Microsofts Latest Security Plan

Microsoft Corp. this week touted details of its security initiative, code-named Palladium.

Microsoft Corp. this week touted details of its security initiative, code-named Palladium, which it contends will ultimately make the world a safer place for computers tied to the Internet.

But while Microsoft representatives in a magazine article portrayed the company as prodding the industry to boost security, other top PC and processor makers disagreed, contending theyve long been working toward achieving the same goals.

As envisioned, Palladium would ultimately enable computer users to identify who theyre dealing with online, stop the spread of viruses and worms, and block hackers and spammers. To achieve that goal, Microsoft said it has been prodding PC and processor makers to co-develop security solutions to support Microsofts platform.

The Redmond, Wash., software giant, which unveiled its Trustworthy Computing strategy earlier this year, says its looking at implementing the first aspects of its security measures in new operating systems possibly as earlier as 2004.

In several ways, Palladium mirrors the goals of an industry group called Trusted Computing Platform Alliance, which was formed in 1999 by Compaq Computer Corp., Hewlett-Packard Co., IBM, Intel Corp. and Microsoft. The TPCA, which is not mentioned in the article in Newsweek, now comprises 180 member companies working on various software and hardware challenges to improving security.

While an IBM representative confirmed that Microsoft had approached it about making security-specific hardware enhancements to support Palladium, he added that IBM had already been working on similar solutions.

"IBM really sees this as an evolutionary step in the work that we and the TPCA have already been doing in PC security since 1999," said the IBM representative, who did not want to be quoted. "Many of these features they are discussing—authentication, data security and encryption—are already available in some kind of form and with the TPCA 1.1 standard."

A representative of Intel, the worlds largest PC processor maker, agreed.

"We have long been looking at hardware components and considering ways to boost security there," said Intel representative Daven Oswalt, who admitted being surprised when the Palladium article said that Intel "originally turned down the idea before embracing it."

"Thats a bit misleading," Oswalt said. "We did reject their initial approach because we felt it was too narrowly focused. But after talking for a time, their definition of what they were doing became bigger and broader and aligned with our thoughts on what we were already doing on security."

Microsoft said it views Palladium as complementary to the work of the TPCA, contending it is a "discrete" initiative developed outside of its work with the alliance.

"We believe in the core mission of the TCPA, which is to build more secure and more trustworthy systems. We view this as a complimentary effort," said Mario Juarez, group product manager for Microsoft. "This was not born out of the TCPA work. But its not a competitive technology. Its not something that runs in conflict with it."

Aside from outlining the broad goals of the security initiative, few details are available as to how it might be integrated.

Intels Oswalt said it could be six to eight months before Intel will announce how it might alter its processors or chip sets to make them more secure, or whether it might develop its own security dedicated silicon for integration into PCs and servers.

Microsoft, as the worlds leading software maker, obviously will play a critical role in whatever future security solutions are deployed industry wide, but the computer giants past problems sealing security holes in its software made at least some industry observers wary of how successful its efforts will ultimately be.

"You cant put the words Microsoft and security in the same sentence without adding the words lack of," said Kevin Krewell, an analyst with In-Stat/MDR. "What will really be key is how well they can coordinate this with the other leading industry players, like Intel."

Related stories:

  • Microsofts Palladium: A New Security Initiative (Extreme Tech)
  • Microsoft Priority No. 1: Trust
  • Microsoft Takes Security Defense
  • At Microsoft, Security Trumps App Compatibility
  • Trusting in Microsoft
  • Following Through on Priority 1: Security