Microsoft's leaner approach to Vista security

(continued from previous page)

in Vista. Also, Heil called on software makers to build applications that take advantage of Microsoft's implementation of the TPM in Windows Vista.

It is unclear, however, which editions of Vista will support TPM and offer Secure Startup. The feature is aimed at business PC users, Heil said. This could mean that support will be limited to premium versions of Vista. Microsoft declined to discuss packaging of the new operating system.

Microsoft also won't commit to support for TPM in the server release of Longhorn, which is scheduled for 2007. The Trusted Computing Group, which develops the TPM specifications, in July released a blueprint for use of the security chip in server computers.

"The initial broad vision was just not accepted by the partners Microsoft had to enlist. Microsoft is now biting off the pieces that can get people some immediate benefit and can get support from hardware and software vendors."

--Rob Helm, director of research, Directions on Microsoft

TPM is not new. Microsoft is even late to the game with its support for the chip. PC vendors such as IBM, Hewlett-Packard and Dell already include TPM chips in some of their PCs and allow for features such as encrypted hard-disk drives and e-mail. HP and IBM and other companies provide software that enables those features.

"PCs with the TPM have been shipping for two-and-a-half years," said Brian Berger, head of the marketing working group of the Trusted Computing Group, which promotes open specifications to protect against software-based attacks.

According to IDC, about 25 million PCs will ship this year with TPM chips in them. Next year, the research firm predicts, about 60 million computers will ship with the security chip. By 2010 essentially all portable PCs and the vast majority of desktops will include a TPM chip, according to IDC.

NGSCB was heavily scrutinized by critics who feared it could curtail users' ability to control their own PCs and erode fair-use rights. TPM is also not without controversy. The security chip could be used for digital rights management applications and the presence of unique encryption keys has raised concerns among privacy watchers.

Although the TPM was not specifically designed for digital rights management purposes, third-party software makers could, for example, use the chip to enforce limitations on the number of times a digital media file can be played or copied, according to the Trusted Computing Group.

"There is some concern that (the TPM) could be used in a privacy-impairing way," Microsoft's Heil said. To quell those concerns, Microsoft won't require PC makers to include the security chip in their systems and the feature will be turned off by default in PCs that do ship with it, according to Heil.

Adding TPM support to Windows is "much less ambitious" than the full-blown NGSCB plan, said Rob Helm, director of research at Directions on Microsoft, a Kirkland, Wash., research firm. "But it also requires a lot less from software developers and makes it more likely to get widely adopted," he said.

Nobody is mourning the fact that NGSCB has not made it into Vista, Helm said. "The initial broad vision was just not accepted by the partners Microsoft had to enlist," he said. "Microsoft is now biting off the pieces that can get people some immediate benefit and can get support from hardware and software vendors."

Subsequent to Secure Startup, Microsoft will build other part of its NGSCB plan, according to the company Web site: "These will complement Secure Startup to enable a broad range of new secure computing solutions. The technical specifications, timing and delivery vehicles are TBD."

[ebrandel]

Where'd all the tech savvy columnists go?

From the article:
---------------------
"Current versions of Windows offer ... start-up security such as Basic Input/Output System, or BIOS passwords"
---------------------

What? BIOS passwords and security have absolutely nothing to do with the OS being used on a system. It is completely a funcion of the hardware used. There is zero interaction between the OS (or any other software) and any form of BIOS security.

[mike ricciuti]

There is interaction between BIOS/Windows...

There is interaction between BIOS security and Windows XP. Take a look at this info Microsoft's Web site:

"Also be aware that BIOS security can supercede Windows XP Professional security by preventing Windows XP Professional from taking control of the computer or other devices."

<a class="jive-link-external" href="http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdc_mcc_wmnc.asp" target="_newWindow">http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdc_mcc_wmnc.asp</a>

[ebrandel]

Where'd all the tech savvy columnists go?

From the article:
---------------------
"Current versions of Windows offer ... start-up security such as Basic Input/Output System, or BIOS passwords"
---------------------

What? BIOS passwords and security have absolutely nothing to do with the OS being used on a system. It is completely a funcion of the hardware used. There is zero interaction between the OS (or any other software) and any form of BIOS security.

