A Critical Look at Trusted Computing 278
mod12 writes "After just attending a two-week summer program on the theoretical foundations of security (one of the speakers was from Microsoft research), I have been interested in trying to find out if the "trusted computing" initiative was still alive. I got my answer today in the New York Times from an article that was fortunately rather critical of the concept."
non DRM computers? (Score:5, Insightful)
Weasel wording (Score:4, Insightful)
Re:non DRM computers? (Score:5, Insightful)
I recommend not tossing systems when you upgrade--pre-ban PCs should be worth a tidy sum soon.
one thing the public never seems to get . . . lol (Score:5, Insightful)
COME ON! please, why do they make such claims?! or why do journalists make such claims? i think the establishment/private companies/whatever has been proved wrong on that issue over and over and OVER again. if there's someone who actually thinks their data is totally secure these days . . .
another point: this initiative could be very dangerous. buying OS's with this crap already on them, limiting what you can do . .. so, what, should we stock up on Win2000, XP, and Linux OS's along with our CD and DVD burners?
DRM may stop the morons, but soon enough, once a few "l33ts" circumvent it and it gets released into the wild, what's the point.
who do you trust (Score:5, Insightful)
when you get a commercial digital certificate you are expressing trust.
in a well designed (large) system you would build in multiple trusts to act as a check and balance. sort of an auditing feature. novell is real big on this.
i find it interesting that the ms model of trust is pretty much putting all your eggs in what is mostly their basket. no auditing, no accountability, etc.
i suspect that we will see more distributed trust as companies and isps become more involved in this.
eric
trusted computing? (Score:4, Insightful)
it originally meant protecting user keys via a secured tcpa chip (not drm). then microsoft started their trustworthy campaign and included palladium's announcement and that somehow changed the definition to include drm. so please, keep that in mind. palladium and tcpa are not the same thing.
"Trusted computing", baloney (Score:5, Insightful)
If the Wintel crowd were serious about security, they'd push for a hardware architecture that supports secure microkernels really well and put a very partitioned OS on top of it. But no; it's all about boot-time lock in.
Positive sides (Score:5, Insightful)
"Industry leaders" (Score:4, Insightful)
What the Industry Leaders mean is that the Industry Leaders will not be stifled. The rest of the industry should just not worry their little heads. It will all be done for us by those who know best.
I see a Lindows parallel here (Score:5, Insightful)
What happens when a someone gets one of these new Trusted systems home and realizes that they can't use it as expected? What happens when it doesn't let them them burn audio CD's or play previous burned songs on CD-R/W's? What happens when they have trouble just opening word processing or spreadsheet files, because they are not considered "trusted"? Even email could become a problem.
I see this whole "Trusted" initiative by Microsoft as a potential boon to open source software developers and even "white box" computer manufacturers.
Word will get out: "Don't buy any of the new Hewlett-Packards with that new Windows. They just don't work!" Microsoft has already turned many corporations against them with the new License 6.0 scheme. "Trusted" computing could turn many home users against Microsoft and all of the hardware manufacturers who have thrown their lot in with them.
This is what they call Progress? (Score:3, Insightful)
Trusted computing for the home? (Score:4, Insightful)
Re:non DRM computers? (Score:4, Insightful)
Apple is typically better to their customers, because they have to be. Microsoft has shown a lack of respect for their customers fairly consistently and get away with it because people don't see much alternative at the moment. Also, Apple's embracing the open source community, though perhaps not to the degree that some would like (though I think it's a good balance of open and closed source). Their ties to the open source community I would think make them more likely to refuse to implement TCPA.
The problem Apple is going to face though, is will Apple users be able to open TCPA encrypted documents? Apple, along with Linux, the BSD's, and any other non Microsoft platform need to oppose this so that Microsoft can't lock alternative platforms' users out of all documents created through Microsoft apps.
You know, this is irritating... (Score:5, Insightful)
Security researchers are putting a lot of effort into defining trust relationships and developing guidelines for applying the term "trusted" to software. Has the software design been verified? How about the code? Who verified the design and audited the code? Have there been security problems in the past? Is the concept fundamentally compatible with security?
Then along come the MPAA and RIAA, and they convince Microsoft (among others) to start talking about a totally fucking DIFFERENT definition of "trusted". Whereas the OLD definition of "trusted" involved concepts like integrity, secrecy, reliability, and auditability, the NEW meaning of "trusted" is essentially "crippled".
