Microsoft revisits NGSCB security plan

SEATTLE -- Microsoft Corp. is revisiting its Next-Generation Secure Computing Base (NGSCB) security plan because enterprise users and software makers don't want to be forced to rewrite their code to take advantage of the technology, the company said Wednesday.

In response to feedback from users and software makers, Microsoft is retooling NGSCB so at least part of the security benefits will be available without the need tor recode applications, Mario Juarez, a Microsoft product manager, said in an interview Wednesday at the vendor's Windows Hardware Engineering Conference (WinHEC).

"We're revisiting the way that the architecture needs to be built in order to accommodate the feedback that we have gotten and provide the broader value that we want the technology to provide," he said. Microsoft is making changes to NGSCB, but is not discarding previous work or going back to the drawing board, Juarez stressed.

Microsoft announced NGSCB in 2002. The technology, formerly known by its Palladium code name, uses a combination of software and hardware that Microsoft says will boost PC security by providing the ability to isolate software so it can be protected against malicious code. The software maker plans to incorporate the technology in Longhorn, the successor to Windows XP expected in 2006.

NGSCB was demonstrated for the first time a year ago at the 2003 WinHEC. Attendees at Microsoft's Professional Developers Conference in Los Angeles last October received a preview of the technology. That preview was meant to give developers a feel of what it is like to develop an application that uses NGSCB security.

Meanwhile, Microsoft has been gathering feedback and is now working on incorporating that feedback, according to Juarez. As a result, NGSCB will change. Software makers and enterprise users will be able to take advantage of part of the technology out of the box, without the need to rewrite their applications, Juarez said.

Originally, Microsoft had limited NGSCB to provide strong protection for very small amounts of data through protected agents. Applications would have to be rebuilt to include a protected agent that would run in a secured space on the system. Now Microsoft is working to revise NGSCB so that it will be possible to secure more bits without having to rewrite applications, Juarez said.

"We can't provide the level of specifics that we provided last year because we're still in the process of sorting out the details," Juarez said. "We will have more specifics later this year about how the technology will be implemented based on the feedback."

NGSCB includes a new software component for Windows called a "nexus," and a chip that can perform cryptographic operations called the trusted platform module. NGSCB also requires changes to a PC's processor, chipset and graphics card. The combination of hardware and software creates a second operating environment within a PC that is meant to protect the system from malicious code by providing secure connections between applications, peripheral hardware, memory and storage.

Microsoft has pitched NGSCB as a boon for customers, though critics have argued that it will curtail users' ability to control their own PCs and could erode fair-use rights for digital music and movie files. Corporate users will likely be first to buy into the technology, Microsoft has said. Early applications will include secure messaging and other applications especially interesting for corporate PC users, the company has said.