Feeds

Microsoft reveals hardware security plans

Concerns remain

  • alert
  • submit to reddit

High performance access to file storage

Can trusted computing hardware deliver security without locking out competition, asks SecurityFocus's Robert Lemos.

The next version of Windows, codenamed "Longhorn," will have security features to take advantage of the trusted computing hardware now showing up in the marketplace, Microsoft executives announced on Monday.

The software giant plans to deliver encryption features and integrity checks to insure that computers, such as notebooks, that are disconnected from a network are not affected by malicious programs. Called Secure Startup, the feature will appear in Microsoft's forthcoming version of its operating system, known as Longhorn, and represents a much smaller subset of the security features that the software giant had originally intended to build into the system software.

"We remain fully committed to the vision of creating new security technology for the Microsoft Windows platform that uses a unique hardware and software design to give users new kinds of security and privacy protections in an interconnected world," Selena Wilson, director of product marketing for Microsoft's Security Business and Technology Unit, said in statement. "The changes we are making can be characterized as an evolution of that original vision."

Secure Startup will combine full-volume encryption, integrity checks and the hardware-based Trusted Platform Module (TPM) to detect malicious changes to the computer and protect the user's data if the laptop is stolen, the software giant stated at its annual Windows Hardware Engineering Conference (WinHEC). The Trusted Platform Module is a standards-based hardware design created by the Trusted Computing Group, of which Microsoft is a member. (SecurityFocus's parent company, Symantec, is a contributing member of the group.)

While the technologies, once known as Palladium and now called the next-generation secure computing base (NGSCB), will help companies and consumers lock down their computers and networks, concerns remain that the hardware security measures could also be used to lock-in consumers to a single platform and restrict fair uses of content.

With homegrown integrity and security features being added by a variety of devices by companies aiming to lock out competition using the Digital Millennium Copyright Act (DMCA), the specter of another hardware-based security feature worries some information-system experts.

Innovation could suffer if reverse engineers are locked out from tinkering with devices, said Dan Lockton, a graduate student at the University of Cambridge whose thesis focuses on the effects of technologies created for controlling information.

The fear is that "we're moving to a stage where the customer no longer has control over the product he or she has bought or the products (created) using that device," Lockton said.

Printer maker Lexmark attempted to block generic ink cartridge makers from reverse engineering its simple hardware security scheme for validating legitimate cartridges. A federal appeals court overturned in October an initial win for Lexmark and allowed chip-maker Static Control to continue making the chips that made generic ink cartridges compatible with Lexmark printers.

"It is definitely clear that some of the content owners themselves are trying to use the technology to erode some of the fair use allowances that have historically been granted by the courts," said William Arbaugh, assistant professor of computer science for the University of Maryland at College Park. "We have to be vigilant in order to stop that tactic."

The Electronic Frontier Foundation, an Information Age civil rights group, has also criticized the technology as potentially undermining fair use rights.

However, Microsoft's Wilson stressed that the software giant intends to increase user security, not reduce the control the user has over their computer.

"We have always been very clear that NGSCB was never designed to be a system that would 'lock-in' users or decrease the flexibility of the Windows computing experience," she said. "Our vision has always been to provide benefits in terms of security, privacy, and system integrity while preserving the flexibility of Windows."

If Microsoft - and more importantly, third-party content providers - give consumers full control over how the technology is used in their systems, the security benefits could significantly increase the protection of PC data, the University of Maryland's Arbaugh said.

"This technology could be used for some really heavy handed digital-rights management (DRM) but it can also be used for some great improvements in security," he said. "I think finding that sweet spot will be a technical challenge as well as a policy challenge."

Copyright © 2005, SecurityFocus logo

High performance access to file storage

More from The Register

next story
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Windows XP still has 27 per cent market share on its deathbed
Windows 7 making some gains on XP Death Day
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
US taxman blows Win XP deadline, must now spend millions on custom support
Gov't IT likened to 'a Model T with a lot of things on top of it'
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.