Feeds

Microsoft reveals hardware security plans

Concerns remain

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Can trusted computing hardware deliver security without locking out competition, asks SecurityFocus's Robert Lemos.

The next version of Windows, codenamed "Longhorn," will have security features to take advantage of the trusted computing hardware now showing up in the marketplace, Microsoft executives announced on Monday.

The software giant plans to deliver encryption features and integrity checks to insure that computers, such as notebooks, that are disconnected from a network are not affected by malicious programs. Called Secure Startup, the feature will appear in Microsoft's forthcoming version of its operating system, known as Longhorn, and represents a much smaller subset of the security features that the software giant had originally intended to build into the system software.

"We remain fully committed to the vision of creating new security technology for the Microsoft Windows platform that uses a unique hardware and software design to give users new kinds of security and privacy protections in an interconnected world," Selena Wilson, director of product marketing for Microsoft's Security Business and Technology Unit, said in statement. "The changes we are making can be characterized as an evolution of that original vision."

Secure Startup will combine full-volume encryption, integrity checks and the hardware-based Trusted Platform Module (TPM) to detect malicious changes to the computer and protect the user's data if the laptop is stolen, the software giant stated at its annual Windows Hardware Engineering Conference (WinHEC). The Trusted Platform Module is a standards-based hardware design created by the Trusted Computing Group, of which Microsoft is a member. (SecurityFocus's parent company, Symantec, is a contributing member of the group.)

While the technologies, once known as Palladium and now called the next-generation secure computing base (NGSCB), will help companies and consumers lock down their computers and networks, concerns remain that the hardware security measures could also be used to lock-in consumers to a single platform and restrict fair uses of content.

With homegrown integrity and security features being added by a variety of devices by companies aiming to lock out competition using the Digital Millennium Copyright Act (DMCA), the specter of another hardware-based security feature worries some information-system experts.

Innovation could suffer if reverse engineers are locked out from tinkering with devices, said Dan Lockton, a graduate student at the University of Cambridge whose thesis focuses on the effects of technologies created for controlling information.

The fear is that "we're moving to a stage where the customer no longer has control over the product he or she has bought or the products (created) using that device," Lockton said.

Printer maker Lexmark attempted to block generic ink cartridge makers from reverse engineering its simple hardware security scheme for validating legitimate cartridges. A federal appeals court overturned in October an initial win for Lexmark and allowed chip-maker Static Control to continue making the chips that made generic ink cartridges compatible with Lexmark printers.

"It is definitely clear that some of the content owners themselves are trying to use the technology to erode some of the fair use allowances that have historically been granted by the courts," said William Arbaugh, assistant professor of computer science for the University of Maryland at College Park. "We have to be vigilant in order to stop that tactic."

The Electronic Frontier Foundation, an Information Age civil rights group, has also criticized the technology as potentially undermining fair use rights.

However, Microsoft's Wilson stressed that the software giant intends to increase user security, not reduce the control the user has over their computer.

"We have always been very clear that NGSCB was never designed to be a system that would 'lock-in' users or decrease the flexibility of the Windows computing experience," she said. "Our vision has always been to provide benefits in terms of security, privacy, and system integrity while preserving the flexibility of Windows."

If Microsoft - and more importantly, third-party content providers - give consumers full control over how the technology is used in their systems, the security benefits could significantly increase the protection of PC data, the University of Maryland's Arbaugh said.

"This technology could be used for some really heavy handed digital-rights management (DRM) but it can also be used for some great improvements in security," he said. "I think finding that sweet spot will be a technical challenge as well as a policy challenge."

Copyright © 2005, SecurityFocus logo

Remote control for virtualized desktops

More from The Register

next story
Nexus 7 fandroids tell of salty taste after sucking on Google's Lollipop
Web giant looking into why version 5.0 of Android is crippling older slabs
Be real, Apple: In-app goodie grab games AREN'T FREE – EU
Cupertino stands down after Euro legal threats
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
SLURP! Flick your TONGUE around our LOLLIPOP – Google
Android 5 is coming – IF you're lucky enough to have the right gadget
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Bada-Bing! Mozilla flips Firefox to YAHOO! for search
Microsoft system will be the default for browser in US until 2020
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Managing SSL certificates with ease
The lack of operational efficiencies and compliance pitfalls associated with poor SSL certificate management, and how the right SSL certificate management tool can help.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.