Microsoft: 'Trusted Windows' still coming, trust us

After nearly a decade, Microsoft's vision for how to protect especially sensitive information within Windows remains largely that--a vision.

For years, the software giant has promised to deliver a secure way to shuttle around key bits of information. Once known as Palladium and more recently dubbed the Next Generation Secure Computing Base, or NGSCB, the approach was once a key part of Longhorn, the next version of Windows. Although the first piece of that is arriving in Longhorn, it's only a thin sliver of what Microsoft has been working toward since describing its idea of "trusted Windows" a decade ago.

In the next version of Windows, which Microsoft chairman Bill Gates will show off on Monday at a company sponsored conference, Microsoft will use the concepts of NGSCB to ensure that Windows-based machines start up without interference. The primary benefit of such an approach is that if a laptop is lost or stolen, the data can't be accessed simply by booting the machine up using another operating system.

News.context

What's new:
Microsoft has scaled back an ambitious security plan, but some pieces will show up in the next Windows.

Bottom line:
Although early concerns have eased up, worries over the cost and hardware requirements involved in protecting sensitive information within Windows have forced the company to again alter its plans.

More stories on this topic

"If you lose your laptop in a taxi, no one is going to get at your data," Windows chief Jim Allchin said in a recent interview. "The hardware is not going to let you boot that software, and there is a way for us to do full-volume encryption."

That may indeed be a popular feature, but it's a far cry from Microsoft's broader plan, which was to use NGSCB systemwide as a secure vault for particularly sensitive information such as passwords or bank records. Such information would be kept in hardware and then securely transmitted between a computer's components, such as memory, hard drive and monitor.

The change, Microsoft says, is the result of customers telling the software maker that they didn't want to have to rewrite their applications.

"We revisited our approach," said Selena Wilson, director of product marketing in Microsoft's security unit, adding that the company's decision was to "give customers something that is easy to implement now and upgrade over time."

Microsoft's plans for NGSCB have been shifting for some time. The company demonstrated a prototype of the technology two years ago, but by that point there were already concerns that it could harm consumers or that it would give Microsoft too much leverage over businesses.

Although some of those concerns have eased as Microsoft has revamped the technology, more practical worries over the cost and

Mac OS X FileVault... onsale 10-25-2003

Encrypted home directory protects user data with one click, been
available for 18 months now... oh yeah, "it just works"!

let's talk about what's really in longhorn when it starts shipping.

[catchall]

Ya, right

Right click on folder ( in XP Pro ), go Properties, advanced, click Encrypt

Been available for years now... oh yeah, "it just works"!

Please stop telling me that once again Apple is just recently offering features the rest of us have had for years.

[Jonathan]

On the fly encryption since Windows 2000

*yawns* Another Mac user talking smack about something they know nothing about. How original. In point of fact file system encryption has been around since Windows 2000 (And NT in a limited fashion.) In fact its more robust then Panther's implementation since you aren't limited to your home directory. You can encrypt any file or directory on the system. Also never mind the fact that you get a massive performance hit on Panther when you implement file vault. I know this first hand. I have multiple directories encrypted on my XP system and there is ZERO performance lag. Oh and as an added benefit 2000 didn't FUBAR users who used EFS when it first came out. Unlike users who used Filevault. http://forums.macrumors.com/showthread.php?s=&threadid=45731

Don't talk **** about something you know nothing about.

[Earl Benser]

It's really 'Shorthorn' after all.....

MS is begginning to admit that their grand plans for Longhorn
are encountering serious developer okjections as well basic
programming conflicts. This should not really be news; MS's
plans for Longhorn always has been perhaps overly ambitious.
And MS continues to have to work with poorly designed, and
uncontrollably modified motherboard concepts, as well as a
processor set which is much too long in the tooth with now an
almost archaeic design.

But, MS and Intel just can't seem to get their merry-go-round to
stop. No one can get off. and the ressult is likely to get you
dizzy with it's contniued spin.

[System Tyrant]

Longhorn, Windows XP Rev 2

In the past year or so I have been reading articles from people who once worked at Microsoft or have worked with Microsoft on Windows. One of the same themes that runs throughout each article is that they will never make Windows secure. They 'why' is always because of the foundation Windows sits on.

I don't like Microsoft so I probably put more into those stories than there really is, but if all stands true then Microsoft probably needs to do a major overhaul of the Windows core. This will probably cause lots of problems with the current programs, but it may be the only way to fix the non-bug security problems.

[aabcdefghij987654321]

The foundation is fine

What ever makes you think there's a problem at the foundation level? Specifics are required, you've made this vague charge before and it simply doesn't hold any water.

Aren't The "Appplications" the Net and Not "Windows"

To the extent that networks (storage etc.) and the applications that run on them ought to present much more security challenges than "Windows" (Long Horn, Short Horn, LinuxSomething... whatever) and other OSes; the questions are, why are there so much focus on "Windows" security alone when the focus should be on entire IT infrastructures that will facilitate interoperability between web services (BPEL, et cetera) applications which invariably will incorporate Extensible Markup Language (XML) protocols which may very well present greater security concerns than at the operating systems' bases - Windows and other OSes not being the "Net" unto themselves!

