Microsoft unveils the future of security

NEWS Microsoft has used the Windows Hardware Engineering Conference in New Orleans to show off a prototype of its controversial security technology. The prototype of the Next-Generation Secure Computing Base, formerly known as Palladium, is based on real and emulated hardware, said Peter Biddle, product unit manager for the software giant. Small applications running on the technology demonstrated its security features. The prototype is the first public showing of the technology, which Microsoft hopes will help secure its future in the corporate market. Critics fear the technology will result in consumers losing control of their PCs and data and that Microsoft could use the technology to lock up market share. Others argue that the software and hardware could help lock down corporate data. Microsoft is using the WHEC conference to introduce the industry to the Next-Generation Secure Computing Base, but Amy Carroll, group manager for Microsoft's Security Business Unit hesitated to call the event a launch. "It's the first opportunity that we have had to pull off the covers in a way to show what [NGSCB] actually will do," she said. Four major features will be included in the first version of NGSCB: A technology called process isolation will seal off trusted applications so they can't be attacked; sealed storage will allow applications to store data securely; secure path will encrypt data from USB hardware devices to the computer and secure video output; and so-called attestation will basically take a snapshot of key characteristics that will define the integrity of the PC. If those characteristics change, the machine will no longer be "trusted". One demonstration showed a hacking tool grabbing words from a Notepad document but failing to steal data from a protected application. Another demonstration copied a trusted file from a computer, modified it, and then put it back onto the original system; the trusted application refused to open the data. "These things are not graceful failure modes," Biddle said. "That's not the way we would really do it." The company still hasn't said when the technology will be ready. However, Biddle pointed out that hardware shown at the conference frequently has a 12- to 18-month development cycle. Robert Lemos writes for News.com