[mike ricciuti]

There is interaction between BIOS/Windows...

There is interaction between BIOS security and Windows XP. Take a look at this info Microsoft's Web site:

"Also be aware that BIOS security can supercede Windows XP Professional security by preventing Windows XP Professional from taking control of the computer or other devices."

<a class="jive-link-external" href="http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdc_mcc_wmnc.asp" target="_newWindow">http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdc_mcc_wmnc.asp</a>

[ebrandel]

Where'd all the tech savvy columnists go?

From the article:
---------------------
"Current versions of Windows offer ... start-up security such as Basic Input/Output System, or BIOS passwords"
---------------------

What? BIOS passwords and security have absolutely nothing to do with the OS being used on a system. It is completely a funcion of the hardware used. There is zero interaction between the OS (or any other software) and any form of BIOS security.

[mike ricciuti]

There is interaction between BIOS/Windows...

There is interaction between BIOS security and Windows XP. Take a look at this info Microsoft's Web site:

"Also be aware that BIOS security can supercede Windows XP Professional security by preventing Windows XP Professional from taking control of the computer or other devices."

<a class="jive-link-external" href="http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdc_mcc_wmnc.asp" target="_newWindow">http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdc_mcc_wmnc.asp</a>

[CagedAnimal]

Didn't learn from the PIII

I guess they do not remember the stiff backlash against the Pentium III serial number. Hopefully consumers will react similarly to this.

Sorry, but you don't need a special chip to encrypt a hard drive. It would be nice if they would just cut the crap and admit the real motivation is DRM.

[ddesy]

We can only hope

I'm not so sure that we will see the same backlash against this new technology that we did against the Pentium III serial number. If you look at the current track record of modern, non-technical computer buyers, they don't seem too worried about their privacy.

I seriously doubt that the people who have spyware ridden computers know enough to understand the possible implications of TRM.

[CagedAnimal]

Didn't learn from the PIII

I guess they do not remember the stiff backlash against the Pentium III serial number. Hopefully consumers will react similarly to this.

Sorry, but you don't need a special chip to encrypt a hard drive. It would be nice if they would just cut the crap and admit the real motivation is DRM.

[ddesy]

We can only hope

I'm not so sure that we will see the same backlash against this new technology that we did against the Pentium III serial number. If you look at the current track record of modern, non-technical computer buyers, they don't seem too worried about their privacy.

I seriously doubt that the people who have spyware ridden computers know enough to understand the possible implications of TRM.

[CagedAnimal]

Didn't learn from the PIII

I guess they do not remember the stiff backlash against the Pentium III serial number. Hopefully consumers will react similarly to this.

Sorry, but you don't need a special chip to encrypt a hard drive. It would be nice if they would just cut the crap and admit the real motivation is DRM.

[ddesy]

We can only hope

I'm not so sure that we will see the same backlash against this new technology that we did against the Pentium III serial number. If you look at the current track record of modern, non-technical computer buyers, they don't seem too worried about their privacy.

I seriously doubt that the people who have spyware ridden computers know enough to understand the possible implications of TRM.

[Scott W]

treacherous computing

great, at least Vista isn't forcing this censorship upon us just yet. we all know MS wants TC to block "unauthorised" software on a machine. to MS anything unauthorised is anything they don't want on your machine (ie. linux instead of windows, openOffice instead of MS Office, RealPlayer instead of Windows Media Player etc)

[catchall]

Why are people willfully missing the point?

Regardless of what you want, 'Protected Computing', DRM, and the lot are there for the content provides benefit, not MS. Here is how it works
1. Major players put DRM tech into the computer/OS
2. Content providers (lets say movie makers) say 'requires on-chip DRM to play'. No chips, no support, doesn't play on that machine.
3. Linux, or any OS that refuses to put the technology into the OS, are left WAY out in the cold.
Same thing goes in business settings. 'These files only usable by these machines. Can't do that in hardware? Don't buy them!'
That will be the end of any desktop OS, regardless of who makes it.

MS, if they even hinted at disallowing OpenOffice/ any rival, would be in court before we were aware of it. The RIAA, Hollywood, those are the folks that are making this happen. Any OS provider not following along is putting a nail in their coffin.

