Microsoft Stalling TCG Best Practices Document?

It doesn't come easy writes "Bruce Schneier (of Counterpane Internet Security) suspects Microsoft doesn't want the recently Trusted Computing Group published best practices document: Design, Implementation, and Usage Principles for TPM-Based Platforms to apply to Vista. The reasons are mostly speculation at the moment but Bruce implies further investigation will be forthcoming..."

Fishy? No, deceptive and devious!

[garcia]

The same system that protects spyware from accessing your data files might also stop you from copying audio and video files. The same system that ensures that all the patches you download are legitimate might also prevent you from, well, doing pretty much anything.

At least someone that is talking to a larger group of those not-in-the-know gets it.

The only reason I can think of for all this Machiavellian maneuvering is that the TCG board of directors is making sure that the document doesn't apply to Vista. If the document isn't published until after Vista is released, then obviously it doesn't apply.

If only that were the case! Unfortunately it's something that's calculated, malicious, and devious.

From Best Practices Principles Document [trustedcom...ggroup.org]:

preserving privacy, backward compatibility, and owner control

This will accomplish NOTHING but promote an environment where people will continue to become accustomed to DRM being on their computers. It's not going to stop worms, spyware, viruses, and the like - they are going to continue to plague people's computers - it's all part of the desensitizing of DRM. Get people pissed off enough about spyware, etc, and they will be happy to accept DRM.

It's really sad that most people still don't know what spyware is or how to defeat it. When they do hear of it they see this "DRM" stuff in the future that will eliminate it. Instead of taking the 5 minutes daily to do routine maintenance that will keep their computers and themselves happy, they instead opt for having someone else do all the work for them at the loss of everything that was once great about computers.

Lets play fill in the blank.

[metallikop]

Microsoft Stalling __________ Best Practices. Old news.

The DRM factor.

[Lellor]

Microsoft can only push consumers so far. If their DRM technology is too anti-social they will find that their systems will be rejected on an ever increasing scale.

Consumers may be sheep, but even sheep can be pushed too far and become dangerous to the handler. Living in a rural area, I've seen that for myself. The same thing applies to people who Microsoft are attempting to push their DRM on. It can only go so far.

Standard MS's bahavior

[Anonymous Coward]

MS is well known for participating in standards committees, only to subvert the standards in ways to keep the competition at bay. Why should anyone expect things be different in this case?

Re:No lasting effect.

[TemporalBeing]

"So it doesn't apply to Vista and the end result is that Vista turns out to be an bug-ridden, insecure operating system. What's new?" This is classic Microsoft Embrace and Extend. Since it doesn't apply to Vista, Microsoft will release it the way they want it in Vista, and everyone else will have to comply in order to be compatible. If Microsoft actually had to comply to someone else's standard, then there would actually be interoperability.

It's not mandatory, is it?

[NubKnacker]

Does it say anywhere in the document that the participants of the group absolutely have to implement its recommendations in their upcoming releases? No. So why would MS try to delay it's release?

They've proven it time and again that they can get away with doing what they want not giving two hoots about anyone else's opinion. What makes you think they can't do they same with this even after the document is released?

This story just reminds me of all that Masonry crap and the time I wasted watching documentaries and crap on them.(Because I was really really bored.) Conspiracy theories....pfft.

File Protection

[nurb432]

Not only can it protect your files from being accessed by spyware, it can protect them from being accessed by you.

That is, when the 'key holders' decide that the information is forbidden. ( or just politically incorrect ).

And 'loss of everything great about computers? Remember, you are *just* a consumer, you should be happy with your 'media-device'.

Re:TCG Bashing?

[saintp]

Of course hardware and software companies won't use coercion to force people into TPM. They'll just stop selling everything else, citing "lack of demand." "There's just been no demand," Intel will say, "for a processor/mobo/whatever that doesn't support TPM, ever since Windows stopped supporting non-TPM platforms." Of course, months before, Bill Gates will have played the high morality card and announced that Windows would not longer run on non-TPM platforms; to allow that continue is to allow the continued spread of spyware and viruses, and Microsoft indignantly refuses to be any part of that!

See? It's not coercion. It's for security. It helps the economy. It thwarts terrorists. TPM gives flags to orphans if that's what it needs to do to get people on board.

