August 29, 2005 4:00 AM PDT

Microsoft's leaner approach to Vista security

(continued from previous page)

in Vista. Also, Heil called on software makers to build applications that take advantage of Microsoft's implementation of the TPM in Windows Vista.

It is unclear, however, which editions of Vista will support TPM and offer Secure Startup. The feature is aimed at business PC users, Heil said. This could mean that support will be limited to premium versions of Vista. Microsoft declined to discuss packaging of the new operating system.

Microsoft also won't commit to support for TPM in the server release of Longhorn, which is scheduled for 2007. The Trusted Computing Group, which develops the TPM specifications, in July released a blueprint for use of the security chip in server computers.

"The initial broad vision was just not accepted by the partners Microsoft had to enlist. Microsoft is now biting off the pieces that can get people some immediate benefit and can get support from hardware and software vendors."
--Rob Helm, director of research, Directions on Microsoft

TPM is not new. Microsoft is even late to the game with its support for the chip. PC vendors such as IBM, Hewlett-Packard and Dell already include TPM chips in some of their PCs and allow for features such as encrypted hard-disk drives and e-mail. HP and IBM and other companies provide software that enables those features.

"PCs with the TPM have been shipping for two-and-a-half years," said Brian Berger, head of the marketing working group of the Trusted Computing Group, which promotes open specifications to protect against software-based attacks.

According to IDC, about 25 million PCs will ship this year with TPM chips in them. Next year, the research firm predicts, about 60 million computers will ship with the security chip. By 2010 essentially all portable PCs and the vast majority of desktops will include a TPM chip, according to IDC.

NGSCB was heavily scrutinized by critics who feared it could curtail users' ability to control their own PCs and erode fair-use rights. TPM is also not without controversy. The security chip could be used for digital rights management applications and the presence of unique encryption keys has raised concerns among privacy watchers.

Although the TPM was not specifically designed for digital rights management purposes, third-party software makers could, for example, use the chip to enforce limitations on the number of times a digital media file can be played or copied, according to the Trusted Computing Group.

"There is some concern that (the TPM) could be used in a privacy-impairing way," Microsoft's Heil said. To quell those concerns, Microsoft won't require PC makers to include the security chip in their systems and the feature will be turned off by default in PCs that do ship with it, according to Heil.

Adding TPM support to Windows is "much less ambitious" than the full-blown NGSCB plan, said Rob Helm, director of research at Directions on Microsoft, a Kirkland, Wash., research firm. "But it also requires a lot less from software developers and makes it more likely to get widely adopted," he said.

Nobody is mourning the fact that NGSCB has not made it into Vista, Helm said. "The initial broad vision was just not accepted by the partners Microsoft had to enlist," he said. "Microsoft is now biting off the pieces that can get people some immediate benefit and can get support from hardware and software vendors."

Subsequent to Secure Startup, Microsoft will build other part of its NGSCB plan, according to the company Web site: "These will complement Secure Startup to enable a broad range of new secure computing solutions. The technical specifications, timing and delivery vehicles are TBD."

Previous page
Page 1 | 2

See more CNET content tagged:
Palladium, software company, Microsoft Windows Vista, access, Microsoft Corp.

78 comments

Join the conversation!
Add your comment
Where'd all the tech savvy columnists go?
From the article:
---------------------
"Current versions of Windows offer ... start-up security such as Basic Input/Output System, or BIOS passwords"
---------------------

What? BIOS passwords and security have absolutely nothing to do with the OS being used on a system. It is completely a funcion of the hardware used. There is zero interaction between the OS (or any other software) and any form of BIOS security.
Posted by ebrandel (102 comments )
Reply Link Flag
There is interaction between BIOS/Windows...
There is interaction between BIOS security and Windows XP. Take a look at this info Microsoft's Web site:

"Also be aware that BIOS security can supercede Windows XP Professional security by preventing Windows XP Professional from taking control of the computer or other devices."

<a class="jive-link-external" href="http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdc_mcc_wmnc.asp" target="_newWindow">http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdc_mcc_wmnc.asp</a>
Posted by mike ricciuti (12 comments )
Link Flag
Where'd all the tech savvy columnists go?
From the article:
---------------------
"Current versions of Windows offer ... start-up security such as Basic Input/Output System, or BIOS passwords"
---------------------

What? BIOS passwords and security have absolutely nothing to do with the OS being used on a system. It is completely a funcion of the hardware used. There is zero interaction between the OS (or any other software) and any form of BIOS security.
Posted by ebrandel (102 comments )
Reply Link Flag
There is interaction between BIOS/Windows...
There is interaction between BIOS security and Windows XP. Take a look at this info Microsoft's Web site:

"Also be aware that BIOS security can supercede Windows XP Professional security by preventing Windows XP Professional from taking control of the computer or other devices."

