they want to piss people off or look very stupid when their "virus proof" OS gets hit one week after launch. It was a stupid idea before and it always will be a stupid and hated idea. Im glad they dropped it.
This comment does not represent the views or opinions of the user.
If you dont believe my security statement, just wander on over to securitytracker.com - there are more discovered flaws in the recent past with Linux than with Windows.
a) Despite the increased amount of bundling Microsoft's done over the years, a "Linux distribution flaw" is still awfully different from a "Windows security flaw". A Linux distribution is composed of many, many more lines of code and pieces of software than Windows. If you want to include security problems with Open Office, it's only reasonable to include security problems with MS Office.
b) Local exploits attract attention on Linux. A lot of "exploits" in Linux are local attacks. Local security on a Windows box is pretty much a lost cause.
c) When Microsoft discovers a security problem and fixes it internally, they don't say "fixes a security hole in...". They just bundle it with some other set of fixes and stay quiet. You won't hear about it.
d) MS has a PR department that spins bugs as "issues" and tries to dampen criticism of security. In the open source world, people generally call "bugs" "bugs" (and frequently wishlist items "bugs", which would drive companies with marketers bananas).
e) Many previous Microsoft security holes just wouldn't happen in the *IX world because of the more security-oriented culture (note that I suspect that Microsoft is improving here). MSIE and Outlook grant a lot of power to remote websites to cause execution, to modify bookmark lists, and the like. Windows NT infamously shipped with a blank Administrator password (and no prompt to set one during the install process), all drives shared by default *invisibly* (they were administrative shares, and the only security in place was the fact that Microsoft clients didn't display administrative shares remotely), and automatically reshared drives upon reboot if sharing was turned off on a drive.
f) Microsoft has been known to blame sysadmins for security problems ("Well, yeah, your network was compromised and your data destroyed by the latest virus, but you didn't firewall our systems, and we released a patch a week ago which you should have deployed.") *IX boxes was designed to sit on a network and be fully accessable, and "firewalling to fix implementation flaws" is not an interesting approach to most *IX admins. Plus, most open source contributors *are* sysadmins to some extent.
Want to do some *real* security criticisms of Linux? How about the following:
* Red Hat was trying to set a new golden security standard for Linux by adding SELinux *by default* starting in Fedora Core 2. This would have allowed giving limited access to things to processes (a sore Linux lack), helped make software SELinux-compatible, and paved the road for other distro vendors. Red Hat, after two test releases, finally just backed down on including SELinux enabled by default in FC2, saying that it just caused too many problems at the moment. This represents a loss of a year at least in moving to a much more powerful and secure security system.
* Stack overflow protection mechanisms are still not standard in the Linux world. The only distro vendor that I know of that definitely includes such a patch enabled by default currently is Red Hat with exec-shield. In contrast, *Microsoft* just added stack execution blocking to Windows.
* Filesystem ACL support in Linux today sucks. A lot. A software author cannot rely on filesystem ACLs being present (since they are not by default on most Linux boxes) -- just old-style *IX permissions. One can improvise to get *some* of the ACL functionality by cleverly nesting directories and adding users to extra groups for each directory in question, but most Linux boxes *still* have a 32 group-per-user limit. The *IX permission scheme is simple, fast, and easy-to-audit. However, it is lacking for many users -- there are a lot of sysadmins out there who'd like to be able to say "Anyone in Development can read or write this directory, Mary and all of the Marketing gro
May we never see th