Windows security gain or privacy pain?

Microsoft's plan to ensure PC security through changes to its operating system could help make media files safer, but first it has to address privacy concerns, industry watchers say.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
6 min read
Microsoft's new plan to ensure PC security through extensive changes to its Windows operating system could help make private data and media files safer, but first it has to address privacy concerns, industry watchers said Monday.

This week, the software giant took the wraps off a wide-ranging push to strengthen the security of PCs by adding new features to its Windows operating system and teaming with hardware makers to create a trusted computing platform on which the new components can run.

"There are potential privacy issues and potential privacy benefits," said Alan Davidson, associate director for the Center for Democracy and Technology, a tech-policy think tank. But, Davidson said, one thing is certain: "The way that this is built will have a tremendous impact on privacy."

Whether the technology, code-named Palladium, becomes Microsoft's security savior or a privacy headache depends largely on decisions the company has yet to make. Done right, the fusion of protected software and hardware could provide a secure store for a person's private data that couldn't easily be broken into. Done wrong, the system could, among other things, empower Hollywood and music companies to keep track of who is playing their media files.

"There are still many choices that need to be made," Davidson said. Microsoft briefed the CDT and other privacy advocates on its plans, and Davidson's group decided the company is still too early in the design phase to determine how the technology will affect privacy.

The Palladium technology still resides mainly on the white boards of Microsoft developers and won't be seen in a product until at least the second half of 2004, said Mario Juarez, group product manager for the project at the Redmond, Wash.-based software maker.

"It's still too early to say when it will ship," Juarez said.

The project, which was first reported in this week's issue of Newsweek magazine, would pair the latest processor and motherboard designs from chipmakers such as Intel and Advanced Micro Devices with a future version of Windows that incorporates basic security changes and new technology for digital-rights management. The combination of the software and hardware elements could add security to most, if not all, future PCs.

In the zone
The project would create a special zone within a PC where software could run securely. Such a protected space could prevent unauthorized applications from changing data, making it far more difficult for programs such as viruses and Trojan horses to run. In addition, the inclusion of digital rights management technology, which has been on the wish list of Hollywood media giants, could make it nearly impossible to copy digital media files, analysts said.

"Rights management is something Microsoft has wanted in on for a long time. This becomes a lot more urgent when movie content is more available," said Roger Kay, an analyst with IDC. "There is a need to get beyond simple encryption."

In many cases, PC security today consists of encrypting data saved on a hard drive or sent over the Internet using a virtual private network. In most cases, however, the security is limited to a password, which could be guessed by an attacker, and possibly another digital key stored on the hard drive, which could be copied. New hardware that will be needed for Palladium stores the keys in an electronic lock box, preventing anyone, including the user, from accessing them. In effect, data and programs requiring a single password today might require a person's password and the PC's key in a Palladium world. A customer wouldn't be able to access the file on another person's computer, because that computer would have a different key.

Media giants interested in selling their content over the Internet believe that in the next few years, with the arrival of better broadband Internet access and faster PCs that would allow for higher quality video, the industry will reach the point where security such as Palladium will be needed, IDC's Kay said.

"Right now, we're on the cusp of that," Kay said. "Now is the right time to tackle it."

But while Palladium could be essential to a Microsoft effort to enable moviemakers and music companies to sell digital media to consumers, its importance doesn't end there. The ability to store trusted data and run programs securely is necessary as the foundation for offering enough security to run .Net services, for example.

"You can think of it as the hardware anchor to ensure trust," Juarez said.

Because of its importance, the company is serious about getting the privacy card right. "We want the privacy advocates to challenge us," Juarez said. "Their voice and their concerns have to be heard for this to work."

As currently envisioned, the technology would let Windows offer new features, but wouldn't affect the operating system's compatibility with applications. "The version of things that are in Windows that you know today and tomorrow will remain constant," Juarez said. "This new set of capabilities will have to be turned on" by consumers.

Juarez was quick to distance the project from Hollywood's push for digital rights management technology, an effort largely unwanted by consumers and carefully watched by privacy advocates. Digital rights management allows the copyright owner to completely control how a creative work is used by others. The "fair use" rights of the consumer would be trumped by the technology used to protect the content.

Despite trying to play down the relationship, Juarez acknowledged that the software side of Palladium would largely be based on techniques spelled out in a patent Microsoft received in December of last year for the Digital Rights Management Operating System. The patent describes ways to add fundamental technologies that in and of themselves don't protect digital content, but in conjunction with a Palladium-enhanced digital rights management solution, could protect media with hardened security.

Patently absurd
Juarez argues that the patent's label was a misnomer. "That was possibly the most ill-advised name for a patent ever," he said. While Palladium isn't specifically focused on digital rights management, the technology is almost required for any good DRM solution. "Digital rights management is a subset of the software capabilities that can be accomplished with this," Juarez said.

Such piracy prevention techniques could be unbreakable on a system with the Palladium technologies. Today, if the copy protection on a digital song is broken, anyone can have a copy of the song. With Palladium, a compromised media file would only be able to run on the customer's computer, not others. Such limitations could redefine "fair use" of digital media from a legal right, to a technological grant from a company.

Microsoft has paired changes to Windows with its own initiative to develop hardware to help secure computers. Although the software giant is also involved with the Trusted Computing Platform Alliance (TCPA), the company isn't working through that coalition to get the hardware support it needs for Palladium, instead working directly with companies such as Intel and AMD.

But although Microsoft may not be working through the TCPA on Palladium, Clain Anderson, director of security solutions for IBM's PC division, said the trusted computing design will be at the heart of the hardware. "The design is at the core of Palladium and the corresponding Intel design," he said.

Last year, the TCPA adopted IBM's technology as its standard for delivering hardware security. IBM has been shipping a security chip inside its PCs for nearly three years. Over time, Big Blue has added greater capabilities to the software.

Intel and AMD combine to corner about 99 percent of the PC chip market, which includes PCs and some game consoles such as the Xbox. Typically, 140 million to 150 million PCs ship per year. Meanwhile, Intel holds the majority of the market for PC chipsets, a group of chips that moves data.

Intel's Paul Otellini recently made a speech that said the chipmaker would bring better security to the PC. Yet, a company representative said on Monday that it was too soon to comment on Intel's plans.

The company's rival was more forthcoming. AMD will "go further than just the microprocessor," said Patrick Moorhead, vice president of customer advocacy for the chipmaker. The company will make changes in future processors to accommodate Palladium. Meanwhile, it will work with its chipset vendors and BIOS software makers to do the same. AMD didn't give specific plans, however, for when it would release such technologies.

News.com's John Spooner and Mike Ricciuti contributed to this report.