[Scott W]

treacherous computing

great, at least Vista isn't forcing this censorship upon us just yet. we all know MS wants TC to block "unauthorised" software on a machine. to MS anything unauthorised is anything they don't want on your machine (ie. linux instead of windows, openOffice instead of MS Office, RealPlayer instead of Windows Media Player etc)

[catchall]

Why are people willfully missing the point?

Regardless of what you want, 'Protected Computing', DRM, and the lot are there for the content provides benefit, not MS. Here is how it works
1. Major players put DRM tech into the computer/OS
2. Content providers (lets say movie makers) say 'requires on-chip DRM to play'. No chips, no support, doesn't play on that machine.
3. Linux, or any OS that refuses to put the technology into the OS, are left WAY out in the cold.
Same thing goes in business settings. 'These files only usable by these machines. Can't do that in hardware? Don't buy them!'
That will be the end of any desktop OS, regardless of who makes it.

MS, if they even hinted at disallowing OpenOffice/ any rival, would be in court before we were aware of it. The RIAA, Hollywood, those are the folks that are making this happen. Any OS provider not following along is putting a nail in their coffin.

[Scott W]

treacherous computing

great, at least Vista isn't forcing this censorship upon us just yet. we all know MS wants TC to block "unauthorised" software on a machine. to MS anything unauthorised is anything they don't want on your machine (ie. linux instead of windows, openOffice instead of MS Office, RealPlayer instead of Windows Media Player etc)

[catchall]

Why are people willfully missing the point?

Regardless of what you want, 'Protected Computing', DRM, and the lot are there for the content provides benefit, not MS. Here is how it works
1. Major players put DRM tech into the computer/OS
2. Content providers (lets say movie makers) say 'requires on-chip DRM to play'. No chips, no support, doesn't play on that machine.
3. Linux, or any OS that refuses to put the technology into the OS, are left WAY out in the cold.
Same thing goes in business settings. 'These files only usable by these machines. Can't do that in hardware? Don't buy them!'
That will be the end of any desktop OS, regardless of who makes it.

MS, if they even hinted at disallowing OpenOffice/ any rival, would be in court before we were aware of it. The RIAA, Hollywood, those are the folks that are making this happen. Any OS provider not following along is putting a nail in their coffin.

[R. U. Sirius]

Beware the Wolf in Sheep's Clothing

Microsoft wants to use a chip to encrypt and protect my data? Wow. I'm so naive I thought that I could use encryption software to do this. ;-) Gee Mr. Gates, thank you for thinking about me. But how come I can't play my .avi files anymore? Or rip my CD's to iTunes? Or rip my DVD's to avi files? Huh? What's this stuff called "DRM" anyway?

Remember the fable: beware of a wolf in sheeps clothing.

[R. U. Sirius]

Beware the Wolf in Sheep's Clothing

Microsoft wants to use a chip to encrypt and protect my data? Wow. I'm so naive I thought that I could use encryption software to do this. ;-) Gee Mr. Gates, thank you for thinking about me. But how come I can't play my .avi files anymore? Or rip my CD's to iTunes? Or rip my DVD's to avi files? Huh? What's this stuff called "DRM" anyway?

Remember the fable: beware of a wolf in sheeps clothing.

[R. U. Sirius]

Beware the Wolf in Sheep's Clothing

Microsoft wants to use a chip to encrypt and protect my data? Wow. I'm so naive I thought that I could use encryption software to do this. ;-) Gee Mr. Gates, thank you for thinking about me. But how come I can't play my .avi files anymore? Or rip my CD's to iTunes? Or rip my DVD's to avi files? Huh? What's this stuff called "DRM" anyway?

Remember the fable: beware of a wolf in sheeps clothing.

[malabrm1]

Awww...big bad Microsoft, is it?

To the pompous and eloquent tech geniuses who have made certain posts to this string, no one is forcing anyone to use Microsoft product. No one is forcing anyone to use the internet to send email and surf the web for that matter - use a carrier pigeon for mail and your local library to do research = no one's ever hacked or spammed these telecomm methods. I am wearying of the Microsoft slams for one specific reason: business is business. And yes, Microsoft wants you to use their products like MediaPlayer and Internet Explorer. So what's the alternative? I'm developing little patience for conspiracies of idiocy. The purpose of business is to make a profit. And to blame MSFT just cause they're the global market killer in their space is as silly as blaming the Stones for corrupting your teenage daughters' minds.

