Microsoft delays bulk of next-generation security plan

The plan, unveiled in 2002, was once known as Palladium

Microsoft Corp. has postponed most of its Next-Generation Secure Computing Base (NGSCB) security plan, company officials confirmed. Only a sliver of it will appear in the next version of Windows, code-named Longhorn, due out late next year.

Microsoft unveiled NGSCB, formerly known by its Palladium code name, in 2002. A year ago, the company said it was retooling the technology so some of the benefits would be available without the need to recode applications. The vendor promised an update by the end of 2004. But it has remained silent, fueling speculation about delays and the demise of NGSCB.

In its original form, NGSCB used a combination of software and hardware to boost PC security by allowing software to be isolated so it can be protected against malicious code. NGSCB required changes to a PC's processor, chip set and graphics card. Microsoft has said that it got support for the changes from hardware makers including Intel Corp. and Advanced Micro Devices Inc.

To get the special protection, applications would have to be rebuilt to include a protected agent that would run in a secured space on the system. Also, NGSCB was to protect user data by encrypting the data as it moves between hardware components. For example, the data flowing between the PC and a monitor and keyboard would be encrypted, Microsoft has said.

NGSCB was scheduled to resurface at the Windows Hardware Engineering Conference (WinHEC) in Seattle this week. The preliminary agenda for the event listed two sessions that were to include NGSCB, including one titled "How to build NGSCB-enabled systems." But NGSCB is a no-show at WinHEC, at least on the final conference calendar.

Microsoft staffers, however, argued that NGSCB is at WinHEC. It has taken the form of Microsoft support for Trusted Platform Module (TPM) hardware and a feature in Longhorn called secure start-up. TPM isn't new. PC vendors such as IBM and Hewlett-Packard Co. already support TPM in their systems to allow for features such as encrypted e-mail and hard disk drive partitions.

Secure start-up is designed to protect data on a PC, for example, when a user loses a laptop.

"That is really the first manifestation of the grand NGSCB plan," said Greg Sullivan, a lead product manager for Windows at Microsoft, in an interview today at WinHEC. "There are other products in the history of Microsoft where we have an ambitious vision that we invest in and the product manifestations end up being different than we thought," Sullivan said.

NGSCB isn't gone, even though the name no longer appears on the WinHEC calendar, Sullivan said. "We won't deliver on the full vision in the Longhorn release," he said. But TPM support and secure start-up form a piece of the overall vision. "The remainder may ultimately be implemented over time," he said.

Microsoft pitched NGSCB as a boon for its customers, though critics have argued that it will curtail users' ability to control their own PCs and could erode fair-use rights for digital music and movie files. Corporate users would likely be first to adopt the technology in early applications such as secure messaging, Microsoft said two years ago.

Copyright © 2005 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon