Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Hardware IT

IBM Shipping More PCs with Trust Chips 476

rts008 submits this EWeek story about IBM shipping more computers with trusted computing inside. Since the article mentions none of the downsides, we should: trusted chips will eventually be used by software manufacturers to make sure the computer's owner does not do anything with the software which the manufacturer does not want to permit.
This discussion has been archived. No new comments can be posted.

IBM Shipping More PCs with Trust Chips

Comments Filter:
  • COWBOY NEAL (Score:4, Funny)

    by Anonymous Coward on Sunday October 03, 2004 @02:32PM (#10421546)
    I TRUST YOU
  • Paranoia or truth? (Score:5, Insightful)

    by AssProphet ( 757870 ) * on Sunday October 03, 2004 @02:33PM (#10421555) Homepage Journal
    Yeah, paranoia is fun and all, but I wouldn't mind a few links to support the downsides claim.
    You'ld think IBM would know better than to associate the word "Trust" with "Technology". That combination is like a buzzword for suspicion to the Tech-wise.
    • by Cyclops ( 1852 ) <rms@nosPam.1407.org> on Sunday October 03, 2004 @02:39PM (#10421593) Homepage
      Yeah, paranoia is fun and all, but I wouldn't mind a few links to support the downsides claim.

      You'ld think IBM would know better than to associate the word "Trust" with "Technology". That combination is like a buzzword for suspicion to the Tech-wise.
      Are the `Trusted Computing' Frequently Asked Questions [cam.ac.uk] a good start for you?

      You should also read Can you trust your computer? [fsf.org] and The right to read [fsf.org], both by Richard Stallman

      This last particular one is very insidious about effects made possible by Treacherous Computing.
      • by einhverfr ( 238914 ) <chris.traversNO@SPAMgmail.com> on Sunday October 03, 2004 @03:13PM (#10421847) Homepage Journal
        You bet I can. I run only Free Software!!!

        Personally I am not opposed to the trust chip technologies because I think that we are to the point now where the interests against extending copyright protections are stronger than those for it. I also think that such trust chips may allow many new applications which we can't think of today in the Free Software world.

        One trend I think people often fail to understand is that freedom from EULA's becomes more appealing the more the mainstream technologies become encumbered. If Microsoft wants to fight their users, great! We welcome the refugees :-)
      • by Christopher Thomas ( 11717 ) on Sunday October 03, 2004 @03:59PM (#10422173)
        Are the `Trusted Computing' Frequently Asked Questions a good start for you?

        I've been reading the TC FAQ, and I still don't understand how this is supposed to do something useful.

        It works to prevent tampering by doing security checks against hardware-stored data while in a privileged operating mode, but the whole point of the latest slew of security problems is that unprivileged software can gain access to privileged operating modes. So, this won't do a whole lot to protect you from malware, as was one of its (many) claims.

        I'd also expect cracked bios flashes to appear within months of a TC implementation that significantly hindered unlicensed software use. Not to mention cracked versions of the software that didn't handshake with the TC routines. Encryption of software to prevent cracking has been around for years, and has been ineffective for years - you just have to snag unencrypted images of the code and data you're interested in from memory. All of these cracking approaches have countermeasures that can be taken against them, but at this point you're trusting OS and application manufacturers to design software robustly and with keen foresight. I'm skeptical of this occurring in the near future.

        There's also the problem of the hardware hashing making the machine non-upgradeable, and the problem of the machine requiring an active 'net connetion for applications to authenticate with their central servers, and the problem of "mod chipping" (removing the TC chip and replacing it with a compromised version).

        In summary, I don't think that TC will work for its nominally intended purposes (securing machines against malicious attacks, and ensuring that software and media are used only as licensed). I'm kind of curious as to whether the proponents of TC realize this (and just want to alter licensing schemes for Joe Average), or not (and think it will work).
        • by cgenman ( 325138 ) on Sunday October 03, 2004 @06:25PM (#10422947) Homepage
          You do realize that protecting machines against malicious attacks has always been a red herring, right? Trusted Computing ensures that signed code runs in a protected space which unsigned code cannot effect. However, most computing will still occur outside of the signed code space, and for legacy reasons every feature of today's Windows computing environment will need to remain exposed to unsigned code. In other words, this has no more chance of stopping a someone from hacking into your computer than insulating your house will stop someone from stealing your car.

          If they really wanted to reduce the amount of damage malicious code could do, they would create a unix like permissions environment, with an automated way of setting permissions levels. Not only is this the obvious way of reducing malware, it is the proven way. It is a lot like what Trusted Computing proports to be, but with the user retaining full control. But the user having full control is what this is supposed to stop.

          No, what Trusted Computing means, and has always meant, was not that you could trust your computer but that the media owners could trust your computer... Creating a sandbox environment where no code can touch any other code or modify its behavior in any way would not function in an environment where your typing enhancement systray app was correcting your spelling in your legacy e-mail client, but rather preventing you from recording a movie as it is written out and watching it later.

          Trusted Computing is DRM.

          I'm not saying DRM is necessarily a bad thing... Quite frankly if it does open up the floodgates of every movie in IMDB's database available to the public at a moment's notice, I'm all for it, at least in theory. In practice it needs to be defended against, because the industry leaders have shown themselves to use every inch of power they gain over their users to manipulate them and cement their power. While Microsoft may not trust me not to steal movie trailers from their website, I sure as hell don't trust them to let me run SkyOS 5 without interference.

