Want CNET to notify you of price drops and the latest stories?

Hardware security sneaks into PCs

Millions of computers will be shipped this year with encryption hardware plugged in--even though Microsoft isn't ready for it. Photo: Lock boxes

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
4 min read
Millions of workers will get the latest in PC security this year--but they won't get the full benefit.

The three largest computer makers--Dell, Hewlett-Packard and IBM--have started selling desktops and notebooks with so-called trusted computing hardware, which allows security-sensitive applications to lock down data to a specific PC.

But Microsoft's plans to take advantage of the technology have been delayed, meaning the software heavyweight likely won't get behind it until the release of Longhorn, the Windows update scheduled for next year.


What's new:
The top three PC makers have started selling models with encryption hardware, even though Microsoft's software for the technology has hit delays.

Bottom line:
That leaves hardware makers in a rare position: They are leading Microsoft, rather than working to support one of the software giant's initiatives.

More stories on this topic

That leaves hardware makers in a rare position: They are leading Microsoft, rather than working to support one of the software giant's initiatives.

"Our success is not dependent on Microsoft," said Brian Berger, executive vice president at security company Wave Systems and the marketing chair for the Trusted Computing Group. "When Microsoft comes on board with some of what they have talked about, it will be that much better, but this is not a Microsoft-centric activity."

The Trusted Computing Group, the industry consortium that sets specifications for the specialized hardware, has had to rely on other software makers to demonstrate the benefits of running a trusted PC.

Largely a footnote in 2004, the technology is set to take off this year, with the top three PC makers shipping laptops and desktops equipped with hardware security. Dell, the last holdout, announced that it had added the security technology to its latest line of notebooks on Feb. 1. In 2005, more than 20 million computers will ship with the trusted platform module, up from 8 million in 2004, according to estimates from research firm IDC.

The technology locks specialized encryption keys in a data vault--essentially a chip on the computer's motherboard. Computers with the feature can wall off data, secure communications and identify systems belonging to the company or to business partners. That means companies can improve the security of access to corporate data, even when the PC is not connected to a network.

Microsoft is a significant proponent of trusted computing. When it first publicized plans in 2002 to create a security technology known as Palladium, it said that its software component might be released as early as the end of 2004.

At the time, digital-rights advocates raised concerns that the technology could be used by software makers and media companies to control people's PCs, putting Microsoft on the defensive. The dispute even led the

software giant to change the name of its technology from Palladium to the Next-Generation Secure Computing Base, or NGSCB.

Moreover, technical issues--such as how information tied to one PC could be backed up and restored to another computer--required Microsoft to rethink parts of the technology.

The software giant declined to provide details on the current state of the Next-Generation Secure Computing Base software. "We do not have an update on NGSCB to share at this time," the company said in a statement sent Tuesday to CNET News.com. "Microsoft continues to actively work through many of the technical details, and we expect to be able to provide more details in the near future."

Chicken and egg
The delays have not slowed down the Trusted Computing Group, which now has more than 70 members, including Intel, IBM and Sun Microsystems. Without waiting for Microsoft, which is a member of the group, to decide on the details of its software, the consortium has moved forward.

"They are saying: 'If this is going to be a 'chicken and egg' problem, then we are going to be the egg and not wait,'" said Roger Kay, vice president of client computing at IDC. Kay predicted that by 2010, almost 95 percent of all computers sold will have the trusted platform module.

Though there are bumps in the software road map, companies have not put off buying trusted PCs. Many are looking ahead to the near future, when network security and management applications will likely have widespread support for the hardware, Kay said.

"I think it is a check-box item for customers," Kay said. "If they are not using it yet, their thought is that in a year or so, they will start to support the platform."

Applications for the trusted PC platform exist, but are nuts and bolts programs rather than whiz-bang products, Wave Systems' Berger said.

"The applications that are out there today are more data-centric: 'Can I protect my data with hardware-based keys?'" he said. Wave Systems creates encryption products that use the Trusted Computing platform to protect corporate data.

Each PC maker also sells their systems with control panels for basic data security functions, including managing access and encryption.

Other encryption providers are also looking to support the technology. Entrust, which is not a member of the Trusted Computing Group, has not let Microsoft's missed deadlines affect its decision to support the technology, according to a company executive.

"There are a lot of cylinders firing on these things," said Chris Voice, chief technology officer at Entrust. "However, the engine is not going to stop because one cylinder is not fully firing."

While Microsoft didn't keep to its initial, tentative targets for its trusted PC products, the software giant should be able to hit the more relaxed deadline of the Longhorn operating system release, IDC's Kay said.

"When Longhorn comes out, it's going to be rocket fuel for the whole thing," he said. "You can do authentication now, but the thought that you can do more highfalutin things is where Microsoft comes in."