Longhorn to put squeeze on gadgets

SAN FRANCISCO--Windows makes it easy to quickly download files to iPods and other portable storage devices--a little too easy in the minds of many IT managers.

In the next version of Windows, Microsoft will give big companies an easy way to block use of such devices, while making it easier for consumers to connect their home systems to them, a company representative told CNET News.com.

News.context

What's new:
Longhorn, the next version of Windows, will let big companies block access to iPods and other tiny storage devices in the name of tighter security.

Bottom line:
The new feature should make it harder for employees to grab sensitive corporate data from business PCs or to introduce malware onto local area networks.

More stories on Longhorn

Much has been made of the security risks posed by portable storage devices known as USB keys, or flash drives, music players like the iPod, and other small gadgets that can store vast amounts of data. Some fear that such tiny devices can be used to quickly copy sensitive data off business PC hard drives, or to introduce malicious software onto corporate networks.

"It's a real problem," said Padmanand Warrier, a developer in Microsoft's Windows unit. "That's the feedback we've gotten from IT folks."

To put the new features in place, Microsoft is hoping to move to a common model for how wired and wireless devices connect to a PC in 2006, around the time that it releases the next version of Windows, code-named Longhorn. For consumers, that means that wireless printers, networked music players and other wireless devices should be able to connect to a PC as easily as the USB drives today.

Microsoft did include a workaround in Windows XP Service Pack 2 that lets users change an internal Windows setting to prevent data from being written to USB devices. But the features planned for Longhorn will be more comprehensive.

Microsoft showed its future technology, known as "Plug and Play Extensions," at this week's Intel Developer Forum.

		special coverage Intel Developer Forum 2004 Dual-core chips are a highlight of the three-day gathering. For all stories from the event, plus video, click here.

For businesses, it means regaining some control over portable devices. "It's not just USB keys," Warrier said, noting that devices can just as easily link to PCs through Bluetooth short-range wireless or another connection.

By including tools to prevent workers from connecting portable storage devices to corporate PCs, Microsoft is offering big companies another option in addition to the outright banning of such devices, as some government agencies and other high-security installations have done.

"USB keys have become ubiquitous," said, Alan Brill, a senior managing director at Kroll OnTrack, a technology services firm that does security consulting. "You can pop them into any computer after Windows 95 and all the software that's needed is already in there. It's a tool that can be both used and abused very easily."

Companies have been slow to react to the threat posed by digital storage devices in general, Brill said.

"It's one that companies have turned a blind eye to for a very long time," Brill said. "If you think back, it used to be that stealing significant secrets was difficult because it was hard to get away with that much paper."

Intel, for example, used to check the bags of employees, but eventually such searches became impractical. With roughly, 80,000 employees, the company found it didn't have the resources to prevent against someone putting files onto a flash drive or iPod, a representative said.

"You don't have to wait for Longhorn for this. It already exists in Windows XP SP2. Just query "StorageDevicePolicies" in Google and you will find out how to make USB thumb drives read-only. Not sure if this also handles firewire devices like iPods, but I'm guessing most corporate PCs don't have firewire anyway."
--Tim Farley

"You take a better approach--you make sure people understand the need to protect company information and you hold them accountable," the representative said.

Market research firm Gartner has advised big companies to disable certain "plug and play" functions in Windows as a security precaution.

IT managers do have access to tools that would allow them to block USB ports, but such tools are little-known, and little-used. "There are tools that are available to...manage USB ports, but 99.9 percent of all machines in corporations don't have anything like that," Brill said.

Longhorn in the headlights
Of course, Microsoft's changes aren't coming until Longhorn, which isn't scheduled to arrive until 2006, and it is likely to take more time before the new operating system is widely adopted by companies.

"(USB keys are) a tool that can be both used and abused very easily." --Alan Brill of consulting firm Kroll OnTrack

The moves do shed more light on Microsoft's intentions for Longhorn. Much of the attention recently has been on Microsoft's decision to pull a key feature out of Longhorn--a new file system known as WinFS.

In addition to the new device architecture, Microsoft on Wednesday said it also still plans to include in Longhorn a controversial new security architecture called the Next Generation Secure Computing Base.

