Signs of 'Trustworthy Computing'
By Paul Boutin
European consumers will soon get a first taste of what Bill Gates meant by "Trustworthy Computing."
NEC Computing International has announced a trial program in which Packard Bell PCs will be equipped with keyboards that include secure smart-card readers.
The keyboards are designed to hold credit card numbers, PINs and other personal information in encrypted form, without leaking them into the rest of PC where they could be stolen by crackers, malicious programs or other users.
Microsoft chairman Bill Gates launched the company's Trustworthy Computing initiative earlier this year in a widely distributed e-mail to staff.
But developers of secure systems -- a field not coincidentally known as "trusted computing" -- say Microsoft's plans will go nowhere without new hardware that addresses fundamental security problems in the PC's aging architecture.
Security experts agree the basic design of the PC is flawed: It allows data to travel around inside unencrypted, which means information can be stolen or faked by a program installed on the desktop.</B
"It's like your PC is the Starship Enterprise, and the Klingons are able to transport into the ship. When they do, they look just like us," said Robert Thibodeau, who teaches security and cryptography at Carnegie Mellon University in Pittsburgh, Pennsylvania.
Thibodeau said last year's Nimda virus demonstrated the vulnerability of the system by replacing the loader program that boots the Windows NT operating system at startup. "That's like replacing Captain Kirk," he said.
The entire PC doesn't have to be turned into a crypto device to prevent attacks. Thibodeau recently worked with PC software maker Phoenix Technologies to develop a secure version of the company's widely used BIOS software, which acts as the go-between to connect Windows to the PC's hardware.
Continuing his Star Trek metaphor, Thibodeau said, "What they did about the problem is put guards at the doors. There were guys at the main power room and on the bridge with guns. That's the kinds of thing we're doing."
...
"The core problem is the PC, not that people are ripping stuff off," he said. "Until you can fix the PC problem, you're not going to fix the rest of it. (The solution) has to be hardware-based, because software security is an oxymoron."
A Microsoft spokeswoman confirmed that hardware vendors would play a major role in Trustworthy Computing, but declined to elaborate on specific plans or schedules.
But Mario Juarez, a group product manager at Microsoft focused on DRM issues, said, "There's no great mystery as to what the right thing to do is here. The challenge is how we're going to be able to work together. All stakeholders need to be involved -- the PC industry for software and hardware, the content providers, and it's got to be the providers of e-commerce, too -- the people actually setting up the sites. We all need to work together in ways that none of us have worked before."
Allen agreed, adding, "The industry has been so fragmented that they haven't been able to come to a unified solution. The good thing about Bill Gates' announcement is that the weekly virus attacks were finally enough to make people say 'We need to fix this.'"
wired.com
Microsoft ... toast. |
