A Critical Look at Trusted Computing 278
mod12 writes "After just attending a two-week summer program on the theoretical foundations of security (one of the speakers was from Microsoft research), I have been interested in trying to find out if the "trusted computing" initiative was still alive. I got my answer today in the New York Times from an article that was fortunately rather critical of the concept."
It's full of hex! (Score:5, Interesting)
Gotta love the NYT - their editors are on the ball!
Markoff!!!!!! (Score:5, Interesting)
for those of you who don't know, Markoff is the journalist who wrote several articles about kevin mitnick in which he "created the myth of kevin mitnick" (in kevin's words). many untrue allegations were presented as supposed facts.
but don't let that discourage you from reading the article.
Jobs' comment (Score:3, Interesting)
The meaning of trust (Score:5, Interesting)
The word "trust" is pretty much the central idea in formal security. And ultimately is comes down to deciding if one person trusts another person. Of course when you mix in technologies, then that expands into trusting the system components. Do you trust the website is the correct one? Do you trust the CA registrar. Do you trust that the web browser isn't lying to you. Do you trust that your keyboard isn't recording all your keystrokes? Its all about trust, and no secure system can avoid the subject. And no formal security method can avoid it either.
So yes, trusted security is very much alive, or it had better be, or we won't have any security. But the big question is whom or what is being trusted? And the big media companies are trying their best to confuse the issue. It's just like their "secure media". Their concept of trust is that they, the media distributors, want to be able to trust your hardware to not trust you the consumer. They also want to also insure that other consumers will not trust you, or you could otherwise become your own media producer and distributor and compete with them. If DVD players only play content that is digitally signed by the cartel, then you are barred from competing because you can no longer produce your own content that other's hardware will trust. But on the other side I want to trust that my computer is not infected with a virus; I want to trust that my legally copied media is not corrupted by the media police. Trust is the just the tool.
Trusted computed could be a very good thing, but you absolutely must define what you mean by trust before you can begin any discussion or evaluation, or to say whether it it "bad" or "good". From a purely technical and formal perspective trusted computing is the next step forward. From a society's perspective the answer is not so easy.
Finally, the mistake that ruins M$ (Score:3, Interesting)
Knockin' at your back door... (Score:4, Interesting)
Does anyone believe for a minute the US will allow Microsoft to ship, worldwide, a truly secure "solution?" Of course not - even in the (very) unlikely event MS actually ships a Pall-Windows without cryptographic backdoors no one will believe it. All those foreign countries are gonna have to choose between adopting linux or being Bill's bitch, and they're gonna have to get motherboards and CPU chips from somewhere. And once they're running linux the only remaining half of the "wintel" brand has lost its grip on the market. If AMD and intel won't ship pal-free chips you can be sure there are other semiconductor companies just chomping at the bit to take their places. And in the meantime we just might make networked computing a bit more secure.
Another way to force upgrades on us (Score:5, Interesting)
Beyond changing the appearance and control of Windows, the system will also require a new generation of computer hardware, not only replacing the computer logic board but also peripherals like mice, keyboards and video cards
Like most new Windows features, I don't see anything in this that the consumer actually wants, I think it is just a way to force yet another upgrade on us.
Re:non DRM computers? (Score:5, Interesting)
What's wrong with current processors? I mean, do we REALLY need 3GHz machines? No, I've a couple that are below 1GHz and unless I wanted to play some insane game at high resolution, it's perfectly fine.
Besides, even if Digital Restrictions Management is in the processors, it likely can be ignored or disabled by the BIOS. For AMD or Intel to come out with a processor that REQUIRED DRM to operate would be to commit corporate suicide.
Look for crafty motherboard makers like Abit, etc (who cater to the geeks) to add DRM disabling as a feature just as they do with overclocking. Abit doesn't exactly care what Intel or AMD thinks of them, they care about what their CUSTOMERS want.
Which is why they make easily overclockable boards, the infamous (I had one) BP6 dual celeron board, etc.
There WILL be a market for a board that locks out DRM. If only among the tinfoil hat crowd, but given the OUTRAGE over the P3 serial number, I can't imagine there not being a lot of noise over DRM in the processor... At least enough to get the option to turn it off.
Mitnick!!!! (Score:3, Interesting)
Re:Another way to force upgrades on us (Score:3, Interesting)
We need more PR like this. (Score:2, Interesting)
I suspect however that it will become increasingly more common for these types of things to surface as journalists and reporters LOVE to take the side of the consumer and go after the "greedy corporations". It makes them look very good in the eyes of the people, who they are trying to gain popularity with. It will only snowball from here my friends, it's just a matter of time till things work themselves out.
Yes, we do (Score:4, Interesting)
Yes. To do any sorts of useful video editing, you need fast machines; in fact, I'd argue that 3ghz is the minimum you need.
Computer speed has historically been turned into new, useful applications; applications that can't even be considered until computers are fast enough.
Consider MP3; it could have been implemented 20 years before it became big; the theory of lossy compression was understood by researchers, but it wasn't terribly practical until faster computers appeared.
And this is on down the line... think about as I mentioned before... video editing, real-time video effects in games, speech recognition, pattern recognition; each needs more and faster processor power.
I'll grant you, if you want to do email and browse the web, then you're in luck: a 450mhz PII will suit you nicely, and a wonderful machine can be purchased for under $200 for that purpose. But that's pretty myopic; people want faster computers not to read email faster, but because they want to run new applications that are only possible with faster computers.
So I'd argue there is a significant problem if the world's CPU and chipmakers will only produce "trusted" versions of their product.
Re:Web links to TCPA and Microsoft NGSCB (Palladiu (Score:2, Interesting)
The goal is to learn from each other....
BUT, we also view this board as a two-way education channel. Ultimately, we'd like to see academia work with the industry to inculcate more security concepts into a technical education, because it's not just a technology problem or a computer science problem. ***It's a social problem***. If we at Microsoft work with academia to make sure they have the resources, time and information to infuse Trustworthy Computing concepts into education, the result will be graduates who are much more adept at understanding a secure computing environment.
I'm already experiencing it (Score:1, Interesting)
This is what trusted computing will be like. But instead of your employer limiting you at work, it will be Microsoft limiting you at home. "Where the fuck do you think you're going!?"
Re:I'm already experiencing it (Score:4, Interesting)
No, that's not correct. Doing this would reduce the sales of Microsoft software, and Microsoft's goal is to sell more software rather than less.
Instead, trusted computing will add new capabilities to your system, while still letting you do everything you can do today.
These new capabilities will allow "trusted" applications to report their identity unspoofably to remote servers. The servers can then refuse to supply content to users who aren't running software which will enforce DRM rules.
So you will still be able to do what you can today; but maybe everybody else will be able to do a lot more, downloading legal content under DRM restrictions. It's not so much that Trusted Computing will restrict what you can do; it's that it opens up new possibilities, but only under rules that are effectively enforced.
Re:It's full of hex! (Score:2, Interesting)
This is pretty much what it says, save for a the stuff at the end. Format is unicode.
What with all those [%s]s everywhere, it seems like it has some sort of a practical purpose, although it isn't "code" per se.Re:Article Text (For those who don't want to reg.) (Score:1, Interesting)
And you wonder why "industry" and "corporate america" care about DRM???? It's because copytheft is as simple as what you just did and you didn't even care.