The company's most detailed outline of Longhorn came at a developer conference last fall, when they spoke of three main pillars--WinFS, a Web services architecture known as Indigo, and a presentation subsystem dubbed Avalon.

Microsoft is making changes to all three pillars. WinFS will be available as a beta when the Longhorn release comes out as a client. Avalon and Indigo will be part of Longhorn, but also made available separately for Windows XP and Windows Server 2003.

Microsoft has also promised improvements in manageability and ease of use, though the company has not gone into great detail on how those new features will work.

In an interview last moth, Windows chief Jim Allchin identified a few Longhorn features, including version 2.0 of the .Net framework, a new user interface, more resilience to malware and "a new photo experience."

[nmcphers]

Bla bla bla

This is what you have to put up with for the next 2-3 years folks. Every two weeks or so, a silly snippet about some possible feature that Longhorn will or might have. All an attempt to keep the name Longhorn in your head.

[alek_nedic]

Longhorn in your head

http://www.analogstereo.com/vacuum/miele_S5_metalic_vacuum.htm

[verucabong]

APPLE ALREADY DOES THIS!

Since last year when Mac OS X Panther Server was released,
Apple has been doing this same exact thing. With Panther (10.3)
Server, you can limit users to what they can connect to the
computers. You can ban all USB and FireWire devices outright if
you wish. While you can't limit specifically iPods, you can ban
FireWire devices, which effectively does the same thing. Plus, if
you're concerned about someone stealing data, you don't want
to allow FireWire drives but disallow iPods. Also, you can limit
weather or not a user can use the computer's CDRW or DVD-RW
drive as well.

ONCE AGAIN, APPLE BEATS MICROSOFT TO THE PUNCH.

[mpotter28]

and you overpaid by how much

The real thing about this is its clearly for paranoid corporate users and in case they haven;t noticed they left all the barn doors open. There are easier ways to steal coporate data .as for religon has it ever occurred to you that we can to a lot better than microsoft,apple or the linux people have acheived on just about every aspect of their os.

[mini2mac]

Server version only

You are talking about the server version of Mac OS X. In a corporate environment hardly any of the employees will be running server software on their desktop computers. So, OS X is not a solution.
Also, how is Bluetooth handled?

Already exists in XP SP2!

I wish folks would do their homework instead of just repeating what a PR person says. You don't have to wait for Longhorn for this. It already exists in Windows XP SP2.

Just query "StorageDevicePolicies" in Google and you will find out how to make USB thumb drives read only. Not sure if this also handles firewire devices like iPods, but I'm guessing most corporate PCs don't have firewire anyway.

[mpotter28]

user manual

wouldn;t it be nice if m$ provided a user mamual that was useful.

[PCCRomeo]

HaHa Apple!

Looks like Apple's gonna get a taste of their own medicine. How will the "worlds leading mp3 player" get through this?

[S R]

Why Apple?

The reason CNET includes iPod as the primary device is that they
want some more hits to their website.

What are we talking about here? People copying documents to
external devices and taking them out of the company. That
external device could be anything (it could even be your cell
phone.. now that we have 1.5GB capacity cell phones).

The company people are so paranoid!! They will buy computers
with data transfer capability!

[Gerald Quaglia]

Turned on by default

Will probably be turned on by default in the name of trustworthy
computing, The setting to turn it off will be buried under 3
layers of menus. The feature will no doubt not apply to M$ USB
devices, which are always trustworthy.

Has everyone forgot about the floppy?

You still have the ability to save that sensitve word doc to a floppy or even send it over the internet... I think there is no fool-proof way to prevent copying of sensitive data.

[RideMan]

Floppies? Easy...

Haven't you heard?

In the latest version of the Microsoft Office products, the
file headers and other housekeeping metadata takes up
1,624,801 bytes so that an empty file won't fit on a floppy.
:)

[avfolk--2008]

iPods safer than ANY Microsoft OS

iPods an instrument of potential security breaches? Maybe in
the wrong hands.

Microsoft OS an instrument of REAL security breaches? YES.
Even with SP2, the windoze platform is rife with security and
other operational issues.

Can iPods be used as instruments of evil? Certainly to far lesser
extent that the OS itself is.

[alek_nedic]

instruments of evil

http://www.analogstereo.com/vacuum/miele_s4510_vacuum.htm