As somebody who studies security for a living, it irritates me to see the two concepts confused. Microsoft's DRM-enabled operating systems will NOT include the features I've outlined above, and a highly "trusted" operating system could very well include software that allows you to "rip, mix, and burn" just as people are accustomed to doing today.
Really, just who is "trusting" the DRM operating systems? Not the users-- I imagine there will be just as many viruses and exploits and bugs as before. Not software developers-- Microsoft hasn't really announced any plans to do things like, say, encrypt the swap space or integrate stack protection into their linkers, loaders, and compilers.
In fact, the only people who are really trusting the DRM operating systems are the content industry associations. Which makes sense, as Microsoft and company are essentially doing the whole "trusted computing" thing at the behest of the MPAA's congressional whore [senate.gov].
Please, folks, let's call a spade a spade: the DRM-enabled operating systems are NOT "trusted". They're "content-industry-friendly". They're "crippled". They're a lot of things, but they're not "trusted".
Let's start asking for some precision of language, here.
What's in It for Me?? (Score:5, Insightful)
The very things that computer users want to be protected from--viruses and the tons of spam messages--are not addressed with these "improvements".
As eloquently outlined in the Times article: the new encrypted computing world, even the most mundane word-processing document or e-mail message would be accompanied by a software security guard controlling who can view it, where it can be sent and even when it will be erased. Also, the secure PC is specifically intended to protect digital movies and music from online piracy. But while beneficial to the entertainment industry and corporate operations, the new systems will not necessarily be immune to computer viruses or unwanted spam e-mail messages, the two most severe irritants to PC users. "Microsoft's use of the term `trusted computing' is a great piece of doublespeak," said Dan Sokol, a computer engineer based in San Jose, Calif., who was one of the original members of the Homebrew Computing Club, the pioneering PC group. "What they're really saying is, `We don't trust you, the user of this computer.' "
In "trusted computing" the public gets no security; the FAT entertainment industry gets fatter; and the common man is unduly scrutinized.
Let's hope our everyday "Joe Consumer" rebels. If Intel comes out with a chip with this trusted-Big-Brother component, I hope the American consumer leaves it rotting on the shelves.
Money talks, b.s. walks. If the public refuses to buy this garbage which is hyped to protect them, perhaps the companies will look at this trusted computing issue again and drop it in the trash can it belongs.
Re:Uh huh.. (Score:2, Insightful)
The system used will always be breakable unless they can find a way to rid us of non-compliant technology, and the technology in my house will always be non-compliant.
OSS and DRM and MS Hardware (Score:5, Insightful)
OTOH it looks like this stuff will only effect Intel and MS products. Personally, I have always used Apple products myself. It has protected me from MS viral licenses. It has protected me from Intel's occasional desire to track all users. It is now protecting me from silly DRM schemes that do nothing but protect antique business models. Apple has done more for security by allowing the user to turn off HTML in mail.app that MS could possibly hope to do in a decade.
The same could be said for GNU/Linux and other non-MS users. For these users there are only three concerns. First, laws could be passed to require certain attributes in entire classes of software. For example, as the article suggests, all email and music might have to be signed with a CPU generated hash. Of course all advanced users know that such technology could be circumvented, and, even with laws against circumvention, such actions will routinely occur.
Second, the makers of Intel clone chips might, and probably will, succumb to pressure and include security features. This would be bad because right now OSS is very tied to Intel class chips. The solution to this is to build open hardware platforms around non-Intel class chips, and create OSS projects that run on such platforms. Intel may be a slave to MS, but AMD and others might be more scared of lost sales due to OSS moving to Motorola and IBM chipsets. In five years if OSS is still tied to the Intel instruction set, and Intel is only making chips that spy on the user, there will be no one to blame.
The third issue comes from a quote in the article
the system will also require a new generation of computer hardware, not only replacing the computer logic board but also peripherals like mice, keyboards and video cards
from this we can infer that MS intends to push DRM to all hardware connected to the CPU, which, of course, is the logical course of action. The issue is as above. OSS runs mostly on what is essentially MS hardware. If all MS hardware requires software that is cryptographically signed and externally validated, probably by MS related service, one wonders if OSS will exist. If OSS does exist, one wonders if it would have any purpose the user was still ultimately tied to MS licenses and security schemes.