Why would Microsoft care about a piece of paper?

[dpbsmith]

I don't get it.

It's like all the privacy notice boilerplate. There are stories almost every day about companies disclosing information they promised not to disclose.

It all reminds me of the scene in Dr. Strangelove where the President asks how a rogue SAC commander could have launched a nuclear strike, when only the President is supposed to have that authority. And an air force spokesperson clears his throat and says "It appears that General Ripper may have exceeded his authority."

Why wouldn't Microsoft just bull ahead? And when anyone complains, Buck Turgidson will say "It appears that Microsoft may not have followed best practices" and everyone will shrug it off, the way they always do.

Re:TCG Bashing?

[Josh Triplett]

...it would seem that TCG is fairly "opt-in."

Most of the TCG spec is optional and can be turned off, and thus is not particularly dangerous unless you don't control what your software does. It will make Windows Media DRM and similar proprietary systems stronger and harder to break (though still not impossible), but it won't affect people who run Free and Open Source Software. Some of these features may even be useful in a FOSS environment, such as by keeping your encryption keys safe even if your machine is remotely compromised.

The primary danger in the TCG spec is Remote Attestation. This allows your machine to non-forgeably attest that it is running a particular hardware/software configuration. While Remote Attestation is also opt-in, refusal to attest to your systems configuration will be treated the same as attesting to a disallowed configuration: no access. This would mean no "compatible but unsupported" clients, something that the FOSS community has been amazingly good at providing for many protocols.

Essentially, Remote Attestation would take away your ability to have your computer say things like "Uh, yeah, I'm running IE7 on Windows Vista, sure!", "Yeah, this is iTunes 42.9 requesting purchase of music file blah.m4p", "Of course I'm running the official IM client from AOL/MSN/etc, certainly not something unofficial like Gaim", and "Yes, of *course* I'm just going to stream this file and delete it after viewing, I certainly wouldn't want to download it to watch over something faster than my slow Internet connection".

Re:The DRM factor.

[Duct Tape Jedi]

Consumers may be sheep, but even sheep can be pushed too far and become dangerous to the handler. Living in a rural area, I've seen that for myself. The same thing applies to people who Microsoft are attempting to push their DRM on. It can only go so far.

If you toss a frog into a pan of boiling water it will jump out.

If you put a frog in a pan of water and slowly turn up the heat you get frog soup.

Re:TCG Bashing?

[Master of Transhuman]

Read the article again - in English.

Bruce makes it clear that the document is fairly good in that it comes down on the side of YOU - the owner of the PC (unless we're talking corporate PC here which is inapplicable since corps do what they want with a worker's PC anyway) - having control of the DRM and being able to disable any part of it that you deem necessary to do what you want.

Microsoft obviously is stalling this because Bill Gates wants to control what you do on behalf of his big customers like the music and movie industry.

The point is that the original TCM specifications said nothing about who would control all this. This document is laying out best practices and specifying that TCM SHOULD be under the control of the owner, not the designers and manufacturers.

This is good - if in fact it ends up being applied by said designers and manufacturers.

Microsoft obviously doesn't want it to apply to Vista because their agenda is NOT to apply the recommended best practices.

Re:TCG Bashing?

[Alsee]

Who and what is the owner's policy? If the owner's policy says I can't run what I want without TCG, then that statement is effectively meaningless. I can have a hunk of hardware. If the "owner's policy" is something I make up, then it seems fine.

Here's how it works... you try to instal some software and IT TELLS YOU what your "policy" must be. If you do not accept that policy then it is impossible to instal and run that software. If you try to read a media/data file IT TELLS YOU what your policy must be. If you do not accept that policy then it is impossible to read that file. If you try want to view a website IT TELLS YOU what your policy must be. If you do not accept that policy then you cannot see the website.

Under Trusted Network Connect, as documented on the Trusted Computing Group's website front page, your network provider gets to TELL YOU what your policy must be. If you do not accept that policy then you are denied internet access.

"The use of coercion to effectively force the use of the TPM capabilities is not an appropriate use of the TCG technology." This is exactly counter to /.speek. So what is it? Is this marketing spin? Is it real?

