News

Analysts sceptical of Microsoft's plans to build in PC security

Eric Doyle
Microsoft's latest plans to build security into PCs has been met with scepticism from IT analysts.

Last week Microsoft announced plans to create a chip-controlled security zone within the bounds of a PC. The chip, dubbed Palladium, will be part of the motherboard and will be dedicated to a specific PC, possibly by tying it to a specific processor or core hardware configuration. A software element, contained in a future version of Windows will allow access to the Palladium zone according to strict security protocols.

But analysts said Microsoft may find it difficult to get its system to work, given the company's track record on security.

Gunter Ollmann, manager of security assessment services at security specialist ISS, asked, "How good is the code? Is it possible to implant other code? Microsoft's last attempt at security was the X-box games console but there is lots of information already available on how to reverse engineer that system."

Microsoft has yet to decide who holds the encryption keys to access data held in the secure area. This would be a key issue in the corporate environment. Microsoft has put itself forward as a key holder, while security agencies would be likely to require access.

Rob Enderle, research fellow at the Giga Information Group in the US, said, "Microsoft is not seen as the most trusted company around. The initiative will have to take a lesson from the Liberty Alliance and open itself to active involvement with boardroom-level people from other industries. At the moment, it looks like the fox is guarding the hen house."

Mario Juarez, group product manager at Microsoft, knows that the project will need to be carefully steered. "All we have done so far is to reveal a set of features for a system that is still years off appearing. We are beginning a dialogue."

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy