Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Encrypted OS's

  1. #1

    Encrypted OS's

    Came across this article in Info Sec Magazine...

    Microsoft's Palladium Project Hopes to Transform Security
    By Cheryl Balian

    Microsoft is currently in the white-board stages of developing "Palladium," a far-reaching security and privacy change to the Windows OS that the software giant hopes will permanently elevate the system integrity of PC's worldwide to their highest levels.

    "It's going to be a long journey, and we're still drawing the map," says Mario Juarez, the initiative's group product manager. "But we're going out with this early because we're building a collaborative industry initiative; transparency is critical for the success of a concept of this scope."

    According to Juarez, system integrity will be Palladium's key attribute. "Each individual system will verify that other processes are trustworthy before it engages in sharing information or revealing secrets," he explained. "Intentions will be properly represented and carried out."

    The security arm of Palladium derives from the notion that each system will have an embedded trusted code. Storage will be encrypted with machine-specific secrets, so users will be protected against attacks.

    "The trusted code can't be seen or modified," says Juarez. Similarly, user privacy will be protected because the system will not intrinsically attach user identities to PC's. "Nothing will be revealed except what the users want to reveal, and on their terms," says Juarez. "Nothing can be impersonated."

    This monumental effort to offer an airtight software-hardware package will require Microsoft to join forces with hardware manufacturers. In April, the software behemoth invited hardware manufacturers to a design review on the project at its Redmond, Wash., campus. "We already have productive relationships with Intel and Advanced Micro Devices," says Juarez.

    However, critics are already lining up to attack Palladium. In an article published earlier this week, Richard Forno, an independent security consultant, writes "...under the feel-good guise of 'enhanced security' and 'new features for customers' (and despite being found guilty of being a monopoly), Microsoft still wants to rule all it surveys. In essence, Palladium can be interpreted as Microsoft's attempt to play God, again."

    thing is, if its encrypted then a lot of things can me done behind the users backs. so i dont now if its really a good idea-at least for me i dont think id want it.

  2. #2
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    Wouldn't that take forever to load?

    - Noia
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.

  3. #3
    Junior Member
    Join Date
    Jul 2002
    Posts
    10
    Well when it comes to M$ and security (wow that's an oxymoron), all I can say is I will believe it when I see it. I think, just as the article said, M$ wants to play "god" or AGAIN attempt at re-inventing the wheel?
    I often ponder why UNIX doesnt just lower their cost to consumer and become the BIG ONE in the OS market. We all know it stability is second to none. Shoot and don't EVER forget good old Novell. I still think 4.11 is one of the MOST secure and stable server OSes out there. Although I do admit I dumped it myself for Windows 2000.
    gotta keep up with the Jones' no?

  4. #4
    Senior Member
    Join Date
    Apr 2002
    Posts
    711

    Re: Encrypted OS's

    Originally posted here by AngryBob
    "Each individual system will verify that other processes are trustworthy before it engages in sharing information or revealing secrets," he explained. "Intentions will be poorly represented and carried out."
    My dyslexia's getting worse... I parsed the quote as it is shown above - after that, the rest of the article was a bit of a wash. HeHe.
    \"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"

  5. #5
    Senior Member cwk9's Avatar
    Join Date
    Feb 2002
    Posts
    1,207
    Its not software piracy. I’m just making multiple off site backups.

  6. #6
    Junior Member
    Join Date
    Jun 2002
    Posts
    14
    IMO, nothing is ever secure anyway. Even if M$ does waht they say, there will still be someone who gives away the secret from the M$ team, and there will always be users who decide they want to share everything with the world anyway.

    Plus, look at M$'s screw up with XP. If they don't tell people who to change "security options" and just leave 'em at bare minimums, then it's worthless anyway

  7. #7
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    here's an interesting commentary about Palladium..
    http://newsforge.com/article.pl?sid=...e=thread&tid=9

    Among the features of Palladium:

    It uniquely identifies both you and your PC to those you deal with. Any connection between you and any other device is mediated by the system, which can prevent transmission of content or your access to that content.

    Documents you receive cannot be modified (or in some cases, retransmitted) without the originator's permission. This means any attempt to summarize content, or even mark it up, may be restricted.

    Email will be mediated by the system. Only content authorized by you (or your employer? or your government?) can pass through the system.
    "The Man" will be on your system. Or at least "My Man." Content originators can send an agent accompanying their content to ensure that content is not waylaid between them and their intended recipient. This is marketed as insurance that hackers and identity thieves can't capture, alter or audit messages transmitted between you and your recipient. How this represents an improvement over current encryption systems or secure channels such as virtual private networks is not clear. It is also not clear whose "man" this will be. Microsoft has hinted that the "man" might be fitted with a back door for nervous government and police types.
    Even without a back door, Palladium may allow third parties to monitor your activity. Although the system is still in early stages of development, it appears to extend a concept developed for Microsoft's Directory Services products. Products like Active Directory generate a "unique object identifier" for every document and code element in the enterprise. Based on that identifier, object flow can be tracked and user access restricted. Who holds the identifier (besides your company or ISP)? Well, Microsoft does it today, along with a limited number of corporate partners.

  8. #8
    Senior Member
    Join Date
    Aug 2001
    Posts
    356
    um...is it just me or does it sound like just annother way for MS to force you to upgrade EVERY piece of software you use? if every program has to use special code to identify itself, what happens to current software(which would lack such features) if you try to run it on this system? more importantly, what is the point of making the perfect cell if sombody else is going to be holding the key?
    -8-

    There are 10 types of people in this world: those who understand binary, and those who dont.

  9. #9
    Senior Member
    Join Date
    Aug 2001
    Posts
    485
    Originally posted here by 8*B@LL
    um...is it just me or does it sound like just annother way for MS to force you to upgrade EVERY piece of software you use? if every program has to use special code to identify itself, what happens to current software(which would lack such features) if you try to run it on this system? more importantly, what is the point of making the perfect cell if sombody else is going to be holding the key?
    MS has been trying to down this route for some time (e.g. their .NET software).
    They would also like to make every version of Windows apart from XP totally unsupported.
    Key security is very important - there was an uproar from informed parts of the IT community in the UK about a year ago when the government here stated that it was thinking of introducing legislation to make it illegal to send encrypted data unless the key had been registered with a 'trusted agency'. By 'trusted agency' the UK government meant a commercial organisation in the UK which would have to turn over information to the government if requested to do so (no court order required).
    Eek !!

  10. #10
    Junior Member
    Join Date
    Mar 2002
    Posts
    24

    Thumbs down Monopoly

    They keep on striving for a false perfection, all for the almighty dollar. M$ feeds off every penny people throw into computers. Though people act up it isnt enough to break the chain. Who knows anymore, I could care less. Go with the flow, or not?
    http://mars.walagata.com/w/azgard/sanzo88.gifThe sharper the edge, the cleaner the wound. So, I\'ll be keeping it dull tonight for I deserve to hurt

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •