Chicago (IL) - National Semiconductor (NSC) said that only hardware with integrated security features may be able to protect PCs from vulnerabilities such as viruses and Internet attacks. The concept to build trusted networks, based on trusted platform modules, placed on the mainboard of the PC.

Recent virus attacks and a new flood of software patches from Microsoft have re-lighted the discussion how to reliably secure a computer, when frequent updates for anti-virus and anti-spam software appear not to be enough anymore. Besides software, large parts of the industry believe that hardware components have to become more secure.

One trend is NX technology, a feature of 64-bit processors from AMD, Transmeta's Efficeon chip and future Intel processors, which can block buffer overflow attacks, if Microsoft's Windows XP Service Pack 2 is also installed. While a large-scale effect of NX remains to be seen, the efforts of the Trusted Computing Group (TCG) will be more extensive.

"We cannot stay on top of the development of viruses," said Todd Whitaker, co-general manager of the Advanced PC Group at National Semiconductor. He believes that only so-called trusted platform modules (TPM), security chips integrated in the design of a mainboard, will help to "virtually eliminate the vulnerability of a PC."

The concept of the TPM is based on standards created by the TCG, an organization of about 90 industry heavy weights such as Intel, Microsoft and Hewlett-Packard, with a goal to develop a "trusted platform" for the PC. The TCG evolved out of the TCPA, a widely criticized initiative to create a similar module, which consumer groups believe would have limited the user's rights how software worked on their own PC. For example, Microsoft's recently shelved Palladium idea and the Next Generation Secure Computing Base (NGSCB) security strategy were based on TCPA.

Current TPM's appear to be much softer versions of originally outlined TCPA functionalities and promise to become a key element in defending users against intrusions on their computers. Today, the chips are integrated for example in various notebooks from IBM, work as vault to store virtually any kind of information, such as serial numbers.

These data cannot be accessed from the outside and as of this day there is also no intention that the user himself will be able to edit the information stored. "Basically, this is a secure place to put your secrets," Whitaker said. NSC's solution is built into a Super I/O chip, a standard component, which allows system builders to integrate the TPM functionality with little or no extra cost.

At this time, the TPM's feature set has little effect on the user's everyday life. To take advantage of the most functions, the TPM will need the support of the operating system, which likely will be introduced with the next Windows generation, code-named "Longhorn." At this time, the key advantage of the TPM is data encryption. "If a harddrive is lost or sent away for repair, stored data is secure. Without the TPM, the data cannot be decrypted," Whitaker said.

Additional functions of the security chip largely depend on the supporting BIOS and operating system. The possible features range from virus protection all the way to a sophisticated Digital Rights Management system, which allows software firms and providers of content to establish a communication platform between the TPM and software. However, companies such as NSC confirmed, that the user ultimately will keep control on what happens on his PC: "User are in charge of turning the TPM on or off," Whitaker said.

Source : Tom's Hardware US