This has always been the danger of the single environment ecosystem. The OSS people seem to forget how inherently dependent on MS whims they are. One wonders if some diversification might be in order.
Re:"Trusted computing", baloney (Score:3, Insightful)
That's stuff you need to support DRM and crypto. None of the real security features I listed are in there. It won't prevent your Windows machine from being taken over by every worm and virus that comes along. It might prevent some attacks that steal your credit card number, but that's about it. Even that protection would probably work only if you'd signed up for Microsoft Passport or something similar.
This is actually a shift in product... and not... (Score:4, Insightful)
Face it, the software market is pretty much saturated from their perspective, and there isn't much room for growth on the desktop compared with previous years.
What MS discovered, about two years ago, was that they could sell a completely different product. What MS discovered was Radio.
Radio doesn't make money by playing songs. Radio makes money by selling its listeners. Now, take a re-think of the Trusted Platform from that perspective, and what it's purpose will be completely obvious.
Re:I see a Lindows parallel here (Score:3, Insightful)
Unfortunately, that's liable to come too late for most of the market, especially for the tiny fraction comprised of us geeks. Once DRM-in-hardware gets entrenched and Average Joe gets used to it, it'll be damned hard to displace.
Will China step in to save the day? (Score:4, Insightful)
With most of the world's electronics manufacturing business in China anyway, I guess this means we'll all be running Linux on Chinese developed and manufactured hardware in a few years, while Microsoft, Intel and AMD all sit around in the wreckage of their once profitable empires wondering what went wrong.
Here's a hint guys: You forgot what made the PC platform great in the first place: Freedom.
Call it freedom to innovate, freedom to fsck up a computer beyond repair, freedom to write a virus or freedom to swap files. Whatever. But try taking our freedom away and you will face the consequences.
Now that would be a deliciuos irony, wouldn't it. America and the West taking away the freedom of all computer users, and the Chinese coming to the rescue and restoring our freedom.
Amen (Score:2, Insightful)
You're right.
I was there for the beginnings of the PC. We built them and bought them, even when they couldn't do much because we believed in the dream of freedom and computing and saying "fuck you" to big companies with their vision of how we should use their computers.
Now 2 generations later, we seemed bound and determined to give it all away, just so we can watch "Star Wars" on our PC. And pay every time. And throw people into jail if they refuse.
Its very upsetting to those of use who started the revolution.
Re:Positive sides (Score:5, Insightful)
TCPA is going to be bad for more reasons than just Palladium... it's going to be a major headache for IT departments trying to cope with software that is actively unfriendly. Why? It's about visibility. When an IT department needs to replace a legacy app, write bridge code to shuffle data b/t two different software systems, or make revisions to a relic in-house app, the amount of visibility will determine how quickly and cheaply the change can be accomplished.
Visible things include: good documentation, available source code, standard protocals, open data formats, strongly defined interfaces, generous/lax security, unencrypted traffic, non-regulated/classified data, informative error messages, enthusiastic vendor support, open bug databases, and software-oriented community forums (yay Google Groups!).
Invisible things include: missing/shoddy/incomplete documentation, overly-flexible products, binary network protocals and file formats, marketing-centric websites [heh... just try to find technical info about Crystal Reports [crystaldecisions.com]], "friendly" error messages, abandoned development platforms, and (getting to the point)... stuff that's too locked down.
DRM and trusted computing will add yet another layer of flaky security that prevents casual intrustion while seriously hendering IT. Businesses will be tantalized by the idea that they can precisely control how a memo get distributed, archived, and destroyed. They will be oohed and ahhed that they can enforce their "email retention policies" through the use of TCPA. But this will come with some heavy costs... of which visibility is one of the major ones. I can see it now:
It's not just about pirating MP3's... it's about the creation of real wealth and new technologies.
Re:non DRM computers? (Score:5, Insightful)
The "Oh, the consumer can switch it off" line is utter and complete fucking bullshit.
Yes, you can turn off DRM. Yes, Zion can shut down the machines in the basement. What happens then? Applications that used to work stop, asking you politely to "Please enable DRM" and offering to tell you how. More polite dialog boxes pop up: "You need to be running DRM to use this application" or "This feature requires DRM support (where available)".
