July 9th, 2002, 05:21 PM
Came across this article in Info Sec Magazine...
Microsoft's Palladium Project Hopes to Transform Security
By Cheryl Balian
Microsoft is currently in the white-board stages of developing "Palladium," a far-reaching security and privacy change to the Windows OS that the software giant hopes will permanently elevate the system integrity of PC's worldwide to their highest levels.
"It's going to be a long journey, and we're still drawing the map," says Mario Juarez, the initiative's group product manager. "But we're going out with this early because we're building a collaborative industry initiative; transparency is critical for the success of a concept of this scope."
According to Juarez, system integrity will be Palladium's key attribute. "Each individual system will verify that other processes are trustworthy before it engages in sharing information or revealing secrets," he explained. "Intentions will be properly represented and carried out."
The security arm of Palladium derives from the notion that each system will have an embedded trusted code. Storage will be encrypted with machine-specific secrets, so users will be protected against attacks.
"The trusted code can't be seen or modified," says Juarez. Similarly, user privacy will be protected because the system will not intrinsically attach user identities to PC's. "Nothing will be revealed except what the users want to reveal, and on their terms," says Juarez. "Nothing can be impersonated."
This monumental effort to offer an airtight software-hardware package will require Microsoft to join forces with hardware manufacturers. In April, the software behemoth invited hardware manufacturers to a design review on the project at its Redmond, Wash., campus. "We already have productive relationships with Intel and Advanced Micro Devices," says Juarez.
However, critics are already lining up to attack Palladium. In an article published earlier this week, Richard Forno, an independent security consultant, writes "...under the feel-good guise of 'enhanced security' and 'new features for customers' (and despite being found guilty of being a monopoly), Microsoft still wants to rule all it surveys. In essence, Palladium can be interpreted as Microsoft's attempt to play God, again."
thing is, if its encrypted then a lot of things can me done behind the users backs. so i dont now if its really a good idea-at least for me i dont think id want it.