Microsoft shelves security project NGSCB
Redmond (WA) - In a surprising move, Microsoft has dropped its security project, Next Generation Secure Computing Base (NGSCB). According to company officials, the controversial platform was shelved because partners of the company were not willing to rewrite their applications using the NGSCB API.
NGSCB evolved out of a security platform code-named Palladium, which by itself was a result out of the TCG (Trusted Computing Group), formerly named TCPA (Trusted Computing Platform Alliance). Microsoft developed NGSCB in close cooperation with Intel, which developed the hardware extension to the technology. According to Microsoft Product Manager Mario Juarez, NGSCB's goal was to increase "trust" in the PC, to allow secure data transactions and to decrease the threat of viruses and spam.
While Microsoft declined to comment on NGSCB's detailed functionality, critics of the technology suspected that the main goal of the technology was not so much to provide a benefit to the user, but rather to increase the control of data and introduce a sophisticated Digital Rights Management (DRM) technology. Roger Kay, an analyst with IDC, said that Microsoft especially had interest to start controlling the distribution of copyright-protected material: "Microsoft targeted foremost DRM with NGSCB. The company saw that as ticket to Hollywood."
"We're evaluating how these NGSCB capabilities should be integrated into Longhorn, but we don't know exactly how it'll be manifested. A lot of decisions have yet to be made," said Mario Juarez, product manager in Microsoft's Security and Technology Business Unit in an article published by Computer Reseller News (CRN). "We're going to come out later this year with a complete story," he said.
Though Microsoft plans to use the NGSCB "compartmentalizing" technology in future versions of Windows, the company is favoring to support No Execute (NX) security technology in recent AMD and Intel processors, according to CRN. NX reduces memory buffer overruns that many hackers exploit to insert malicious code into Windows and allows developers to mark pages as nonexecutable.
"Two years ago, we went public with something that was very, very far off in the future," Juarez said, noting that customer and ISV feedback and faster-than-expected chip security advancements led Microsoft back to the drawing board. "There's no tie between [NGSCB] and NX, but it is reflective of innovations in hardware we hadn't foreseen," he is quoted in CRN.
There was no statement on Intel's side, if the company continues to work on its Trusted Computing Module (TPM), a chip placed on the mainboard. The TPM acts as a vault for IDs, also called Attestation ID Keys or Alias Identifier Keys (AIKs). These keys are created based on unique information tied to every PC and are protected from access by the user or the Internet. These keys basically are used to clearly identify a certain PC to create a "trusted environment". While users are able to create and delete single AIKs, users do not have influence how those keys are created. "The TPM does not lie," an Intel representative explained this functionality.
Acceding to Anne Price, spokeswoman for the TCG, Microsoft will continue to be a member of the group and keep a seat on its board. "The TCG will remain unaffected by Microsoft's announcement," she said.