          I'm glad that you've brought up what the TCPA is claimed to do, because there are still large swathes of people out there who believe the lies. To be quite frank, if they were more honest about the goals of the platform we might be more inclined to trust them. But when they're trying to smuggle in more control over their users in the guise of protecting them from something they have no hope of protecting them from, there can be no option but resistence.

      • by Tim C ( 15259 )
        Are the `Trusted Computing' Frequently Asked Questions a good start for you?

        Should they be? I've never heard of the author, or of you, "Cyclops". Since we're questioning issues of trust, why should I trust either of you any more than I trust the press release?
    • Can this functionality be switched off by the customer/dealer?

      What software supports it now? Are PC manufacturers going to be flooded with calls that their computer crashed, its stopped working etc?
      Is the software maker or computer manufacturer responsible for those calls?
    • by Antique Geekmeister ( 740220 ) on Sunday October 03, 2004 @02:58PM (#10421741)
      "Trusted Computing" is actually spelled "Palladium". Look up the keyword "Palladium" and "Brian LaMacchia" to see what Microsoft plans for this hardware based feature set. It's simply been renamed "Trusted Computing", but it's the same developers with the same goals: signatures on software and hardware to prevent any "un-authorized" use of them. Checksumming or authenticating software packages is quite reasonable, and verifying the identity of hardware components for security hardware is also desirable. But the screwball, closed source nature of these tools and their implementation at the motherboard level means that while Microsoft software will be promised, *promised* to work without this signature software in the near future, working only with this kind of authentication can be planned in the 5 to 10 year timeframe for the Windows and Office and games and DVD/CD burner software upgrade paths. And the closed nature of the key repositories can be used to keep open source developers from releasing open source products that can do these functions, since the signatures will be prohibitively expensive.
      • by Zorilla ( 791636 )
        Aren't most of the evil ActiveX spyware launchers "certified" anyway? I really don't think Trusted Computing has anything to offer since the business world accepts spyware as valid.
    • by reporter ( 666905 ) on Sunday October 03, 2004 @03:05PM (#10421794) Homepage
      These trust chips appear to be an attempt at preventing software piracy.

      The attempt is futile because every attempt to prevent illegal copying has been defeated. Some Taiwanese engineer will design a hardware addon to enable the customer to illegally copy the software.

      The only way to protect the trust chips is to obtain a federal injunction (from a judge) barring hardware hackers from circumventing the hardware anti-piracy chips. However, those injunctions apply only to the USA. The Taiwanese engineers will gleefully ignore the injuntion -- as is their wont. The Chinese in China (including Taiwan province and Hong Kong) routinely ignore Western standards and custom.

      After all, China is the software-piracy capital of the world. The piracy rate exceeds 91%.

      • Trusted computing appeals to your boss, the same guy who ordered padlocks fitted on every PC case at work. The guy who signs off on purchase orders for 100, 1,000, 10,000 PCs.

        You build motherboards for export, you build to the specs demanded by your foreign clients, not the occasional hacker who posts a rant to Slashdot.

        • Trusted computing appeals to your boss, the same guy who ordered padlocks fitted on every PC case at work.

          When I was a student back in the 1990's, we had a professor who was a paranoid sys-admin (paranoid in the sense that he Burt Gummer seem like a Quaker). In one of his fits of paranoia, he decided to fit locks onto the data lines of the floppy disk drives to stop software being installed on 8Mhz MS-DOS PC's. (This was pre-Internet so there was not WWW, or even Ethernet cards on the PC's, just RS232 ter
  • by mrtroy ( 640746 ) on Sunday October 03, 2004 @02:34PM (#10421561)
    trusted chips will eventually be used by software manufacturers to make sure the computer's owner does not do anything with the software which the manufacturer does not want to permit

    This concerns me.

    More from a grammatical standpoint than anything else.

    (and my grammar/spelling is not necessarily perfect...but I dont get edited
  • by Supergoad ( 745153 ) on Sunday October 03, 2004 @02:35PM (#10421564) Homepage
    Remember, trusted computing has its place. Maybe not on the desktop, but I can see it useful to lockdown point-of-sale machines, kiosks and librarys. It would be a hell of a lot easier for some places than it is implementing Group Policies and permissions for a computer that should be used only for a specific task.
    • Remember, trusted computing has its place. Maybe not on the desktop, but I can see it useful to lockdown point-of-sale machines, kiosks and librarys. It would be a hell of a lot easier for some places than it is implementing Group Policies and permissions for a computer that should be used only for a specific task.

      But it should be the owner of the computer determining all the policies, not the hardware or software vendors.

      Trusted computing is fine if you're in control of your own machine; much like how y
    • by cfuse ( 657523 ) on Sunday October 03, 2004 @04:17PM (#10422280)
      Remember, trusted computing has its place. Maybe not on the desktop, but I can see it useful to lockdown point-of-sale machines, kiosks and librarys. It would be a hell of a lot easier for some places than it is implementing Group Policies and permissions for a computer that should be used only for a specific task.

      Where's the +1 lazy bastard mod point when you need it?

      The truly paranoid would of course argue that Microsoft has made lockdown on their systems intentionally difficult, first to generate income from training for their systems, and secondly to usher in palladium.

