Came across this article in Info Sec Magazine...

Microsoft's Palladium Project Hopes to Transform Security
By Cheryl Balian

Microsoft is currently in the white-board stages of developing "Palladium," a far-reaching security and privacy change to the Windows OS that the software giant hopes will permanently elevate the system integrity of PC's worldwide to their highest levels.

"It's going to be a long journey, and we're still drawing the map," says Mario Juarez, the initiative's group product manager. "But we're going out with this early because we're building a collaborative industry initiative; transparency is critical for the success of a concept of this scope."

According to Juarez, system integrity will be Palladium's key attribute. "Each individual system will verify that other processes are trustworthy before it engages in sharing information or revealing secrets," he explained. "Intentions will be properly represented and carried out."

The security arm of Palladium derives from the notion that each system will have an embedded trusted code. Storage will be encrypted with machine-specific secrets, so users will be protected against attacks.

"The trusted code can't be seen or modified," says Juarez. Similarly, user privacy will be protected because the system will not intrinsically attach user identities to PC's. "Nothing will be revealed except what the users want to reveal, and on their terms," says Juarez. "Nothing can be impersonated."

This monumental effort to offer an airtight software-hardware package will require Microsoft to join forces with hardware manufacturers. In April, the software behemoth invited hardware manufacturers to a design review on the project at its Redmond, Wash., campus. "We already have productive relationships with Intel and Advanced Micro Devices," says Juarez.

However, critics are already lining up to attack Palladium. In an article published earlier this week, Richard Forno, an independent security consultant, writes "...under the feel-good guise of 'enhanced security' and 'new features for customers' (and despite being found guilty of being a monopoly), Microsoft still wants to rule all it surveys. In essence, Palladium can be interpreted as Microsoft's attempt to play God, again."

thing is, if its encrypted then a lot of things can me done behind the users backs. so i dont now if its really a good idea-at least for me i dont think id want it.

Wouldn't that take forever to load?

- Noia

Well when it comes to M$ and security (wow that's an oxymoron), all I can say is I will believe it when I see it. I think, just as the article said, M$ wants to play "god" or AGAIN attempt at re-inventing the wheel?
I often ponder why UNIX doesnt just lower their cost to consumer and become the BIG ONE in the OS market. We all know it stability is second to none. Shoot and don't EVER forget good old Novell. I still think 4.11 is one of the MOST secure and stable server OSes out there. Although I do admit I dumped it myself for Windows 2000.
gotta keep up with the Jones' no?

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by AngryBob
"Each individual system will verify that other processes are trustworthy before it engages in sharing information or revealing secrets," he explained. "Intentions will be poorly represented and carried out."

My dyslexia's getting worse... I parsed the quote as it is shown above - after that, the rest of the article was a bit of a wash. HeHe.

Palladium is just a scam so M$ can extend there monopoly.

http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
http://www.theregister.co.uk/content/4/25988.html
http://www.theregister.co.uk/content/4/25891.html

IMO, nothing is ever secure anyway. Even if M$ does waht they say, there will still be someone who gives away the secret from the M$ team, and there will always be users who decide they want to share everything with the world anyway.

Plus, look at M$'s screw up with XP. If they don't tell people who to change "security options" and just leave 'em at bare minimums, then it's worthless anyway

here's an interesting commentary about Palladium..
http://newsforge.com/article.pl?sid=02/06/27/1422247&mode=thread&tid=9


Among the features of Palladium:

It uniquely identifies both you and your PC to those you deal with. Any connection between you and any other device is mediated by the system, which can prevent transmission of content or your access to that content.

Documents you receive cannot be modified (or in some cases, retransmitted) without the originator's permission. This means any attempt to summarize content, or even mark it up, may be restricted.

