Microsoft Stalling TCG Best Practices Document? 163
It doesn't come easy writes "Bruce Schneier (of Counterpane Internet Security) suspects Microsoft doesn't want the recently Trusted Computing Group published best practices document: Design, Implementation, and Usage Principles for TPM-Based Platforms to apply to Vista. The reasons are mostly speculation at the moment but Bruce implies further investigation will be forthcoming..."
Fishy? No, deceptive and devious! (Score:5, Insightful)
At least someone that is talking to a larger group of those not-in-the-know gets it.
The only reason I can think of for all this Machiavellian maneuvering is that the TCG board of directors is making sure that the document doesn't apply to Vista. If the document isn't published until after Vista is released, then obviously it doesn't apply.
If only that were the case! Unfortunately it's something that's calculated, malicious, and devious.
From Best Practices Principles Document [trustedcom...ggroup.org]:
preserving privacy, backward compatibility, and owner control
This will accomplish NOTHING but promote an environment where people will continue to become accustomed to DRM being on their computers. It's not going to stop worms, spyware, viruses, and the like - they are going to continue to plague people's computers - it's all part of the desensitizing of DRM. Get people pissed off enough about spyware, etc, and they will be happy to accept DRM.
It's really sad that most people still don't know what spyware is or how to defeat it. When they do hear of it they see this "DRM" stuff in the future that will eliminate it. Instead of taking the 5 minutes daily to do routine maintenance that will keep their computers and themselves happy, they instead opt for having someone else do all the work for them at the loss of everything that was once great about computers.
Re:Fishy? No, deceptive and devious! (Score:5, Interesting)
One section of Microsoft is trying to find a way to diversify into other fields (as it always has been). This means as soon as anything gets popular, instantly releasing that they will have a competitor to that product. See previous articles..
The next section of Microsoft is designing Vista. More or less, they're looking over at Apple and saying "hmm, now how do we do this for ourselves". Hey, if you're going to copy, make sure you copy from the best.
Next, Microsoft's patent team is doing everything they can to churn out as many patents for as many things as possible, no matter what relevance they have to anything. Patents are the new gold; having them makes you rich, no matter in what shape, color, or form.
Then you have the Microsoft gaming committee putting together the XBox 360.. Good luck with that xboxers.
And then you end up with the "future of technology" department; the one where they write all of these magnificent things, designing things like Palladium and giving them crazy names. The only problem is, while this section's doing the designing, all of the other sections of Microsoft are doing their own thing; it seems as if there isn't any communication in the entire process.
Microsoft is like a three hundred pound kid on a tricycle on a very big hill. They've got a lot of business henged on a small amount of products, and they've got to ensure that these products don't collaspe. And the best way of doing that is Advertising, the media, product placement, and the public (get the picture yet? good). The more of these documents coming out that don't mean anything at all, the more Microsoft looks like it's doing something.
Re:Fishy? No, deceptive and devious! (Score:2)
what a bunch of utter bu**sh**.
i've never bought into the absurd notion that a company or organization doing things that the other people in the said groups don't know about.
it's just a red herring. or another way to say it is "plausible deniability".
it's not hard to see that it's very effective... almost no one holds
Re:Fishy? No, deceptive and devious! (Score:2)
Then you've never worked in an organization with more than 3 people in it. In a real business there are generally all sorts of politics going on. I have lost track of the amount of times I have seen Linux or BSD boxes put into production without approval up the corporate ladder. Heck, I have been involved several times with a project at the division level that w
Re:Fishy? No, deceptive and devious! (Score:3, Insightful)
Not only does the left hand rarely know what the right hand is doing, the pinky and thumb are usually working at cross-purposes as well, or at the very least in intense rivalry for the promotion to forefinger.
File Protection (Score:5, Insightful)
That is, when the 'key holders' decide that the information is forbidden. ( or just politically incorrect ).
And 'loss of everything great about computers? Remember, you are *just* a consumer, you should be happy with your 'media-device'.
Re:File Protection (Score:2)
Using e.g. Linux instead of Vista to avoid these practices will give you content that may not even be playable at all, unless Linux supports the DRM mechanisms and hardware of course. So it's really a lose/lose situation, no matter how you look at it.
The implications of this is, of course, that you have nothing to lose on using Windows Vista, rather just things to gain on it.
Re:File Protection (Score:2)
Until SP2, when non-DRM content gets mysteriously broken due to a purportedly unrelated security fix. And there's precedent. Look at the way XP SP2 broke raw sockets completely. (of course, the saner solution of restricting them to privileged accounts wouldn't have worked too
Re:File Protection (Score:2)
This brings to mind an ugly scenario, where the OS's TC component continually monitors your computer for disallowed content, which depending on the legal climate of the day, might be classed from "felonious" to merely "politically incorrect". And it might then report your transgr
Re:File Protection (Score:3, Interesting)
I'm on board with another ugly scenario presented here [slashdot.org].
Writers of malicious software are always several dozen steps ahead of the average consumer by nature. They will figure out how to circumvent the TC implementations and then use those very restrictions to prevent the users from diagnosing and removing them.
In a sick sort of way this may be economically profitable for companies who write security software. But the whole system is definitely not in the best interest
Re:File Protection (Score:2)
That's yet another reason why once we're all stuck with it, and with no internet access except by a TC system -- my older computers, the ones that do my everyday work, will never interact with the TC machine. Not only will *I* be unable to trust said machine, it could easily be a hazard (out of m
Re:File Protection (Score:2)
Re:File Protection (Score:2)
They'll finally pass it and now you'll be a felon.
Re:Fishy? No, deceptive and devious! (Score:2)
Don't be so pessimistic. Once you're in the "Trusted Enviornment" you're stuck there and can't touch anything else. So, knowing MS, this means worms, viruses and the like will only have access to trusted resources. Meaning MS Office will be wiped off the computer, but Open Office and my pr0n collection will be safe.
Start our "Thank You" notes to GNU (Score:2)
Agreed that that's part of it. And, as we slip down that slope where there are hardware- and OS-level mechanisms determining what we can and cannot view, hear and run, let's please thank the heavens and stars for GNU [gnu.org], the FSF [fsf.org] and the thousands of players who've given us the ability to circumvent these things.
I personally don't get too up in arms about "some DRM." I think, e.g., FairPlay [extremetech.com] is pretty fair for consumers. Currently.
I no longer hear (m)any rant
Re:Start our "Thank You" notes to GNU (Score:2)
But those that accepted FairPlay have cooperated with getting the Digital Restrictions Management nose underneath the camel's tent. Once DRM is accepted, it will all become more intrusive, because there will be an oligopoly or monopoly controlling the only game in town.
Short sighted (Score:2)
Re:Short sighted (Score:2)
No lasting effect. (Score:5, Interesting)
This will yet more incentive to move to a system which has been properly designed, from scratch, to be safe.
As has happened before, the other members of the group will go ahead with their design based off of a draft of the document - generation 1 has a few interoperability issues because each member interpreted the draft differently but at least there will be something out there which everyone, except MS, is trying their best to follow.
Re:No lasting effect. (Score:4, Insightful)
Re:No lasting effect. (Score:4, Informative)
In this case, the standard defines how it should work and what it should do. Microsoft can *implement* this in any way that they choose. In no way does this imply that adhering to the standard will promote interoperability. Think of it this way: a security standard might say that "door locks should be of sufficient strength and complexity that it would withstand 500 pounds of force and take an experienced lockpick a minimum of 30 minutes to pick". Adhering to this standard doesn't mean that one vendor's keys will work with another, nor that the locks will even fit on your brand of door.
Re:No lasting effect. (Score:2)
Re:No lasting effect. (Score:2)
Lets play fill in the blank. (Score:3, Insightful)
TCG Bashing? (Score:3, Interesting)
more to the point (Score:2)
sum.zero
Re:TCG Bashing? (Score:5, Insightful)
See? It's not coercion. It's for security. It helps the economy. It thwarts terrorists. TPM gives flags to orphans if that's what it needs to do to get people on board.
mod parent up. (Score:2)
Re:TCG Bashing? (Score:2)
The former does not require the latter but we can safely assume it will never appear that way.