[CharlesRovira]

Except that if you don't like the 'Stones

you aren't forced to listen to 'em.

[Michael Grogan]

And I'm sick of

fools who are willing to give away the whole country to corporate interests in the name of 'business is business'. People are people and I, for one, am tired to death of corporate greed crapping on my entire existance.

[cjohn17]

The Disgruntled Fight Back

No, you are wrong. The purpose of business is to make a quality
product that the consumer can enjoy.

We, the disgruntled, neither think MS products are quality nor
enjoyable. And since MS has an overwhelming presence in the
market place because of their unfair practices, most of us are
forced to use they substandard junk software.

But the day is coming when they will be no more.

[Scott W]

don't use the internet?

wow, you are an idiot...
many of the anti-MS crew do our best to NOT use windows and its offspring. unfortunately, when we go to work/school we find windows on our machines. it wouldn't be so bad if we didn't lose a weeks work when the server (frequently) goes down.

don't use the internet? how else do you propose we obtain linux and get support for it? if you're sick of anti-MS remarks why don't you stop viewing talkback? or better yet, follow your own advice and sign off the internet, switch off your computer and bury your head in the sand. the MS way isn't the only way and we are going to express our disapproval of their monopolistic tactics.

[malabrm1]

Awww...big bad Microsoft, is it?

To the pompous and eloquent tech geniuses who have made certain posts to this string, no one is forcing anyone to use Microsoft product. No one is forcing anyone to use the internet to send email and surf the web for that matter - use a carrier pigeon for mail and your local library to do research = no one's ever hacked or spammed these telecomm methods. I am wearying of the Microsoft slams for one specific reason: business is business. And yes, Microsoft wants you to use their products like MediaPlayer and Internet Explorer. So what's the alternative? I'm developing little patience for conspiracies of idiocy. The purpose of business is to make a profit. And to blame MSFT just cause they're the global market killer in their space is as silly as blaming the Stones for corrupting your teenage daughters' minds.

[CharlesRovira]

Except that if you don't like the 'Stones

you aren't forced to listen to 'em.

[Michael Grogan]

And I'm sick of

fools who are willing to give away the whole country to corporate interests in the name of 'business is business'. People are people and I, for one, am tired to death of corporate greed crapping on my entire existance.

[cjohn17]

The Disgruntled Fight Back

No, you are wrong. The purpose of business is to make a quality
product that the consumer can enjoy.

We, the disgruntled, neither think MS products are quality nor
enjoyable. And since MS has an overwhelming presence in the
market place because of their unfair practices, most of us are
forced to use they substandard junk software.

But the day is coming when they will be no more.

[Scott W]

don't use the internet?

wow, you are an idiot...
many of the anti-MS crew do our best to NOT use windows and its offspring. unfortunately, when we go to work/school we find windows on our machines. it wouldn't be so bad if we didn't lose a weeks work when the server (frequently) goes down.

don't use the internet? how else do you propose we obtain linux and get support for it? if you're sick of anti-MS remarks why don't you stop viewing talkback? or better yet, follow your own advice and sign off the internet, switch off your computer and bury your head in the sand. the MS way isn't the only way and we are going to express our disapproval of their monopolistic tactics.

[malabrm1]

Awww...big bad Microsoft, is it?

To the pompous and eloquent tech geniuses who have made certain posts to this string, no one is forcing anyone to use Microsoft product. No one is forcing anyone to use the internet to send email and surf the web for that matter - use a carrier pigeon for mail and your local library to do research = no one's ever hacked or spammed these telecomm methods. I am wearying of the Microsoft slams for one specific reason: business is business. And yes, Microsoft wants you to use their products like MediaPlayer and Internet Explorer. So what's the alternative? I'm developing little patience for conspiracies of idiocy. The purpose of business is to make a profit. And to blame MSFT just cause they're the global market killer in their space is as silly as blaming the Stones for corrupting your teenage daughters' minds.

