Slashdot Mirror
Microsoft Scales Down Palladium
bonch writes "Formerly known as Palladium, Next Generation Secure Computing Base (NGSCB) will not be fully available in Windows Longhorn after all. Instead, Longhorn will offer "the first part of NGSCB: Secure Startup," says Jim Allchin, Microsoft's group vice president for platforms. However, most hardware will not support this technology on release."
I'm guessing that despite everything it's main purpose will still be fulfilled...
Making MS lots and lots of good old cash.
I suspect it wont do anything other than look slightly prettier and require a faster cpu, more disk space and twice as much memory as XP does to do the same basically thing.
Same old story really.
Indeed - especially when you consider that some of the features that are actually worth getting vaguely excited about (except for Mac users like you, of course ;)) - i.e. WinFS and the 3D accelaration-type stuff (Aero?) are apparently going to be backported to XP. I think the upshot is that anyone with half a brain is going to stay on XP, and the only way that Longhorn will proliferate is by being included by default on new machines.
"Secure Startup protects users against offline attacks, blocking access to the computer if the content of the hard drive is compromised. This prevents a laptop thief from booting up the system from a floppy disk to circumvent security features or swapping out the hard drive."
In other words, no more pulling out a drive to virus-scan it then replacing it or replacing a drive on an OEM machine - that won't allow it to boot.
"The security platform depends on a TPM chip being present in the system. The chip is an industry standard governed by the Trusted Computing Group, a non-profit organisation which develops security standards."
All nonprofits rely on donations to survive, and I can bet that a LOT of donations are going to start rolling in to them from certain organizations involved in content creation and distribution.
Also, if it requires a custom chip, it ain't gonna go over easy - new motherboards will be required.
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
Either I'm stupid or they are (for humility's sake, I'll assume the first), but doesn't file system level encryption already solve this problem?
Also, Apple is already one step ahead by removing floppy drives from the computers.
Why did we ever fear that they'd succeed?
Because even a broken clock is right twice a day.
Secure Startup protects users against offline attacks
? PHPSESSID=f6bfd6ada2877cbe69e8f281ef4ca487 that will help you out with that.
Gimme a break. Who needs security from offline attacks more than security from online ones? If that were such a stretch, there are products http://www.computersecurity.com/laptop/cables.htm
As an ACTUAL Windows user (and yes, I do use it; software investment, unfortunately) I'd love to see more ONLINE security: integrated firewall, antivirus, spyware, etc. That would more satisfy me.
When the going gets weird, the weird turn pro. ~~ Hunter S. Thompson
The problem is that "It just works" also depends on a decent hardware platform.
And of course there's the rather obvious question of whether Microsoft are actually capable of creating the software half of "It Just Works". History would seem to suggest not.
I still remember Bill Gates announcing that in Windows 3.1 there would be no more UAEs (Unexpected Application Errors)! You know how this miracle was achieved? They re-named them to GPF (General Proection Fault).
How does the saying go: "fool me once, shame on you, fool me twice shame on me"?
Bad analogies are like waxing a monkey with a rainbow.
Is it just me, or is Longhorn increasingly beginning to resemble vapourware? We were sold the idea of a revolutionary next-gen computing platform, with all-new graphics subsystem, trusted computing (yuck, but at least different), enhanced security, relational filesystem, etc, etc, etc.
Now Avalon's being back-ported to XP, trusted computing isn't making it into the final product, WinFS has been pushed back to god-knows-when, and general security will likely be as god-awful and insecure as ever.
Against this background, what does Longhorn actually have to offer potential upgraders? Especially businesses?
Pretty Aero Glass UI? "Windows theme's always worked fine for us, thanks, and requires no user-retraining - why bother upgrading?"
But, it's all new! "Yeah, so we'll have to buy all-new hardware. And beta test it^W^W^W live with the inevitable but unfortunate 1.0 bugs.
Increasingly the reasons are "But, but, but, it's the new operating system from MS - you have to upgrade!", which is, obviously, no reason at all.
I was quite worried about LH when it was first announced - it sounded like a hell of a leap beyond anything Linux and Free Software had to offer (although, given time, I was sure FLOSS would catch up or surpass it).
Now, however, I'm having trouble retaining even mild interest - Microsoft hyped it so much, and are now so publicly failing to deliver on anything they've promised, that by the time it launches I wouldn't be surprised if they've Daikatana'd the thing practically to death.
Longhorn? Long-in-the-tooth, more like - a decrepit and crumbling shadow of it's former self that looks in danger of becoming irrelevent before it's even launched.
Of course, I may be condemning it unfairly here - are there any killer features that will save it from this downward trajectory?
Besides a billion-dollar marketing budget?
Everything in moderation, including moderation itself
Rest assured that the first service pack will consist almost entirely of draconian DRM "enhancements".
(You did read the EULA, didn't you?)
