IBM Shipping More PCs with Trust Chips

rts008 submits this EWeek story about IBM shipping more computers with trusted computing inside. Since the article mentions none of the downsides, we should: trusted chips will eventually be used by software manufacturers to make sure the computer's owner does not do anything with the software which the manufacturer does not want to permit.

Paranoia or truth?

[AssProphet]

Yeah, paranoia is fun and all, but I wouldn't mind a few links to support the downsides claim.
You'ld think IBM would know better than to associate the word "Trust" with "Technology". That combination is like a buzzword for suspicion to the Tech-wise.

Re:Paranoia or truth?

[Cyclops]

Yeah, paranoia is fun and all, but I wouldn't mind a few links to support the downsides claim.
You'ld think IBM would know better than to associate the word "Trust" with "Technology". That combination is like a buzzword for suspicion to the Tech-wise.

Are the `Trusted Computing' Frequently Asked Questions a good start for you?

You should also read Can you trust your computer? and The right to read, both by Richard Stallman

This last particular one is very insidious about effects made possible by Treacherous Computing.

Re:Paranoia or truth?

[cgenman]

You do realize that protecting machines against malicious attacks has always been a red herring, right? Trusted Computing ensures that signed code runs in a protected space which unsigned code cannot effect. However, most computing will still occur outside of the signed code space, and for legacy reasons every feature of today's Windows computing environment will need to remain exposed to unsigned code. In other words, this has no more chance of stopping a someone from hacking into your computer than insulating your house will stop someone from stealing your car.

If they really wanted to reduce the amount of damage malicious code could do, they would create a unix like permissions environment, with an automated way of setting permissions levels. Not only is this the obvious way of reducing malware, it is the proven way. It is a lot like what Trusted Computing proports to be, but with the user retaining full control. But the user having full control is what this is supposed to stop.

No, what Trusted Computing means, and has always meant, was not that you could trust your computer but that the media owners could trust your computer... Creating a sandbox environment where no code can touch any other code or modify its behavior in any way would not function in an environment where your typing enhancement systray app was correcting your spelling in your legacy e-mail client, but rather preventing you from recording a movie as it is written out and watching it later.

Trusted Computing is DRM.

I'm not saying DRM is necessarily a bad thing... Quite frankly if it does open up the floodgates of every movie in IMDB's database available to the public at a moment's notice, I'm all for it, at least in theory. In practice it needs to be defended against, because the industry leaders have shown themselves to use every inch of power they gain over their users to manipulate them and cement their power. While Microsoft may not trust me not to steal movie trailers from their website, I sure as hell don't trust them to let me run SkyOS 5 without interference.

I'm glad that you've brought up what the TCPA is claimed to do, because there are still large swathes of people out there who believe the lies. To be quite frank, if they were more honest about the goals of the platform we might be more inclined to trust them. But when they're trying to smuggle in more control over their users in the guise of protecting them from something they have no hope of protecting them from, there can be no option but resistence.

I am worried.

[mrtroy]

trusted chips will eventually be used by software manufacturers to make sure the computer's owner does not do anything with the software which the manufacturer does not want to permit

This concerns me.

More from a grammatical standpoint than anything else.

(and my grammar/spelling is not necessarily perfect...but I dont get edited

Not always a bad thing.

[Supergoad]

Remember, trusted computing has its place. Maybe not on the desktop, but I can see it useful to lockdown point-of-sale machines, kiosks and librarys. It would be a hell of a lot easier for some places than it is implementing Group Policies and permissions for a computer that should be used only for a specific task.

Stop dreaded hackers!

Remember, only hackers run Linux, and other un-american things on their machines! Buy today, or the terrorists win!

Bring it on. - I, for one, welcome this practice.

computer's owner does not do anything with the software which the manufacturer does not want to permit.

Good.

Instead of encouraging people to break the law (pirate software, etc) - I wish more people would choose software that _grants_ them the right to use it as they see fit.

