Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Stalling TCG Best Practices Document?

Posted by ScuttleMonkey on from the security-getting-in-the-way-of-profit dept.

It doesn't come easy writes "Bruce Schneier (of Counterpane Internet Security) suspects Microsoft doesn't want the recently Trusted Computing Group published best practices document: Design, Implementation, and Usage Principles for TPM-Based Platforms to apply to Vista. The reasons are mostly speculation at the moment but Bruce implies further investigation will be forthcoming..."

9 of 163 comments (clear)

  1. Fishy? No, deceptive and devious! by garcia · · Score: 5, Insightful

    The same system that protects spyware from accessing your data files might also stop you from copying audio and video files. The same system that ensures that all the patches you download are legitimate might also prevent you from, well, doing pretty much anything.

    At least someone that is talking to a larger group of those not-in-the-know gets it.

    The only reason I can think of for all this Machiavellian maneuvering is that the TCG board of directors is making sure that the document doesn't apply to Vista. If the document isn't published until after Vista is released, then obviously it doesn't apply.

    If only that were the case! Unfortunately it's something that's calculated, malicious, and devious.

    From Best Practices Principles Document:

    preserving privacy, backward compatibility, and owner control

    This will accomplish NOTHING but promote an environment where people will continue to become accustomed to DRM being on their computers. It's not going to stop worms, spyware, viruses, and the like - they are going to continue to plague people's computers - it's all part of the desensitizing of DRM. Get people pissed off enough about spyware, etc, and they will be happy to accept DRM.

    It's really sad that most people still don't know what spyware is or how to defeat it. When they do hear of it they see this "DRM" stuff in the future that will eliminate it. Instead of taking the 5 minutes daily to do routine maintenance that will keep their computers and themselves happy, they instead opt for having someone else do all the work for them at the loss of everything that was once great about computers.

  2. Link to actual blog entry by Anonymous Coward · · Score: 5, Informative

    Trusted Computing Best Practices.

    PLEASE can we stop linking to the entire stupid hierarchy of news.com.com.com.com, zdnet, cnet and other stupid useless sites like that? Schneier is a big boy, he can handle /. - and if not, there's always coral.

  3. The DRM factor. by Lellor · · Score: 5, Insightful

    Microsoft can only push consumers so far. If their DRM technology is too anti-social they will find that their systems will be rejected on an ever increasing scale.

    Consumers may be sheep, but even sheep can be pushed too far and become dangerous to the handler. Living in a rural area, I've seen that for myself. The same thing applies to people who Microsoft are attempting to push their DRM on. It can only go so far.
    --
    Liberal Ontarians and French Quebecers are draining Western Canada's wealth. Stop them now! Support Western separatism.
    1. Re:The DRM factor. by Prophet+of+Nixon · · Score: 5, Funny

      I have actually been chased up a tree by an angry sheep.

      Now, why I admit this randomly on the internet, I don't know... In any case, those things are mean.

  4. V. I. S. T. A. (the real meaning) by Anonymous Coward · · Score: 5, Funny


    Viruses
    Insecurities
    Spyware
    Trojans
    Adware


  5. Standard MS's bahavior by Anonymous Coward · · Score: 5, Insightful

    MS is well known for participating in standards committees, only to subvert the standards in ways to keep the competition at bay. Why should anyone expect things be different in this case?

  6. It's not mandatory, is it? by NubKnacker · · Score: 5, Insightful

    Does it say anywhere in the document that the participants of the group absolutely have to implement its recommendations in their upcoming releases? No. So why would MS try to delay it's release?

    They've proven it time and again that they can get away with doing what they want not giving two hoots about anyone else's opinion. What makes you think they can't do they same with this even after the document is released?

    This story just reminds me of all that Masonry crap and the time I wasted watching documentaries and crap on them.(Because I was really really bored.) Conspiracy theories....pfft.

  7. Re:TCG Bashing? by Josh+Triplett · · Score: 5, Insightful
    ...it would seem that TCG is fairly "opt-in."

    Most of the TCG spec is optional and can be turned off, and thus is not particularly dangerous unless you don't control what your software does. It will make Windows Media DRM and similar proprietary systems stronger and harder to break (though still not impossible), but it won't affect people who run Free and Open Source Software. Some of these features may even be useful in a FOSS environment, such as by keeping your encryption keys safe even if your machine is remotely compromised.

    The primary danger in the TCG spec is Remote Attestation. This allows your machine to non-forgeably attest that it is running a particular hardware/software configuration. While Remote Attestation is also opt-in, refusal to attest to your systems configuration will be treated the same as attesting to a disallowed configuration: no access. This would mean no "compatible but unsupported" clients, something that the FOSS community has been amazingly good at providing for many protocols.

    Essentially, Remote Attestation would take away your ability to have your computer say things like "Uh, yeah, I'm running IE7 on Windows Vista, sure!", "Yeah, this is iTunes 42.9 requesting purchase of music file blah.m4p", "Of course I'm running the official IM client from AOL/MSN/etc, certainly not something unofficial like Gaim", and "Yes, of *course* I'm just going to stream this file and delete it after viewing, I certainly wouldn't want to download it to watch over something faster than my slow Internet connection".
  8. Re:TCG Bashing? by robertjw · · Score: 5, Informative

    I'm not sure of the writer's bias

    Bruce Schneier is a security expert with a practical perspective on security analysis. I subscribe to his newsletter, and near as I can tell, he's not particularly biased for or against Windows. He is very vocal about the balance needed between individual rights and security concerns. He also regularly points out security measures and implementations that are just for show.

    I read the article and it doesn't seem like he's bashing TCG at all. Appears more like he has issues with Microsoft wanting to release VISTA as a approved TCG OS without actually following the best practices document.

    --
    Find coupons in Greeley