Slashdot Mirror
Microsoft Stalling TCG Best Practices Document?
It doesn't come easy writes "Bruce Schneier (of Counterpane Internet Security) suspects Microsoft doesn't want the recently Trusted Computing Group published best practices document: Design, Implementation, and Usage Principles for TPM-Based Platforms to apply to Vista. The reasons are mostly speculation at the moment but Bruce implies further investigation will be forthcoming..."
The same system that protects spyware from accessing your data files might also stop you from copying audio and video files. The same system that ensures that all the patches you download are legitimate might also prevent you from, well, doing pretty much anything.
At least someone that is talking to a larger group of those not-in-the-know gets it.
The only reason I can think of for all this Machiavellian maneuvering is that the TCG board of directors is making sure that the document doesn't apply to Vista. If the document isn't published until after Vista is released, then obviously it doesn't apply.
If only that were the case! Unfortunately it's something that's calculated, malicious, and devious.
From Best Practices Principles Document:
preserving privacy, backward compatibility, and owner control
This will accomplish NOTHING but promote an environment where people will continue to become accustomed to DRM being on their computers. It's not going to stop worms, spyware, viruses, and the like - they are going to continue to plague people's computers - it's all part of the desensitizing of DRM. Get people pissed off enough about spyware, etc, and they will be happy to accept DRM.
It's really sad that most people still don't know what spyware is or how to defeat it. When they do hear of it they see this "DRM" stuff in the future that will eliminate it. Instead of taking the 5 minutes daily to do routine maintenance that will keep their computers and themselves happy, they instead opt for having someone else do all the work for them at the loss of everything that was once great about computers.
So it doesn't apply to Vista and the end result is that Vista turns out to be an bug-ridden, insecure operating system. What's new?
This will yet more incentive to move to a system which has been properly designed, from scratch, to be safe.
As has happened before, the other members of the group will go ahead with their design based off of a draft of the document - generation 1 has a few interoperability issues because each member interpreted the draft differently but at least there will be something out there which everyone, except MS, is trying their best to follow.
Microsoft Stalling __________ Best Practices. Old news.
thats all we're getting served from /. nowdays...
or
crapple osx
vs.
beta windows
I'm not sure of the writer's bias, but it would seem that TCG is fairly "opt-in." Somewhat unlike the current /. tidal wave seems to indicate.
TFA mentions "Controllability: Each owner should have effective choice and control over the use and operation of the TCG-enabled capabilities that belong to them; their participation must be opt-in. Subsequently, any user should be able to reliably disable the TCG functionality in a way that does not violate the owner's policy."
Who and what is the owner's policy? If the owner's policy says I can't run what I want without TCG, then that statement is effectively meaningless. I can have a hunk of hardware. If the "owner's policy" is something I make up, then it seems fine.
TFA also states "The use of coercion to effectively force the use of the TPM capabilities is not an appropriate use of the TCG technology."
This is exactly counter to /.speek. So what is it? Is this marketing spin? Is it real?
Trusted Computing Best Practices.
/. - and if not, there's always coral.
PLEASE can we stop linking to the entire stupid hierarchy of news.com.com.com.com, zdnet, cnet and other stupid useless sites like that? Schneier is a big boy, he can handle
Microsoft can only push consumers so far. If their DRM technology is too anti-social they will find that their systems will be rejected on an ever increasing scale.
Consumers may be sheep, but even sheep can be pushed too far and become dangerous to the handler. Living in a rural area, I've seen that for myself. The same thing applies to people who Microsoft are attempting to push their DRM on. It can only go so far.Liberal Ontarians and French Quebecers are draining Western Canada's wealth. Stop them now! Support Western separatism.
Out of any software company, Microsoft has the worst security record in history. I wonder if this could have anything to do with it? Just a guess...
Viruses
Insecurities
Spyware
Trojans
Adware
MS is well known for participating in standards committees, only to subvert the standards in ways to keep the competition at bay. Why should anyone expect things be different in this case?
Eh, it's all just signs of Microsoft cracking. Right now it's running around in so many directions, trying to do so many things that one side of Microsoft can't tell what the other's doing.
One section of Microsoft is trying to find a way to diversify into other fields (as it always has been). This means as soon as anything gets popular, instantly releasing that they will have a competitor to that product. See previous articles..
The next section of Microsoft is designing Vista. More or less, they're looking over at Apple and saying "hmm, now how do we do this for ourselves". Hey, if you're going to copy, make sure you copy from the best.