Email will be mediated by the system. Only content authorized by you (or your employer? or your government?) can pass through the system.
"The Man" will be on your system. Or at least "My Man." Content originators can send an agent accompanying their content to ensure that content is not waylaid between them and their intended recipient. This is marketed as insurance that hackers and identity thieves can't capture, alter or audit messages transmitted between you and your recipient. How this represents an improvement over current encryption systems or secure channels such as virtual private networks is not clear. It is also not clear whose "man" this will be. Microsoft has hinted that the "man" might be fitted with a back door for nervous government and police types.
Even without a back door, Palladium may allow third parties to monitor your activity. Although the system is still in early stages of development, it appears to extend a concept developed for Microsoft's Directory Services products. Products like Active Directory generate a "unique object identifier" for every document and code element in the enterprise. Based on that identifier, object flow can be tracked and user access restricted. Who holds the identifier (besides your company or ISP)? Well, Microsoft does it today, along with a limited number of corporate partners.

um...is it just me or does it sound like just annother way for MS to force you to upgrade EVERY piece of software you use? if every program has to use special code to identify itself, what happens to current software(which would lack such features) if you try to run it on this system? more importantly, what is the point of making the perfect cell if sombody else is going to be holding the key?

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by 8*B@LL
um...is it just me or does it sound like just annother way for MS to force you to upgrade EVERY piece of software you use? if every program has to use special code to identify itself, what happens to current software(which would lack such features) if you try to run it on this system? more importantly, what is the point of making the perfect cell if sombody else is going to be holding the key?
MS has been trying to down this route for some time (e.g. their .NET software).
They would also like to make every version of Windows apart from XP totally unsupported.
Key security is very important - there was an uproar from informed parts of the IT community in the UK about a year ago when the government here stated that it was thinking of introducing legislation to make it illegal to send encrypted data unless the key had been registered with a 'trusted agency'. By 'trusted agency' the UK government meant a commercial organisation in the UK which would have to turn over information to the government if requested to do so (no court order required).
Eek !!

They keep on striving for a false perfection, all for the almighty dollar. M$ feeds off every penny people throw into computers. Though people act up it isnt enough to break the chain. Who knows anymore, I could care less. Go with the flow, or not? :confused:

Grrrr M$ pisses me off so much, I'm a gamer as well and can't get all my games to work under Wine so I have to dual-boot, in any event I hate owning any piece of their software. Why can't they just play fair? :)

What I get a laugh out of is the quotes by many people stating that since it is hardware encryption, it is much more secure than software encryption. It didn't take long for the hardware-based security features of X-Box to be hacked. The problem is that since it is hardware, people will be able to slowly conduct a multitude of tests on the chip, changing the voltage, temperature, etc., until they find out just what it does and how. Once that is done, it won't take much to compromise the whole system.

I would strongly suggest any proponents of this system read Bruce Schneier's book, Secrets and Lies.

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by drugless
What I get a laugh out of is the quotes by many people stating that since it is hardware encryption, it is much more secure than software encryption. It didn't take long for the hardware-based security features of X-Box to be hacked. The problem is that since it is hardware, people will be able to slowly conduct a multitude of tests on the chip, changing the voltage, temperature, etc., until they find out just what it does and how. Once that is done, it won't take much to compromise the whole system.

I would strongly suggest any proponents of this system read Bruce Schneier's book, Secrets and Lies.

Depends on how the hardware encryption is done. The X-box is reasonably flexible as its BIOS can be re-flashed. However, the ecncryption algorithms it is using are pretty standard (MD5 etc.), so whatever MS do, it won't be long before any update is cracked.

um...is it just me or does it sound like just annother way for MS to force you to upgrade EVERY piece of software you use? if every program has to use special code to identify itself, what happens to current software(which would lack such features) if you try to run it on this system? more importantly, what is the point of making the perfect cell if sombody else is going to be holding the key?

it also looks like its a way to stop software "sharing"...... if everythings got its own codes, and is i read it every single program will have its own code...... like my version of the program will be different from yours. so if everyones got there own codes you wont be able to share files as effectivly....... i sence a conspiracy here (yet another)......... do i see another online IDing system on the horizon?