Re:TCG Bashing? (Score:5, Insightful)
Most of the TCG spec is optional and can be turned off, and thus is not particularly dangerous unless you don't control what your software does. It will make Windows Media DRM and similar proprietary systems stronger and harder to break (though still not impossible), but it won't affect people who run Free and Open Source Software. Some of these features may even be useful in a FOSS environment, such as by keeping your encryption keys safe even if your machine is remotely compromised.
The primary danger in the TCG spec is Remote Attestation. This allows your machine to non-forgeably attest that it is running a particular hardware/software configuration. While Remote Attestation is also opt-in, refusal to attest to your systems configuration will be treated the same as attesting to a disallowed configuration: no access. This would mean no "compatible but unsupported" clients, something that the FOSS community has been amazingly good at providing for many protocols.
Essentially, Remote Attestation would take away your ability to have your computer say things like "Uh, yeah, I'm running IE7 on Windows Vista, sure!", "Yeah, this is iTunes 42.9 requesting purchase of music file blah.m4p", "Of course I'm running the official IM client from AOL/MSN/etc, certainly not something unofficial like Gaim", and "Yes, of *course* I'm just going to stream this file and delete it after viewing, I certainly wouldn't want to download it to watch over something faster than my slow Internet connection".
Re:TCG Bashing? (Score:2)
Re:TCG Bashing? (Score:2)
Re:TCG Bashing? (Score:1)
That is why he believes that MS is trying to stall so that these rules don't apply to Vista.
Re:TCG Bashing? (Score:5, Informative)
Bruce Schneier [schneier.com] is a security expert with a practical perspective on security analysis. I subscribe to his newsletter, and near as I can tell, he's not particularly biased for or against Windows. He is very vocal about the balance needed between individual rights and security concerns. He also regularly points out security measures and implementations that are just for show.
I read the article and it doesn't seem like he's bashing TCG at all. Appears more like he has issues with Microsoft wanting to release VISTA as a approved TCG OS without actually following the best practices document.
Re:TCG Bashing? (Score:3, Informative)
In fact it has only been in past several years that Schneier has left the ivory tower and taken a stance on certain security situations, most not
Re:TCG Bashing? (Score:1, Informative)
have you ever read any of his stuff [counterpane.com]?
Re:TCG Bashing? (Score:5, Insightful)
Read the article again - in English.
Bruce makes it clear that the document is fairly good in that it comes down on the side of YOU - the owner of the PC (unless we're talking corporate PC here which is inapplicable since corps do what they want with a worker's PC anyway) - having control of the DRM and being able to disable any part of it that you deem necessary to do what you want.
Microsoft obviously is stalling this because Bill Gates wants to control what you do on behalf of his big customers like the music and movie industry.
The point is that the original TCM specifications said nothing about who would control all this. This document is laying out best practices and specifying that TCM SHOULD be under the control of the owner, not the designers and manufacturers.
This is good - if in fact it ends up being applied by said designers and manufacturers.
Microsoft obviously doesn't want it to apply to Vista because their agenda is NOT to apply the recommended best practices.
Of course "opting in" will be mandatory for any.. (Score:2)
Re:TCG Bashing? (Score:2)
I said Bruce says the document says what it in fact does say.
Whether any company follows it is another matter - as I indicated.
The fact that Microsoft is stalling on accepting the best practices recommended in the document indicates that it does not want to follow those practices.
So you are correct in that respect - i.e., Microsoft.
You should note that the document is produced by a consortium that includes many other players besides Microsoft, including IBM. Whether any of them will apply the best practice
Who is the "owner?" (Score:5, Interesting)
Think of it this way: most computer-related "stuff" now has a "licensed, not sold" tag attached. Ask yourself again, then, who has ultimate control unter TCG definitions.
Re:TCG Bashing? (Score:5, Insightful)
Here's how it works... you try to instal some software and IT TELLS YOU what your "policy" must be. If you do not accept that policy then it is impossible to instal and run that software. If you try to read a media/data file IT TELLS YOU what your policy must be. If you do not accept that policy then it is impossible to read that file. If you try want to view a website IT TELLS YOU what your policy must be. If you do not accept that policy then you cannot see the website.
