Microsoft Kills Off Its Trustworthy Computing Group 99
An anonymous reader writes Microsoft's Trustworthy Computing Group is headed for the axe, and its responsibilities will be taken over either by the company's Cloud & Enterprise Division or its Legal & Corporate Affairs group. Microsoft's disbanding of the group represents a punctuation mark in the industry's decades-long conversation around trusted computing as a concept. The security center of gravity is moving away from enterprise desktops to cloud and mobile and 'things,' so it makes sense for this security leadership role to shift as well. According to a company spokesman, an unspecified number of jobs from the group will be cut. Also today, Microsoft has announced the closure of its Silicon Valley lab. Its research labs in Redmond, New York, and Cambridge (in Massachusetts) will pick up some of the closed lab's operations.
Good (Score:2, Funny)
Trusted computing was always destined to be vaporware. Nobody wanted it.
Re: (Score:2)
Re:Good (Score:5, Informative)
yep, they're completely different animals.
Trustworthy computing: ensuring reliability and integrity of the user experience
Trusted computing: securing the system against the user.
Treacherous Computing (Score:3, Informative)
Exactly. Microsoft tried to secure the software against the users, and tried to tell everyone it was more plain security.
I'm glad users didn't swallow it. MS's lame attempt at confusing everyone got the ridicule and hate it so richly deserved.
Re:Treacherous Computing (Score:5, Insightful)
Had TC been an open standard, it could have been a great thing. Think: locking down one VM such that no virus can taint it, which you can then use to scan the rest of the system with assurance that the results are valid.
But instead it was a joke. I was doing standards work while the TC "standard" was being hammered out, and while they were in the same Hotel as real ISO standards work, you had to be there from a member company and sign an NDA to even listen to the discussions. We didn't take them seriously (the normal ISO/INCITS rules are that anyone who shows up can participate, you only need to be from a paying company to vote, and that minutes are always public).
Re: (Score:2, Offtopic)
Re: (Score:1)
But you wont get those keys - that's the whole problem.
Re: (Score:1)
Re: (Score:2)
Trusted computing was always destined to be vaporware. Nobody wanted it.
Except for the armed forces and DOD....
I could be wrong, but I thought that Trusted Computing was originally developed for the military. Only afterwards was it corrupted to include DRM, etc...
Re:Good (Score:4, Insightful)
I found that this technology has two edges to it. The first is its use for DRM, but the second is something I've found useful.
A TPM chip can come in handy with BitLocker. It means that brute forcing a drive's password becomes not an option, as an attacker is faced with the full 128 or 256 bit keyspace of AES. Unless an attacker can uncap the TPM chip, brute forcing a password will only cause the chip to lock due to excessive attempts and not allow access in any way.
It also provides peace of mind. With a TPM + PIN + USB flash drive, if my laptop gets stolen, if I have the USB flash drive on my keychain, I know the laptop's contents are protected. Even if the keychain is stolen, there is still the PIN which has to be guessed. If the MBR or BIOS are modified, it will be detected, and not allow the machine to boot. Not 100% security (XKCD rubber hoses and cold RAM attacks will beat it for example), but good enough.
Problem is that this type of technology to ensure malware hasn't tampered with the boot process tends to be far more often used to keep legitimate people out of their device rather than to allow legitimate device owners to keep control of their data.
Re: (Score:2)
I always thought that he should have made it a $5.38 wrench, instead...
TPM also handy for mneasured boot (Score:3)
During boot, Windows will write log entries to the TPM. Every time a module or driver is loaded, the signature, hash code etc. is written to the TPM.
When the OS is up and running a client can request the TPM to issue the collected log entries, digitally signed with a key residing in the TPM. The boot log is then sent to a "health certificate" server. The health certificate server can inspect the log (after verifying its authenticity thjrough the signature) to see if any untrusted or known malicious software
Re: (Score:2)
What about a linux system with BIOS password, grub password, root password other than "root" or blank and encrypted file system? I guess that's evil.
Re: (Score:2, Offtopic)
Oh, the MPAA, RIAA and BSA were screaming for it... the "trust" in "trusted computing" was that you as a "trusted computer" user could be trusted not to get around any kind of Digital Restrictions Management system... to be introduced once your head is already firmly stuck in the noose.
Re: (Score:1)
Untrue. The big media companies want it so they can controll your media use. Consider that MS got a patent which would allow them to tell how many people (in the home) viewed a movie at once. The big media companies would just LOVE to charge you each time an individual "consumes" their product. No more copy ownership just a constant income source to the media corp.
Corporate Big Brother is just as dangerous as the government form.
Mission accomplished (Score:4, Funny)
Re: (Score:2)
Now that they have made all their software trustworthy there is no more need for the group, right? Declare victory and go home.
That's what they did when IE6 won the browser war!
Does this mean.... (Score:4, Funny)
I've never shorted a stock (Score:1)
I've never shorted a stock; but every time this new guy makes a move I think about it. OMG... a cloud of mobile things... totally not MS's core comp. It's like what they did to Flickr. It's the same kind of stupid trend following. It's just that it's on a much, Much, MUCH larger scale. If this one craters like I think it might, it'll be taught in business schools for the next 50 years as "what not to do".
Oh sure, a lot of people on /. would like to see MS crater; but be careful what you wish for. Do y
Re: (Score:3)
Oh sure, a lot of people on /. would like to see MS crater; but be careful what you wish for. Do you really want AAPL to be the A no. 1 tech company for EVERYTHING, including your workstation?
Microsoft have no connection whatsoever to my workstation or what I run on it. Now explain to me how their demise is going to change that.
Re: (Score:2)
Re: (Score:2)
Nah. Swift.
Re: (Score:2)
Oracle.
Re:I've never shorted a stock (Score:5, Interesting)
Oh sure, a lot of people on /. would like to see MS crater; but be careful what you wish for. Do you really want AAPL to be the A no. 1 tech company for EVERYTHING, including your workstation?
I bash Microsoft here as much as anyone else - but No, I don't want Microsoft to go away.
I want MIcrosoft to stop making awful Operating systems. We know they can do it, because XP was excellent, W7 almost as good.
I want Microsoft to not have Updates bitch up computers.
I want Microsoft to change their "We know what's best for you dammit!" attitude, and ignore feedback. Both Vista and W8 had people begging them not to go there.
If you've read enough of Slashdot, you'll have noticed that every complaint about MSFT is attacked by "energetic fans" shouting that the complaint is invalid, that the person complaining is an idiot. How long is that supposed to work?
After moving to Unix-like OS' I apparenly stopped being an idiot, because I have none of the same problems I had on any Microsoft OS - and that includes XP, which I liked. Like I said, eventually people will get tired of that crap.
What I would like to see is a vibrant Microsoft, one that understands the customer, and the market. Why, that might even entice me to buy another computer with their Operating system on it.
Re:I've never shorted a stock (Score:5, Insightful)
XP was excellent
That's what inspired me to switch to Linux full-time, I'll say that much for it.
Re: (Score:2)
You think XP was bad, but Win95 made me switch to Linux. And Linux made me switch to OSX 10 years later.
Re: (Score:2)
XP was excellent
That's what inspired me to switch to Linux full-time, I'll say that much for it.
Same goes for me, I also moved full-Linux as XP was such a trash can. Came back when Windows 7 was released.
Re: (Score:2)
There was one major feature, and two "features" added to XP:
1: The zone/firewalling support. This is actually useful just to keep dodgy apps from opening up a port or ensuring nothing can connect directly. Third parties like Zone Alarm had this functionality, but would keep prompting the user for every single connection, so eventually users would just click "allow all and don't bug me", and be done with it.
2: Secure Audio Path, where anything protected with WMA's DRM could only play on a stack of signed
Re: (Score:2)
Definitely not. It was listed under a "feature" (in quotes) as something that isn't wanted, similar to the DRM stack. In fact, it has gotten worse since XP since you have to have either a KMS server that has Internet connectivity to phone home to MS so machines can activate from it for 180 days, or blow a MAK and activate over the phone.
I don't understand why MS forced volume activation on businesses. One can find fake KMS servers, and even though it isn't a complex piece of infrastructure, it is another
Re: (Score:2)
Re: (Score:3)
I want MIcrosoft to stop making awful Operating systems. We know they can do it, because XP was excellent, W7 almost as good. (...) I want Microsoft to change their "We know what's best for you dammit!" attitude, and ignore feedback. Both Vista and W8 had people begging them not to go there.
Maybe there's a hint there? Conservative, experimental, conservative, experimental... As long as people keep arguing if the old or new version of Windows is better, I don't think Microsoft worries. You are free to skip a version you know.
If you've read enough of Slashdot, you'll have noticed that every complaint about MSFT is attacked by "energetic fans" shouting that the complaint is invalid, that the person complaining is an idiot. How long is that supposed to work?