Next, Microsoft's patent team is doing everything they can to churn out as many patents for as many things as possible, no matter what relevance they have to anything. Patents are the new gold; having them makes you rich, no matter in what shape, color, or form.
Then you have the Microsoft gaming committee putting together the XBox 360.. Good luck with that xboxers.
And then you end up with the "future of technology" department; the one where they write all of these magnificent things, designing things like Palladium and giving them crazy names. The only problem is, while this section's doing the designing, all of the other sections of Microsoft are doing their own thing; it seems as if there isn't any communication in the entire process.
Microsoft is like a three hundred pound kid on a tricycle on a very big hill. They've got a lot of business henged on a small amount of products, and they've got to ensure that these products don't collaspe. And the best way of doing that is Advertising, the media, product placement, and the public (get the picture yet? good). The more of these documents coming out that don't mean anything at all, the more Microsoft looks like it's doing something.
"Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush
"Security: ...The reporting mechanism should be fully under the owner's control. "
"Privacy: ...designed and implemented with privacy in mind "
"Interoperability: ...should not introduce any new interoperability obstacles that are not for the purpose of security. "
"Controllability: Each owner should have effective choice and control... their participation must be opt-in. "
Why should MS rewrite all of their business practices based on what their competitors suggest?
I'm not saying that TGP is a bad idea... I'm saying that it is a bad idea for MS.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
I don't really see why Microsoft would want to stall it - assuming it would allow them to stop piracy of their operating system... Maybe piracy really isn't a big factor for them, and developing this technology would cost them more (plus delay the already late release of Vista)
That said, I'd applaud anyone who successfully fought/stalled/stopped the trusted computing initative - I don't really want someone monitoring me and telling me "No that's wrong, you can't run/do that" or "You can't connect to the internet because your computer/operating system doesn't support the 'trusted NICs'" (You know it will go there eventually...)
Does it say anywhere in the document that the participants of the group absolutely have to implement its recommendations in their upcoming releases? No. So why would MS try to delay it's release?
They've proven it time and again that they can get away with doing what they want not giving two hoots about anyone else's opinion. What makes you think they can't do they same with this even after the document is released?
This story just reminds me of all that Masonry crap and the time I wasted watching documentaries and crap on them.(Because I was really really bored.) Conspiracy theories....pfft.
just who is the 'owner' of your computer? are you a 'user' in this document? it's not very clear to me...
sum.zero
Microsoft stalling best practices? No...
"They who would give up an essential liberty for temporary security, deserve neither liberty or security," Ben Franklin. Sheesh, it's like Fascism for computers. "Please, take away our freedom! Give us safety and trust!" they cried, saluting their Fearless Leader. I guess that makes Bill Gates Hitler.
This looks like a move to implement full DRM and coerce it on end users, directly in violation of the spirit of the TCG.
Microsoft might just be trying to tip-toe around it so they can implement full DRM by making their software-only implementation.
I misread the title as "Microsoft Stealing". I guess those words just fit together well in my head.
Not only can it protect your files from being accessed by spyware, it can protect them from being accessed by you.
That is, when the 'key holders' decide that the information is forbidden. ( or just politically incorrect ).
And 'loss of everything great about computers? Remember, you are *just* a consumer, you should be happy with your 'media-device'.
---- Booth was a patriot ----
Editors?
-Jesse
Nothing says "unprofessional job" like wrinkles in your duct tape.
It seems that the Windows (TM) are a little foggy and don't allow a very clear "Vista"(TM) (view) of the inner workings... we might need an XP(TM)-ert to clarify what's going in. If he can find the help of a "Search Assistant"(TM), the better. Just make sure his speech is not clippy(TM).
If you want to keep the standards from impacting your business join the committee that makes them and strangle it in delays and horsecrap. Welcome to big business 101. Kinda like Oil guys working with the EPA, or cigarette companies running Health studies.
The rock, the vulture, and the chain
You failed to mentioned their marketing arm, the apparent real key to their success.
(That and good luck)
They are working on their own document, entitled "Trusted Computing Group - worst practices".
This makes so much more sense
I don't get it.
It's like all the privacy notice boilerplate. There are stories almost every day about companies disclosing information they promised not to disclose.
It all reminds me of the scene in Dr. Strangelove where the President asks how a rogue SAC commander could have launched a nuclear strike, when only the President is supposed to have that authority. And an air force spokesperson clears his throat and says "It appears that General Ripper may have exceeded his authority."