I wish everyone in the world had to pay full price for Microsoft and Adobe software instead of copy it or buy cheap pirated versions. Then people would start recognising the value of Free Software.

Until then, pirated windows is probably the strongest competitor Linux faces.

The Birth of owning software.

Quite the contrary.

If these silly licenses will finally be enforced, people will start to demand software that they legally own the rights to - as opposed to simply stealing it from work.

The best thing that could ever happen to Free Software would be if people were no longer able to steal software from their companies an no longer able to buy cheap pirated versions.

Finally the general public would understand what the Free Software movement is all about.

It probably won't end up being that big of a deal

[ShatteredDream]

Knowing how exposed most software is to things like worms, it would be very easy with powerful control hardware to lock people out of their systems without actually damaging the system. One of the things I find very interesting is how does one go about preventing a worm from rewriting certain parts of Windows and user apps so that they think the trusted hardware is either not present or does not let the user do what they are trying to do?

If after a year and incredible amounts of money spent on R&D, Microsoft cannot really slow down the spread of worms, how can they write an operating system that cannot be totally mindfucked by a worm that twists how Windows deals with the trusted hardware? So maybe Microsoft requires code signing, who is to say that someone isn't going to find a way to spoof a real code signature so that the worm appears to be Microsoft?

My money is the proposition that they'll try it, it'll work great for 3-6 months then people will start writing worms that target trusted systems and that totally ruin them. Then it will be a big flop within 2 years. IBM, Microsoft and other companies need to realize that the human component of security simply cannot be automated. Despite all of their attempts at real security, Microsoft cannot deal with the fact that the single greatest security hole in its OS is the user that never patches and that thinks it's not cool to remember what they aren't supposed to do to avoid getting worms and other hacks.

And if it doesn't work, just stock up on as much pre-trusted hardware as possible and put it into a closet for safe keeping....

Re:michael

[Antique+Geekmeister]

Michael, I'm afraid you're mistaken. No processes will be allowed to run on your machine that *Microsoft* or a similar vendor did not specifically authorize. This means that the boot loader can be signed to prevent you from running a non-Windows operating system, a CD or DVD or hard drive disk can be signed to prevent legal and authorized duplication for what is legal home copying, and emulation software such as OpenOffice can be prevented from making the system calls to open data files generated with Microsoft Office, helping keep the Microsoft monopoly locked up.

Moreover, it can prevent experimenters from being able to design new drivers and software tools to work with the crypto-authorized hardware without spending very large amounts of money on development tool suites with frankly larcenous intellectual property agreements.

This development is potentially extremely nasty: while we're somewhat paranoid about it, the history of abuse of standards to lock customers into their monopoly justifies extreme concern about what Microsoft might do with these features.

Trust will Wilt in Face of Taiwanese Engineers

[reporter]

These trust chips appear to be an attempt at preventing software piracy.

The attempt is futile because every attempt to prevent illegal copying has been defeated. Some Taiwanese engineer will design a hardware addon to enable the customer to illegally copy the software.

The only way to protect the trust chips is to obtain a federal injunction (from a judge) barring hardware hackers from circumventing the hardware anti-piracy chips. However, those injunctions apply only to the USA. The Taiwanese engineers will gleefully ignore the injuntion -- as is their wont. The Chinese in China (including Taiwan province and Hong Kong) routinely ignore Western standards and custom.

After all, China is the software-piracy capital of the world. The piracy rate exceeds 91%.

This is not what TCPA is for

[lkaos]

TCPA (the chip that's in these PCs) is simply a Crypto co-processor. It provides acceleration for common crypto algorithms and it also provides a tamper-resistant storage location for keys. IBM maintains an Open Source implementation for the processor.

There's already been really neat things done with the chip like a truely secure version of Linux that's entirely tamper proof (this is doing by signing the kernel and boot loader with the TCPA.

Put away the foil hats people, this is actually really cool innovative technology that so far has given Linux an edge in the security world over Windows.

Re:IBM

[linguae]

You're correct. Both articles talk about how Steve Jobs and Apple don't support "trusted" computing.