You're given the choice between owning your own computer and being owned. Think this is paranoid fantasy? Try turning off cookies and javascript on your average user's machine. They're be completely fucked, with a big cloud of "turn cookies on" sites that simply do not work. Compliance or Else: That is the promise of DRM.
Re:The meaning of trust (Score:2, Insightful)
In other words: You can't have a door and guarentee only one person can enter said door.
(Ya I realize that wasn't exactly what you were saying...)
Talk about Orwellian (Score:4, Insightful)
Bill Gates, Microsoft's chairman, told a technology conference in Washington on Wednesday. "This technology can make our country more secure and prevent the nightmare vision of George Orwell at the same time."
Yes Bill that's right. You can usher in the technology that may bring about Orwell's vision and at the same time help it slide through by simply claiming the exact opposite from the other side of your mouth.
Dyuh... It's somehow related to the truth, perhaps that means I should believe it.
Re:Doublethink (Score:2, Insightful)
Absolutely agree! (Score:3, Insightful)
To counter your point, modern versions of Widows do use the CPU protections to stop programs from doing anything they want. They cannot randomly jump into the kernel or change it.
However this reinforces your point:
1. The CPU protections are hardware protections that stop "bad" programs (outside the kernel) from messing with "good" ones (inside the kernel).
2. This hardware protection is absolutley bulletproof, far more reliable than the more complex Palladium. As far as I know there are no viruses that rely on a bug in the microcode to turn off the CPU's hardware protection state.
3. It is obvious that despite this demonstratably perfect hardware protection, Windows system (and Linux ones) are not immune to viruses.
The reason it fails is that such hardware protection does not stop bugs. Every single virus and attack relies on telling some software that somebody "trusted" to do something that it was not expected to do. The fact that the software is "trusted by Palladium" and by 1024-bit one-way encryption does ZERO to make it less likely that it will do something unexpected.
In fact Palladium may make it worse, by encouraging far more stuff to be "trusted" (just like one security problem is that there is too much in the kernel). Claiming Palladium is a "micro" kernel is rubbish, as the current CPU hardware protection is probably a few hundred transistors in a tiny dot buried inside the processor chip and is more micro than anything Microsoft is dreaming up, and it is already proven that it does squat for protecting your machine.
The other bad effect of Palladium is it may make it impossible to fix the problems, especially if it prevents unsigned filters from being installed between the network and executables.
Palladium is 100% designed for DRM and that is 100% of it's purpose. Well on current machines a virus writer can probalby get Outlook to do all kinds of nasty things, but most involve email, they cannot get it to decrypt and play a DVD. Right now you can play a DVD by running another program. Palladium will not allow that program to run, so the only possible way to play a DVD would be the equivalent of fooling Outlook into doing it, and Microsoft and the RIAA knows that is impossible.
Some Palladium defenders keep pointing out that the chip will provide hardware encryption calculations. The problem is that it has to so that trusted stuff can be decrypted without anybody being able to access the secret decryption key. So it is trivial to add a little extra access to that hardware that is already there. Considering this is the same industry that thinks it is a good idea to have the actual waveforms produced by modems and speakers be generated in realtime by the processor rather than add a $5 chip to the machine to do it, any suggestion that they are adding this expensive chip for any benevolent reason should be dismissed immediately.
Nuh Uh! (Score:2, Insightful)
Re:I'm already experiencing it (Score:3, Insightful)
Your rant is understandable to a certain extent - I've had to get around proxy restrictions on some client sites to read my corporate email. But that's how it is. Their network, their pipe, their computers, their money, their rules. Work at home or go into landscaping if you don't like that sort of thing. Further, your post implies that, since this is a "pure Windows shop" your company's policies are somehow dictated by the evil Microsoft borg. Tell you what - get the password for the domain administrator or your own box's and override the policy settings. What? You don't have the password? Well, I'm sure there's a reason for that.
Just don't whine and make assumptions about how "this is teh sux and it gets worse and it's all m$ fault". Thanks.
Home Taping is Killing Music (Score:2, Insightful)
The RIAA really should just face the fact that there is nothing they can do. Most people wouldn't have paid for the music they download for free. Those who pirate music are usually high school/college students who have time and no money. Most people who work hard can't be bothered to go to the hassle of pirating music when they can buy it.
No trusted hardware without trusted software (Score:2, Insightful)
Diomidis Spinellis
Code Reading: The Open Source Perspective [spinellis.gr]
#include "/dev/tty"