Why wouldn't Microsoft just bull ahead? And when anyone complains, Buck Turgidson will say "It appears that Microsoft may not have followed best practices" and everyone will shrug it off, the way they always do.
"How to Do Nothing," kids activities, back in print!
If Vista were given any kind of elevated security status above Windows Server, MS would loose those sales.
I didn't know M$ was trying to get into the Trading Card industry. I see it now: "I tap my Bill Gates and send a monopolistic attack at you loose $2bil points." "Yeah well I summon a firewall to block your attack" "oh but my Bill Gates was equipped with Windows so it gets +50 attack points and destroys your firewall" "good, Windows opens you to attack so I send my WinWorm at you, it will take you 2 turns to clean up that mess"
No, it makes Gates a Republican's politician's wet dream.
The ultimate Big Brother (let's face it, if they can, they will) experiment in the TCG (not that the technology cannot be used for security of course) being one-upped by Microsoft who want to use the technology for their own ends. It's the same thing all the time with Microsoft and bodies of this kind. They join, and perhaps even contribute, then they go away and make their own version that only applies to them.
refraining to boil the frog too quickly.
they don't want us jumping out before it's too late.
and by us, i mean the folks who haven't a clue as to how Insidious this whole thing is.
i am also partial to Sinister Computing; it has a nice ring to it.
Science : Proprietary , Knowledge : Open Source
" Eh, it's all just signs of Microsoft cracking. Right now it's running around in so many directions, trying to do so many things that one side of Microsoft can't tell what the other's doing."
what a bunch of utter bu**sh**.
i've never bought into the absurd notion that a company or organization doing things that the other people in the said groups don't know about.
it's just a red herring. or another way to say it is "plausible deniability".
it's not hard to see that it's very effective... almost no one holds them accountable when their "PR" dept brings it up or an "astroturfer".
Balmer: bill, i think the public is catching on to what we're up to with our so-called "trusted computing"
Gates: then we'll just have to boil the frog more slowly.
they're not cracking up at all. they've probably been analyzing the situation and determined that the shi* they're forcing down our throats would be more easily accomplished if they do it in smaller amounts, with some chocolate along for the ride to cover up the smell/taste.
Science : Proprietary , Knowledge : Open Source
What if MS is stalling not because they don't want it to apply to Vista, but so that their competitors on the committee can't implement software only (TNC) solutions? HP, IBM, and Sun all have DoD certified (B2 compliant) versions of their proprietary operating systems. If MS confuses things so that TPC means (only) Intel's hardware and Microsoft's software, they've frozen out AIX, HP-UX, and Solaris until Vista catches up. (Yeah, I know there are B2 versions of NT - you just can't do much with it.).
Envy my 5 digit Slashdot User ID!
Think of it this way: most computer-related "stuff" now has a "licensed, not sold" tag attached. Ask yourself again, then, who has ultimate control unter TCG definitions.
Lacking <sarcasm> tags,
use of proprietary anything.. so the "option" to opt in evaporates for the average citizen and it's again to "forced in".
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
I rate the parent "insightful", and anyone else who sees the black chess pieces being put into place probably thinks the same.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
the downfall of "trusted" computing. The group doesn't even trust eachother. How can we even trust a group like that.
The sad thing is not that a lot of people don't know what spyware or DRM are, or why they're bad. The sad thing is that a lot of people do, yet nothing is really accomplished. The cnet article is good because it raises many important points about the nature of Vista and trusted computing. And it will sit on that server with no fanfare. This will not be an important story to anyone, newspapers will not pick it up and nor will computing magazines.
We will get nowhere beyond this article, which takes no stand; makes only polite suggestions and queries.
``Something is fishy here. Should we be concerned?" A shallow question with hollow convictions and the full-bodied echo of defeat.
Trusted Computing is not about security. We know what it's really about, it's about IP. You don't need an unjustified mess to be secure. Security is just the excuse. It's about patents and trademarks and copyrights. It's not about security, because security benefits people. Trusted Computing benefits companies. It's about money and control. It's about their control over our money.
The article will sit there and rot and no one will take it further, because no one wants to risk offending the advertisers. No one wants to risk slowing a cashflow.
These kinds of things are vital, important issues. They concern our very rights as citizens and as human beings. The important part of Intellectual Property is not the latter, it's the former, it's about control of the former. Companies -- inhuman, non-being concepts on paper and ink -- subvert the rights of living people to think and explore.
