Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Stalling TCG Best Practices Document?

Posted by ScuttleMonkey on from the security-getting-in-the-way-of-profit dept.

It doesn't come easy writes "Bruce Schneier (of Counterpane Internet Security) suspects Microsoft doesn't want the recently Trusted Computing Group published best practices document: Design, Implementation, and Usage Principles for TPM-Based Platforms to apply to Vista. The reasons are mostly speculation at the moment but Bruce implies further investigation will be forthcoming..."

8 of 163 comments (clear)

  1. Link to actual blog entry by Anonymous Coward · · Score: 5, Informative

    Trusted Computing Best Practices.

    PLEASE can we stop linking to the entire stupid hierarchy of news.com.com.com.com, zdnet, cnet and other stupid useless sites like that? Schneier is a big boy, he can handle /. - and if not, there's always coral.

  2. The IEEE P1667 open alternative by IPAQ2000 · · Score: 3, Informative

    This makes so much more sense

  3. Re:The DRM factor. by mopslik · · Score: 4, Informative

    People have voted with their dollars (& pounds, euros, etc). Apple's DRM is simple and consistant unlike MSFT's which change per song. Apple has sold over a half a billion dollars worth of songs. The rest combined barely equal a tenth of that.

    I'd warrant that a backlash against Microsoft's DRM isn't what's fueling Apple sales. More likely:

    1. The iPod is THE "wow" music player to have these days
    2. Heavy marketing by Apple
    3. Songs are cheap

    I know a number of iPod owners, an DRM doesn't even cross their minds.

  4. Re:TCG Bashing? by robertjw · · Score: 5, Informative

    I'm not sure of the writer's bias

    Bruce Schneier is a security expert with a practical perspective on security analysis. I subscribe to his newsletter, and near as I can tell, he's not particularly biased for or against Windows. He is very vocal about the balance needed between individual rights and security concerns. He also regularly points out security measures and implementations that are just for show.

    I read the article and it doesn't seem like he's bashing TCG at all. Appears more like he has issues with Microsoft wanting to release VISTA as a approved TCG OS without actually following the best practices document.

    --
    Find coupons in Greeley
  5. Re:The DRM factor. by notdanielp · · Score: 2, Informative


    Apple's DRM is simple and consistant unlike MSFT's which change per song. Apple has sold over a half a billion dollars worth of songs. The rest combined barely equal a tenth of that.

    Consistent? Apple reserves the right to change their DRM on songs you've already bought. Wikipedia tracks some of the changes made to iTunes DRM since release:
              "With the introduction of iTunes 4.5, Apple raised the number of machines allowed to use purchased music from 3 to 5. They also cut the number of times a user can burn CDs of the same playlist from 10 to 7. This adjustment was the result of the renegotiation Apple had with major labels. In 4.7.1, users were further restricted: they were limited to sharing their songs with five computers within 24 hours, rather than the previous five at a time."

    --
    The president has been kidnapped by ninjas!
    Are you a bad enough dude to rescue the president?
  6. Re:TCG Bashing? by zonker · · Score: 1, Informative

    i don't believe schneier has any bias except towards making sure bad security and policy doesn't become commonplace. this means making clear the user's rights and the content owner's rights and making sure they don't overstep each others bounds.

    have you ever read any of his stuff?

    --

    Large print giveth, and the small print taketh away

  7. Re:No lasting effect. by nacturation · · Score: 3, Informative

    If Microsoft actually had to comply to someone else's standard, then there would actually be interoperability.

    In this case, the standard defines how it should work and what it should do. Microsoft can *implement* this in any way that they choose. In no way does this imply that adhering to the standard will promote interoperability. Think of it this way: a security standard might say that "door locks should be of sufficient strength and complexity that it would withstand 500 pounds of force and take an experienced lockpick a minimum of 30 minutes to pick". Adhering to this standard doesn't mean that one vendor's keys will work with another, nor that the locks will even fit on your brand of door.

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  8. Re:TCG Bashing? by fermion · · Score: 2, Informative
    I would add that if one is not sure who Schnieir is or his biases, then one really has no basis to write an opinion on any computer security issue. He is one of the major players in the field. It is like programming and never having heard of Gamma or kernighan or stroustrup. One may not a agree with a particular player, but one should know who the players are.

    In fact it has only been in past several years that Schneier has left the ivory tower and taken a stance on certain security situations, most notably in Beyond Fear. I find his thought process to be interesting and entertaining. For example his treatment of guns for airline pilots is classic.

    --
    "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black