Under Trusted Network Connect, as documented on the Trusted Computing Group's website front page, your network provider gets to TELL YOU what your policy must be. If you do not accept that policy then you are denied internet access.
"The use of coercion to effectively force the use of the TPM capabilities is not an appropriate use of the TCG technology." This is exactly counter to
Well you decide. You are force to "opt-in" or none of the new software will instal. You are forced to "opt-in" or you get locked out of all of the new media files and data files and network protocals and the new e-Mail system Microsoft is working on. And once Trusted Network Connect becomes common... and Microsoft has issues a press release that they are implementing Trusted Network Connect under the name Network Access Protection... well at that point you are force to "opt-in" or be denied internet access.
But rememer they aren't doing anything wrong and they aren't trying to force anything on you. It is all opt-in and you always get to set the policy on your computer. It's just that nothing works any more unless you do opt-in and you do set your policy exactly they way they tell you to.
And of course you are always free to turn the Trust system off. Remember the item "any user should be able to reliably disable the TCG functionality in a way that does not violate the owner's policy"? Yep, you can turn it off... however the policy you had to opt-in to, the policy you had to choose to set... that policy had to be that you get locked out of your own files when you turn it off. The software you installed stops working, the various files on your computer are encrypted and MUST be impossible to read or restore, nothing works any more.
But it's all OK because, as they say over and over, the owner is always in control. It was the owner who decided that his computer would drop deat and lock him out of his own files if he turned the system off. It was the owner who "voluntarily" agreed to these FSCKING INSANE "policies", otherwise he's have been locked out of everything in the first place.
There... does that clarify why one side of the debate makes it sound seems harmless and optional while the other side of the debate seems to be making apparantly contradicting statements?
-
Re:TCG Bashing? (Score:2)
there is a simple test you can do to determine this for yourself.
ask them why they won't let the "owner" of the machine have access to the encyrption key(s)?
if it is truly for the protection of the owner, then having the key would certainly allow the owner to decide what is best for themselves.
the only reason to disallow access to your own property is for the enforcement of DRM and things like remote attestat
Re:TCG Bashing? (Score:2)
Owner = copyright owner
User = computer owner
The way I believe the article should be read is: The owner of the computer is able to disable any DRM the copyright owner has allowed them to disable.
Basically, copyright owners will exert more control over their copyrighted works at the expense of your fair use rights; a technological enforcement that, when circumvented, wil
Link to actual blog entry (Score:5, Informative)
PLEASE can we stop linking to the entire stupid hierarchy of news.com.com.com.com, zdnet, cnet and other stupid useless sites like that? Schneier is a big boy, he can handle
Re:Link to actual blog entry (Score:2)
I think we should link to both.
While unlikely (at CNET), it is possible that a news organization would present both sides of the story in an unbiased fashion, whereas if you just link to Schneier, you'll be getting only his take on it.
The DRM factor. (Score:5, Insightful)
Microsoft can only push consumers so far. If their DRM technology is too anti-social they will find that their systems will be rejected on an ever increasing scale.
Consumers may be sheep, but even sheep can be pushed too far and become dangerous to the handler. Living in a rural area, I've seen that for myself. The same thing applies to people who Microsoft are attempting to push their DRM on. It can only go so far.Re:The DRM factor. (Score:5, Interesting)
Apple's DRM is simple and consistant unlike MSFT's which change per song. Apple has sold over a half a billion dollars worth of songs. The rest combined barely equal a tenth of that.
If you have to have DRM it has to be consistant and easy to use, and actually have rights not just restrictions.
Re: (Score:2)
Re:The DRM factor. (Score:5, Informative)
People have voted with their dollars (& pounds, euros, etc). Apple's DRM is simple and consistant unlike MSFT's which change per song. Apple has sold over a half a billion dollars worth of songs. The rest combined barely equal a tenth of that.
I'd warrant that a backlash against Microsoft's DRM isn't what's fueling Apple sales. More likely:
I know a number of iPod owners, an DRM doesn't even cross their minds.
Re:The DRM factor. (Score:2, Informative)
Apple's DRM is simple and consistant unlike MSFT's which change per song. Apple has sold over a half a billion dollars worth of songs. The rest combined barely equal a tenth of that.
