Jump to content

Frightening Future of Computers?

epp_b

By epp_b
in Security & Networking

 Share

Recommended Posts

ebrke

ebrke

Posted
Posted

Yep, I think they are banking on the fact that by the time this technology is ready, people will be so freaked out by myriad security issues that they will gratefully accept this lockdown. The scariest thing is that they're probably right.

Link to comment
Share on other sites
epp_b

epp_b

Posted
  • Author
Posted (edited)

Yeah, these companies (especially Micro$oft) will play the people and Gov't on how this will improve [inter]national security. Fact is, it will make it ridiculously insane to run any computer. Every action will require explicit instruction and confirmation!Security only plays a minimal part in this entire concept. The real reason is so that Micro$oft and its colaberative partners in this scheme can lock users into using their software and hardware, and then they'll price their products up the yin-yang.Technology, especially software, simply isn't good enough and never will be. The problem is that these companies who have these huge security breaches (recently a payment contractor for MasterCard) are a result of poor and/or lazy IT management. Fix it where it's broke.The second big player here is anti-piracy. No matter what digital measures a company takes, there is absolutely nothing they can do to stop piracy. Software is imperfect, and all software has holes. Someone is going to figure out how to break this scheme (especially because Micro$oft is involved).As a final result, this could actually make it illegal to run anything other than what these companies approve: ahem "Illegal to run Linux!"

Edited by epp_b
Link to comment
Share on other sites
Guest LilBambi

Guest LilBambi

Posted
Posted
Yeah, these companies (especially Micro$oft) will play the people and Gov't on how this will improve [inter]national security.  Fact is, it will make it ridiculously insane to run any computer.  Every action will require explicit instruction and confirmation!Security only plays a minimal part in this entire concept.  The real reason is so that Micro$oft and its colaberative partners in this scheme can lock users into using their software and hardware, and then they'll price their products up the yin-yang.Technology, especially software, simply isn't good enough and never will be.  The problem is that these companies who have these huge security breaches (recently a payment contractor for MasterCard) are a result of poor and/or lazy IT management.  Fix it where it's broke.The second big player here is anti-piracy.  No matter what digital measures a company takes, there is absolutely nothing they can do to stop piracy.  Software is imperfect, and all software has holes.  Someone is going to figure out how to break this scheme (especially because Micro$oft is involved).As a final result, this could actually make it illegal to run anything other than what these companies approve: ahem "Illegal to run Linux!"

Not entirely ... at least not till only TCPA computers can traverse the Internet backbones. :teehee:
Link to comment
Share on other sites
epp_b

epp_b

Posted
  • Author
Posted

If you'll read it futher, it says that Gov't could pass ledgislation that it would illegal to use any computer that isn't TCPA-compliant, and since TCPA would never approve Linux, it would, in turn, make Linux and all open-source, for that matter, illegal :teehee:

Link to comment
Share on other sites
Guest LilBambi

Guest LilBambi

Posted
Posted

DRM and TCPA are linked but not the same.And did you read "Of TCPA, Palladium and Wernher von Braun":http://www.theregister.co.uk/2002/11/08/of...um_and_wernher/

