Microsoft's leaner approach to Vista security

Microsoft is talking up Secure Startup in Windows Vista, the sole piece of its original hardware-based security plan to make it into the OS.

A correction was made to this story. Read below for details.
Microsoft is talking up support for hardware-based security in Windows Vista, though only a sliver of the company's original plan will make it into the operating system.

Three years ago Microsoft unveiled Palladium, renamed Next-Generation Secure Computing Base (NGSCB) after the original name became tainted with controversy over privacy and fair-use issues and because another company claimed rights to the Palladium name. The technology was to be part of the next Windows release.

NGSCB promised to boost PC security by using hardware and software that would allow parts of a computer to be isolated from malicious code such as viruses and worms. It also would foil attacks that use logging devices by encrypting data as it moves between a PC's hardware components. NGSCB required significant changes to hardware and software.

In May 2004, following criticism from software makers, Microsoft said it was retooling NGSCB so some of the benefits would be available without the need to recode applications. The company has been silent on the plan since, though it insists NGSCB is not dead. Instead, its delivery is still to be determined, according to Microsoft's Web site.

Now Microsoft is busy telling hardware and software makers about Secure Startup in Windows Vista, which it says is the "first delivery" on its hardware-based security plan. Vista, previously known by its code name, Longhorn, is the next client release of Windows due on store shelves in time for the next year's holiday shopping season.

Secure Startup is primarily designed to prevent laptop thieves and other unauthorized users with physical access to a computer from getting access to the data on the system. Nearly half of all enterprises had laptops stolen, causing $4.1 million in damage, according to a January survey by the Computer Security Institute and the FBI.

"The number one goal is to prevent attackers from using software tools to get at information that is at rest on the hard drive," Stephen Heil, a technical evangelist at Microsoft said in a presentation at the Intel Developer Forum in San Francisco last week.

Current versions of Windows offer encryption of file folders and PCs include start-up security such as Basic Input/Output System, or BIOS passwords. However, both can be easily circumvented if an attacker has physical access to the PC. "You can get access to the system in less than 15 minutes," Heil said. BIOS lets hardware speak to software in a PC.

Secure Startup uses a chip called the Trusted Platform Module, or TPM, which offers protected storage of encryption keys, passwords and digital certificates. Vista uses this capability to verify that a PC has not been tampered with when it starts up and to protect data through encryption. The TPM is typically affixed to the motherboard of a PC. Because it is stored in hardware, the information is more secure from external software attacks and physical theft.

TPMs are made by a host of chip companies including Atmel, Broadcom, Infineon, Winbond Electronics, Sinosun and STMicroelectronics.

To service a PC, the Secure Startup feature can be temporarily disabled. And if a PC breaks and data on a hard drive needs to be accessed on, say, a different machine, a recovery key can unlock the system, Heil said. This recovery key is generated when a user enables Secure Startup and should be stored away from the computer.

Heil spoke at IDF to encourage hardware makers to adopt the latest TPM specification, version 1.2, released earlier this year. This is the version that Microsoft will support

Correction: This story misreported National Semiconductor as a vendor of TPM chips. National Semiconductor sold its Super I/O business, including its TPM products, to Winbond Electronics in May.
Featured Video