[PolarUpgrade]

..because "security" has a special meaning

I ponder that the focus is promoted as local because the net-centric aspect looksto be deedicated to securing the user against unpaid use of what amounts to Web-tethered perpetual-pay rentalware.

If people understood fully that this security model also enables content locking and application locking, so far as one can read between the development lines, consumers might bolt for Macintoshes rather than accept the long sharp horn of the digital lockdown.

That's not an upgrade its a linux attack

when they say
"The primary benefit of such an approach is that if a laptop is lost or stolen, the data can't be accessed simply by booting the machine up using another operating system."

I dont see the benefit... On a Linux laptop only if youre root or have the users account you can access the personal information. and that has been in place since the beginning..

I wonder how many people uses another OS to access data on a windows machine?? I really think there are not that many.

If Microsoft is going to do this is just to prevent a PC with 2 or more operating systems (of course Linux among them) to see Windows files from the other OS. A laptop and most importatn a DESKTOP with linux and Windows WONT be able to read files from the Windows partition AS WE ARE ABLE TO DO TODAY.

Clever from Microsoft to distract people to the Laptops.. their real attack is on the desktop, where more Linux/Windows configurations are in place...

I use Linux to recover information from Windows PCs when the windows is so broke down that it wont start. With this "security feature" I wont be able to do it.

Same old Microsoft, the promise was to have a lot of things for security on longhorn, now they wont get to the promised date, so they jtook everything out and left only the things that prevent users of choise to use another OS.

[Sboston]

You missed the point.

Laptop encryption is very big right now. Besides, how often are you going to leave behind your desktop in a taxi?

I work at a bank IT shop, you'd be suprised how many laptops are lost or stolen. The laptop encryption we implamented keeps that information secure. Bad guys can't get it due to not even being able to get into windows.

XP encryption: Pretty good stuff. If a bad guy uses a tool to get into your system by changing your password, your files are still encrypted using the old password. You can't get the data.

[aabcdefghij987654321]

It's not mandatory, it's there for those who need it

This security is there for those who need it, like executives with sensitive company information on their laptops. It's not required that every user of Windows use this additional security, it's not even required that that hardware required to support this security be present. It's only there if you need it so this won't prevent users who have both Linux and Windows on a single machine from being able to access the disk from either OS.

[System Tyrant]

I have a question...

In Windows, this or the next version, does the encrypted drive or folder require a password to view and edit or does it do it automatically at login?

I assume that if the encryption is decrypted at login (I know it probably decrypts after you open the folder or drive) then they need to make sure the login is better secured.

Although I can't remember the specifics of a report that circulated awhile back I do remember the jist. It took 13 seconds to break the Windows security and gain access to the operating system.
********* Just so no one can accuse me of spreading FUD. I don't know how the security was set up in the first place or what method they used to break it. I do remember them talking about using more than one computer to do it through distrobution, but thats about it.

[PolarUpgrade]

Windows "security" is an oxymoron

Windows itself is an operating system. Traditionally, being secure in computing does not mean just locking the OS, since if the OS security is compromised, all data that relies only on the OS security model might also be at risk.

If one needs data security in terms of access at startup, simply use a program like Paragon Encrypted Disk, which lets one control access to encrypted "disks" created on a hard disk within current Windows versions.

Whatever the solution, since one still needs to use application level or Paragon-style encryption as a fall-back to meet due-diligence requirements (depending just on the Microsoft approach is not due diligence as we all know), it makes little sense to focus on securing the MS OS.

Securing application data via add-on encryption tools, as well as application and account passwords used with discipline, is a far better approach, because it means the hacker cannot crack just one model/approach/method and compromise millions of users all at once. The very combination of user-level security approaches builds in an extra level of security for all users owing to what amounts to random variability in the technique needed to steal any one user's data.

Since all of the above would still be needed, and since all of the above obviates the need to secure the OS itself, there is no need for OS-level security of the kind MS envisages. It's only effect would be to require us to throw away much of our extant software.

One may ponder quite reasonably whether next gen security isn't really aimed at locking software and content, as well as compelling the puchase of matchung new copy-locked software AND content, as it makes little sense except as a digital prison for the end user.

ok, but you missed THE point also

Ok let me correct my self.

youre right.. ok that new feature helps your banking needs thats good, BUT its a direct way to block Linux. that point is unrefutable..

Right now you can boot Linux with a CD on a Windows Machine... you try it, get the CD out and restart Windows without modifying anything.

I use this method to FIX problems in Windows Machines when WindowsOS is unable to stand by itself... Now I wont be able to do it.

Solving that need in this way is an excuse for MS to provent people from trying Linux with a CD. You already have many ways of securing your laptops data without this "Operating System Lock". It should better be called: "Monopoly Lock".

So bye bye your ability to chose... you have no choise but to use just that Operating System.
That alone should be enough for another antitrust Lawsuit.

