Silence fuels speculation on Microsoft security plan

Microsoft's silence on its Next-Generation Secure Computing Base (NGSCB) architecture has some industry insiders wondering if the technology has been substantially delayed, or even axed.

Microsoft unveiled NGSCB, formerly known by its Palladium code name, in 2002. The technology, Microsoft has said, uses a combination of software and hardware that boosts PC security by providing the ability to isolate software so it can be protected against malicious code. NGSCB requires changes to a PC's processor, chipset and graphics card, for which Microsoft has said that it enlisted the help of hardware makers including Intel and Advanced Micro Devices.

Critics have argued that NGSCB will curtail users' ability to control their own PCs and could erode fair-use rights for digital music and movie files.

Last May, at its Windows Hardware Engineering Conference (WinHEC) in Seattle, Microsoft said it was retooling NGSCB so some of the benefits would be available without the need to recode applications. The vendor promised an update on NGSCB by the end of 2004. It did not release one and has remained silent since that time.

Meanwhile, Microsoft has shut down an NGSCB discussion group on its Web site. The NGSCB product page is now empty and previously posted details have been mothballed into an archive page. Several notes on the NGSCB site say, "NGSCB architecture is evolving."

Microsoft Chairman and Chief Software Architect Bill Gates, speaking at the RSA Conference last week, highlighted many of Microsoft's security efforts but did not mention NGSCB. Asked about the technology, a Microsoft spokesman at the event said that although the company had promised an update, it does not have one.

"We do not have an update on NGSCB to share at this time. Microsoft continues to actively work through many of the technical details and we expect to be able to provide more details in the near future," the spokesman said.

The silence on NGSCB raises significant questions about the future of the technology, which Microsoft once loudly promoted, said Michael Cherry, a lead analyst at Directions on Microsoft, in Kirkland, Washington.

"Unless they do something soon, I think NGSCB is dead," Cherry said.

Microsoft should keep its promises to provide updates, especially if it concerns security technology, Cherry said.

"If Microsoft wants its Trustworthy Computing Initiative to be seen as valuable for customers and partners, they have to be transparent... With security, you have to be careful to talk about only the things you really are going to do and then do them extremely well," he said.

Although Microsoft isn't yet willing to talk about NGSCB, it appears the company will have an update at this year's WinHEC conference late April in Seattle. The preliminary agenda for the event lists two sessions that include NGSCB, including one titled "How to build NGSCB-enabled systems," according to the WinHEC Web site.

Microsoft has said that it plans to incorporate NGSCB in the next Windows release, code-named Longhorn, due out in 2006. As the release of Longhorn nears, developers will have to know how to work with the security technology. If NGSCB still is to be part of Longhorn, Microsoft is cutting it close on informing developers, Cherry said.