Well you decide. You are force to "opt-in" or none of the new software will instal. You are forced to "opt-in" or you get locked out of all of the new media files and data files and network protocals and the new e-Mail system Microsoft is working on. And once Trusted Network Connect becomes common... and Microsoft has issues a press release that they are implementing Trusted Network Connect under the name Network Access Protection... well at that point you are force to "opt-in" or be denied internet access.

But rememer they aren't doing anything wrong and they aren't trying to force anything on you. It is all opt-in and you always get to set the policy on your computer. It's just that nothing works any more unless you do opt-in and you do set your policy exactly they way they tell you to.

And of course you are always free to turn the Trust system off. Remember the item "any user should be able to reliably disable the TCG functionality in a way that does not violate the owner's policy"? Yep, you can turn it off... however the policy you had to opt-in to, the policy you had to choose to set... that policy had to be that you get locked out of your own files when you turn it off. The software you installed stops working, the various files on your computer are encrypted and MUST be impossible to read or restore, nothing works any more.

But it's all OK because, as they say over and over, the owner is always in control. It was the owner who decided that his computer would drop deat and lock him out of his own files if he turned the system off. It was the owner who "voluntarily" agreed to these FSCKING INSANE "policies", otherwise he's have been locked out of everything in the first place.

There... does that clarify why one side of the debate makes it sound seems harmless and optional while the other side of the debate seems to be making apparantly contradicting statements?

-

and so it begins

[El_Muerte_TDS]

the downfall of "trusted" computing. The group doesn't even trust eachother. How can we even trust a group like that.

It's So Depressing

[brokenarmsgordon]

It's so depressing.

The sad thing is not that a lot of people don't know what spyware or DRM are, or why they're bad. The sad thing is that a lot of people do, yet nothing is really accomplished. The cnet article is good because it raises many important points about the nature of Vista and trusted computing. And it will sit on that server with no fanfare. This will not be an important story to anyone, newspapers will not pick it up and nor will computing magazines.

We will get nowhere beyond this article, which takes no stand; makes only polite suggestions and queries.

``Something is fishy here. Should we be concerned?" A shallow question with hollow convictions and the full-bodied echo of defeat.

Trusted Computing is not about security. We know what it's really about, it's about IP. You don't [apple.com] need [linux.org] an unjustified mess [microsoft.com] to be secure [freebsd.org]. Security is just the excuse. It's about patents and trademarks and copyrights. It's not about security, because security benefits people. Trusted Computing benefits companies. It's about money and control. It's about their control over our money.

The article will sit there and rot and no one will take it further, because no one wants to risk offending the advertisers. No one wants to risk slowing a cashflow.

These kinds of things are vital, important issues. They concern our very rights as citizens and as human beings. The important part of Intellectual Property is not the latter, it's the former, it's about control of the former. Companies -- inhuman, non-being concepts on paper and ink -- subvert the rights of living people to think and explore.

We can do nothing. How do you adhere to your morals and convictions and fight something that will adhere to nothing? We are powerless to affect change and every day more restraints and ludicrous laws are passed on us and our rights are signed away for profit. For the benefit of people already in life's favor.

But it's not a big deal, right? When you're allowed to read a book is a not a big deal. What you're not allowed to say is not a big deal. What you're allowed to even think is not a big deal.

It's so depressing.

Tired of Slashdot conspiracy theories

[Dangero]

Is anyone here actually a software developer??? Vista is in Beta 1 NOW, so of course they aren't going to implement any design that was not previously planned. Would any other software engineer expect them to? Of course not! I personally am working on a product that is in Beta and if someone comes to me and tells me that I need to add/change anything, I direct them to the specs for the next release. I mean, come on. An OS is just about as big and complex as software designs get. Do you think Microsoft is really worried about the industry trying to force them to accept this standard? No way! Maybe if the spec came out 4 years ago when they were just starting Longhorn. Not now. It's unrealistic for any OS writer, not just Microsoft.

Re:Fishy? No, deceptive and devious!

[CurlyG]

I could not agree more - the person you are replying to has no idea what they're talking about. Almost *every* company over a certain size I've ever worked for or dealt with as customer or client has the same problem.

Not only does the left hand rarely know what the right hand is doing, the pinky and thumb are usually working at cross-purposes as well, or at the very least in intense rivalry for the promotion to forefinger.