[System Tyrant]

Encryption

Ok my question is if something goes wrong with Windows how do you recover that data? Second question is how do other OS that have encryption that covers the entire file system and/or directories handle that situation? If I encrypt data on a Linux or Apple box what do I do if the os craps out and dies on me and the only way to access the information is from a secondary OS?

[Sboston]

bad side

Here's the bad side of the OS lock safe boot. It's mandated by SOX. (Sarbenes Oxley (pardon my spelling of it))
So in effect, we have no recourse but to do this.

If the drive dies it is a major headache to TRY to recover the info. It will probably be a loss.

Again, this is not MS. (Not standing up for them, just presenting the facts as I know them.)

Sleeping....

And this is news?
There is a reason why I browsed through this...worthless article...NEXT!

I swear...

I swear the only thing Microsoft can do any more is say they are going to do this and then the following week scale in back. Do they have any idea how this makes them look? It makes the look like idiots.

I am not a big fan of Microsoft, but I also know that I will never touch a Mac. So with that I am willing to cut them some slack. I think most Microsoft customers have cut them slack by not going after them for all of the bugs and security holes in their software.

It is a shame this scaling back doesn't work with prices. Lets see you said we would be getting this, this and that and we only got this, so instead of paying you $499.00 we are scaling back our money to match you scaled back product.

Personally, I am getting tired of this. Microsoft needs to get their act together or keep their mouths shut until they have concrete plans that are set in stone.

Robert

[Stating]

If You Don't Encrypt The Data

If you don't encrypt the data residing on a Longhorn disk drive, then it is just a matter of attaching the drive to another computer as a secondary drive. Bingo, you will have access to the data, and you don't even have to know any passwords! This is the dirty little secret of Windows, though it does make data migration or recovery a lot easier. Even if your Windows computer becomes unbootable, your data is easily recoverable. Unfortunately, it is a dream for data thieves, which is why physically securing the data (locked rooms, controlled access), particularly for servers, is important. There is no way I would let corporate executives travel with laptops that did not have data encryption implemented.

There are a number of very good 3rd party data encryption tools available, including open source based tools. They offer the flexibility of encrypting an entire volume or just select folders. They support removeable media like flash drives, and the encrypted media can be accessed across OS versions, e.g., encrypt the data on a Windows 2K computer and read it on an XP system. Overall, a lot more flexible than Longhorn, a lot cheaper (free), and subject to peer review of the encryption algorithms. Which is something I didn't learn from this story, what encryption algorithm(s) is Microsoft using for Longhorn? Who are they providing backdoor keys to? Do you want to yet again trust your security to MS?

Keith
www.techcando.com

[Jon N.]

They've gotta be kiddin' ...

Trusted Windows. This has gotta be the joke of the decade. "It's coming...trust us", they say! Ever since security in Windows started, they've dropped the ball when it comes down to software security/consumer protection. Only now are they beginning to see that security should have been on the forefront of the system {i.e.,Linux/Unix/OSX}. Even there, they drop the ball again with countless delays & promises, promises, promises! They've gotta be kiddin'! Why couldn't they have made the bootup encrypted in the first place? Meanwhile the Longhorn OS debut gets put further & further away! Now it maybe the 4th Qtr. of 2006! The only security program that M$ has made recently that seems to work well, is the Anti-Spyware beta, & that has less than 100 days left to its lifespan. I've migrated my docs to OpenOffice.org, & I am soon going to move to Linux on my i586. Redmond seems to have all the time in the world to fix its problems. I do not.

Will this "Gorilla" be let out of it's Cage!

I have just read this article (please see attached link: http://www.os2world.com/petition/ ) where the OS/2 Community plans to send a petition IBM requesting to make OS/2 Open Source or at least part of its components. One wonders what will be the marketplace scenario for the "Windows", "Linux" Solaris OSes et cetera - should IBM accede to the request from the OS/2 Warp Community to Open Source this OS against the background that that it - being the "Half" Brother of Windows and previously boasted a much more "secure" and "reliable" operating platform than Windows!

[Jon N.]

Right on!

Totally right on, Sheldon! It would be a great benefit to the open source community! Imagine SuSE linux with more awsome drivers...& maybe a game console emmulation! Oh, the thoughts just boggle the mind!

[Earl Benser]

"Verrrrry Interesting......"

If IBM would go along with this deal, I think it could prove to be a
real boost in the OS market.... WinWhatever, OSX, Linux (in various
flavors), OS/2, and who knows what else. '

But I still think that the success of OS/2 and Linux may hinge on
getting rid of an obsolete moitherboard design, and an obsolete
processor. Both have far too much deadwood dragging along from
the MS-DOS days. It's time to clear out the crud and move into the
21st century.

[aabcdefghij987654321]

Not going to happen

IBM won't release OS/2 as open source even if they wanted to. MS still owns some rights to the code since they wrote a lot of it so MS would have to give their permission first. Anyone care to guess what answer IBM would get if they asked MS for permission?

That's A Security Feature??

Have they forgotten that the thief that steals the laptop can simply mount the hard drive onto another system and then access the data?

[pcLoadLetter]

Shh..

Now you have done it, you made Uncle Bill cry.