  • by Anonymous Coward on Sunday October 03, 2004 @02:35PM (#10421566)
    Remember, only hackers run Linux, and other un-american things on their machines! Buy today, or the terrorists win!
  • by Atrax ( 249401 ) on Sunday October 03, 2004 @02:35PM (#10421568) Homepage Journal
    Industry spokesman: "... but this will stop those evil hackers taking over your system. Surely this is what you want? Oh, well yes, it CAN be used to restrict the way you use your legitimately purchased software, but don't you think that's a small price to pay?"

    what I don't like about this concept is that the problems that mainly affect the lower end (non-tech users who can't secure their PCs) will result in more restrictions on the top end (tech users who can 'creatively' use products for a purpose outside their original design parameters). the punters won't notice.
    • You've also fallen into their trap.

      Having a system that you trust does not imply or require a system that they trust.

      The fact that the underlying trust implementations might be similar doesn't mean that you're obliged to accept the one when you're really looking for the other.
  • IBM (Score:5, Interesting)

    by rampant mac ( 561036 ) on Sunday October 03, 2004 @02:38PM (#10421580)
    Does anyone know if PPC chips have "Trusted Computing" components built into them? With the G5 becoming more prevalent in Apple's product line, and being manufactured by IBM, I wonder if Apple would hop aboard. My PowerBook is fairly new and I won't have to upgrade for a few more years but this worries me a bit. Hell, I started using a Mac to get away from Windows Activation and all that crap in the first place.
  • by lawngnome ( 573912 ) on Sunday October 03, 2004 @02:38PM (#10421581)
    The main problem, as I see it isnt even with using this kind of technology fro copy protection - its the changes in software licensing that will come as a result of this. Think windows XP activation is a bitch? imagine quicken refusing to install because your new laptops trust chip is different... :(
    • by Anonymous Coward on Sunday October 03, 2004 @02:45PM (#10421644)
      Quite the contrary.

      If these silly licenses will finally be enforced, people will start to demand software that they legally own the rights to - as opposed to simply stealing it from work.

      The best thing that could ever happen to Free Software would be if people were no longer able to steal software from their companies an no longer able to buy cheap pirated versions.

      Finally the general public would understand what the Free Software movement is all about.

      • by Mr Thinly Sliced ( 73041 ) on Sunday October 03, 2004 @03:09PM (#10421818) Journal
        Totally, like totally, 100% with you on that one.

        At the moment, its just too easy to pop the CD in, or download something you only want to use this one time.

        If that one time _really_ did cost you the $400, its suddenly not the package for you, is it?

        Example - The missus complains that she doesn't want to use or understand Linux, so what do we have to do, we have to install that nasty stuff - but we shouldn't fork out the list price of $900 for the software - O no. You're in IT aren't you, you can easily grab a copy from work .....

    • Think windows XP activation is a bitch?

      Well, no, actually. In three years I haven't had to re-activate Windows. Activation may be an irritant to the hardware-obsessed hacker, but if your configuration remains reasonably stable over time, it shouldn't be much of a problem. I have a strong suspicion that activation is a fire-and-forget experience for most end users.

  • by TFGeditor ( 737839 ) on Sunday October 03, 2004 @02:38PM (#10421582) Homepage
    "Putting the data in the system's hardware makes it more difficult for hackers to access, according to National Semiconductor."

    If the system software can access it, so can a hacker.
    • If the system software can access it, so can a hacker.

      The entire point of Trusted Computing is that the system software CANNOT access it. No software can access the data except the exact and unmodified software to which it was bound.

      When you start a program it hashes that program. The chip uses that hash to create a decryption key. If you change the software you change the hash. If you change the hash you end up with a different and useless decryption key.

      And another part of the new hardware is that eve
  • Trusted Computing? (Score:2, Interesting)

    by polyp2000 ( 444682 )
    Urm ... What happened to the old saying "Trust is something you earn" ?

    In my book money cannot buy trust. And just because somebody slaps the name "trusted computing" on a piece of silicon it does not mean that I am going to "trust" it without question- even if they are being shipped by IBM (who can do no wrong!)

    I also have an issue in that who's trusting who here ? IBM ? the computer hardware ? the software ? or me?

    I dont need a chip to tell me that i can trust myself, thats for sure!

    Nick
    • And just because somebody slaps the name "trusted computing" on a piece of silicon it does not mean that I am going to "trust" it without question- even if they are being shipped by IBM (who can do no wrong!)

      You're wholly missing the point. "Trusted computing" is not a term aimed at the consumer. It's a term aimed at the content-providers. As in, "even though PCs gave rise to rampant copyright infringement, you can trust these not to do so."

    • by globalar ( 669767 )
      The market has a hard time pricing an earned trust. How much is an employee really worth vs. an outsourced hire-by-proxy? Can you really tally the cost beyond development time and projected sales into maintenance, market position, etc.? Ultimately, we just make a judgement, but it's not always the most efficient.

      For example, we can trust Linux over something entirely closed source by Diebold, but Linux is free. That throws MBA logic in a loop. Yes there is ROI, TCOS, and others but at the end of the d
    • by mav[LAG] ( 31387 ) on Sunday October 03, 2004 @04:27PM (#10422332)
      From the Trusted Computing FAQ [cam.ac.uk]:

      24. So why is this called `Trusted Computing'? I don't see why I should trust it at all!

      It's almost an in-joke. In the US Department of Defense, a `trusted system or component' is defined as `one which can break the security policy'. This might seem counter-intuitive at first, but just stop to think about it. The mail guard or firewall that stands between a Secret and a Top Secret system can - if it fails - break the security policy that mail should only ever flow from Secret to Top Secret, but never in the other direction. It is therefore trusted to enforce the information flow policy.

