Microsoft's New Plan For Keeping the Internet Safe

itwbennett writes "Microsoft Corporate Vice President for Trustworthy Computing Scott Charney used to think it was the responsibility of ISPs to keep hacked PCs off the Internet. Now, he says the burden should be on consumers. Speaking at the RSA Conference, Charney suggested that the solution may be for consumers to share trusted certificates about the health of their personal computer: 'The user remains in control. The user can say I don't want to pass a health certificate,' he said. 'There may be consequences for that decision, but you can do it.'"

You've never been laid, right?

[khasim]

The problem is that this isn't about "proving" that you're clean.

This is about proving that you have, in the past, purchased condoms (anti-virus).

And that you are currently wearing a condom (anti-virus is running).

NOT that you don't have a disease.
Or that you have any symptoms.
Or that anyone you've had sex with had a disease.

The BANKS are the ones that should be dealing with whether they can sanitize anything they receive from you (and anyone else) AND verify that it really is you initiating the transaction.

Sex is NOTHING like an on-line purchase. Try it and see.

Re:Pathetic

[Alsee]

That simply means you need a "trusted" box to reply to the challenge. It doesn't have to be THE box. This sounds like something a Windows VM and some packet sniffing/injection could very easily defeat

Nope. The entire point of Trusted Computing is to make exactly that sort of thing impossible. It's impossible to virtualize the Trust chip unless you know the master keys locked inside the silicon. No amount of packet sniffing/injection will enable you to forge a Trusted communication. They are cryptographically signed by keys inside the chip. Trying to run a normal computer plus a second box to reply to challenges generally does you no good because everything gets encrypted or signed. The second box won't sign the stuff you need signed, and it won't decrypt what you need decrypted. The master keys are locked inside the silicon, and the lower level keys are generally encrypted before they leave the chip and only decrypted when they are loaded back into the Trust chip.

Trying to use a two-box setup would be extremely difficult and it wouldn't achieve much. Lets say your ISP wants a Trusted Health Check on your computer before giving you a connection. You use the Trust box to authenticate. During the authentication the ISP sends an encrypted internet session key. It is encrypted in such a way that it can only be decrypted by the Trust chip, INSIDE the Trust chip, using the a decryption key locked inside the Trust chip. You can't sniff the internet session key because it's been encrypted with the Trust chip's key, which you don't know. You now connect your "real" box and try to use your internet connection. Except now your ISP expects some or all of your outbound packets to have a validation code embedded. These validations codes can only be generated using the secret internet session key. You can't send packets because your "real" box doesn't know the internet session key needed to validate those packets, and your secondary Trust box refuses to validate them for you.

Do not underestimate Trusted Computing. I'm a programmer, I've read the 300+ page technical specification on this chip, I know DRM is impossible and the reasons it Always Fails. Trust me, software attacks are almost completely nullified. Any successful software attack is generally confined to temporarily exploiting localized bug affecting specific data belonging to that specific affected program, and they can FORCE down patches fixing the bug. It is essentially impossible to fundamentally defeat the system with any software attack. Only a hardware attack will truly defeat the system, and they are moving the Trust chip INSIDE THE CPU ITSELF. Not even the god of all modchips and motherboard hacks can do squat when the Trust chip is inside the CPU.

The only way to break the system is to literally rip open the CPU itself. That will indeed blow the Trust system wide ope, but then there's another problem. You have to be insanely careful never to allow them to detect that you have beaten the system and that you can do stuff you're not supposed to be able to do. Almost anything you do can be traced back to the the specific Trust identity code involved. If they ever detect you doing anything you shouldn't, then that identity code goes on a revocation list. You can still access the data you've already broken, but for all practical purposes that computer is dead. It can no longer access any new Trusted data, and all other Trusted devices will refuse to speak to it.

By revoking the hacked identity key they can make it cost you (up to) the price of an entire new computer, plus the difficulty of physically dissecting the new CPU chip to extract a new set of keys. You have to do this each and every time they catch anything anomalous relating to your cracked system.

And you're really screwed if you have to use your real identity during the Certificate Authority process required to enable a new chip. They may refuse to let you activate a new system, or they may send the feds to arrest you for violating the DMCA o