Microsoft: 'Trusted Windows' still coming, trust us

Redmond scales back an ambitious security plan, but some pieces will still show up in the next Windows.

Ina Fried Former Staff writer, CNET News
During her years at CNET News, Ina Fried changed beats several times, changed genders once, and covered both of the Pirates of Silicon Valley.
Ina Fried
3 min read
After nearly a decade, Microsoft's vision for how to protect especially sensitive information within Windows remains largely that--a vision.

For years, the software giant has promised to deliver a secure way to shuttle around key bits of information. Once known as Palladium and more recently dubbed the Next Generation Secure Computing Base, or NGSCB, the approach was once a key part of Longhorn, the next version of Windows. Although the first piece of that is arriving in Longhorn, it's only a thin sliver of what Microsoft has been working toward since describing its idea of "trusted Windows" a decade ago.

In the next version of Windows, which Microsoft chairman Bill Gates will show off on Monday at a company sponsored conference, Microsoft will use the concepts of NGSCB to ensure that Windows-based machines start up without interference. The primary benefit of such an approach is that if a laptop is lost or stolen, the data can't be accessed simply by booting the machine up using another operating system.


What's new:
Microsoft has scaled back an ambitious security plan, but some pieces will show up in the next Windows.

Bottom line:
Although early concerns have eased up, worries over the cost and hardware requirements involved in protecting sensitive information within Windows have forced the company to again alter its plans.

More stories on this topic

"If you lose your laptop in a taxi, no one is going to get at your data," Windows chief Jim Allchin said in a recent interview. "The hardware is not going to let you boot that software, and there is a way for us to do full-volume encryption."

That may indeed be a popular feature, but it's a far cry from Microsoft's broader plan, which was to use NGSCB systemwide as a secure vault for particularly sensitive information such as passwords or bank records. Such information would be kept in hardware and then securely transmitted between a computer's components, such as memory, hard drive and monitor.

The change, Microsoft says, is the result of customers telling the software maker that they didn't want to have to rewrite their applications.

"We revisited our approach," said Selena Wilson, director of product marketing in Microsoft's security unit, adding that the company's decision was to "give customers something that is easy to implement now and upgrade over time."

Microsoft's plans for NGSCB have been shifting for some time. The company demonstrated a prototype of the technology two years ago, but by that point there were already concerns that it could harm consumers or that it would give Microsoft too much leverage over businesses.

Although some of those concerns have eased as Microsoft has revamped the technology, more practical worries over the cost and

hardware requirements involved have forced the company to again alter its plans.

The question now is when, or if, Microsoft's broader vision will see the light of day.

The chips that support the Trusted Platform Module standard have already reached the market, though a new version, TPM 1.2, will be the basis for Longhorn. HP, for example, plans to start shipping later this summer a new business desktop with a TPM 1.2 chip from Broadcom.

"As the first systems to feature an integrated TPM 1.2 security module, these new PCs will help to enable the recently announced Secure Startup feature in Longhorn," Microsoft Senior Vice President Will Poole said in a statement. "The delivery of these new systems represents a major milestone in achieving the vision of next-generation hardware-rooted security capabilities in the Microsoft Windows platform."

But Wilson would offer no road map for how Microsoft gets from its fairly narrow secure boot-up feature to its broad concept of a more secure way to run sensitive code within Windows.

"We are continuing to work on other aspects of the vision," Wilson said. "The timing schedule is still being worked out."