February 11, 2009 9:06 PM
- Text
Microsoft Tackles Cyber-Security
(AP)
Microsoft Corp. has disclosed an ambitious new project to improve security by creating within its Windows software a virtual "vault" where customers would conduct electronic transactions and store sensitive information.
The effort, called "Palladium," would require consumers to buy new computers and other devices equipped with ultra-secure computer chips from Intel Corp. and Advanced Micro Devices Inc., which already are involved in the project, or other companies.
The project's success also depends on broad consumer adoption of such devices, since these highly secure computers could safely exchange information only among themselves.
Microsoft said the technology, which stemmed from early work by its engineers to deliver digital movies that couldn't be pirated, won't be available for at least 18 months. Company officials have told other executives in private briefings they do not expect to see mainstream products for at least five years.
"We're so early in the process, we're really just drawing the road map," said Mario Juarez, who is running the project for Microsoft. "This won't happen tomorrow or next year."
The project was first reported by Newsweek, although Microsoft officials have discussed their efforts privately for months in meetings with technology and civil liberties groups in Washington and elsewhere.
Some industry experts were skeptical of Microsoft's chance for success.
"If this works, it will be the first time in the history of computing that it works," said Bruce Schneier, a cryptography expert and author of "Secrets & Lies, Digital Security in a Networked World."
"Lots and lots of encryption is broken all the time because it's done wrong," Schneier said. "The odds are actually zero this will be secure."
David Farber, the Federal Communications Commission's former chief technologist, said he was "somewhat satisfied" with Microsoft's plans, but he will watch closely to ensure the company doesn't try to use Palladium to control the world's software markets.
"One has to keep their feet to the fire on how they use it," said Farber, who testified against Microsoft during its antitrust trial. "Right now, I don't see any signs there's any devious plot."
Supporters said the technology, to be offered as an option in an upcoming version of Windows, would be able to distinguish safe software from data containing viruses or other malicious computer code. The technology could be turned on and turned off. Customers could store within this part of Windows personal details, such as financial or medical records, that is encrypted and otherwise inaccessible even from other software running on the computer.
"Users can be assured that your intentions are properly carried out," Juarez said. "No one can masquerade as you. They're not on your computer."
Microsoft's efforts are similar to those of the Trusted Computing Platform Alliance, an industry group also working on new hardware technology to let computers distinguish "trustworthy" software. IBM has already shipped new laptop computers featuring such security chips.
Under Palladium, Intel and AMD, the world's largest chipmakers, will redesign computer processors to include cryptography features. Palladium also will require changes to video and keyboard technologies to ensure that a customer's typed information is displayed without changes on the screen. That would require billions of dollars in new equipment upgrades by consumers, corporations and governments.
Further, since a consumer's personal information will be scrambled within a vault and tied to a specific computer chip, that information could not readily be stored elsewhere in case of disaster or if the computer fails.
Microsoft also acknowledged that it hasn't resolved sensitive issues of permitting access by government with a court order to a person's encrypted data. The FBI has indicated it rarely encounters scrambled information during investigations, but making such technology as ubiquitous as Windows could invite use by criminals or terrorists.
"We recognize that something like this needs to be done responsibly," Juarez said.
Microsoft's name for its efforts, Palladium, comes from the statue of Pallas Athena, which was believed to protect the ancient city of Troy from invaders. In modern parlance, a palladium is considered a guarantee of integrity.
The effort, called "Palladium," would require consumers to buy new computers and other devices equipped with ultra-secure computer chips from Intel Corp. and Advanced Micro Devices Inc., which already are involved in the project, or other companies.
The project's success also depends on broad consumer adoption of such devices, since these highly secure computers could safely exchange information only among themselves.
Microsoft said the technology, which stemmed from early work by its engineers to deliver digital movies that couldn't be pirated, won't be available for at least 18 months. Company officials have told other executives in private briefings they do not expect to see mainstream products for at least five years.
"We're so early in the process, we're really just drawing the road map," said Mario Juarez, who is running the project for Microsoft. "This won't happen tomorrow or next year."
The project was first reported by Newsweek, although Microsoft officials have discussed their efforts privately for months in meetings with technology and civil liberties groups in Washington and elsewhere.
Some industry experts were skeptical of Microsoft's chance for success.
"If this works, it will be the first time in the history of computing that it works," said Bruce Schneier, a cryptography expert and author of "Secrets & Lies, Digital Security in a Networked World."
"Lots and lots of encryption is broken all the time because it's done wrong," Schneier said. "The odds are actually zero this will be secure."
David Farber, the Federal Communications Commission's former chief technologist, said he was "somewhat satisfied" with Microsoft's plans, but he will watch closely to ensure the company doesn't try to use Palladium to control the world's software markets.
"One has to keep their feet to the fire on how they use it," said Farber, who testified against Microsoft during its antitrust trial. "Right now, I don't see any signs there's any devious plot."
Supporters said the technology, to be offered as an option in an upcoming version of Windows, would be able to distinguish safe software from data containing viruses or other malicious computer code. The technology could be turned on and turned off. Customers could store within this part of Windows personal details, such as financial or medical records, that is encrypted and otherwise inaccessible even from other software running on the computer.
"Users can be assured that your intentions are properly carried out," Juarez said. "No one can masquerade as you. They're not on your computer."
Microsoft's efforts are similar to those of the Trusted Computing Platform Alliance, an industry group also working on new hardware technology to let computers distinguish "trustworthy" software. IBM has already shipped new laptop computers featuring such security chips.
Under Palladium, Intel and AMD, the world's largest chipmakers, will redesign computer processors to include cryptography features. Palladium also will require changes to video and keyboard technologies to ensure that a customer's typed information is displayed without changes on the screen. That would require billions of dollars in new equipment upgrades by consumers, corporations and governments.
Further, since a consumer's personal information will be scrambled within a vault and tied to a specific computer chip, that information could not readily be stored elsewhere in case of disaster or if the computer fails.
Microsoft also acknowledged that it hasn't resolved sensitive issues of permitting access by government with a court order to a person's encrypted data. The FBI has indicated it rarely encounters scrambled information during investigations, but making such technology as ubiquitous as Windows could invite use by criminals or terrorists.
"We recognize that something like this needs to be done responsibly," Juarez said.
Microsoft's name for its efforts, Palladium, comes from the statue of Pallas Athena, which was believed to protect the ancient city of Troy from invaders. In modern parlance, a palladium is considered a guarantee of integrity.
Popular Now in SciTech
- Tesla's Model X: Finally, an electric car we all want
- Apple iPad 3 rumors: thicker, sharper, coming soon
- Retro Duo will play your old Nintendo games
- iPad 3 mini on the way, says analyst
- Apple iPad 3 rumors resurface, sources say March release
- Happy 50th to computer game Spacewar
- Apple iPhone 5 rumors, reports say June release
- Google developing home entertainment system
- Obama's 2012 campaign playlist now on Spotify
- Facebook required for Spotify account, here's a trick
- Facebook graffiti artist David Choe, from homeless to millions
- Apple iPad 3 rumors, let's get real
- FBI releases Steve Jobs background report
- Ethical iPhone 5 petitions head to Apple stores
- How to get the Diablo III beta test
- Hackers release Symantec pcAnywhere source code
- Shocking Stats on Texting While Driving
Latest CBS News Headlines
on Facebook Most Discussed Stories
on CBS News
- Top Republican wants vote on birth control mandate
- McConnell: Contraceptive issue "will not go away"
- Fuel removal under way on Italy cruise ship
- USAID contractor case renews debate on tactics
on Facebook Most Discussed Stories
on CBS News
