February 23, 2005

Silence fuels speculation on Microsoft security plan

NGSCB update never arrived and company says 'architecture is evolving'

Microsoft's silence on its Next-Generation Secure Computing Base (NGSCB) architecture has some industry insiders wondering if the technology has been substantially delayed, or even axed.

Microsoft unveiled NGSCB, formerly known by its Palladium code name, in 2002. The technology, Microsoft has said, uses a combination of software and hardware that boosts PC security by providing the ability to isolate software so it can be protected against malicious code. NGSCB requires changes to a PC's processor, chipset and graphics card, for which Microsoft has said that it enlisted the help of hardware makers including Intel and Advanced Micro Devices.

Critics have argued that NGSCB will curtail users' ability to control their own PCs and could erode fair-use rights for digital music and movie files.

Last May, at its Windows Hardware Engineering Conference (WinHEC) in Seattle, Microsoft said it was retooling NGSCB so some of the benefits would be available without the need to recode applications. The vendor promised an update on NGSCB by the end of 2004. It did not release one and has remained silent since that time.

Meanwhile, Microsoft has shut down an NGSCB discussion group on its Web site. The NGSCB product page is now empty and previously posted details have been mothballed into an archive page. Several notes on the NGSCB site say, "NGSCB architecture is evolving."

Microsoft Chairman and Chief Software Architect Bill Gates, speaking at the RSA Conference last week, highlighted many of Microsoft's security efforts but did not mention NGSCB. Asked about the technology, a Microsoft spokesman at the event said that although the company had promised an update, it does not have one.

"We do not have an update on NGSCB to share at this time. Microsoft continues to actively work through many of the technical details and we expect to be able to provide more details in the near future," the spokesman said.

The silence on NGSCB raises significant questions about the future of the technology, which Microsoft once loudly promoted, said Michael Cherry, a lead analyst at Directions on Microsoft, in Kirkland, Washington.

"Unless they do something soon, I think NGSCB is dead," Cherry said.

Microsoft should keep its promises to provide updates, especially if it concerns security technology, Cherry said.

"If Microsoft wants its Trustworthy Computing Initiative to be seen as valuable for customers and partners, they have to be transparent... With security, you have to be careful to talk about only the things you really are going to do and then do them extremely well," he said.

Although Microsoft isn't yet willing to talk about NGSCB, it appears the company will have an update at this year's WinHEC conference late April in Seattle. The preliminary agenda for the event lists two sessions that include NGSCB, including one titled "How to build NGSCB-enabled systems," according to the WinHEC Web site.

Microsoft has said that it plans to incorporate NGSCB in the next Windows release, code-named Longhorn, due out in 2006. As the release of Longhorn nears, developers will have to know how to work with the security technology. If NGSCB still is to be part of Longhorn, Microsoft is cutting it close on informing developers, Cherry said.

Close

On Twitter now

Platforms

Powered by Twitter

On Twitter now

additional resources
White Paper - How to Improve Delivery of Advanced Web Applications

White Paper

Virtual Workforce: The Key to Expanding The Business While Cutting Costs

Get the independent advice and expertise you need to support a virtual workforce.

Go inside:
The three-step approach to making a virtual workforce a reality.
The four flavors of client virtualization technologies.
The three key initiatives that solve IT challenges.
Download now »
White Paper: Successfully Secure Your Wireless LAN With Wi-Fi firewalls.

White Paper

Addressing Linux Threats Leveraging Fewer Resources

The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.

Download now »
White Paper - The 2009 Handbook of Application Delivery

White Paper

The 2009 Handbook of Application Delivery

Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations choose appropriate solutions.

Download now »
White Paper - Is Your Backup System Outdated?

White Paper

Mid-range Storage Considerations

A common misconception is that mid-range storage requirements are dramatically different than that of a larger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.

Download now »

Sign up to receive Platforms Resource Alerts

Subscribe to the Today's Headlines: First Look Newsletter

Find out what will be news for the day, with our first-thing-in-the-morning briefing.

©1994-2010 Infoworld, Inc.