Microsoft Scales Down Palladium 475
bonch writes "Formerly known as Palladium, Next Generation Secure Computing Base (NGSCB) will not be fully available in Windows Longhorn after all. Instead, Longhorn will offer "the first part of NGSCB: Secure Startup," says Jim Allchin, Microsoft's group vice president for platforms. However, most hardware will not support this technology on release."
Re:So... (Score:5, Insightful)
Making MS lots and lots of good old cash.
Re:So... (Score:4, Insightful)
Same old story really.
Re:Soo..... (Score:3, Insightful)
TP-M my ass. (Score:3, Insightful)
In other words, no more pulling out a drive to virus-scan it then replacing it or replacing a drive on an OEM machine - that won't allow it to boot.
"The security platform depends on a TPM chip being present in the system. The chip is an industry standard governed by the Trusted Computing Group, a non-profit organisation which develops security standards."
All nonprofits rely on donations to survive, and I can bet that a LOT of donations are going to start rolling in to them from certain organizations involved in content creation and distribution.
Also, if it requires a custom chip, it ain't gonna go over easy - new motherboards will be required.
Secure Startup (Score:2, Insightful)
Either I'm stupid or they are (for humility's sake, I'll assume the first), but doesn't file system level encryption already solve this problem?
Also, Apple is already one step ahead by removing floppy drives from the computers.
Re:And to think I used to worry about this... (Score:5, Insightful)
Because even a broken clock is right twice a day.
Jack-off security.... (Score:4, Insightful)
Gimme a break. Who needs security from offline attacks more than security from online ones? If that were such a stretch, there are products http://www.computersecurity.com/laptop/cables.htm
As an ACTUAL Windows user (and yes, I do use it; software investment, unfortunately) I'd love to see more ONLINE security: integrated firewall, antivirus, spyware, etc. That would more satisfy me.
Re:Soo..... (Score:4, Insightful)
The problem is that "It just works" also depends on a decent hardware platform.
And of course there's the rather obvious question of whether Microsoft are actually capable of creating the software half of "It Just Works". History would seem to suggest not.
I still remember Bill Gates announcing that in Windows 3.1 there would be no more UAEs (Unexpected Application Errors)! You know how this miracle was achieved? They re-named them to GPF (General Proection Fault).
How does the saying go: "fool me once, shame on you, fool me twice shame on me"?
So what *will* Longhorn offer then? (Score:5, Insightful)
Now Avalon's being back-ported to XP, trusted computing isn't making it into the final product, WinFS has been pushed back to god-knows-when, and general security will likely be as god-awful and insecure as ever.
Against this background, what does Longhorn actually have to offer potential upgraders? Especially businesses?
Pretty Aero Glass UI? "Windows theme's always worked fine for us, thanks, and requires no user-retraining - why bother upgrading?"
But, it's all new! "Yeah, so we'll have to buy all-new hardware. And beta test it^W^W^W live with the inevitable but unfortunate 1.0 bugs.
Increasingly the reasons are "But, but, but, it's the new operating system from MS - you have to upgrade!", which is, obviously, no reason at all.
I was quite worried about LH when it was first announced - it sounded like a hell of a leap beyond anything Linux and Free Software had to offer (although, given time, I was sure FLOSS would catch up or surpass it).
Now, however, I'm having trouble retaining even mild interest - Microsoft hyped it so much, and are now so publicly failing to deliver on anything they've promised, that by the time it launches I wouldn't be surprised if they've Daikatana'd the thing practically to death.
Longhorn? Long-in-the-tooth, more like - a decrepit and crumbling shadow of it's former self that looks in danger of becoming irrelevent before it's even launched.
Of course, I may be condemning it unfairly here - are there any killer features that will save it from this downward trajectory?
Besides a billion-dollar marketing budget?
What a surprise - NOT! (Score:3, Insightful)
Rest assured that the first service pack will consist almost entirely of draconian DRM "enhancements".
(You did read the EULA, didn't you?)
Re:Nothing to see here move along (Score:4, Insightful)
Re:Microsoft is totally dropping the ball (Score:5, Insightful)
One could argue that Apple has indeed capitalized upon this with Mac OS X Tiger, coming out tomorrow, which contains a lot of Open Source code in it (Darwin/FreeBSD, Apache, CUPS with an excellent interface, etc). And guess what? People are sitting up and taking notice.
No, no, and no. While IBM may have the deep pockets to do something like this, they are absolutely the WRONG company to do it. And I say this having previously been a long time IBM OS customer and as a former IBM employee.