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
This feature was one of the most important and most scary "improvement" in the history of computers a few years ago: removing the control of the machine from the hands of the user, censorship controlled by Redmond. The fact that they removed this "feature" is an improvement by itself.
One could argue that Apple has indeed capitalized upon this with Mac OS X Tiger, coming out tomorrow, which contains a lot of Open Source code in it (Darwin/FreeBSD, Apache, CUPS with an excellent interface, etc). And guess what? People are sitting up and taking notice.
No, no, and no. While IBM may have the deep pockets to do something like this, they are absolutely the WRONG company to do it. And I say this having previously been a long time IBM OS customer and as a former IBM employee.
First off, hardware companies have traditionally been afraid of IBM, because IBM has traditionally been a competitor (a view which probably hasn't changed much with the sale to Lenovo). Just take a look at how many hardware companies stepped up and supported IBM's previous consumer OS attempt, OS/2: support was often half-hearted, pathetic, or nil. The fact that IBM was behind it scared off potential hardware vendors (who, BTW, don't make their money off writing device drivers anyhow, and thus tend to like to keep driver development costs low by targeting as few platforms as possible).
Secondly, as anyone who bought in to IBM's OS/2 WARP v3 push and needed support probably knows, IBM just isn't set-up to provide end-user support. They have no experience nor expertise in consumer software support, and didn't do a terribly good job of it.
Sorry, but IBM creating their own consumer Linux would be the touch of death. IBM seems to know this themselves -- they have always expressed that they have no interest in creating their own Linux distribution, instead relying on partners to do this for them (like RedHat). There are much better options for such a company to produce such a Linux distro (and based on what I saw at LinuxWorld Canada last week, there are certainly some companies out there who are interested in trying).
Yaz.
Longhorn will still have improved plug and play type abilities. While to the average slashdotter security and WinFS may seem like the important things, to the average joe the ability to plug his camera/cell phone/mp3 player in and have it work without them having to do anything, is the most important thing.
That and pretty pictures...
Microsoft can make a killing from the average joe, and then release Longhorn SE with the added features a year or two later. And make another killing...
East Coast Brewers
Who backs them? What is their official reason for existing? What is their real reason for existing? (This last question cannot be answered by merely reading this groups home page; you need to consider the motives of those directing or controlling this group.)
My guess is that their official reason this group exists is "to promote safe environments by protecting users from various malicious computer exploits" or similar sounding goodness.
In contrast, my guess is that their real reason for existing is "to strip users of their existing rights to use the programs and data on their computers so that copyright holders can dictate if, when, and how users may access them".
Opensource really helps, even when it is under BSD licence. It saved Apple the work of doing the OS stuff, so it could mainly innovate on look, feel and userfriendlyness.
Microsoft will be putting unix style permissions in LH, so their security model will come closer to a long time proven concept. The bad part is that users really do not have a clue on how to use this (I know, I got those users in my company), and probably will do it badly, so it will bring bad fortune over this file security model.
Just as automobile manufactures develop a concept car in hopes to bring all ideas togeather, I can't help but wondering if Longhorn is offically an OS. Rather, it sounds like Longhorn is nothing more then a pet project of verious concepts microsoft is playing with.
I'm willing to bet the next version of Microsoft Windows will not be as dramatic as we see in Longhorn. I think they know that consumers are tired of being "feature shocked" with a different and reorginized GUI. Hell, I love computers. But I must admit, it does get aggravating having to reaquire reacquire your bearings on any new OS revision.
Life is not for the lazy.
From TFA: "A chip, the Trusted Platform Module (TPM), is used to encrypt data streams between the operating system and applications." ... hmm, why do I think that this coming from Microsoft is not good ?
One question: why ?
I thought modern processors (like the 386) already kept processes from reading each others data. So it's not for separation.
It certainly won't keep an application from hacking the operating system, cause I don't think the TPM could possibly figure out if the data it encrypts is harmfull or not. So if the system call is buggy, it will be hacked TPM or not.
One use could be to only let digitaly signed/unmodified application to run
Feel free to add more ideas...
bye, krajo
Learn to separate truth from illusion. Because in this world, it's the hardest thing to do.
You are probably hearing "security" and "trust" and falsely assuming this means YOUR security, or YOU being able to trust your computer.
In fact you, the user, are not the intended beneficiary of "trusted computing" at all.
The problem now is that people have too much control over their computers. From the perspective of somebody trying to limit what other people do, this is insecurity. If you write a computer program and sell it to someone, why, there's no guarantee at all that people will use it the way you wanted. People may find ways to trick your program into doing things it didn't intend, or even start to fiddle around with it and its innards, or use the files they made in your program in competing applications. It's as almost as if these people believe that just because they bought a copy of your software means they [i]own[/i] that copy. Something must be done about this. Vendors, like Microsoft, want to be able to "trust" your computer not to let you do things with it Microsoft doesn't want you to do. Hence, palladium.
