Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • IT Management

    Dont Trust Trusted Computing

    By
    Jim Rapoza
    -
    November 21, 2005
    Share
    Facebook
    Twitter
    Linkedin

      Back in the Spring of 2003, I wrote a column discussing Microsofts Trusted Computing initiative (the name of which had just been changed from Palladium to Next-Generation Secure Computing Base). In that column, I talked about the need to be wary whenever Microsoft used the word “security” in conjunction with “trusted computing.”

      If one looked at the design and intent of NGSCB, it quickly became clear that its goal wasnt to secure systems from attacks by hackers, worms and viruses. As I said two years ago, “NGSCBs main purpose is to make sure users such as yourself arent pirating Microsofts or partners software or any other copyrighted content—even if that means taking over your system remotely and removing or disabling the offending untrusted software.”

      /zimages/2/28571.gifMicrosoft zaps Sonys DRM “rootkit.” Click here to read more.

      I received plenty of reader responses in support of that column, but I also received some that said that I was making much ado about nothing, that no vendor would ever abuse trusted computing features—Microsofts or anyone elses—and that trusted computing would never be used to limit a users software or hardware capabilities.

      At any rate, Microsoft sure seemed worried about the many criticisms it was receiving about NGSCB, as the company pulled back on some of its plans and toned down discussions of NGSCB in the marketplace. But that doesnt mean that Microsoft pulled back the strategy. To a large degree, Microsofts method of flying NGSCB under that radar has worked because I rarely hear anyone talking about trusted computing nowadays. But we shouldnt let our attention stray, as trusted computing is still out there, and Microsoft and its partners are still working diligently on it.

      Before I throw NGSCB completely onto the fire, though, there are good elements to trusted computing. The core Trusted Platform Modules, if used properly, can be of help in many situations, offering greater hardware-based security for keys and tokens. But the operative words here are “if used properly.”

      /zimages/2/28571.gifDavid Coursey writes that Trusted Platform Modules will make e-commerce safer. Click here to read more.

      In all the white papers and FAQs at www.trustedcomputinggroup.org, it sounds like the vendors that have signed on to this initiative want to do only good with this technology and would never think of doing anything that would limit users rights and access.

      But, as always, actions speak louder than words, and from news that has come out in the last few months, I think we should still be worried about vendors abusing trusted computing.

      Example No. 1 is a little something that Microsoft has in store for its lucky customers who upgrade to Vista next year: PVP-OPM (Protected Video Path-Output Protection Management), a technology that, while not a specific part of NGSCB, clearly shows where Microsofts loyalties lie. What does this great thing do? It looks to see what type of monitor you have attached to your PC, and, if it doesnt like it, it will prevent you from watching DVDs and other digital content or will downgrade the quality of this content.

      Cool! I feel so much more protected. Its great to know that my own PC will work against me if I dont upgrade to a new Big Brother-enabled monitor.

      Example No. 2 is the current Sony DRM (digital rights management) root-kit fiasco. The fact that Sony installed a dangerous Trojan-like program on unwitting user systems is bad enough, but imagine if this type of program were installed under the protective wings of trusted computing.

      Would we have even found out about it? Could it have been uninstalled? This is the kind of thing some vendors will use trusted computing for—no matter what they say in white papers and FAQs.

      /zimages/2/28571.gifAn independent security researcher reports that the Sony DRM “rootkit” is on 500,000 systems around the world. Click here to read more.

      Because, remember, we arent the customers of trusted computing—the corporations that hold the content rights for movies, music, games and software are the actual customers. No, were the untrusted enemy who is naive enough to think that we have control over the hardware and software that weve purchased and that we have some kind of fair-use rights.

      When it comes to trusted computing, dont trust it. After all, it doesnt trust us.

      Labs Director Jim Rapoza can be reached at jim_rapoza@ziffdavis.com.

      /zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Jim Rapoza
      Jim Rapoza, Chief Technology Analyst, eWEEK.For nearly fifteen years, Jim Rapoza has evaluated products and technologies in almost every technology category for eWEEK. Mr Rapoza's current technology focus is on all categories of emerging information technology though he continues to focus on core technology areas that include: content management systems, portal applications, Web publishing tools and security. Mr. Rapoza has coordinated several evaluations at enterprise organizations, including USA Today and The Prudential, to measure the capability of products and services under real-world conditions and against real-world criteria. Jim Rapoza's award-winning weekly column, Tech Directions, delves into all areas of technologies and the challenges of managing and deploying technology today.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Careers

      SThree’s Sunny Ackerman on Tech Hiring Trends

      James Maguire - June 9, 2022 0
      I spoke with Sunny Ackerman, President/Americas for tech recruiter SThree, about the tight labor market in the tech sector, and much needed efforts to...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×