Microsoft Stalling TCG Best Practices Document?

It doesn't come easy writes "Bruce Schneier (of Counterpane Internet Security) suspects Microsoft doesn't want the recently Trusted Computing Group published best practices document: Design, Implementation, and Usage Principles for TPM-Based Platforms to apply to Vista. The reasons are mostly speculation at the moment but Bruce implies further investigation will be forthcoming..."

Fishy? No, deceptive and devious!

[garcia]

The same system that protects spyware from accessing your data files might also stop you from copying audio and video files. The same system that ensures that all the patches you download are legitimate might also prevent you from, well, doing pretty much anything.

At least someone that is talking to a larger group of those not-in-the-know gets it.

The only reason I can think of for all this Machiavellian maneuvering is that the TCG board of directors is making sure that the document doesn't apply to Vista. If the document isn't published until after Vista is released, then obviously it doesn't apply.

If only that were the case! Unfortunately it's something that's calculated, malicious, and devious.

From Best Practices Principles Document:

preserving privacy, backward compatibility, and owner control

This will accomplish NOTHING but promote an environment where people will continue to become accustomed to DRM being on their computers. It's not going to stop worms, spyware, viruses, and the like - they are going to continue to plague people's computers - it's all part of the desensitizing of DRM. Get people pissed off enough about spyware, etc, and they will be happy to accept DRM.

It's really sad that most people still don't know what spyware is or how to defeat it. When they do hear of it they see this "DRM" stuff in the future that will eliminate it. Instead of taking the 5 minutes daily to do routine maintenance that will keep their computers and themselves happy, they instead opt for having someone else do all the work for them at the loss of everything that was once great about computers.

Lets play fill in the blank.

[metallikop]

Microsoft Stalling __________ Best Practices. Old news.

The DRM factor.

[Lellor]

Microsoft can only push consumers so far. If their DRM technology is too anti-social they will find that their systems will be rejected on an ever increasing scale.

Consumers may be sheep, but even sheep can be pushed too far and become dangerous to the handler. Living in a rural area, I've seen that for myself. The same thing applies to people who Microsoft are attempting to push their DRM on. It can only go so far.

Standard MS's bahavior

MS is well known for participating in standards committees, only to subvert the standards in ways to keep the competition at bay. Why should anyone expect things be different in this case?

Re:No lasting effect.

[TemporalBeing]

"So it doesn't apply to Vista and the end result is that Vista turns out to be an bug-ridden, insecure operating system. What's new?" This is classic Microsoft Embrace and Extend. Since it doesn't apply to Vista, Microsoft will release it the way they want it in Vista, and everyone else will have to comply in order to be compatible. If Microsoft actually had to comply to someone else's standard, then there would actually be interoperability.

It's not mandatory, is it?

[NubKnacker]

Does it say anywhere in the document that the participants of the group absolutely have to implement its recommendations in their upcoming releases? No. So why would MS try to delay it's release?

They've proven it time and again that they can get away with doing what they want not giving two hoots about anyone else's opinion. What makes you think they can't do they same with this even after the document is released?

This story just reminds me of all that Masonry crap and the time I wasted watching documentaries and crap on them.(Because I was really really bored.) Conspiracy theories....pfft.

File Protection

[nurb432]

Not only can it protect your files from being accessed by spyware, it can protect them from being accessed by you.

That is, when the 'key holders' decide that the information is forbidden. ( or just politically incorrect ).

And 'loss of everything great about computers? Remember, you are *just* a consumer, you should be happy with your 'media-device'.

Re:TCG Bashing?

[saintp]

Of course hardware and software companies won't use coercion to force people into TPM. They'll just stop selling everything else, citing "lack of demand." "There's just been no demand," Intel will say, "for a processor/mobo/whatever that doesn't support TPM, ever since Windows stopped supporting non-TPM platforms." Of course, months before, Bill Gates will have played the high morality card and announced that Windows would not longer run on non-TPM platforms; to allow that continue is to allow the continued spread of spyware and viruses, and Microsoft indignantly refuses to be any part of that!

See? It's not coercion. It's for security. It helps the economy. It thwarts terrorists. TPM gives flags to orphans if that's what it needs to do to get people on board.

Re:TCG Bashing?

[Josh+Triplett]

...it would seem that TCG is fairly "opt-in."