Do a s/MSFT/Linux/g and there's plenty OSS apologists too. Particularly because you got one team saying "Linux is so free and great, it's totally ready for the desktop and you should try it out" but when you have a problem the other team says "Yeah well you got it for free,
Re: (Score:1)
Re: (Score:2)
I want MIcrosoft to stop making awful Operating systems. We know they can do it, because XP was excellent, W7 almost as good. (...) I want Microsoft to change their "We know what's best for you dammit!" attitude, and ignore feedback. Both Vista and W8 had people begging them not to go there.
Maybe there's a hint there? Conservative, experimental, conservative, experimental... As long as people keep arguing if the old or new version of Windows is better, I don't think Microsoft worries. You are free to skip a version you know.
After W8, I stopped using Windows altogether. I am also free to not use them.
And yes, it is obviously, completely clear-no doubt about-it that Microsoft does not care one bit about their customers.
Even respectful input is dismissed. A complaint is a gift. Micrsoft has adopted the concept:
"If we ignore the customer long enough, mayb he'll stop bugging us."
And you seem to agree with them that it is a good practice. I quit bugging them, they have achieved their goal fo rme at least.
As for conservat
Re: (Score:2)
I want MIcrosoft to stop making awful Operating systems. We know they can do it, because XP was excellent, W7 almost as good.
Funny how time changes things. Or time changes people into Stockholm Syndrome victims? I remember when XP first came out and it was ridiculed for being Windows the Teletubbies edition, and how people laugh at HotFix #1 being released on the release date of XP, and how Microsoft had previously declared that there's no more buffer overflows in Windows, and of course, HotFix #1 was for a buffer overflow....
Re: (Score:2)
Or time changes people into Stockholm Syndrome victims?
Yeah, I have seen a clear Stockholm Syndrome developing around XP. :)
Re: (Score:2)
I want MIcrosoft to stop making awful Operating systems.
Windows 8/8.1 and Server 2012 aren't bad operating systems. They are just hobbled with hideous user interfaces.
Re: (Score:2, Informative)
Windows 8/8.1 and Server 2012 aren't bad operating systems. They are just hobbled with hideous user interfaces.
There's also some new vomit-inducing screenshots of the Start Menu colors [neowin.net] of Windows 9. It's still nice that the menu is coming back, but they seem to be going full-kindergarten in terms of appearance.
Re: (Score:2)
Windows 8/8.1 and Server 2012 aren't bad operating systems. They are just hobbled with hideous user interfaces.
There's also some new vomit-inducing screenshots of the Start Menu colors [neowin.net] of Windows 9. It's still nice that the menu is coming back, but they seem to be going full-kindergarten in terms of appearance.
Note to self: Wait for WindowBlinds to be ported to Windows 9 before upgrading.
Re: (Score:2)
Windows remains bloatware: the kernel has too many features, the file system has too many features, the libraries have too many features, the tools are poor, everything talks to everything else, etc. Windows will never be an "excellent" operating system; they'll have to start over.
Re: (Score:2)
Trustworthy Computing was a sham (Score:5, Insightful)
Trustyworthy Computing had the idea that apps could prevent you taking screenshots and assert insane privileges on your own computer.
It was offensive as hell.
Re:Trustworthy Computing was a sham (Score:4, Informative)
I thought Trustworthy Computing was a scheme intended to ensure that no part (of the user experience) could fail?
As opposed to Trusted Computing, which I think is what you're actually referring to here, this instead of protecting the system from failure, secured the system against user violations such as overwriting the bootloader with one that isn't signed (like for instance, replacing or enhancing the BIOS with a signed EFI that prevents the user from installing alternative OSes such as OSX onto a commodity x64 or GNU/Linux onto a MS-subsidised laptop (think £250 deal at PC World. How do you think they get so cheap?)), TPM and TXT which can be used in tandem to lock a software license/instance to a specific machine using a specific hardware setup where the hardware has burned-in unique RSA hashes per device (didn't MS do this with Windows at one point where even replacing a wireless card killed the COA key?), Asshole Detectors (I don't know if this term is in common use, it just sounds cool) such as XBox Live, and vendor lock-in on the pretext of securing a closed network (such as the aforementioned XBox Live, any number of persistent online games such as World of Warcraft...)...
Re: (Score:3)
Which has not happened. Seriously. All x86 systems have the ability to turn off secure boot.
Re: (Score:2)
Re: (Score:2)
Yes, as specified by Microsoft themselves. They shouldn't have to say it, but you know the OEMs are lazy as shit and wouldn't offer the option if they could get away with it.
Meaning what?
And you can, I have.
