Feeds

Palladium tech up for discussion, says MS security chief

And if users don't buy it, it dies...

  • alert
  • submit to reddit

The essential guide to IT transformation

Unaccountably, Microsoft seems to have forgotten to invite The Register to Tech Ed in Barcelona this week, but we're pleased to see some useful information making it into the public prints. Yesterday, IDG News correspondent Gillian Law obtained some useful information about Palladium from Microsoft UK chief security officer Stuart Okin.

First of all, we do not get the impression that Okin is entirely pleased by the release of information about Palladium last week. Details, he claims somewhat bizarrely, were "leaked or squirrelled out by a journalist." Well, indeedy-doody, Stuart. The knowledge that Newsweek writer Steven Levy infiltrated Microsoft with photographer Brian Smale, secretly took posed photos of the development team then surreptitiously obtained on-the-record quotes from numerous Microsoft execs from Bill Gates down puts an entirely different complexion on the article. And its presence on Microsoft's 'links to things written about us that we like' page must surely be some kind of clerical error.

We jest, of course. What we think Okin is really alluding to here is the age-old Microsoft internal battle between the marketing droids, who see their role as being to get nice, excited write-ups of Microsoft products, and the techies, who wish the droids would stop making overhyped promises they won't be able to keep. So maybe it's significant that one of the new breed of Microsoft security czars is showing signs of lining up with the techies.

Palladium being presented as a complete, 'solve all your security problems magic bullet' is most certainly premature. Okin tells Law that it's still in "consultation mode," that white papers will be out by the end of this month, and that Microsoft will proceed after getting feedback from this.

Palladium, which will combine security chip (which is expected to migrate onto the CPU in a future rev) with a public and private key system, could be important for DRM, but "its prime function is to ensure security and privacy." Look at it from the security czar's point of view, and you can see how important it is to ram home that message, even to genuinely believe it. These people have been specifically hired by Microsoft to clean up the company's security act, and if they're not to operate merely as fig-leaves, they may actually have to resist Palladium and similar being used for DRM. So more interesting internal tensions here.

The technology will be switched off by default, he guarantees this, and it will be "an opt-in technology" that "will live or die by user acceptance." It will also be licensed to any software company that wants it, but their software would need to be certified. Price, terms and conditions, and the certification process are all potential gotchas here and in our view Microsoft will have to be a lot more open and responsive than it has been in the past as regards licensing, if it genuinely wishes to achieve broad support.

Palladium hardware will not, Okin tells IDG, ship until 2004-2005, and applications for it won't be around until two years later. That certainly puts it in the Longhorn window, but it's not clear why, if it's initially going to use a separate chip, hardware can't be shipped fairly swiftly.

Hardware of this sort already exists, in the shape of the AMD-Wave reference design; this may, we're informed even have been demoed at WinHEC. The public line at the moment, however, is that AMD and Intel are working with Microsoft on Palladium, and although Wave may still be in there under the covers, it's not apparent in the publicity.

The schedule (and the participants list) may of course have been disrupted by Intel coming late to the party again, but marketing considerations will also have an influence. Microsoft could, now, add support for DRM to its existing OS software, make its buddies in the music business very happy, trash it own reputation (no really, it's still possible to do this) and destroy any chance of Palladium succeeding. So it really does have to take its time and (this is the tricky but) be thoughtful, subtle and flexible. Hmm... ®

The essential guide to IT transformation

More from The Register

next story
BBC: We're going to slip CODING into kids' TV
Pureed-carrot-in-ice cream C++ surprise
China: You, Microsoft. Office-Windows 'compatibility'. You have 20 days to explain
Told to cough up more details as antitrust probe goes deeper
Linux turns 23 and Linus Torvalds celebrates as only he can
No, not with swearing, but by controlling the release cycle
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
This is how I set about making a fortune with my own startup
Would you leave your well-paid job to chase your dream?
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.