Consistent? Apple reserves the right to change their DRM on songs you've already bought. Wikipedia tracks some of the changes [wikipedia.org] made to iTunes DRM since release:
"With the introduction of iTunes 4.5, Apple raised the number of machines allowed to use purchased music from 3 to 5. They also cut t
Consistant? (Score:2)
Coming soon Itunes 8.0. 1 cd burn, no streaming, and no burning of paid music to cd.
If anything Apple is the posterboy of DRM run amok and a preview of the future where companies reduce your right with every "needed" upgrade. But fine, everyone should just keep posting how its great that Apple implements "consumer friendly" DRM.
Re:The DRM factor. (Score:1)
Baaaaad Rancher.
Re:The DRM factor. (Score:5, Funny)
Now, why I admit this randomly on the internet, I don't know... In any case, those things are mean.
Re:The DRM factor. (Score:2)
It's a bit insenstive don't you think?
Probably is best not to make any comparisons between sheep and people...
Re:The DRM factor. (Score:2)
Re:The DRM factor. (Score:2, Insightful)
If you toss a frog into a pan of boiling water it will jump out.
If you put a frog in a pan of water and slowly turn up the heat you get frog soup.
Re:The DRM factor. (Score:2)
You slowly herd them into smaller and smaller confinements, and by the time they realize they're headed into a "dead end" its too late to turn back.
Just a guess (Score:4, Interesting)
Re:Just a guess (Score:1)
V. I. S. T. A. (the real meaning) (Score:5, Funny)
Viruses
Insecurities
Spyware
Trojans
Adware
Re:V. I. S. T. A. (the real meaning) (Score:4, Funny)
Re:V. I. S. T. A. (the real meaning) (Score:2)
Or to Bill Gates in general.
Or anybody else at Microsoft that speaks for Microsoft publicly.
Paid liars, the lot.
Re:V. I. S. T. A. (the real meaning) (Score:2)
Inpsired
Spew
Timely
Acronyms
Re:V. I. S. T. A. (the real meaning) (Score:2)
Laziness
Isolation
Nerds
Unibrows
Xenophobia
Hmm?
Re:V. I. S. T. A. (the real meaning) (Score:2)
And the new logo will be...
http://img236.imageshack.us/img236/6058/msvistalog o6yj.png [imageshack.us]
Standard MS's bahavior (Score:5, Insightful)
Some notes (Score:5, Interesting)
"Security: ...The reporting mechanism should be fully under the owner's control. "
"Privacy: ...designed and implemented with privacy in mind "
"Interoperability: ...should not introduce any new interoperability obstacles that are not for the purpose of security. "
"Controllability: Each owner should have effective choice and control... their participation must be opt-in. "
Why should MS rewrite all of their business practices based on what their competitors suggest?
I'm not saying that TGP is a bad idea... I'm saying that it is a bad idea for MS.
Re:Some notes (Score:2)
when the real owner no longer has the key, then by definition, someone else does. and that someone else has an agenda that is anti-privacy, anti-freedom, anti-property rights.
they deny you and me, the owners of our respective machines, the key to enable full access to them.
that is all one really needs to know in order to figure out the destination.
just an aside, console
Re:Some notes (Score:2)
Nonsense. They could force open the console and get physical access. Oh, did you mean access in the sense of functionality, or something? They don't have to perform any particular function outside of that which they were sold to do; with a console, they were sold to work as a complete system for the sole purpose of playing pre-approved games, and maybe playing pre-approved movies and music.
Re:Some notes (Score:2)
Exept the owner is the company you licensed the software from. The user is the person who bought the computer and software license.
"Privacy:
The user at the keyboard doesn't really need to know what's going on when "security" is reporting to the owner (see above). Especially since the user already agreed to let the owner do what they want as one of the conditions of "participat
Re:Some notes (Score:2)
A lot of the parts I left out are ones that refute your analysis.
Why? (Score:1)
That said, I'd applaud anyone who successfully fought/stalled/stopped the trusted computing initative - I don't really want someone monitoring me and telling me "No that's wrong, you can't run/do that" or "You can't connect to the in
Re:Why? (Score:2)
Re:Why? (Score:2)
Re:Why? (Score:2)
Thats the HUMANs who are doing that, not the TCI software standards
Too much power in the hands of any one human is a situation ripe for abuse.