Re: (Score:2)
Re: (Score:2)
Which goes to show how bad Microsoft is at marketing.
And because of this flaw, they can't make any products in-house and will have to pay $2.5 billion to buy a game with Nintendo 64 style block graphics from the 1990s.
Either way, if as you say, they wanted to make sure "no part of the user experience could fail", they failed that goal when they shipped Windows 8.
In their pursuit to ensure a good user experience, perhaps they had a plan for spammers a
Re: (Score:2)
The engineers working on Windows 8 knew the Metro UI was crap for the PC. The usability studies all showed that the Metro UI was crap for the PC. It was senior management that forced the issue over the protests of those involved.
The reason I have hope for MS yet is the result from all that. The entire management chain responsible for that, right through the CEO, all of them gone. Gates, Ballmer, Larson-Green, and middle managers below her well fired or moved away from PC computing. Someone, somewhere, d
Re: (Score:2)
If Microsoft, or anybody else, cared for the UX, we wouldn't have to relearn how to do the same old things every time a new edition of their systems is released.
When you read user experience, think about user lock-in through interfaces. Everything coming from MS Apple Canonical Gnome et al. will be understandable.
Re: (Score:2)
While I personally agree with your point, organizations with strong security requirements have to at least attempt to forestall the Ivan Vorpatril security hole.
sPh
Re:This new guy (Score:4, Interesting)
I'm personally pretty anti-microsoft and a fan of google's ecosystem of products.
But if the new CEO succeeds at changing the organization, it'd be great to see a third big vendor in the market as an alternative to Google and Apple. Windows Phone sucks now, but who knows what the future brings. Microsoft has been riding their past successes for a long time, too long.
Death Knell for Patch Update oversight (Score:1)
I think someone "missed" the punchline to all of this.. they handled the MS Security Updates notifications and the Patch Update communications.
This was predictable after the August and September debacles.. they already knew they're jobs were gone..
Developers who claim the code is "Self Documenting" should not be allowed to wield sharp objects at your servers.
All patches will have to be defaulted off.. or you might as well abdicate to the Cloud.. good luck holding them Accountable for "anything".
Re: (Score:2, Interesting)
"MS Security Updates notifications and the Patch Update communications" (TwC Security Comms") has been moved over to corporate marketing (CorpCom) under Frank X. Shaw, notorious for his distain for security and his repeated attempts to kill any comms that admitted any flaw/vuln/issue ever. Same guy who dismisses all vuln researchers as "criminals" -- including all partners who do bug bounties or consultants who produce workarounds for customers .
After today, don't expect to get any honesty out of Microsoft
That's all I needed to hear (Score:1)
"The security center of gravity is moving away from enterprise desktops to cloud and mobile and 'things' "
This has been microsoft's goal since they announced Windows 8 and it's bad. The cloud is not trustworthy, it was shown to not be many times over and no sane enterprise will allow the cloud to take over local desktops/servers.
Re: (Score:2)
Unless it's cheaper. Then as long as nothing happens, managers get bonuses for the savings their decisions have earned the company, and if something does, it's an unforeseeable event that was the fault of some evil haxor.
Around (Score:2)
"Conversation" is bad enough, but what does the word "around" in this type of sentence even mean? That the conversation never actually gets anywhere or accomplishes anything specific, but just circles 'around' and 'around' a problem that should be analyzed, detailed, and solved (or firmly documented as unsolvable or uneconomic)?
sPh
Re: (Score:2)
Around in this context means next to and including.
The subjects over lap somewhat but do not completely encompass the concept.
Untrustworthy Computing (Score:1)
Re: (Score:2)
Is it just me... (Score:1)
Re: (Score:2)
"Is it just me, ...or does anyone else get a slight chub hearing that M$ is not doing so hot anymore? "
It's just you. But whatever turns you on...
Re: (Score:3)
They could make Steven Elop their CEO, and even he couldn't begin to run Microsoft into the ground.
In fact, they should just to prove that their company is so entrenched that even an idiot could run it.
And they could drive home the point, by having one run the company just to show the world!
Yuh Huh (Score:2)
Re: (Score:2)
It doesn't make much sense to me either, yet I've seen it happen with my own eyes. Not only do companies lose innovators when this type of thing happens, but they're arming their competition. All those bright folks they cut loose, and especially those that decide to leave on their own.. where will they go? To competitors, of course. It seems really short sighted, particularly when the company isn't in dire shape financially.
Askslashdot (Score:1)
Microsoft kills off trustworthy computing... (Score:2)
I don't trust myself to comment...