      Or take a civilian example: suppose you trust your doctor to keep your medical records private. This means that he has access to your records, so he could leak them to the press if he were careless or malicious. You don't trust me to keep your medical records, because I don't have them; regardless of whether I like you or hate you, I can't do anything to affect your policy that your medical records should be confidential. Your doctor can, though; and the fact that he is in a position to harm you is really what is meant (at a system level) when you say that you trust him. You may have a warm feeling about him, or you may just have to trust him because he is the only doctor on the island where you live; no matter, the DoD definition strips away these fuzzy, emotional aspects of `trust' (that can confuse people).

      During the late 1990s, as people debated government control over cryptography, Al Gore proposed a `Trusted Third Party' - a service that would keep a copy of your decryption key safe, just in case you (or the FBI, or the NSA) ever needed it. The name was derided as the sort of marketing exercise that saw the Russian colony of East Germany called the `German Democratic Republic'. But it really does chime with DoD thinking. A Trusted Third Party is a third party that can break your security policy.

      25. So a `Trusted Computer' is a computer that can break my security?

      That's a polite way of putting it.


      "Trust" here has nothing to do with you trusting a chip or feeling warm and fuzzy about trust that was earned.
  • Psychic Slashdot? (Score:5, Insightful)

    by rsmith-mac ( 639075 ) on Sunday October 03, 2004 @02:40PM (#10421602)
    trusted chips will eventually be used by software manufacturers to make sure the computer's owner does not do anything with the software which the manufacturer does not want to permit.

    When did Slashdot gain the ability to see the future? While I know we disapprove of "trusted computing" and similar systems, and for good reason, for a blurb wanting to talk about balance, that's a pretty damning statement. Trusted chips can be used to lock down software stop users, not will. We're still early in the game, and damn if we don't have any influence, but that future is still a long way off. How about instead of just bitching about "trusted computing" we start to drive it towards something that's mutually beneficial: something that allows businesses to exert power over their internal affairs(locking down documents and such), and something that lets users exert power, such as locking down systems against worms, viruses, and spyware?

    The book on trusted computing hasn't been written yet, let's not call it before it's done.

    • When did Slashdot gain the ability to see the future?

      uhh... tomorrow!

    • by Jeff DeMaagd ( 2015 ) on Sunday October 03, 2004 @02:53PM (#10421706) Homepage Journal
      The thing is that the motivation for this largely centers around DRM. Yeah, people mention point of sale, kiosks and such, but those functions should be on embedded computers, not desktops.

      I really don't see what "Trusted Computing" gains me as a user of desktop software. I don't see why this is necessary to lock down computers against worms, viruses, and spyware because those are an end product of bad software, not the lack of trusted computing. I don't want trusted computing to be used as a cover to coddle bad software and then give me an added bug called DRM.
    • by Dragoon412 ( 648209 ) on Sunday October 03, 2004 @02:58PM (#10421736)
      Trusted chips can be used to lock down software stop users, not will.

      While that may be true in a literal sense, giving the likes of Microsoft and the RIAA a widely installed base of these 'trusted' machines is and expecting them not to abuse the power is like giving a junkie a hypodermic needle and expecting him to use it for something other than shooting up.
    • You expected an unbiased opinion from slashdot on a potentially inflammatory subject? I'm just glad slashdot, RMS and other vocal members of this OSS community tells me how to think about technologies.
    • Are you familiar with the concept of function creep? If such damning functionality becomes ubiquitious, we then have to defend ourselves from the negative implications forever (generally regarded as unlikely, if not impossible, due to public apathy and limited attention span) instead of simply stating that it will not be tolerated. I don't care if Jesus Christ himself wants to introduce trusted computing; it's the guys who will inherit the Earth in 10 years that I'm concerned about.
    • by Alsee ( 515537 ) on Sunday October 03, 2004 @04:33PM (#10422358) Homepage
      It is not even a question of "can" or "will".

      The FUNDAMENTAL DESIGN of Trusted computing itself is that if you attempt to modify the software it no longer works. There simply is no question of prediction about it.

      If you attempt to modify the software then the Trust chip generates a different hash for that software. Without a changed hash value the Trust chip now generates entirely different encryption keys. Since the software no longer has access to it's old encryption keys it can no longer decrypt it's secured data files and it can no longer decrypt secured communications with other software over the internet.

      It's certainly possible to make the effort to write software that doesn't have these issues, but that's kinda like making the effort to redesign an airplane to remove the wings. At that point it's not even an airplane anymore.

      something that's mutually beneficial: something that allows businesses to exert power over their internal affairs(locking down documents and such), and something that lets users exert power, such as locking down systems against worms, viruses, and spyware?

      That's easy! All they'd have to do is give you a printed copy of your master key along with your machine.

      It should be pretty obvious that simply knowing your master key cannot possibly reduce your computers ability to protect you, it's still the exact same hardware. You are just as secure against viruses and worms and spyware. Companies would have just as much security over their machines - the company owns the machines and only the company would get the master keys to them, not each employee. Knowing your master key gives you ALL of the benefits and NONE of the downsides!

      The very issue is that they REFUSE to offer such an option. They refuse to allow you to know your own master key. They refuse to sell you any Trust chip except one that keeps your key secret from you, one which is designed to self-destruct if you attempt to open it up to read your key.

      The very purpose of Trusted Computing is to forbid you to know your master key so that your chip can keep secrets from you. So that your chip can control what you do with data. So that your chip can prevent you from altering software. So your chip can send secret messages to other people which you cannot read. To that your chip can securely tell other people exactly what software is running on your machine and exactly what hardware you have.

      If you were allowed to know your master key the entire "Trust" system would fall appart. You computer would still be perfectly secure FOR you, but it would no longer be secure AGAINST you. You could use your key to unlock your own files, such as DRM'd music files. You could use your key to unlock your application data, allowing you to escape vendor lock-in. You could use your key to read the secret messages your chip sends to other people. You could use your key to be able to modify your own software or change your settings. You could use your master key to lie to other people about what software and hardware you are using - for example you would be able to tell a website you are using Internet Explorer when you are really using Netscape.

      The very purpose of Trusted Computing is to make it impossible to do any of those things.

      If they wanted to make a beneficial system for you and me they would simply allow you to know your own key.

      -
  • by Judg3 ( 88435 ) <jeremy&pavleck,com> on Sunday October 03, 2004 @02:40PM (#10421605) Homepage Journal
    I wonder how long it will be until everything contains trust chips.

    I was thinking about this earlier last week, and made a decision I'll try to stick with - I'll get the most cutting edge PC I can that doesn't contain any builtin DRM, and then see how long I'll last.
    Except for games, I think I can last quite some time. As it stands, the only thing I need a lot of extra horsepower for is gaming. I don't mind waiting an extra bit of time for a program to compile, and everything I use now works fine even on an old P3 667. If push comes to shove, I'll just game on a console and do my compiling on a stand alone machine.

    The only 'bite me in the ass' possibility is if they start building hardware (video cards, hard drives, ram, etc) that demands the use of this DRM chipset, then I'd be screwed. If not, I bet I could push my next PC purchase out to easily over 5 years.
    • Intel has been negotiating with Microsoft for at least 2 years now to integrate this technology right into the CPU's, as part of the old "Palladium" project which has simply been renamed "Trusted Computing". We'll see if AMD buys into this: I'd bring popcorn and a soda to see that business meeting with Microsoft.
    • Doesn't the Pentium III have that dreaded CPU identifier built in that's set on by default so people can log and track where you're browsing? Wasn't this supposed to cause the sky to fall in 1999 or something?

    • by Alsee ( 515537 ) on Sunday October 03, 2004 @05:18PM (#10422610) Homepage
      I'll get the most cutting edge PC I can that doesn't contain any builtin DRM, and then see how long I'll last.

      You missunderstand the threat. There is absolutely no reason to hold onto a Trust-free machine. It's like holding onto a speaker-free machine. You can just go out and buy a new computer that happens to have speakers, and then pretend the speakers aren't there. Simply don't use them.

      The new Trusted-enhanced machines can do everything the old machines can do.

      The entire plan is that ordinary old machine will increasingly get locked out of everything. New software will only run on the new machines, and only in the new Trusted-enhanced handcuff mode. New websites will only be viewable on the new machines, and only in the new Trusted-enhanced handcuff mode.

      You'll get a FREE music CD with your McDonalds Happymeal. If you try to play it on a normal old computer it will give an error message that you need a new Trust-enhaced machine. Your old machine is obsolete and incompatible. So Uncle Bob will run out to buy a new Trusted-enhanced machine just to get the damn free music to play. And that music will only play in Trusted-enhanced handcuff mode.

      You will start getting get secure e-mail from your friends and family and maybe even your boss. And it will be impossible to read that e-mail except on the new machines, and only in the new Trusted-enhanced handcuff mode. And if you refuse to submit to Trusted Computing then your friends and family and boss all blame YOU for having an old obsolete and incompatible machine, that YOU are causing the problem.

      So not only will you get locked out of more and more as long as you refuse to submit, they even subvert your friends and family and boss (who have moved to Trusted Computing) into making you suffer even more.

      There is absolutely no reason to hold onto old hardware. That is part of the insidious nature of their plan. It is the old Microsoft Embrace Extend Exterminate tactic. They Embrace everything current computers can do, Extend it with stuff that only Trusted machines can do in handcuff mode, and Exterminate normal old computers which are now incompatible with everything new.

      -
  • Actually, I know that the recent IBM Thinkpad laptops have shipped with this "trusted computing" system for awhile now. It's not (yet) supposed to lock your system to Windows only, as it is a way to lock your laptop so that your data is safe (on a hardware level) if it gets stolen.
  • Notifying users? (Score:3, Interesting)

    by lothar97 ( 768215 ) * <owen.smigelski@org> on Sunday October 03, 2004 @02:42PM (#10421617) Homepage Journal
    As this is something new that PC users might not expect, I wonder if IBM is taking any effort to educate purchasers about the "new functionality." While people might like to know that this might help stop the evil hackers, they should be told that software might stop functioning like they want (assuming the user does something bad, like use pirated copies). I can imagine the increased tech support calls arising from this...
  • by Anonymous Coward on Sunday October 03, 2004 @02:42PM (#10421619)
    computer's owner does not do anything with the software which the manufacturer does not want to permit.

    Good.

    Instead of encouraging people to break the law (pirate software, etc) - I wish more people would choose software that _grants_ them the right to use it as they see fit.

    I wish everyone in the world had to pay full price for Microsoft and Adobe software instead of copy it or buy cheap pirated versions. Then people would start recognising the value of Free Software.

    Until then, pirated windows is probably the strongest competitor Linux faces.

    • by nurb432 ( 527695 ) on Sunday October 03, 2004 @03:33PM (#10421993) Homepage Journal
      This sounds like a nice idea until you find out that the hardware manufacturers are working with the software vendors, and will prohibit you from installing anything other then what *they* approve..