First off, hardware companies have traditionally been afraid of IBM, because IBM has traditionally been a competitor (a view which probably hasn't changed much with the sale to Lenovo). Just take a look at how many hardware companies stepped up and supported IBM's previous consumer OS attempt, OS/2: support was often half-hearted, pathetic, or nil. The fact that IBM was behind it scared off potential hardware vendors (who, BTW, don't make their money off writing device drivers anyhow, and thus tend to like to keep driver development costs low by targeting as few platforms as possible).
Secondly, as anyone who bought in to IBM's OS/2 WARP v3 push and needed support probably knows, IBM just isn't set-up to provide end-user support. They have no experience nor expertise in consumer software support, and didn't do a terribly good job of it.
Sorry, but IBM creating their own consumer Linux would be the touch of death. IBM seems to know this themselves -- they have always expressed that they have no interest in creating their own Linux distribution, instead relying on partners to do this for them (like RedHat). There are much better options for such a company to produce such a Linux distro (and based on what I saw at LinuxWorld Canada last week, there are certainly some companies out there who are interested in trying).
Yaz.
Re:So... (Score:5, Insightful)
That and pretty pictures...
Microsoft can make a killing from the average joe, and then release Longhorn SE with the added features a year or two later. And make another killing...
Trusted Computing Group (Score:5, Insightful)
Who backs them? What is their official reason for existing? What is their real reason for existing? (This last question cannot be answered by merely reading this groups home page [trustedcom...ggroup.org]; you need to consider the motives of those directing or controlling this group.)
My guess is that their official reason this group exists is "to promote safe environments by protecting users from various malicious computer exploits" or similar sounding goodness.
In contrast, my guess is that their real reason for existing is "to strip users of their existing rights to use the programs and data on their computers so that copyright holders can dictate if, when, and how users may access them".
Re:So what *will* Longhorn offer then? (Score:1, Insightful)
Re:Steve Jobs - Balls of steel (Score:1, Insightful)
Microsoft will be putting unix style permissions in LH, so their security model will come closer to a long time proven concept. The bad part is that users really do not have a clue on how to use this (I know, I got those users in my company), and probably will do it badly, so it will bring bad fortune over this file security model.
Re:TP-M my ass. (Score:4, Insightful)
Exactly. From the description of Secure Startup, it sounds like the only purpose of this feature is to frustrate Sys Admins and their minions.
Improved security is an easy sell to executives in large corporations, so expect to see mandates sent to the MIS or IT departments instructing them to only buy TPM-enabled motherboards.
Of course, these same executives will later fire their Sys Admins just as quickly as they can walk into their offices and explain how all the data in their expensive laptops is now unrecoverable.
Comment removed (Score:3, Insightful)
What does this button doooo? (Score:2, Insightful)
One question: why ?
I thought modern processors (like the 386) already kept processes from reading each others data. So it's not for separation.
It certainly won't keep an application from hacking the operating system, cause I don't think the TPM could possibly figure out if the data it encrypts is harmfull or not. So if the system call is buggy, it will be hacked TPM or not.
One use could be to only let digitaly signed/unmodified application to run
Feel free to add more ideas...
bye, krajo
Wrong security (Score:5, Insightful)
In fact you, the user, are not the intended beneficiary of "trusted computing" at all.
The problem now is that people have too much control over their computers. From the perspective of somebody trying to limit what other people do, this is insecurity. If you write a computer program and sell it to someone, why, there's no guarantee at all that people will use it the way you wanted. People may find ways to trick your program into doing things it didn't intend, or even start to fiddle around with it and its innards, or use the files they made in your program in competing applications. It's as almost as if these people believe that just because they bought a copy of your software means they [i]own[/i] that copy. Something must be done about this. Vendors, like Microsoft, want to be able to "trust" your computer not to let you do things with it Microsoft doesn't want you to do. Hence, palladium.
Trusted boot is the first step in that. It convinces people that a piece of hardware in your computer that when switched on limits the ability to write to your hard drive to "trusted" pieces of code (and not scary things like Knoppix rescue cds) is a good idea. Somehow.
Re:So... (Score:3, Insightful)
you don't "add on more stability, security...". either it's there from the start or not.
all you can do later is restrict usability to give the illusion of stability, security ("you are not allowed to use that driver", "your settings do not allow you to access this page" etc.)
It's all marketing spin to keep it in the news (Score:4, Insightful)
Not only MS is guilty of using this vaporware tactics. All the media are lapping it up too, without even a single note of critisism. It seems we not only need the icbm adress of MS, but those of it's minion news outlets too
Linux Booted? (Score:1, Insightful)
Are projects like Grub and Lilo still going to be able to dual boot between Linux and Windows, or is the Secure Startup going to detect this as an interference and stop users from booting into the Operating System?