We can do nothing. How do you adhere to your morals and convictions and fight something that will adhere to nothing? We are powerless to affect change and every day more restraints and ludicrous laws are passed on us and our rights are signed away for profit. For the benefit of people already in life's favor.
But it's not a big deal, right? When you're allowed to read a book is a not a big deal. What you're not allowed to say is not a big deal. What you're allowed to even think is not a big deal.
It's so depressing.
It's not going to stop worms, spyware, viruses, and the like - they are going to continue to plague people's computers
Don't be so pessimistic. Once you're in the "Trusted Enviornment" you're stuck there and can't touch anything else. So, knowing MS, this means worms, viruses and the like will only have access to trusted resources. Meaning MS Office will be wiped off the computer, but Open Office and my pr0n collection will be safe.
does any of this really surprise anybody. it is microsoft pretending to be getting along with the industry open standards and then they will come along and make their own so they can lock people in and keep the revenue stream coming in.
now especially with IPTV and all the drm crap they are making with the MPAA/RIAA it is obvious where they are going along with apple. You are obviously going to have to have the platform THEY choose to view their movies/tv.
Umm, I wonder if it will stop with just movies and tv - you think I will be able to install linux on the new vista pcs.
The IPTV and the drm with music and movies is just the DVDCss all over again. You have to have a platform THEY choose for you and if you don't well tough - you can view or buy their content.
Boy who would of seen this coming.
Is anyone here actually a software developer??? Vista is in Beta 1 NOW, so of course they aren't going to implement any design that was not previously planned. Would any other software engineer expect them to? Of course not! I personally am working on a product that is in Beta and if someone comes to me and tells me that I need to add/change anything, I direct them to the specs for the next release. I mean, come on. An OS is just about as big and complex as software designs get. Do you think Microsoft is really worried about the industry trying to force them to accept this standard? No way! Maybe if the spec came out 4 years ago when they were just starting Longhorn. Not now. It's unrealistic for any OS writer, not just Microsoft.
Agreed that that's part of it. And, as we slip down that slope where there are hardware- and OS-level mechanisms determining what we can and cannot view, hear and run, let's please thank the heavens and stars for GNU, the FSF and the thousands of players who've given us the ability to circumvent these things.
I personally don't get too up in arms about "some DRM." I think, e.g., FairPlay is pretty fair for consumers. Currently.
I no longer hear (m)any rants about CPU IDs. It's not because it's no longer there - it's because - per the parent post - we're desensitized.
From my PoV, a little governing of our digital Freedoms is acceptable if it means there's incentive for entities to build and offer good services. I thank heavens for the eternal vigilance we're all provided by the likes of GNU and FSF because they're the ones who've made possible the tools that can help us decide for ourselves when others decide to clamp down too tightly (and that threshold will differ for diferent individuals).
Yah know, all you hens running around clucking about how the sky is falling when ever someone mentions anything about trusted computing should 1) stop, 2) breathe, 3) read the documents, 4) think about how humanity reacts (in the US, at least) to perceived threats to privacy and control, 5) then get a grip. The stated in intent of the TCG is to create a trusted platform that is tamper resistant to software attacks like worms, viruses, and trojans, will not interfere with any other operating software, and will be pretty much seamless.
Can the system be abused by those nefarious ner-do-wells trying to lock you into some software? Sure, but that is true for any system. Have a little faith. The purchasing American public won't willingly give up what they perceive is their right to control thier hardware and software. The backlash will keep the worst offending vendors at bay. Voting with your dollars is a very powerful weapon. Use it against any company regardless of the hardware or software they are selling.
What's the difference?
Then you've never worked in an organization with more than 3 people in it. In a real business there are generally all sorts of politics going on. I have lost track of the amount of times I have seen Linux or BSD boxes put into production without approval up the corporate ladder. Heck, I have been involved several times with a project at the division level that was formed to fill the gap of a company wide software program that the division guys could see was doomed to failure. The division guys simply waited for a spectacular failure and then forwarded an skunkworks project that did more or less the same thing (but usually on a much less ambitious scale).
Microsoft is no different. There are thousands of ultra-competitive hackers there all trying to make their mark. In the business sector there are even teams that compete for essentially the same business. My personal guess is that Microsoft is stalling this paper because it knows that Windows is the only implementation of Trusted Computing that people actually care about. If Microsoft can force Apple, Sun, and the rest to wait for a paper before rolling out software then Microsoft will get the jump on them with Vista. That being the case there's almost certainly a wide ranging difference of opinion about Trusted Computing inside Microsoft.