What is Palladium?Palladium is not secure Windows. Not exactly. Nor is it a standalone OS. Not exactly. Manferdelli presents it as a sort of parallel OS that is securely ringfenced from Windows, but which doesn't run all the time, and which actually you wouldn't want to run all the time.It works like this. Ordinarily, you're running whatever flavour of Windows Microsoft is shipping when Palladium itself ships. You wish to engage in some form of secure transaction, so you boot Palladium. Palladium boots from within Windows, using the underlying TCPA hardware to establish that it has not been compromised (i.e., it really is running on the hardware, not under emulation, and that there has been no unexpected change in the status of the platform). Having confirmed that the platform really is the platform, it has established identity and can therefore proceed.Manferdelli's presentation, incidentally, identifies the underlying hardware as "Secure Support Component - Security chip on the motherboard." This does not necessarily, it would seem to us, mean it's TCPA, but he confirms that Microsoft intends to use the TCPA 1.2 part in this role.Palladium consists of a secure kernel, the "Nexus," with NCAs (Notarized Computing Agents, aka applications) running on this. A content producer or service provider would produce an NCA (e.g. a media player) as a secure mechanism for transacting with the user, but the design approach being taken by Manferdelli's team raises some questions about this.In order to avoid being compromised by insecurity over on the Windows side, the Nexus uses physical memory that is isolated from Windows, and it is protected against DMA/ busmaster-based attacks. That means you can't use hardware to monitor traffic and figure it out from there, but it also means you can't use hardware. Sort of. Palladium however is not a full, standalone operating system, but is intended to use Windows services to support the secure NCA apps. So, presuming you'd used a secure NCA to buy a limited play movie, you'd be likely to be using the multimedia capabilities over on the Windows side to play it back. This presumably will depend on non-Palladium systems on the Windows side protecting the content stream, which suggests that the clean and simple Palladium Manferdelli outlines will be a lot more complicated in practice. Unless people are happy watching DVDs in 16 colour VGA, but we think not.Palladium is small, and although it looks to us as if it could be ported onto other platforms, the current target is the x86. It also looks to us as if it could be developed into a standalone OS, but again this appears not to be the intention. Manferdelli says "the Palladium team don't want to get in the middle of an NT test cycle," which suggests its development as a full OS a la NT was considered, but rejected. The use of services from Windows is clearly a consequence of that decision.But on the other hand, as currently specced Palladium doesn't look very convincing. It's a sort of secure subsystem you can kick in when needed, but when it's not running, Windows is just as secure or insecure as, well, Windows. And in practice it's most likely to be in use when it suits vendors, rather than when it suits you. You personally might want to be sure your system is entirely secure, and that you can establish your identity when you want to, but you're surely most likely to find yourself kicking in Palladium when a vendor wishes you to prove this is your credit card and that it's your money that's about to become their money. Beyond that, you'll still be waiting for a generally-secure OS, and Palladium 1.0 isn't it.
and that's only part of it....
Link to comment
Share on other sites
epp_b

epp_b

Posted
  • Author
Posted (edited)

Surprisingly, The Register actually tones it down a bit. Still, however, the concept bakes my senses... ;)

DRM and TCPA are linked but not the same.
Rrrriiiiight...that's what they say :) Edited by epp_b
Link to comment
Share on other sites
Guest LilBambi

Guest LilBambi

Posted
Posted

LOL!Well, you think this is bad ... that Daggone Broadcast Flag is back ... they are trying to sneak it in on an Appropriations Bill!Check out the new posting on it in the WaterCooler and if you live in one of the states listed ... please make your voice heard.

Link to comment
Share on other sites
epp_b

epp_b

Posted
  • Author
Posted

This could be potentially good news on the horizon...Excerpt from a recent InformationWeek article...

"N-scub" got scrubbed. Or at least scaled back. The Microsoft anti-hacking technology once called "Palladium," then known by the awkward moniker Next Generation Secure Computing Base (pronounced "N-scub" for short), still hasn't made it to market after two years of demos and tech talk by Microsoft. "It's changed a lot since we unveiled Palladium," says Microsoft security product manager Mario Juarez. The technology relies on a small crypto chip and changes in Windows that make it hard for unauthenticated users to alter data or install programs on a PC. Originally, Microsoft wanted lots of apps to be Palladium compliant. But developers balked at having to rewrite their software to comply with the new technology, says Juarez. So Longhorn will include a scaled back version of the technology called "secure startup" that makes sure Windows trusts device drivers upon boot-up. "Developers said build it and we'll evaluate it," Juarez says of NGSCB. "So for now, we're just delivering the secure startup."
From what I can tell, its basically a startup monitor (much like the "Do you want to run this program" warning for new programs in Windows XP SP2, except it will run at startup). Sounds like a valid add-on to me :P
Link to comment
Share on other sites
Guest LilBambi

Guest LilBambi

Posted
Posted

Yes, that's how it starts...step by step, inch by inch ... slowly I turn.Sound familiar?OK, how about this? Something about frogs in water on the stove not jumping out before they get cooked, because the pot got hot so slowly they don't see it coming.nevermind.

Link to comment
Share on other sites
Guest LilBambi

Guest LilBambi

Posted
Posted

Sad but true ... And will still have the same overall effect, in time to our freedoms and constitutional rights ... will they not?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...