Fringe users like the ability to Dual boot between their two oses. They like playing in Linux, but want to know that if it all goes horribly wrong, they can still turn back to windows. I was one of these people, although now I exclusively use Gentoo at home.
Remove this dual-boot ability, and there will be several less users who try Linux as a desktop operating system. In my opinion, it will be a big kick in the teeth of the Linux desktop growth rate.
This seems like a perfectly good excuse for Microsoft to solve that dual boot problem which has been pestering them for a long time. Oh, installed another OS? That's quite clearly a violation of your hard disk - EXTERMINATE!
Re:It's all marketing spin to keep it in the news (Score:5, Insightful)
What I find interesting, however, is that Linux is not pulling ahead in the same time. Microsoft set their dates far into the future, and many people predicted that Linux would eclipse it in features by then. Instead, we're not really seeing any revolutionary features out of the Linux developers, and Apple is starting to eat everyone's lunch. What happened?
You are an idiot (Score:2, Insightful)
MS still has over 95% of the desktop share and roughly 50% of the server market.
You are deaming. They are taking their time becasue they can.
Re:So... (Score:3, Insightful)
Right.
I think Microsoft knows they are losing traction because of their old and messy code that they can barely update and are taking this period to clean it up and try to fix and loop hopes in security and bugs. Why is this bad?
What else would they have been working on in the past 5 years after sending all their programmers for security training?
This is the first release (well not counting SP2) that will break some applications, which is a good thing. It means they are finally sacrificing compatibility to fix long standing issues.
Secure Startup is what Microsoft really wants (Score:4, Insightful)
Secure Startup will eventually stop people running non-Microsoft OSs on computers.
Secure start-up: deeply evil? (Score:1, Insightful)
Gain: deters thieving of h/w because the thief can't run the computer w/o the original s/w installation on disc.
Non-gain: doesn't protect your data on the C: disc; only protects the bits of the computer that don't hold data.
Possible losses:
- No rescue discs (or it could be harder to make rescue discs).
- No Linux bootable floppies (can't boot from floopy).
- No Knoppix CDs (can't boot from CD, presumably).
Hmm. Are they really trying to exclude Linux installations? It could be a lot harder to make a dual-boot machine. (*Dons tinfoil hat*).
Re:Secure Startup (Score:3, Insightful)
> sake, I'll assume the first), but doesn't file
> system level encryption already solve this
> problem?
But it doesn't address the much more serious Linux problem.
> Also, Apple is already one step ahead by
> removing floppy drives from the computers.
Apples can't boot from a CD?
Re:It's all marketing spin to keep it in the news (Score:4, Insightful)
Things like SELinux and Xen promise various ways of locking things down that aren't evil and are also here right now. For that matter, support for motherboard crypto will also be here in a month or two. The way that is done will likewise be evil free.
The X.Org people and various projects are also working on 3D accellerated, eyecandylicious, vector desktops even as we speak. KDE4, GNOME, E, and other users of video infrastructure are incorporating these things.
Linux is already faster with new ideas in security and filesystems. As far as desktops go, Linux is developing at least as fast as Windows. Apple is bringing out new desktops faster but they are still riding on a maintained old version of BSD for their infrastructure. They aren't outpacing Linux there.
They need to pull an OS X (Score:5, Insightful)
MS should do the same. Chuck the current hopeless mess into a virtual machine and start all over.
Knowing M$..... (Score:1, Insightful)
Longhorn will probably address security in the following tried and tested way: copy existing free security tools and protocols, add a Ton of unwanted and unnessesary features (with some good old bugs and security holes to boot) and give it an 'X-tream!'(tm) marketing name, then integrate them into the OS to stop anyone unistalling them and distribute for $500.
Oh... and then stop supporting it after 4 years.
A minor comparison (Score:2, Insightful)
Re:Wrong security (Score:3, Insightful)
Re:Secure Startup is what Microsoft really wants (Score:3, Insightful)
Secure Startup will eventually stop people running non-Microsoft OSs on computers.
I don't think so. It may make dual booting off of a single disk impossible, if the BIOS is configured to have the TPM hash the bootloader. If the TPM doesn't hash the bootloader then dual-booting won't be impacted, except that the non-Windows OS will be unable to read data from the Windows partition.
I'm not sure what the effect of reducing dual booting might be. Some users will be convinced to go 100% MS, others will decide to drop Windows completely and go 100% Linux/*BSD/whatever.