Did anyone else read that as "Trading Card Game"?
You mean like when Apple decides to rip out functionality in it's product and reduce consumers right with every version of Itunes that comes out?
Coming soon Itunes 8.0. 1 cd burn, no streaming, and no burning of paid music to cd.
If anything Apple is the posterboy of DRM run amok and a preview of the future where companies reduce your right with every "needed" upgrade. But fine, everyone should just keep posting how its great that Apple implements "consumer friendly" DRM.
If you wanna get rich, you know that payback is a bitch
The group is "recently Trusted"? You mean it wasn't trusted before? Oh, I get it. You meant "the TCG's recently published best practices document."
Sorry, bad grammar confuses me sometimes.
There is no belief, however foolish, that will not gather its faithful adherents who will defend it to the death.-Asimov
"Most of the TCG spec is optional and can be turned off"
Oh please. Don't get fooled. This is just sucker bait, and you're swallowing it.
If it is optional now, it won't be in the future. The way things have always worked is that "lawful intercept" occurs in the next generation of the products.
It's been this way with just about EVERY new technology of interest that has come along. First with the phone system, then with the internet, routers/switches, and they are currently trying to do it with VOIP.
Computers are just the next thing on this list.
I give it in place by 2010, max.
-----BEGIN PGP SIGNED MESSAGE-----
J D6UVm3rjwAni4r
Hash: SHA1
Bruce, when you going to run for something I can help vote you in on?
My educated sentiments parallel Mr. Schneier's.
Not much more to say but thanks again Bruce.
Regards sir.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
iQA/AwUBQxY/ET40OzQY/jmJEQJF+gCghwtbQ71nbU1lpC8J5
jPinOQbsxGaIKSJlAGKEPTrq
=e9ml
-----END PGP SIGNATURE-----
Microsoft has a card game?
I could not agree more - the person you are replying to has no idea what they're talking about. Almost *every* company over a certain size I've ever worked for or dealt with as customer or client has the same problem.
Not only does the left hand rarely know what the right hand is doing, the pinky and thumb are usually working at cross-purposes as well, or at the very least in intense rivalry for the promotion to forefinger.
You know they call 'em fingers but I've never seen 'em fing. Oh, there they go.
Perhaps there are perceived problems with "Design, Implementation, and Usage Principles for TPM-Based Platforms to apply to Vista" being one line long.
the only game in town ;)
i've never bought into the absurd notion that a company or organization doing things that the other people in the said groups don't know about.
You should change your user name to SgtSchultz (877105). You know nothing.
When you work with (famous company XXXXX), you sign lots of NDAs. You aren't signing them to keep the secret stuff out of (famous company's well-known competitor YYYYY)'s hands. That comes later, when the product under development is approved for production. You sign them to keep the secret stuff away from rival groups at XXXXX who will knife the baby as soon as they learn it exists.
Large companies are invariably their own worst enemies.
Well, to me, thanks but no thanks.
... actually, what security ? ... company ?
... spending it on sponsorships people coding great software for the world for almost nothing ...
... Maybe microsoft started seeing some light ... as one should not cary guns if one is hoping to avoid armed conflict ...
Unless i have ABSOLUTE certainty i'll be able to NOT use TPC-technology at choice i will start collecting non-TPC motherboards from this day forth as to build a FREE-technology computer system tomorrow.
I mean
To privatise from whom ?
In wich war ?
A virus ?
A
A governement ?
A nation ?
Unknowns ?
And at what cost ? Why not spend all that great money on making great software, better tools
Knowledge is power, Control is power, this is a step too far
gasp!
free dom(inion) - free energy - free your mind - whee!
Because it's a particularly intelligent and well written comment. Not only does it have punctuation, but it's actually in the right places as well.
This makes it virtually unique in Slashdot history. Hang on, I've just realised that he used the word "affect" correctly. It is unique.
Articles like this remind me why I switched to Mac a few years ago... I didn't like the business practices of M$ forcing me to install IE with Win98, so I voted with my wallet and completely moved to Mac.
Now I admit to buying songs from iTunes which contain DRM, but they have never stood in the way of me using my music that I paid for. I wonder how many Windows users can say that about Windows Media products?
No wireless. Less space than a nomad. Lame. - Initial