      Approval wont techincally be 'restricted', but you will have to go thru a approval process, which wont be cost-free.. ( just look at getting ISO certification.. its not cheap )

      So, that means little LEGAL free software will run on your 'trusted PC', as the cost of 'certification' ( as well as the rules and regulations you must follow for approval ) will be far to high for an OSS project to afford.

      In the end, its got little to do with piracy, and more to do with control.

  • Uh huh... (Score:3, Insightful)

    by avalys ( 221114 ) * on Sunday October 03, 2004 @02:43PM (#10421620)
    trusted chips will eventually be used by software manufacturers to make sure the computer's owner does not do anything with the software which the manufacturer does not want to per

    My god, you can see the future too? I thought it was just me! How long have you had the gift?

    [/sarcasm]
    Seriously, the chips the article is talking about are completely user-controllable. If they don't want to take advantage of the functionality, they don't have to. Did you even read the article? It talks about how the chips facilitate encryption and secure storage of passwords and other sensitive information, not controlling what the user does with their computer.

    Making vague, unverifiable assertions about the possible applications of a technology that could potentially be derived from this one is nothing but FUD.
  • flawed (Score:5, Insightful)

    by s4m7 ( 519684 ) on Sunday October 03, 2004 @02:43PM (#10421629) Homepage

    While vendor lock-out is definitely a threat, it's not a terrible threat because amateur developers are such a key part of the industry, and always will be.

    What concerns me much more is the stuff that's going to start happening when "trusty" computing becomes ubiquitous, if it ever does. More and more important transactions and secret info exchange will take place over the net. and of course you know the government doesn't allow good encryption for "national security" reasons.

    the article talks about the security and encryption being in hardware rather than software as though that was some sort of improvement on it, but who wants to replace their hardware as soon as some 1337 5kr1p7 k1d5 figure out an exploit? and it's only a matter of time.

    on the other hand this is one of the few technologies that could permanently cure the world of spyware (the other obvious one being dumping windows altogether.). of course with every new anti-spam technology, the spammers are the first on board, so I imagine the industry will sell out again and no good will come of it.

  • Just say no to DRM (Score:5, Insightful)

    by Whammy666 ( 589169 ) on Sunday October 03, 2004 @02:44PM (#10421635) Homepage
    I for one will not buy any piece of hardware that is equiped with this nonsense, unless there is a BIOS setting to fully disable it. I plan to keep a couple of spare motherboards without the DRM crap just to have for spares in case the one I'm using dies.

    It seems that manufacturers and publishers are just determined to alienate the consumer with this kind of shit. The only way to stop it is to take their profit out of it. Just say no with your pocketbook. They'll get the message sooner or later, assuming they don't pay off some politicians and get a law passed to make DRM mandatory. Oh wait... we're screwed.

    • by Reziac ( 43301 )
      Back when WinXP was new, M$ posted on their site a list of requirements for hardware to be "XP certified" or whatever they call it. One of the items was that the BIOS was *not* allowed to be user-accessable.

      This particular criterion doesn't seem to have found much enforcement, but as you can see the concept was already there some time back.

  • by Goeland86 ( 741690 ) <goeland86.gmail@com> on Sunday October 03, 2004 @02:45PM (#10421641) Homepage
    ok, so IBM is shipping those machines... but does anyone think that IBM could use those chips eventually to block WINDOWS from being installed on them? look at the bright side, we may end up with a 'LINUX ONLY' line of machines... Big Blue is pro-open source, as it's showing in the SCO lawsuit and elsewhere... So, I wouldn't worry too much about it... yet.
    • I don't consider being locked into only one OS a good thing no matter which OS that is. However your reasoning isn't bad. IBM doesn't have a lot to gain by making a PC "windows only" and they do invest an awful lot in linux.
  • by ShatteredDream ( 636520 ) on Sunday October 03, 2004 @02:47PM (#10421663) Homepage
    Knowing how exposed most software is to things like worms, it would be very easy with powerful control hardware to lock people out of their systems without actually damaging the system. One of the things I find very interesting is how does one go about preventing a worm from rewriting certain parts of Windows and user apps so that they think the trusted hardware is either not present or does not let the user do what they are trying to do?

    If after a year and incredible amounts of money spent on R&D, Microsoft cannot really slow down the spread of worms, how can they write an operating system that cannot be totally mindfucked by a worm that twists how Windows deals with the trusted hardware? So maybe Microsoft requires code signing, who is to say that someone isn't going to find a way to spoof a real code signature so that the worm appears to be Microsoft?

    My money is the proposition that they'll try it, it'll work great for 3-6 months then people will start writing worms that target trusted systems and that totally ruin them. Then it will be a big flop within 2 years. IBM, Microsoft and other companies need to realize that the human component of security simply cannot be automated. Despite all of their attempts at real security, Microsoft cannot deal with the fact that the single greatest security hole in its OS is the user that never patches and that thinks it's not cool to remember what they aren't supposed to do to avoid getting worms and other hacks.

    And if it doesn't work, just stock up on as much pre-trusted hardware as possible and put it into a closet for safe keeping....
  • My main problem with "trusted" computing is the fact that it could lock out software that the manufacturer of the computer deems "not trustworthy." But, what does "not trustworthy" mean? Could some manufacturers use this technology to further entrench the Windows monopoly by locking me out of my "not trustworthy" Linux or *BSD disks? I could just think of the things that MS could do, such as force its vendors (Dell, HP, Gateway, etc.) to only ship "trusted" computers. I know, I know, I might be paranoi
  • I guess I will need to code some trusted hardware emulator soon, 'cause my current boxes lacks that preciouss chip. Any spec on sight, anyone?
  • Before we jump to conclusions about how this will ruin our computing lives, let's think about this for a second.