Most of the TCG spec is optional and can be turned off, and thus is not particularly dangerous unless you don't control what your software does. It will make Windows Media DRM and similar proprietary systems stronger and harder to break (though still not impossible), but it won't affect people who run Free and Open Source Software. Some of these features may even be useful in a FOSS environment, such as by keeping your encryption keys safe even if your machine is remotely compromised.

The primary danger in the TCG spec is Remote Attestation. This allows your machine to non-forgeably attest that it is running a particular hardware/software configuration. While Remote Attestation is also opt-in, refusal to attest to your systems configuration will be treated the same as attesting to a disallowed configuration: no access. This would mean no "compatible but unsupported" clients, something that the FOSS community has been amazingly good at providing for many protocols.

Essentially, Remote Attestation would take away your ability to have your computer say things like "Uh, yeah, I'm running IE7 on Windows Vista, sure!", "Yeah, this is iTunes 42.9 requesting purchase of music file blah.m4p", "Of course I'm running the official IM client from AOL/MSN/etc, certainly not something unofficial like Gaim", and "Yes, of *course* I'm just going to stream this file and delete it after viewing, I certainly wouldn't want to download it to watch over something faster than my slow Internet connection".

Re:TCG Bashing?

[Master+of+Transhuman]

Read the article again - in English.

Bruce makes it clear that the document is fairly good in that it comes down on the side of YOU - the owner of the PC (unless we're talking corporate PC here which is inapplicable since corps do what they want with a worker's PC anyway) - having control of the DRM and being able to disable any part of it that you deem necessary to do what you want.

Microsoft obviously is stalling this because Bill Gates wants to control what you do on behalf of his big customers like the music and movie industry.

The point is that the original TCM specifications said nothing about who would control all this. This document is laying out best practices and specifying that TCM SHOULD be under the control of the owner, not the designers and manufacturers.

This is good - if in fact it ends up being applied by said designers and manufacturers.

Microsoft obviously doesn't want it to apply to Vista because their agenda is NOT to apply the recommended best practices.

Re:TCG Bashing?

[Alsee]

Who and what is the owner's policy? If the owner's policy says I can't run what I want without TCG, then that statement is effectively meaningless. I can have a hunk of hardware. If the "owner's policy" is something I make up, then it seems fine.

Here's how it works... you try to instal some software and IT TELLS YOU what your "policy" must be. If you do not accept that policy then it is impossible to instal and run that software. If you try to read a media/data file IT TELLS YOU what your policy must be. If you do not accept that policy then it is impossible to read that file. If you try want to view a website IT TELLS YOU what your policy must be. If you do not accept that policy then you cannot see the website.

Under Trusted Network Connect, as documented on the Trusted Computing Group's website front page, your network provider gets to TELL YOU what your policy must be. If you do not accept that policy then you are denied internet access.

"The use of coercion to effectively force the use of the TPM capabilities is not an appropriate use of the TCG technology." This is exactly counter to /.speek. So what is it? Is this marketing spin? Is it real?

Well you decide. You are force to "opt-in" or none of the new software will instal. You are forced to "opt-in" or you get locked out of all of the new media files and data files and network protocals and the new e-Mail system Microsoft is working on. And once Trusted Network Connect becomes common... and Microsoft has issues a press release that they are implementing Trusted Network Connect under the name Network Access Protection... well at that point you are force to "opt-in" or be denied internet access.

But rememer they aren't doing anything wrong and they aren't trying to force anything on you. It is all opt-in and you always get to set the policy on your computer. It's just that nothing works any more unless you do opt-in and you do set your policy exactly they way they tell you to.

And of course you are always free to turn the Trust system off. Remember the item "any user should be able to reliably disable the TCG functionality in a way that does not violate the owner's policy"? Yep, you can turn it off... however the policy you had to opt-in to, the policy you had to choose to set... that policy had to be that you get locked out of your own files when you turn it off. The software you installed stops working, the various files on your computer are encrypted and MUST be impossible to read or restore, nothing works any more.

But it's all OK because, as they say over and over, the owner is always in control. It was the owner who decided that his computer would drop deat and lock him out of his own files if he turned the system off. It was the owner who "voluntarily" agreed to these FSCKING INSANE "policies", otherwise he's have been locked out of everything in the first place.

There... does that clarify why one side of the debate makes it sound seems harmless and optional while the other side of the debate seems to be making apparantly contradicting statements?

-