Microsoft revisits NGSCB security plan

Formerly known as Palladium, the technology was unveiled in 2002

Microsoft Corp. is revisiting its Next-Generation Secure Computing Base (NGSCB) security plan because enterprise users and software makers don't want to be forced to rewrite their code to take advantage of the technology, the company said yesterday.

In response to feedback from users and software makers, Microsoft is retooling NGSCB so that at least part of the security benefits will be available without the need for recoded applications, said Mario Juarez, a Microsoft product manager, in an interview yesterday at the vendor's Windows Hardware Engineering Conference (WinHEC).

"We're revisiting the way that the architecture needs to be built in order to accommodate the feedback that we have gotten and provide the broader value that we want the technology to provide," he said. Microsoft is making changes to NGSCB but isn't discarding previous work or going back to the drawing board, Juarez stressed.

Microsoft announced NGSCB, formerly called Palladium, in 2002. The technology uses a combination of software and hardware that Microsoft says will boost PC security by isolating software so it can be protected against malicious code. The company plans to incorporate the technology in Longhorn, the successor to Windows XP, which is expected out in 2006.

NGSCB was demonstrated for the first time a year ago at the 2003 WinHEC. Attendees at Microsoft's Professional Developers Conference in Los Angeles last October received a developer preview of NGSCB. The preview was meant to give developers a feel of what it's like to develop an application that uses NGSCB security.

Meanwhile, Microsoft has been gathering feedback and is working on incorporating that, according to Juarez. As a result, NGSCB will be revised so that software makers and enterprise users can take advantage of part of the technology out of the box, without the need to rewrite applications.

Originally, NGSCB provided strong protection for very small amounts of data through protected agents. Applications would have to be rebuilt to include a protected agent that would run in a secured space on the system. Now Microsoft is working to revise the NGSCB technology so it's possible to secure more bits without having to rewrite applications, Juarez said.

"We can't provide the level of specifics that we provided last year because we're still in the process of sorting out the details," Juarez said. "We will have more specifics later this year about how the technology will be implemented based on the feedback."

NGSCB includes a new software component for Windows called a "nexus," and a chip that can perform cryptographic operations, called the trusted platform module. NGSCB also requires changes to a PC's processor and chipset and the graphics card. The combination of hardware and software creates a second operating environment within a PC that is meant to protect the system from malicious code by providing secure connections between applications, peripheral hardware, memory and storage.

Microsoft has pitched NGSCB as a boon for customers, though critics have argued that it will curtail users' ability to control their PCs and could erode fair-use rights for digital music and movie files. Corporate users will likely be the first to buy into the technology, with early applications likely to include secure messaging and other applications useful to corporate PC users.

5 power user tips for Microsoft OneNote
Shop Tech Products at Amazon