<a class="jive-link-external" href="http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdc_mcc_wmnc.asp" target="_newWindow">http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdc_mcc_wmnc.asp</a>
Posted by mike ricciuti (12 comments )
Link Flag
Where'd all the tech savvy columnists go?
From the article:
---------------------
"Current versions of Windows offer ... start-up security such as Basic Input/Output System, or BIOS passwords"
---------------------

What? BIOS passwords and security have absolutely nothing to do with the OS being used on a system. It is completely a funcion of the hardware used. There is zero interaction between the OS (or any other software) and any form of BIOS security.
Posted by ebrandel (102 comments )
Reply Link Flag
There is interaction between BIOS/Windows...
There is interaction between BIOS security and Windows XP. Take a look at this info Microsoft's Web site:

"Also be aware that BIOS security can supercede Windows XP Professional security by preventing Windows XP Professional from taking control of the computer or other devices."

<a class="jive-link-external" href="http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdc_mcc_wmnc.asp" target="_newWindow">http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdc_mcc_wmnc.asp</a>
Posted by mike ricciuti (12 comments )
Link Flag
Didn't learn from the PIII
I guess they do not remember the stiff backlash against the Pentium III serial number. Hopefully consumers will react similarly to this.

Sorry, but you don't need a special chip to encrypt a hard drive. It would be nice if they would just cut the crap and admit the real motivation is DRM.
Posted by CagedAnimal (67 comments )
Reply Link Flag
We can only hope
I'm not so sure that we will see the same backlash against this new technology that we did against the Pentium III serial number. If you look at the current track record of modern, non-technical computer buyers, they don't seem too worried about their privacy.

I seriously doubt that the people who have spyware ridden computers know enough to understand the possible implications of TRM.
Posted by ddesy (4336 comments )
Link Flag
Didn't learn from the PIII
I guess they do not remember the stiff backlash against the Pentium III serial number. Hopefully consumers will react similarly to this.

Sorry, but you don't need a special chip to encrypt a hard drive. It would be nice if they would just cut the crap and admit the real motivation is DRM.
Posted by CagedAnimal (67 comments )
Reply Link Flag
We can only hope
I'm not so sure that we will see the same backlash against this new technology that we did against the Pentium III serial number. If you look at the current track record of modern, non-technical computer buyers, they don't seem too worried about their privacy.

I seriously doubt that the people who have spyware ridden computers know enough to understand the possible implications of TRM.
Posted by ddesy (4336 comments )
Link Flag
Didn't learn from the PIII
I guess they do not remember the stiff backlash against the Pentium III serial number. Hopefully consumers will react similarly to this.

Sorry, but you don't need a special chip to encrypt a hard drive. It would be nice if they would just cut the crap and admit the real motivation is DRM.
Posted by CagedAnimal (67 comments )
Reply Link Flag
We can only hope
I'm not so sure that we will see the same backlash against this new technology that we did against the Pentium III serial number. If you look at the current track record of modern, non-technical computer buyers, they don't seem too worried about their privacy.

I seriously doubt that the people who have spyware ridden computers know enough to understand the possible implications of TRM.
Posted by ddesy (4336 comments )
Link Flag
treacherous computing
great, at least Vista isn't forcing this censorship upon us just yet. we all know MS wants TC to block "unauthorised" software on a machine. to MS anything unauthorised is anything they don't want on your machine (ie. linux instead of windows, openOffice instead of MS Office, RealPlayer instead of Windows Media Player etc)
Posted by Scott W (419 comments )
Reply Link Flag
Why are people willfully missing the point?
Regardless of what you want, 'Protected Computing', DRM, and the lot are there for the content provides benefit, not MS. Here is how it works
1. Major players put DRM tech into the computer/OS
2. Content providers (lets say movie makers) say 'requires on-chip DRM to play'. No chips, no support, doesn't play on that machine.
3. Linux, or any OS that refuses to put the technology into the OS, are left WAY out in the cold.
Same thing goes in business settings. 'These files only usable by these machines. Can't do that in hardware? Don't buy them!'
That will be the end of any desktop OS, regardless of who makes it.