[CharlesRovira]

Except that if you don't like the 'Stones

you aren't forced to listen to 'em.

[Michael Grogan]

And I'm sick of

fools who are willing to give away the whole country to corporate interests in the name of 'business is business'. People are people and I, for one, am tired to death of corporate greed crapping on my entire existance.

[cjohn17]

The Disgruntled Fight Back

No, you are wrong. The purpose of business is to make a quality
product that the consumer can enjoy.

We, the disgruntled, neither think MS products are quality nor
enjoyable. And since MS has an overwhelming presence in the
market place because of their unfair practices, most of us are
forced to use they substandard junk software.

But the day is coming when they will be no more.

[Scott W]

don't use the internet?

wow, you are an idiot...
many of the anti-MS crew do our best to NOT use windows and its offspring. unfortunately, when we go to work/school we find windows on our machines. it wouldn't be so bad if we didn't lose a weeks work when the server (frequently) goes down.

don't use the internet? how else do you propose we obtain linux and get support for it? if you're sick of anti-MS remarks why don't you stop viewing talkback? or better yet, follow your own advice and sign off the internet, switch off your computer and bury your head in the sand. the MS way isn't the only way and we are going to express our disapproval of their monopolistic tactics.

[CharlesRovira]

Another opportunity missed

to clean up their act and their software.

And they wonder why people are getting into Linux and why they're
looking at Mac OS X.

[CharlesRovira]

Another opportunity missed

to clean up their act and their software.

And they wonder why people are getting into Linux and why they're
looking at Mac OS X.

[CharlesRovira]

Another opportunity missed

to clean up their act and their software.

And they wonder why people are getting into Linux and why they're
looking at Mac OS X.

[technewsjunkie]

Wasn't TPM bypassed in Apple's Intel Dev machines

n/t

[technewsjunkie]

Wasn't TPM bypassed in Apple's Intel Dev machines

n/t

[technewsjunkie]

Wasn't TPM bypassed in Apple's Intel Dev machines

n/t

flawed logic

Nice try to justify Trusted Computing, too bad your logic is a lil' flawed.

First, it's not only Microsoft that wants the TPM on our desk and laptop but the COMPLETE INDUSTRY. IBM, Intel, AMD, Apple, Microsoft , Dell. You have no choice. Yes you could use Linux, but with 95 % of users using TC DRM will find it's way into our homes and you, Linux user, will not be able to use these services.
So then your second argument, don't use the internet?
Let me get this straight, what you basically are saying is this: if you don't like me to invade your home, confiscate your living room, just go live on the street? I'm not buying you any coffee.

flawed logic

Nice try to justify Trusted Computing, too bad your logic is a lil' flawed.

First, it's not only Microsoft that wants the TPM on our desk and laptop but the COMPLETE INDUSTRY. IBM, Intel, AMD, Apple, Microsoft , Dell. You have no choice. Yes you could use Linux, but with 95 % of users using TC DRM will find it's way into our homes and you, Linux user, will not be able to use these services.
So then your second argument, don't use the internet?
Let me get this straight, what you basically are saying is this: if you don't like me to invade your home, confiscate your living room, just go live on the street? I'm not buying you any coffee.

flawed logic

Nice try to justify Trusted Computing, too bad your logic is a lil' flawed.

First, it's not only Microsoft that wants the TPM on our desk and laptop but the COMPLETE INDUSTRY. IBM, Intel, AMD, Apple, Microsoft , Dell. You have no choice. Yes you could use Linux, but with 95 % of users using TC DRM will find it's way into our homes and you, Linux user, will not be able to use these services.
So then your second argument, don't use the internet?
Let me get this straight, what you basically are saying is this: if you don't like me to invade your home, confiscate your living room, just go live on the street? I'm not buying you any coffee.

[Andrew J Glina]

Circumvented Encryption

CNET wrote that story implying that Stephen Heil said that Windows XP file encryption can be bypassed in 15 minutes. I doubt it. He was probably only refering to the BIOS. If you encypt files on a hard drive on NTFS and then re-install Windows you will lose access to the files. Furthermore, Windows NT does not use the BIOS to talk to the Hardware. That was Windows 9x.