Trusted boot is the first step in that. It convinces people that a piece of hardware in your computer that when switched on limits the ability to write to your hard drive to "trusted" pieces of code (and not scary things like Knoppix rescue cds) is a good idea. Somehow.
is this supposed to be a joke?
you don't "add on more stability, security...". either it's there from the start or not.
all you can do later is restrict usability to give the illusion of stability, security ("you are not allowed to use that driver", "your settings do not allow you to access this page" etc.)
This program is to be released next year, and will probably be delayed a few more times. MS' spinmeisters are just trying to keep it in the news, so they create 'news events' that are no events at all. Even negative attention is better than no attention at all. But is it worth the attention? No, not for me, I use Linux exclusively since 2001, and so can you.
;-)
Not only MS is guilty of using this vaporware tactics. All the media are lapping it up too, without even a single note of critisism. It seems we not only need the icbm adress of MS, but those of it's minion news outlets too
This space is intentionally staring blankly at you
What is the effect of this going to have on Linux bootloaders?
Are projects like Grub and Lilo still going to be able to dual boot between Linux and Windows, or is the Secure Startup going to detect this as an interference and stop users from booting into the Operating System?
Fringe users like the ability to Dual boot between their two oses. They like playing in Linux, but want to know that if it all goes horribly wrong, they can still turn back to windows. I was one of these people, although now I exclusively use Gentoo at home.
Remove this dual-boot ability, and there will be several less users who try Linux as a desktop operating system. In my opinion, it will be a big kick in the teeth of the Linux desktop growth rate.
This seems like a perfectly good excuse for Microsoft to solve that dual boot problem which has been pestering them for a long time. Oh, installed another OS? That's quite clearly a violation of your hard disk - EXTERMINATE!
It strikes me that Microsoft is feeling the pressure.
MS still has over 95% of the desktop share and roughly 50% of the server market.
You are deaming. They are taking their time becasue they can.
So bug fixes, rewriting functions to be less susceptible to buffer over flows, and fixing bugs is impossible?
Right.
I think Microsoft knows they are losing traction because of their old and messy code that they can barely update and are taking this period to clean it up and try to fix and loop hopes in security and bugs. Why is this bad?
What else would they have been working on in the past 5 years after sending all their programmers for security training?
This is the first release (well not counting SP2) that will break some applications, which is a good thing. It means they are finally sacrificing compatibility to fix long standing issues.
Secure Startup will eventually stop people running non-Microsoft OSs on computers.
I don't like the sound of this secure start-up. What does it gain you? What does it lose you?
Gain: deters thieving of h/w because the thief can't run the computer w/o the original s/w installation on disc.
Non-gain: doesn't protect your data on the C: disc; only protects the bits of the computer that don't hold data.
Possible losses:
- No rescue discs (or it could be harder to make rescue discs).
- No Linux bootable floppies (can't boot from floopy).
- No Knoppix CDs (can't boot from CD, presumably).
Hmm. Are they really trying to exclude Linux installations? It could be a lot harder to make a dual-boot machine. (*Dons tinfoil hat*).
With OS X, Apple bit the bullet and made a clean break with their crufty past. They had the Carbon API for a couple of years prior to release which made quite a few apps "OS X ready" from the gitgo. There is the Classic virtual machine for the apps that haven't gotten with the program and everything else is all new and quite a bit saner.
MS should do the same. Chuck the current hopeless mess into a virtual machine and start all over.
Longhorn will probably address security in the following tried and tested way: copy existing free security tools and protocols, add a Ton of unwanted and unnessesary features (with some good old bugs and security holes to boot) and give it an 'X-tream!'(tm) marketing name, then integrate them into the OS to stop anyone unistalling them and distribute for $500.
Oh... and then stop supporting it after 4 years.
Coding Monkey.org - Spanging the heavy spade of truth into t
I'm seeing alot of concern about what this OS is going to do since they seem to be stripping everything out of it. Then I read a comment that they are building a base first and then juicing it up with the features being taken out at a later date. While I do agree with this analogy, I find it good and bad at the same time. MS OS's for the most part come with features that really don't get modified too greatly after its initial release. XP SP2 is really the only update we've seen that changes OS features. Remember too that all of their updates have been FREE and I have good reason to suspect that LH's updates will be free as well. Just because they aren't included with the initial release doesn't mean squat. To you and I that is. The downfall to releasing the updates at a later date is for the average Joe Lunchbox. Those people expect to have everything ready in a turn-key fashion. Some of us do as well. But dumping OS updates on people months after an initial release may get confusing. Make no mistake - Longhorn is the stepping block of future OS's from this company. They aren't going to let it croak. If it bothers you this much then you can always go buy yourself a Mac because afterall, don't they already have the features in question?