MS, if they even hinted at disallowing OpenOffice/ any rival, would be in court before we were aware of it. The RIAA, Hollywood, those are the folks that are making this happen. Any OS provider not following along is putting a nail in their coffin.
Posted by catchall (245 comments )
Link Flag
treacherous computing
great, at least Vista isn't forcing this censorship upon us just yet. we all know MS wants TC to block "unauthorised" software on a machine. to MS anything unauthorised is anything they don't want on your machine (ie. linux instead of windows, openOffice instead of MS Office, RealPlayer instead of Windows Media Player etc)
Posted by Scott W (419 comments )
Reply Link Flag
Why are people willfully missing the point?
Regardless of what you want, 'Protected Computing', DRM, and the lot are there for the content provides benefit, not MS. Here is how it works
1. Major players put DRM tech into the computer/OS
2. Content providers (lets say movie makers) say 'requires on-chip DRM to play'. No chips, no support, doesn't play on that machine.
3. Linux, or any OS that refuses to put the technology into the OS, are left WAY out in the cold.
Same thing goes in business settings. 'These files only usable by these machines. Can't do that in hardware? Don't buy them!'
That will be the end of any desktop OS, regardless of who makes it.

MS, if they even hinted at disallowing OpenOffice/ any rival, would be in court before we were aware of it. The RIAA, Hollywood, those are the folks that are making this happen. Any OS provider not following along is putting a nail in their coffin.
Posted by catchall (245 comments )
Link Flag
treacherous computing
great, at least Vista isn't forcing this censorship upon us just yet. we all know MS wants TC to block "unauthorised" software on a machine. to MS anything unauthorised is anything they don't want on your machine (ie. linux instead of windows, openOffice instead of MS Office, RealPlayer instead of Windows Media Player etc)
Posted by Scott W (419 comments )
Reply Link Flag
Why are people willfully missing the point?
Regardless of what you want, 'Protected Computing', DRM, and the lot are there for the content provides benefit, not MS. Here is how it works
1. Major players put DRM tech into the computer/OS
2. Content providers (lets say movie makers) say 'requires on-chip DRM to play'. No chips, no support, doesn't play on that machine.
3. Linux, or any OS that refuses to put the technology into the OS, are left WAY out in the cold.
Same thing goes in business settings. 'These files only usable by these machines. Can't do that in hardware? Don't buy them!'
That will be the end of any desktop OS, regardless of who makes it.

MS, if they even hinted at disallowing OpenOffice/ any rival, would be in court before we were aware of it. The RIAA, Hollywood, those are the folks that are making this happen. Any OS provider not following along is putting a nail in their coffin.
Posted by catchall (245 comments )
Link Flag
Beware the Wolf in Sheep's Clothing
Microsoft wants to use a chip to encrypt and protect my data? Wow. I'm so naive I thought that I could use encryption software to do this. ;-) Gee Mr. Gates, thank you for thinking about me. But how come I can't play my .avi files anymore? Or rip my CD's to iTunes? Or rip my DVD's to avi files? Huh? What's this stuff called "DRM" anyway?

Remember the fable: beware of a wolf in sheeps clothing.
Posted by R. U. Sirius (745 comments )
Reply Link Flag
Beware the Wolf in Sheep's Clothing
Microsoft wants to use a chip to encrypt and protect my data? Wow. I'm so naive I thought that I could use encryption software to do this. ;-) Gee Mr. Gates, thank you for thinking about me. But how come I can't play my .avi files anymore? Or rip my CD's to iTunes? Or rip my DVD's to avi files? Huh? What's this stuff called "DRM" anyway?

Remember the fable: beware of a wolf in sheeps clothing.
Posted by R. U. Sirius (745 comments )
Reply Link Flag
Beware the Wolf in Sheep's Clothing
Microsoft wants to use a chip to encrypt and protect my data? Wow. I'm so naive I thought that I could use encryption software to do this. ;-) Gee Mr. Gates, thank you for thinking about me. But how come I can't play my .avi files anymore? Or rip my CD's to iTunes? Or rip my DVD's to avi files? Huh? What's this stuff called "DRM" anyway?

Remember the fable: beware of a wolf in sheeps clothing.
Posted by R. U. Sirius (745 comments )
Reply Link Flag
Awww...big bad Microsoft, is it?
To the pompous and eloquent tech geniuses who have made certain posts to this string, no one is forcing anyone to use Microsoft product. No one is forcing anyone to use the internet to send email and surf the web for that matter - use a carrier pigeon for mail and your local library to do research = no one's ever hacked or spammed these telecomm methods. I am wearying of the Microsoft slams for one specific reason: business is business. And yes, Microsoft wants you to use their products like MediaPlayer and Internet Explorer. So what's the alternative? I'm developing little patience for conspiracies of idiocy. The purpose of business is to make a profit. And to blame MSFT just cause they're the global market killer in their space is as silly as blaming the Stones for corrupting your teenage daughters' minds.
Posted by malabrm1 (36 comments )
Reply Link Flag
Except that if you don't like the 'Stones
you aren't forced to listen to 'em.
Posted by CharlesRovira (97 comments )
Link Flag
And I'm sick of
fools who are willing to give away the whole country to corporate interests in the name of 'business is business'. People are people and I, for one, am tired to death of corporate greed crapping on my entire existance.
Posted by Michael Grogan (308 comments )
Link Flag
The Disgruntled Fight Back
No, you are wrong. The purpose of business is to make a quality
product that the consumer can enjoy.

