Windows 7 Likely Going Modular, Subscription-based

Microsoft CRM writes "When Windows 7 launches sometime after the start of 2010, the desktop OS will be Microsoft's most 'modular' operating system to date. That's not necessarily a good thing, of course; Windows Vista is a sprawling, complex OS. From Microsoft's perspective, though, there are many possible benefits. The OS's developers can add/remove functionality module by module. New modules could be sold post-launch, keeping revenue streams strong. A modular approach could also allow the company to make functionality available on a time-limited basis, potentially allowing users to 'rent' a feature if it's needed on a one-off basis. Microsoft is already testing 'pay as you go' consumer subscriptions in developing countries."

Here's where the technological shackles come in..

[darkfire5252]

The parents are correct, there's no way that Microsoft would be stupid enough to design an open and modular OS because competitors would rip them apart. MS may be lacking in many areas, but predatory business practices is not one of them. I'm betting that Windows 7 will re-introduce us all to one of our old friends. Remember way back when, when people were ranting and raving about trusted computing and something called the Trusted Platform Module? After all the fuss died down, plans continued as before and as a result the majority of the people reading this post have a TPM installed into their motherboard. It's a truly fascinating device (I've read an implementer's guide, it does a LOT. Go here and download the latest 'Commands' doc. Just take a look at the descriptions and capabilities of the TPM's API. It's chilling.), and there have yet to be any products that really hinge on the TPM. With Windows 7, "With Trusted Computing technology for an even greater level of security and reliability!", here's how MS can block out third party modules, even if they published the API in the Wall Street Journal:

1. Installation of Windows 7: the OS communicates with the TPM and 'takes ownership' of the TPM. (The tech docs can't spell it out any clearer: the programmer controls the computer, not the user.) When taking ownership of the TPM, Windows provides the public key of Microsoft to the TPM.
2. Booting the computer: During installation, Windows installs a hash of the bootloader code and the OS code into the TPM. The bootloader performs a sanity check using the TPM to ensure that it has not been compromised. The bootloader then verifies the OS against the TPM and only loads 'genuine' copies of Windows. Note that the definition of genuine is entirely up to MS; at any time the TPM can be instructed, only by its owner, to invalidate any credentials. It's perfectly possible, and in fact designed into the specs, for the TPM owner to completely disable TPM protected software at any time. Irreversibly, because the binaries are encrypted and require the TPM's cooperation to run.
3. Updating Windows: Before updating, the OS instructs the TPM to provide a guarantee that it is a genuine TPM (using information manufactured into the chip), and the TPM signs MS's public key. This cryptographically proves that the computer has a TPM and that Microsoft owns the TPM. Microsoft then transmits the update to the computer, encrypting it with the TPM's key to prevent the native code from being revealed to the user or installed on a non-authenticated machine.
4. Installing a module: Similar to updating, but more insidious. The user purchases a certificate to run a module, then the module is securely transferred to the machine. The certificate is stored by the TPM itself to prevent it from being read from disk or RAM by a third party. This is done for all the TPM's information. The module is then installed if and only if it is authenticated by Microsoft. This may seem to have some flaws, but that's taken care of with the following...
5. Running a binary executable: The OS can require that every single binary be signed by a person who is authenticated by the owner. The TPM verifies this, and then either provides the OS with the decrypted binary or a failure notice. 'Configuration states' are a key principle here; at any time the state of the system (all programs that are running) can be saved into the TPM. This can be used for example by Windows update. The updater saves a configuration where only the core OS and the updater are running, and then can ensure that it will not update if not in this configuration. This keeps any on-the-fly memory editors out.

A lot of very smart people put a lot of effort into this system; it works. It's just been waiting for that 'killer app' to use it...

Re:Well...

[tokuchan]

IBM didn't sell you anything back then. You leased the machine, rather than buy it. IBM would charge you a low price but ship and install a bigger machine with extra processors and memory modules installed. The lease terms limited you, rather than physical limitations. This was actually a very good thing. First, whenever something broke, IBM could switch it out over the phone, which made those late night calls much more tolerable. Second, if you needed more power, they could switch on more processors and bill you. Then, when you no longer needed the extra, they could switch them off again and save you money. It was really a win-win situation for everyone.

The big difference here is that we are talking about software, not hardware. If MS really does this, it will either be a wild success or a dismal failure. Personally, I will stick with my Mac or move back to Linux.