WINHEC - Microsoft delays most of its NGSCB security plan

SEATTLE - Microsoft has postponed most of its Next-Generation Secure Computing Base (NGSCB) security plan, company officials confirmed. Only a sliver of it will appear in the next version of Windows, code-named Longhorn, due out late next year.

Microsoft unveiled NGSCB, formerly known by its Palladium code name, in 2002. A year ago the company said it was retooling the technology so some of the benefits would be available without the need to recode applications. The vendor promised an update by the end of 2004. But it has remained silent, fueling speculation about delays and the demise of NGSCB.

In its original form, NGSCB used a combination of software and hardware to boost PC security by providing the ability to isolate software so it can be protected against malicious code. NGSCB required changes to a PC's processor, chipset and graphics card, for which Microsoft has said that it got support from hardware makers including Intel and Advanced Micro Devices.

To get the special protection, applications would have to be rebuilt to include a protected agent that would run in a secured space on the system. Also, NGSCB was to protect user data by encrypting the data as it moves between hardware components. For example, the data flowing between the PC and a monitor and keyboard would be encrypted, Microsoft has said.

NGSCB was scheduled to resurface at the Windows Hardware Engineering Conference (WinHEC) in Seattle this week. The preliminary agenda for the event listed two sessions that were to include NGSCB, including one titled "How to build NGSCB-enabled systems." But NGSCB is a no-show at WinHEC, at least on the final conference calendar.

Microsoft staffers, however, argue that NGSCB is at WinHEC. It has taken the form of Microsoft support for TPM (Trusted Platform Module) hardware and a feature in Longhorn called secure startup. TPM isn't new. PC vendors such as IBM and Hewlett-Packard already support TPM in their systems to allow for features such as encrypted e-mail and hard disk drive partitions.

Secure startup is designed to protect data on a PC, for example when a user loses a laptop.

"That is really the first manifestation of the grand NGSCB plan," said Greg Sullivan, a lead product manager for Windows at Microsoft in an interview at WinHEC on Monday. "There are other products in the history of Microsoft where we have an ambitious vision that we invest in and the product manifestations end up being different than we thought," Sullivan said.

Still, NGSCB is not gone, even though the name no longer appears on the WinHEC calendar, Sullivan insisted. "We won't deliver on the full vision in the Longhorn release," he said. But TPM support and secure startup form a piece of the overall vision, he said. "The remainder may ultimately be implemented over time."

Microsoft pitched NGSCB as a boon for its customers, though critics have argued that it will curtail users' ability to control their own PCs and could erode fair-use rights for digital music and movie files. Corporate users, Microsoft said two years ago, would likely be first to buy in to the technology with early applications such as secure messaging.