    Some companies, such as IBM will provide systems with these chips in them. Some customers will buy them, specifically, customers who want to have only authorized programs running on their systems - customers worried about security. That there is a market for these systems is not a question.

    However, there is also a market for systems WITHOUT these "trust" chips. And manufacturers will continue
    • "And manufacturers will continue to provide systems without trust chips. If you don't want to buy a "trust" computer, don't. There will continue to be plenty of computers without this feature."

      And how do you know which systems have "trusted chipsets" in them from the start? How do you know your 1U rackmount server that you just bought from Acme Servers has (or has not) a trusted chipset in it? Can you trust the vendor?

      It makes sense for them to standardize on ONE architecture; one with the chipset, th

  • Trusted/Treacherous Computing is for one reason only. (Like they really care deep-down if your copy of Word or your Britney tune is legit!) But they DO want to control your ability to communicate in ways they can't sniff and your ability to publish something they don't like.
  • Backup? (Score:3, Interesting)

    by Anonymous Coward on Sunday October 03, 2004 @03:05PM (#10421790)
    Suppose that I back up my data and then my motherboard dies. Now I can't restore my backed up data because the new computer doesn't trust it or it doesn't trust the new computer.

    I remember a time when software vendors made it impossible to back up 5 1/4" disks by physically damaging them. The customers reacted by not buying their software and they backed off. I also remember a very early version of XP that wouldn't let you change any part of your computer without phoning Microsoft for a new key. Customer reaction was such that XP is much easier to deal with now.

    It also occurs to me that if the trusted computing chip keeps legitimate software from running then that is restraint of trade.
  • by lkaos ( 187507 ) <anthony@codemonke y . ws> on Sunday October 03, 2004 @03:12PM (#10421834) Homepage Journal
    TCPA (the chip that's in these PCs) is simply a Crypto co-processor. It provides acceleration for common crypto algorithms and it also provides a tamper-resistant storage location for keys. IBM maintains an Open Source [ibm.com] implementation for the processor.

    There's already been really neat things done with the chip like a truely secure [dartmouth.edu] version of Linux that's entirely tamper proof (this is doing by signing the kernel and boot loader with the TCPA.

    Put away the foil hats people, this is actually really cool innovative technology that so far has given Linux an edge in the security world over Windows.
  • Just curious how these things works. Anybody got an overview ?
    It seems it can store digital certificates.
    Now, things have to be verified against these things I guess ?
    Won't someone find a clever way to intercept the communication to that
    chip, and fake responses ?
    Or if the software (e.g. an exe file) needs to be decrypted to run, won't someone find a way to snatch the decrypted code from memory ?
  • by OS24Ever ( 245667 ) * <trekkie@nomorestars.com> on Sunday October 03, 2004 @03:21PM (#10421909) Homepage Journal
    Man, did anyone read the article or check out how IBM markets them on their webpages? These things are for encrypting documents, passwords, storing things you don't want people to get to easily. I've sat through a few seminars and presentations from IBM and how they tout this is to protect your DATA from other people, not protect a copyright holder from you.
    • Seriously, how dis you expect them market it?

      It's not like they are going to mention any of the nasty aspects. It's not like they are going to advertize DRM. They all try to deny it was designed specifically for DRM, but when pressed they virtally always admit that it just so happens that it's possible to write DRM software on top of this security system.

      I've sat through a few seminars and presentations from IBM and how they tout this is to protect your DATA from other people

      Next time you are at such a
  • by Eric Smith ( 4379 ) * on Sunday October 03, 2004 @03:50PM (#10422103) Homepage Journal
    Richard Stallman refers to it not as "Trusted Computing", but as "Treacherous Computing" [gnu.org]. The phrase "Trusted Computing" was deliberately chosen by the TCPA because sounds like a wonderful thing. Everyone wants to trust their computer. And trusted computing does provide a little of that. But what it really does is ensure that other people trust your computer. Specifically, that other people trust it not to do what you want it to, but only what they are willing to allow.

    The story said:

    trusted chips will eventually be used by software manufacturers to make sure the computer's owner does not do anything with the software which the manufacturer does not want to permit.
    It should be noted that what we're really talking about is preventing the computer's owner from doing things that Microsoft and their allies (such as the MPAA) don't want to permit.

    The computer manufacturer, such as IBM, is largely irrelevant, except to the extent that they may eventually offer hardware that will refuse to run operating systems they don't approve of. Since IBM supports Linux, it doesn't seem likely that they will build machines that can't run Linux, but many other vendors have hitched their wagons more firmly to Microsoft.

  • by thrill12 ( 711899 ) * on Sunday October 03, 2004 @03:51PM (#10422107) Journal
    Seriously: we have this already. We have the Playstation 2, we have the X-Box, we have (name your favourite piece of controlled hardware here). Both of them incorporate something that could be called "trusted computing". If it ain't signed properly - it ain't trusted - it ain't run.
    Few consumers accept(s/ed) this and buys a modkit to solve the problem. Same way it will be for the IBM hardware.

