Tilted Forum Project Discussion Community  

Go Back   Tilted Forum Project Discussion Community > Interests > Tilted Technology


 
 
LinkBack Thread Tools
Old 04-28-2005, 11:24 AM   #1 (permalink)
Mjollnir Incarnate
 
Location: Lost in thought
Longhorn's Palladium is cut down to Secure Startup

Source
Quote:
Longhorn security gets its teeth kicked out
Microsoft pulls yet another feature from Longhorn
Tom Sanders at WinHEC in Seattle, vnunet.com 26 Apr 2005
ADVERTISEMENT

Microsoft has further watered down the Next Generation Secure Computing Base (NGSCB) technology that will ship with its forthcoming Longhorn operating system.

Many systems which Microsoft claims are "Longhorn ready" will not be able to support the security technology, vnunet.com has learned, and only part of the original security vision will be ready in time for the operating system's launch.

"With the Longhorn launch we are delivering the first part of NGSCB: Secure Startup," Jim Allchin, Microsoft's group vice president for platforms, told vnunet.com at the Windows Hardware Engineering Conference (WinHEC) in Seattle. "Not all of the compartmentisation technology will be available. The main thing is Secure Startup."

Secure Startup protects users against offline attacks, blocking access to the computer if the content of the hard drive is compromised. This prevents a laptop thief from booting up the system from a floppy disk to circumvent security features or swapping out the hard drive.

Microsoft unveiled NGSCB, formerly codenamed Palladium, in 2002, and published a beta in October 2003. The security technology has since undergone several changes.

The company originally planned for the technology to deliver a rigid level of security, creating physical separations between applications.

It was designed to prevent a virus from entering the operating system through the browser and making its way to the email application to further spread itself.

The technology used a newly developed software component called a 'nexus' to shield applications from each other and the operating system. A chip, the Trusted Platform Module (TPM), is used to encrypt data streams between the operating system and applications.

The original plans required users to purchase new hardware and software. Last year at WinHEC Microsoft reversed that decision.

Instead of shielding individual applications, the technology would create secure compartments for elements such as the operating system, computing tasks and administration and management.

Although initially intended to ship as part of Longhorn, the secure compartments have now been pulled from the platform and will be released later.

Microsoft has kept quiet about the changes in the program. The company cancelled a session at WinHEC about technology titled How to build NGSCB-enabled systems, replacing it with a session called How to build in support for secure startup.

A spokeswoman for Microsoft claimed that the session title was changed because the new title better reflected the revised content.

In addition to NGSCB features being pulled, many systems will not be able to support any of the new technology by the time Longhorn comes out.

The security platform depends on a TPM chip being present in the system. The chip is an industry standard governed by the Trusted Computing Group, a non-profit organisation which develops security standards.

Meanwhile, Microsoft has launched a logo programme at WinHEC dubbed 'Ready PC', indicating that a system is capable of running Longhorn. The logo tells users looking to buy a computer prior to the Longhorn launch whether a new system is able to switch to the upcoming operating system.

Qualifying systems require at least 512MB of memory and a current mid- to high-end processor. But the programme does not demand a TPM chip to be present, Allchin told vnunet.com.

Manuel Novoa, a distinguished technologist and security architect at HP's Personal Systems Group, told vnunet.com that the TPM is an "if implemented" requirement. This means that Longhorn will support the technology when available, but that the chip is not required.

Although the 'Ready PC' logo tells users that they are buying a system that runs on Longhorn, they may unwittingly buy a computer that will not support NGSCB.

Novoa called the version of NGSCB that users will get in Longhorn as "NGSCB with a delay".

"Rather than deliver nothing, Microsoft is saying: 'Let's do what we can deliver.' [Microsoft] had to cut functionality to meet a launch date," said Novoa. He expects the technology to be ready by 2007 or 2008.

A delay in the development of Microsoft's virtualisation technology is to blame for the changes in NGSCB, Rob Enderle, a principal analyst with the Enderle Group, told vnunet.com.