We, the disgruntled, neither think MS products are quality nor
enjoyable. And since MS has an overwhelming presence in the
market place because of their unfair practices, most of us are
forced to use they substandard junk software.

But the day is coming when they will be no more.
Posted by cjohn17 (268 comments )
Link Flag
don't use the internet?
wow, you are an idiot...
many of the anti-MS crew do our best to NOT use windows and its offspring. unfortunately, when we go to work/school we find windows on our machines. it wouldn't be so bad if we didn't lose a weeks work when the server (frequently) goes down.

don't use the internet? how else do you propose we obtain linux and get support for it? if you're sick of anti-MS remarks why don't you stop viewing talkback? or better yet, follow your own advice and sign off the internet, switch off your computer and bury your head in the sand. the MS way isn't the only way and we are going to express our disapproval of their monopolistic tactics.
Posted by Scott W (419 comments )
Link Flag
Awww...big bad Microsoft, is it?
To the pompous and eloquent tech geniuses who have made certain posts to this string, no one is forcing anyone to use Microsoft product. No one is forcing anyone to use the internet to send email and surf the web for that matter - use a carrier pigeon for mail and your local library to do research = no one's ever hacked or spammed these telecomm methods. I am wearying of the Microsoft slams for one specific reason: business is business. And yes, Microsoft wants you to use their products like MediaPlayer and Internet Explorer. So what's the alternative? I'm developing little patience for conspiracies of idiocy. The purpose of business is to make a profit. And to blame MSFT just cause they're the global market killer in their space is as silly as blaming the Stones for corrupting your teenage daughters' minds.
Posted by malabrm1 (36 comments )
Reply Link Flag
Except that if you don't like the 'Stones
you aren't forced to listen to 'em.
Posted by CharlesRovira (97 comments )
Link Flag
And I'm sick of
fools who are willing to give away the whole country to corporate interests in the name of 'business is business'. People are people and I, for one, am tired to death of corporate greed crapping on my entire existance.
Posted by Michael Grogan (308 comments )
Link Flag
The Disgruntled Fight Back
No, you are wrong. The purpose of business is to make a quality
product that the consumer can enjoy.

We, the disgruntled, neither think MS products are quality nor
enjoyable. And since MS has an overwhelming presence in the
market place because of their unfair practices, most of us are
forced to use they substandard junk software.

But the day is coming when they will be no more.
Posted by cjohn17 (268 comments )
Link Flag
don't use the internet?
wow, you are an idiot...
many of the anti-MS crew do our best to NOT use windows and its offspring. unfortunately, when we go to work/school we find windows on our machines. it wouldn't be so bad if we didn't lose a weeks work when the server (frequently) goes down.

don't use the internet? how else do you propose we obtain linux and get support for it? if you're sick of anti-MS remarks why don't you stop viewing talkback? or better yet, follow your own advice and sign off the internet, switch off your computer and bury your head in the sand. the MS way isn't the only way and we are going to express our disapproval of their monopolistic tactics.
Posted by Scott W (419 comments )
Link Flag
Awww...big bad Microsoft, is it?
To the pompous and eloquent tech geniuses who have made certain posts to this string, no one is forcing anyone to use Microsoft product. No one is forcing anyone to use the internet to send email and surf the web for that matter - use a carrier pigeon for mail and your local library to do research = no one's ever hacked or spammed these telecomm methods. I am wearying of the Microsoft slams for one specific reason: business is business. And yes, Microsoft wants you to use their products like MediaPlayer and Internet Explorer. So what's the alternative? I'm developing little patience for conspiracies of idiocy. The purpose of business is to make a profit. And to blame MSFT just cause they're the global market killer in their space is as silly as blaming the Stones for corrupting your teenage daughters' minds.
Posted by malabrm1 (36 comments )
Reply Link Flag
Except that if you don't like the 'Stones
you aren't forced to listen to 'em.
Posted by CharlesRovira (97 comments )
Link Flag
And I'm sick of
fools who are willing to give away the whole country to corporate interests in the name of 'business is business'. People are people and I, for one, am tired to death of corporate greed crapping on my entire existance.
Posted by Michael Grogan (308 comments )
Link Flag
The Disgruntled Fight Back
No, you are wrong. The purpose of business is to make a quality
product that the consumer can enjoy.