    Maybe this even has a more negative impact for software sales than they envision:
    If software manufacturers rely on this piece of technology to protect their investment completely (as with XBox and PS2), their software is going to go just as easily as buying the modkit. And because their software get's spread more easily (any person with a modkit can copy their software), they will lose more money - and need larger margins to keep afloat, which leads to a spiral of less software sales. Thus, in the end, noone but large players will stay behind.

    I vote for a namechange:
    Trusted computing becomes Assured economic software failure...
  • by xswl0931 ( 562013 ) on Sunday October 03, 2004 @03:54PM (#10422126)
    If this prevents the computer illiterate people from running malicious software (which probably makes up 99% of the world), I'm all for it. If you think this can be used to prevent legitimate software from running, I wouldn't be worried about it. How quickly do you think an anticompetitive lawsuit would be filed if that happened? There's a good chance this feature can be enabled/disabled (preferrably not programmtically).
  • by magarity ( 164372 ) on Sunday October 03, 2004 @04:07PM (#10422221)
    Since none of the big time hardware makers also make major software, why the heck do they give a second thought about software piracy issues at all?
  • Devil's advocate (Score:3, Interesting)

    by BoneFlower ( 107640 ) <.moc.liamg. .ta. .ecurbehteinna.> on Sunday October 03, 2004 @04:22PM (#10422307) Journal
    While trusted computing for general purpose home PCs is a dangerous concept for civil liberties, trusted computing does have places I think could be very useful.

    Corporate PCs and servers. With a hardware enforced trusted computing policy, it will be much harder for users to bork the corporate network by installing a virus and spyware ridden warez game or weather bug thing.

    Safety critical systems could also benefit, to prevent user modifications that could cause the system to operate in an unsafe manner.

    Trusted Computing certainly isn't a cureall even in these cases, but its not a completely evil thing. It does have legitimate uses.
  • How is that bad? (Score:3, Interesting)

    by Rui del-Negro ( 531098 ) on Sunday October 03, 2004 @04:27PM (#10422333) Homepage
    "Since the article mentions none of the downsides, we should: trusted chips will eventually be used by software manufacturers to make sure the computer's owner does not do anything with the software which the manufacturer does not want to permit."

    Then people will start choosing the software that does permit them to do what they want. Might be a downside for uninformed users in the short run, but seems like a good thing in the long run.
  • by Chris Colohan ( 29716 ) on Sunday October 03, 2004 @04:30PM (#10422343) Homepage
    This article refers to machines equipped with TCPA, not Palladium. These are different architectures. The TCPA design is a bootstrap architecture, which means that the boot process has to be changed such that each portion of the OS is validated as it is loaded -- a task that is probably much easier to do in Linux than Windows, since you can always compile a minimal Linux system with TCPA support and not worry about portions of the kernel which support legacy hardware and software. A major design feature of Palladium is you can avoid that headache, and instead try to get a secure subsystem up and running under an already running insecure operating system.

    If you want to know more about the difference, you can read an article about it here [colohan.com].

  • by MacGabhain ( 198888 ) on Sunday October 03, 2004 @05:01PM (#10422501)
    From a security standpoint, the word "Trusted" refers any entity (computer or not) which is able to violate the security policy, and thus is "trusted" not to do so. "Trustworthy" refers to entities which are reasonably believed to be sufficiently unlikely to violate the security policy, and thus are worthy of being trusted.

    Given this particular definition, "trusted" is exactly the right thing to call this sort of hardware, although perhaps "blindly trusted computing" would be better.

  • What happens... (Score:3, Interesting)

    by Phil246 ( 803464 ) on Sunday October 03, 2004 @05:32PM (#10422690)
    to those students out there studying computing? or those independant software developers?
    Will these chips suddenly stop any written program from working unless 'signed'?
    What will they do to let peoples program as usual? special compilers which auto-sign programs for them?
    And what happens if one of those suddenly got out to the rest of the world. all programs which are signed from it get blocked?
    hypotheticaly, what happens if such a compiler from say, Microsoft got out. would they block ALL microsoft products?
    I think not. The potential for abuse of this system is staggering, and its ultimate worthlessness is astronomical. All it takes is for the system for 'signing' such programs to 'escape' ( or be rescued, depending on your point of view ) from a major software developer , and the whole thing is worthless.
  • Nothing new here. (Score:4, Interesting)

    by Deathlizard ( 115856 ) on Sunday October 03, 2004 @06:30PM (#10422984) Homepage Journal
    IBM has had these Security chips available in their machines since 1999. I remember PII's with them built in.

    All these are designed to do is interface with an IBM software product to encrypt files using a Hardware chip, do on the fly disk and network encryption and other security related protections that you couldn't do practically with just a CPU software solution.

    Specificially, If you have a Thinkpad there's a good chance it has one of these right now. This was one of their selling points that if the System was ever stolen they couldn't get access to any of the data because it's all encrypted to the physicial hardware itself and only the original laptop could access it.

    Their site for the current data on their security chip is here [ibm.com]

    This new chip definetly looks more advanced, and could possibly be used for DRM purposes, but in the end its going to do the same things as the older hardware and the older hardware could be used for the same thing.
  • by fluce ( 740312 ) on Monday October 04, 2004 @06:30AM (#10427138)
    IBM published http://www.research.ibm.com/gsal/tcpa/tcpa_rebutta l.pdf [ibm.com] this FAQ about TCPA two years ago.

    It aims to describe the difference between TCPA, MS Palladium and DRM, and explains what TCPA is usable for (crypt personnal data, store passwords,etc.), and what TCP is unusable for (restrain software execution).

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...