Feeds

Microsoft reveals hardware security plans

Concerns remain

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

Can trusted computing hardware deliver security without locking out competition, asks SecurityFocus's Robert Lemos.

The next version of Windows, codenamed "Longhorn," will have security features to take advantage of the trusted computing hardware now showing up in the marketplace, Microsoft executives announced on Monday.

The software giant plans to deliver encryption features and integrity checks to insure that computers, such as notebooks, that are disconnected from a network are not affected by malicious programs. Called Secure Startup, the feature will appear in Microsoft's forthcoming version of its operating system, known as Longhorn, and represents a much smaller subset of the security features that the software giant had originally intended to build into the system software.

"We remain fully committed to the vision of creating new security technology for the Microsoft Windows platform that uses a unique hardware and software design to give users new kinds of security and privacy protections in an interconnected world," Selena Wilson, director of product marketing for Microsoft's Security Business and Technology Unit, said in statement. "The changes we are making can be characterized as an evolution of that original vision."

Secure Startup will combine full-volume encryption, integrity checks and the hardware-based Trusted Platform Module (TPM) to detect malicious changes to the computer and protect the user's data if the laptop is stolen, the software giant stated at its annual Windows Hardware Engineering Conference (WinHEC). The Trusted Platform Module is a standards-based hardware design created by the Trusted Computing Group, of which Microsoft is a member. (SecurityFocus's parent company, Symantec, is a contributing member of the group.)

While the technologies, once known as Palladium and now called the next-generation secure computing base (NGSCB), will help companies and consumers lock down their computers and networks, concerns remain that the hardware security measures could also be used to lock-in consumers to a single platform and restrict fair uses of content.

With homegrown integrity and security features being added by a variety of devices by companies aiming to lock out competition using the Digital Millennium Copyright Act (DMCA), the specter of another hardware-based security feature worries some information-system experts.

Innovation could suffer if reverse engineers are locked out from tinkering with devices, said Dan Lockton, a graduate student at the University of Cambridge whose thesis focuses on the effects of technologies created for controlling information.

The fear is that "we're moving to a stage where the customer no longer has control over the product he or she has bought or the products (created) using that device," Lockton said.

Printer maker Lexmark attempted to block generic ink cartridge makers from reverse engineering its simple hardware security scheme for validating legitimate cartridges. A federal appeals court overturned in October an initial win for Lexmark and allowed chip-maker Static Control to continue making the chips that made generic ink cartridges compatible with Lexmark printers.

"It is definitely clear that some of the content owners themselves are trying to use the technology to erode some of the fair use allowances that have historically been granted by the courts," said William Arbaugh, assistant professor of computer science for the University of Maryland at College Park. "We have to be vigilant in order to stop that tactic."

The Electronic Frontier Foundation, an Information Age civil rights group, has also criticized the technology as potentially undermining fair use rights.

However, Microsoft's Wilson stressed that the software giant intends to increase user security, not reduce the control the user has over their computer.

"We have always been very clear that NGSCB was never designed to be a system that would 'lock-in' users or decrease the flexibility of the Windows computing experience," she said. "Our vision has always been to provide benefits in terms of security, privacy, and system integrity while preserving the flexibility of Windows."

If Microsoft - and more importantly, third-party content providers - give consumers full control over how the technology is used in their systems, the security benefits could significantly increase the protection of PC data, the University of Maryland's Arbaugh said.

"This technology could be used for some really heavy handed digital-rights management (DRM) but it can also be used for some great improvements in security," he said. "I think finding that sweet spot will be a technical challenge as well as a policy challenge."

Copyright © 2005, SecurityFocus logo

Remote control for virtualized desktops

More from The Register

next story
Microsoft to bake Skype into IE, without plugins
Redmond thinks the Object Real-Time Communications API for WebRTC is ready to roll
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
PEAK APPLE: iOS 8 is least popular Cupertino mobile OS in all of HUMAN HISTORY
'Nerd release' finally staggers past 50 per cent adoption
Mozilla: Spidermonkey ATE Apple's JavaScriptCore, THRASHED Google V8
Moz man claims the win on rivals' own benchmarks
FTDI yanks chip-bricking driver from Windows Update, vows to fight on
Next driver to battle fake chips with 'non-invasive' methods
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Ubuntu 14.10 tries pulling a Steve Ballmer on cloudy offerings
Oi, Windows, centOS and openSUSE – behave, we're all friends here
Was ist das? Eine neue Suse Linux Enterprise? Ausgezeichnet!
Version 12 first major-number Suse release since 2009
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.