Microsoft's Next Generation Secure Computing Base (NGSCB, aka Palladium) will be built into the next generation of CPUs, Bill Gates claimed yesterday, effectively making security via hardware ID an integral part of the Windows PC platform. And Microsoft is talking to the chip and PC companies about the introduction of hardware ID, so we will likely be seeing some decidedly NGSCB-like features well ahead of Longhorn.
Bill has a talent for what Lady Mary Archer has described as "imaginative precis", so we can never take his presentation material as absolute gospel. It is however extremely valuable in determining where it is that Microsoft wants us to go tomorrow, and how Microsoft proposes to get us to go there. This time around, the security imperative figures high in the company's drive to wrest what remains of your control of your computer from you. Over to Bill, and we'll unpick as we go:
"Another enhancement that hasn't been talked about very broadly is the fact that the next generation of processors will build in a new security capability called, kind of obscurely [remind us who it was who renamed Palladium, Bill], Next Generation Secure Computing Base, or NGSCB is the acronym for that. What that does is it allows you to still run arbitrary third-party software to be able to make security guarantees, that the decryption keys and some software is running in such a way that third-party software is isolated from it."
As is so often the case with Bill, you just about know what he means, as opposed to what he said. What he means here is that NGSCB machines will still run standard software, ringfenced off from the secure components, but its point is that it uses the secure components and software to establish trust relationships. Check here for a longer explanation of what NGSCB is, and how it will operate. Note also that although it is not DRM, it is a very useful base for DRM systems, while the S-word is a very useful cover for such systems.
If the particular next generation of processors Bill is talking about makes it to market before Longhorn, then it's perfectly feasible that at least some of NGSCB can be catered for before Longhorn. Microsoft has never specifically said that NGSCB is a Longhorn product, just that it's a long-range product. The hardware ID component of NGSCB was initially intended to use a TCPA-compliant chip on the motherboard, and this can still happen to enable more immediate secure systems, while getting it onto the CPU itself will allow Microsoft to make NGSCB into a standard. Call it DRM, people will run, call it security, then maybe not.
Microsoft is calling it security. If we go back to Bill's presentation and focus on SP2, we get:
"So we have an update to the client that turns the firewall on by default. It's got changes in Outlook Express and IE for safer e-mails and browsing [we expect he doesn't mean Mozilla by this]. It uses some of the new hardware features in the newer chips to block a large class of exploits. It changes the way we do some of the code protection. We recompile a lot of the key modules. That goes into the beta later this year, SP2."
We shouldn't read too much into that, because Bill isn't being specific either about what these new hardware features are, or how Microsoft is going to use them. It does however signal that security-driven changes in hardware are being introduced now, as part of an ongoing ramp, rather than being something that won't happen until 2005-6. Speaking about NGSCB in his own presentation, which followed Gates', Jim Allchin said "we're working with the hardware vendors to be able to create a system so that we can boot and ensure that we're booting securely and that we can create shadowed memory where code can execute but you can't debug it." Note that he says hardware vendors, not CPU vendors, so we have Microsoft, the chip companies and the PC companies all talking about the introduction of hardware security.
Gates himself had a couple more nuggets. In his speeches lately he's taken to complaining that one of today's big problems is anonymous email, so we don't know who's really sending it. Yesterday was no exception:
"We have a number of things that are weak links in the security picture. Passwords over time will not be adequate to deal with critical information. The fact that e-mail, you don't really know if it came from the person it appears to come from, and even the fact that Internet packets can be spoofed, so at many levels of the standards that we have we need to add security capabilities."
From Microsoft's perspective the solution here is clearly hardware ID, supported by Microsoft software. This clearly has implications for the rest of us, and it would possibly be useful to consider the implications of the elimination of anonymity, which seems to be what is being proposed, now, and for Microsoft to start sharing with us its security-driven plans for amendments to Internet standards. But don't hold your breath.
Microsoft's intentions to switch on the XP firewall by default, and to upgrade it to deal with outgoing as well as inbound traffic, are fairly well known. But it also has rather more wide-ranging plans; what about this, for example:
"And when I say firewall, I mean that in a very broad sense. I mean scanning files that come through e-mail or FTP, I mean being able to look at a machine that's been connected up to the Internet and, when that machine VPNs in, being able easily to scan it to make sure it doesn't have a problem and that software is up to date, or perhaps taking that same machine and carrying it in to the corporation and connecting it up, then it's behind the firewall again that needs to be scanned."
Bill clearly means firewall in a very broad sense indeed - compulsory but easy to conduct full body searches on machines connecting to the network are obviously going to be attractive to the corporate market, but if the technology can do it there (probably with the aid of hardware ID, again), then it surely won't stop there. You could envisage submitting to the body search and taking your nice patches as being the entry tab for all sorts of connections, and you could see Windows as becoming pretty much compulsory for such scenarios, considering it's such a tricky call for what rivals there are.
These will be faced with the question of whether to agree with, and follow, Microsoft or to stay out and risk having the security can tied to their tails. Or to join forces and invent a rival "open" hardware-linked rights-denial system. Ah, you say, but haven't previous attempts in this kind of area been stymied by indignant consumers? Has not Intel already had to climb down over unique IDs? Hasn't Microsoft?
Well, yes indeed, but that was then and this is now. Consumers are currently outraged by security breaches, spam, virus attacks, ID theft, and most people are blaming Microsoft for much of this. But most people would also like something done, and will tend to agree that new technologies that get that something done are A Good Thing. So if Microsoft plays its cards right it can move from the position of hesitating over their introduction to acceleration. And then untie the security can from its own tail and hand it to whoever's objecting. Arguing against it will be a lot more difficult than it has been in the past, and ignoring it may not be an option, if you're going to end up ignoring the bulk of the market by doing so.
Microsoft is seeding it slowly into its own presentations now, and if we don't start objecting now, then soon we could discover it's too late. ®