Feeds

Palladium tech up for discussion, says MS security chief

And if users don't buy it, it dies...

  • alert
  • submit to reddit

High performance access to file storage

Unaccountably, Microsoft seems to have forgotten to invite The Register to Tech Ed in Barcelona this week, but we're pleased to see some useful information making it into the public prints. Yesterday, IDG News correspondent Gillian Law obtained some useful information about Palladium from Microsoft UK chief security officer Stuart Okin.

First of all, we do not get the impression that Okin is entirely pleased by the release of information about Palladium last week. Details, he claims somewhat bizarrely, were "leaked or squirrelled out by a journalist." Well, indeedy-doody, Stuart. The knowledge that Newsweek writer Steven Levy infiltrated Microsoft with photographer Brian Smale, secretly took posed photos of the development team then surreptitiously obtained on-the-record quotes from numerous Microsoft execs from Bill Gates down puts an entirely different complexion on the article. And its presence on Microsoft's 'links to things written about us that we like' page must surely be some kind of clerical error.

We jest, of course. What we think Okin is really alluding to here is the age-old Microsoft internal battle between the marketing droids, who see their role as being to get nice, excited write-ups of Microsoft products, and the techies, who wish the droids would stop making overhyped promises they won't be able to keep. So maybe it's significant that one of the new breed of Microsoft security czars is showing signs of lining up with the techies.

Palladium being presented as a complete, 'solve all your security problems magic bullet' is most certainly premature. Okin tells Law that it's still in "consultation mode," that white papers will be out by the end of this month, and that Microsoft will proceed after getting feedback from this.

Palladium, which will combine security chip (which is expected to migrate onto the CPU in a future rev) with a public and private key system, could be important for DRM, but "its prime function is to ensure security and privacy." Look at it from the security czar's point of view, and you can see how important it is to ram home that message, even to genuinely believe it. These people have been specifically hired by Microsoft to clean up the company's security act, and if they're not to operate merely as fig-leaves, they may actually have to resist Palladium and similar being used for DRM. So more interesting internal tensions here.

The technology will be switched off by default, he guarantees this, and it will be "an opt-in technology" that "will live or die by user acceptance." It will also be licensed to any software company that wants it, but their software would need to be certified. Price, terms and conditions, and the certification process are all potential gotchas here and in our view Microsoft will have to be a lot more open and responsive than it has been in the past as regards licensing, if it genuinely wishes to achieve broad support.

Palladium hardware will not, Okin tells IDG, ship until 2004-2005, and applications for it won't be around until two years later. That certainly puts it in the Longhorn window, but it's not clear why, if it's initially going to use a separate chip, hardware can't be shipped fairly swiftly.

Hardware of this sort already exists, in the shape of the AMD-Wave reference design; this may, we're informed even have been demoed at WinHEC. The public line at the moment, however, is that AMD and Intel are working with Microsoft on Palladium, and although Wave may still be in there under the covers, it's not apparent in the publicity.

The schedule (and the participants list) may of course have been disrupted by Intel coming late to the party again, but marketing considerations will also have an influence. Microsoft could, now, add support for DRM to its existing OS software, make its buddies in the music business very happy, trash it own reputation (no really, it's still possible to do this) and destroy any chance of Palladium succeeding. So it really does have to take its time and (this is the tricky but) be thoughtful, subtle and flexible. Hmm... ®

Combat fraud and increase customer satisfaction

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Inside the Hekaton: SQL Server 2014's database engine deconstructed
Nadella's database sqares the circle of cheap memory vs speed
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
IRS boss on XP migration: 'Classic fix the airplane while you're flying it attempt'
Plus: Condoleezza Rice at Dropbox 'maybe she can find ... weapons of mass destruction'
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.