We, the disgruntled, neither think MS products are quality nor
enjoyable. And since MS has an overwhelming presence in the
market place because of their unfair practices, most of us are
forced to use they substandard junk software.

But the day is coming when they will be no more.
Posted by cjohn17 (268 comments )
Link Flag
don't use the internet?
wow, you are an idiot...
many of the anti-MS crew do our best to NOT use windows and its offspring. unfortunately, when we go to work/school we find windows on our machines. it wouldn't be so bad if we didn't lose a weeks work when the server (frequently) goes down.

don't use the internet? how else do you propose we obtain linux and get support for it? if you're sick of anti-MS remarks why don't you stop viewing talkback? or better yet, follow your own advice and sign off the internet, switch off your computer and bury your head in the sand. the MS way isn't the only way and we are going to express our disapproval of their monopolistic tactics.
Posted by Scott W (419 comments )
Link Flag
Another opportunity missed
to clean up their act and their software.

And they wonder why people are getting into Linux and why they're
looking at Mac OS X.
Posted by CharlesRovira (97 comments )
Reply Link Flag
Another opportunity missed
to clean up their act and their software.

And they wonder why people are getting into Linux and why they're
looking at Mac OS X.
Posted by CharlesRovira (97 comments )
Reply Link Flag
Another opportunity missed
to clean up their act and their software.

And they wonder why people are getting into Linux and why they're
looking at Mac OS X.
Posted by CharlesRovira (97 comments )
Reply Link Flag
Wasn't TPM bypassed in Apple's Intel Dev machines
n/t
Posted by technewsjunkie (1265 comments )
Reply Link Flag
Wasn't TPM bypassed in Apple's Intel Dev machines
n/t
Posted by technewsjunkie (1265 comments )
Reply Link Flag
Wasn't TPM bypassed in Apple's Intel Dev machines
n/t
Posted by technewsjunkie (1265 comments )
Reply Link Flag
flawed logic
Nice try to justify Trusted Computing, too bad your logic is a lil' flawed.

First, it's not only Microsoft that wants the TPM on our desk and laptop but the COMPLETE INDUSTRY. IBM, Intel, AMD, Apple, Microsoft , Dell. You have no choice. Yes you could use Linux, but with 95 % of users using TC DRM will find it's way into our homes and you, Linux user, will not be able to use these services.
So then your second argument, don't use the internet?
Let me get this straight, what you basically are saying is this: if you don't like me to invade your home, confiscate your living room, just go live on the street? I'm not buying you any coffee.
Posted by (9 comments )
Reply Link Flag
flawed logic
Nice try to justify Trusted Computing, too bad your logic is a lil' flawed.

First, it's not only Microsoft that wants the TPM on our desk and laptop but the COMPLETE INDUSTRY. IBM, Intel, AMD, Apple, Microsoft , Dell. You have no choice. Yes you could use Linux, but with 95 % of users using TC DRM will find it's way into our homes and you, Linux user, will not be able to use these services.
So then your second argument, don't use the internet?
Let me get this straight, what you basically are saying is this: if you don't like me to invade your home, confiscate your living room, just go live on the street? I'm not buying you any coffee.
Posted by (9 comments )
Reply Link Flag
flawed logic
Nice try to justify Trusted Computing, too bad your logic is a lil' flawed.

First, it's not only Microsoft that wants the TPM on our desk and laptop but the COMPLETE INDUSTRY. IBM, Intel, AMD, Apple, Microsoft , Dell. You have no choice. Yes you could use Linux, but with 95 % of users using TC DRM will find it's way into our homes and you, Linux user, will not be able to use these services.
So then your second argument, don't use the internet?
Let me get this straight, what you basically are saying is this: if you don't like me to invade your home, confiscate your living room, just go live on the street? I'm not buying you any coffee.
Posted by (9 comments )
Reply Link Flag
Circumvented Encryption
CNET wrote that story implying that Stephen Heil said that Windows XP file encryption can be bypassed in 15 minutes. I doubt it. He was probably only refering to the BIOS. If you encypt files on a hard drive on NTFS and then re-install Windows you will lose access to the files. Furthermore, Windows NT does not use the BIOS to talk to the Hardware. That was Windows 9x.
Posted by Andrew J Glina (1673 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.