Microsoft: Raising PC security to a higher level

Microsoft is developing a secure PC environment that can be used to secure multi-million pound transactions without the need for...

Microsoft is developing a secure PC environment that can be used to secure multi-million pound transactions without the need for a firewall, according to Mario Juarez, group product manager at Microsoft.

The company last week revealed plans for the secure environment, known as Palladium, which involves changes to the physical hardware of the PC together with programming interfaces and hooks into the operating system.

These changes, Juarez said, would be able to stop virus attacks and buffer overflow errors and so provide a higher level of system integrity and privacy than is possible today.

Analyst group Gartner backs this view. Palladium, it said, "could be secure against almost all software attacks and most hardware attacks."

The key development in Palladium will be the inclusion of a crypto chip soldered on to the PC motherboard. Although the PC would be able to function with the chip disabled, when it is switched on it would provide a set of private and public keys.

"We are creating an infrastructure for trusting the integrity of an IT system," Juarez explained.

An example of how it could be deployed is an online purchase from Dell. Juarez said a user could download an application from Dell to perform the transaction. This application would be verified using the crypto technology in Palladium to check its authenticity. "If I want to do business with Dell, the Dell servers would provide a key which my system can authenticate," he said.

Security is built into the PC at a lower level than the operating system, using a security kernel. Juarez said: "When a user boots up a Palladium machine, [the system] creates secure memory that cannot be affected by Windows applications."

Memory exploits in Windows, such as the buffer overflow attacks, send vast amounts of carefully crafted data to the operating system, causing it to fail in a way that turns the data into a program that can run at system-level privileges.

Microsoft is expected to publish source code for the secure kernel but the company has not yet offered the technology to other operating system suppliers. Juarez said this would happen in the future.

Gartner has praised Microsoft's approach as innovative and says that business applications would benefit most from the technology. It suggested that users begin planning for Palladium based applications to start shipping from 2005.

Read more on IT risk management