You wouldn't hand a loaded gun to a small child, would you? It's a bad idea because the child doesn't even understand the implications of the power of the device. (Most C-levels are no better informed of what they're getting themselves into with TC, as they will happily admit if you ask them right now...) Even worse is to hand a nuke to someone who has alread
Re:Why? (Score:2)
Re:Why? (Score:2)
What did they require as a replacement? McAffee's security suite.
I am really glad I'm done with college networks. I think they need to let me decide what software I want to run (or not run) for security of my machine. Turn off the net if I'm spamming or broadcasting viruses, but not because
Re:Why? (Score:2)
And I agree with you totally. So long as a given user's machine isn't spewing garbage, it's none of their damned business WHAT security apps they do or don't run.
Of course, TC will make it simple to enforce this: run the apps we say, or you won't be allowed to connect to the network. (Read posts by Alsee for what I believe is how things will wind up. http:// [slashdot.org]
It's not mandatory, is it? (Score:5, Insightful)
They've proven it time and again that they can get away with doing what they want not giving two hoots about anyone else's opinion. What makes you think they can't do they same with this even after the document is released?
This story just reminds me of all that Masonry crap and the time I wasted watching documentaries and crap on them.(Because I was really really bored.) Conspiracy theories....pfft.
Re:It's not mandatory, is it? (Score:2)
Ever!
(Yes, your IP is logged)
Huh? (Score:2)
Recently what? (Score:2)
-Jesse
Re:Recently what? (Score:2)
-Jesse
Re:Recently what? (Score:2)
"Bruce Schneier (of Counterpane Internet Security) suspects Microsoft doesn't want the best practices document 'Design, Implementation, and Usage Principles for TPM-Based Platforms' (recently published by the Trusted Computing Group) to apply to Vista. The reasons are mostly speculation at the moment but Bruce implies further investigation will be forthcoming..."
Foggy... (Score:2)
Re:Foggy... (Score:1, Funny)
this is an old story, just new players (Score:2)
The IEEE P1667 open alternative (Score:3, Informative)
This makes so much more sense [ieee.org]
Re:The IEEE P1667 open alternative (Score:2)
Why would Microsoft care about a piece of paper? (Score:3, Insightful)
It's like all the privacy notice boilerplate. There are stories almost every day about companies disclosing information they promised not to disclose.
It all reminds me of the scene in Dr. Strangelove where the President asks how a rogue SAC commander could have launched a nuclear strike, when only the President is supposed to have that authority. And an air force spokesperson clears his throat and says "It appears that General Ripper may have exceeded his authority."
Why wouldn't Microsoft just bull ahead? And when anyone complains, Buck Turgidson will say "It appears that Microsoft may not have followed best practices" and everyone will shrug it off, the way they always do.
TCG? (Score:3, Funny)
Too Funny (Score:1)
this is just.... (Score:2)
they don't want us jumping out before it's too late.
and by us, i mean the folks who haven't a clue as to how Insidious this whole thing is.
i am also partial to Sinister Computing; it has a nice ring to it.
Aluminum Foil Beanie Mode (Score:3, Interesting)
Re:Aluminum Foil Beanie Mode (Score:2)
and so it begins (Score:3, Insightful)
It's So Depressing (Score:2, Insightful)
The sad thing is not that a lot of people don't know what spyware or DRM are, or why they're bad. The sad thing is that a lot of people do, yet nothing is really accomplished. The cnet article is good because it raises many important points about the nature of Vista and trusted computing. And it will sit on that server with no fanfare. This will not be an important story to anyone, newspapers will not pick it up and nor will computing magazines.
We will get nowhere beyond this arti
Tired of Slashdot conspiracy theories (Score:2, Insightful)
Re:Tired of Slashdot conspiracy theories (Score:2)
Are you forgetting "Mr WinSuperSite [winsupersite.com]" who says "Too, I'd like to remind you that Windows Vista is only in Beta 1. Lots of things are going to change, and many, many features will be added by Beta 2 and beyond."
Or does that only apply to positive features yet to be added?
Huh? (Score:2, Funny)