Virtualisation technology is required to create the secured compartments. The fact that the TPM is not a requirement of the Ready PC programme is in part a result of resistance from manufacturers and end users, according to the analyst.

"A lot of people are nervous about the TPM," said Enderle. "They fear that the TPM is a tool for the US government to spy on users worldwide, or that the chip can be used to set and enforce digital rights management policies."

Microsoft had wanted the TPM as a requirement for the programme, but was forced to back down. "Do you implement a technology that a large chunk of the world doesn't want?" asked Enderle.
A few things. First of all:
Quote:
Secure Startup protects users against offline attacks, blocking access to the computer if the content of the hard drive is compromised. This prevents a laptop thief from booting up the system from a floppy disk to circumvent security features or swapping out the hard drive.
How exactly do they define this? If I put in a linux CD or any other type of boot CD, will my computer laugh at me? Is the presence of "foreign data" (meaning, of course, linux) cause to lock down my HD?
Quote:
The company originally planned for the technology to deliver a rigid level of security, creating physical separations between applications.

It was designed to prevent a virus from entering the operating system through the browser and making its way to the email application to further spread itself.
So you're doing something that will piss off a lot of admins/techies because some people can't learn how to not click on "Zomg_pr0n!!!.exe". Great. And what exactly do they mean by a "physical separation"?
Quote:
"A lot of people are nervous about the TPM," said Enderle. "They fear that the TPM is a tool for the US government to spy on users worldwide, or that the chip can be used to set and enforce digital rights management policies."
YES, THANK YOU! I'm not afraid of people spying on me (yet), I just don't want Bill telling me what I can and cannot install/use on my computer.
Slavakion is offline  
Old 04-28-2005, 02:35 PM   #2 (permalink)
Addict
 
Silverbrain's Avatar
 
Location: Nor Cal
Microsoft keeps putting in features that really only belong on a corporate setup, and like you said..the fact that people still click on "Zomg_pr0n!!!.exe" is testament to the base knowledge of computer users today.

I wonder how many more things are going to be cut just to get this out the door by Gates' promised xmas 2006.

" blocking access to the computer if the content of the hard drive is compromised." and who determines what "compromised" consists of!? Swapping the hard drive in a laptop to get at the security features of...the other hard drive? Who uses floppy's anymore!

So many things just sound wrong with idea from Microsoft.

Interesting read, thanks )
__________________
Over Thinking, Over Analyzing
Seperates the Body from the Mind - MJK
Silverbrain is offline  
Old 04-28-2005, 04:04 PM   #3 (permalink)
Insane
 
Location: Vermont
In general, I am very against DRM and all this "Trusted Computing" bs, but there are days after a full day of tech support, where I sit down and say "Bring it on".
RAGEAngel9 is offline  
Old 04-28-2005, 07:25 PM   #4 (permalink)
Master of No Domains
 
portwineboy's Avatar
 
Location: WEEhawken, New Joisey
Quote:
Originally Posted by RAGEAngel9
In general, I am very against DRM and all this "Trusted Computing" bs, but there are days after a full day of tech support, where I sit down and say "Bring it on".
hear, hear* brother!

* = an abbreviation for "hear, all ye good people, hear what this brilliant and eloquent speaker has to say!"
__________________
If you can read this, thank a teacher.
If you can read this in English, thank a veteran.
portwineboy is offline  
Old 05-05-2005, 10:46 PM   #5 (permalink)
Insane
 
So what is the difference between Longhorn and XP now? A slightly more annoying interface?
__________________
Green. Yellow. Blue.
aarchaon is offline  
Old 05-06-2005, 01:19 AM   #6 (permalink)
Addict
 
And just how is *.exe getting through your mail server to the client's mailbox?
WillyPete is offline  
 

Tags
cut, longhorn, palladium, secure, startup


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -8. The time now is 10:57 PM.

Tilted Forum Project

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360