Microsoft retools next-generation security base

Microsoft is retooling its Next-Generation Secure Computing Base (NGSCB) security plan so that enterprise users and software...

Microsoft is retooling its Next-Generation Secure Computing Base (NGSCB) security plan so that enterprise users and software makers need not rewrite their code to take advantage of the technology.

In response to feedback from users and software makers, at least part of the security benefits will be available without the need tor recode applications, said Mario Juarez, a Microsoft product manager, at the Windows Hardware Engineering Conference (WinHEC) in Seattle.

He stressed that Microsoft is not discarding previous work or going back to the drawing board, Juarez stressed.

Microsoft announced NGSCB in 2002. The technology, formerly known by its Palladium codename, uses a combination of software and hardware that Microsoft says will boost PC security by providing the ability to isolate software so it can be protected against malicious code. The software maker will incorporate the technology in Longhorn, the successor to Windows XP expected out in 2006.

NGSCB was demonstrated for the first time at last year's WinHEC, and attendees at Microsoft's Professional Developers Conference in Los Angeles last October received a developer preview.

Originally Microsoft had limited NGSCB to provide strong protection for very small amounts of data through protected agents. Applications would have to be rebuilt to include a protected agent that would run in a secured space on the system. Now Microsoft is working to revise the NGSCB technology so it is possible to secure more bits without having to rewrite applications, Juarez said.

"We can't provide the level of specifics that we provided last year because we're still in the process of sorting out the details," Juarez said. "We will have more specifics later this year about how the technology will be implemented based on the feedback."

NGSCB includes a new software component for Windows called a "nexus", and a chip that can perform cryptographic operations called the trusted platform module. It also requires changes to a PC's processor and chipset and the graphics card. The combination of hardware and software creates a second operating environment within a PC that is meant to protect the system from malicious code by providing secure connections between applications, peripheral hardware, memory and storage.

Critics have argued that NGSCB will curtail users' ability to control their own PCs and could erode fair-use rights for digital music and movie files.

Corporate users will likely be first to buy in to the technology, Microsoft has said. Early applications will include secure messaging and other applications especially interesting for corporate PC users.

Joris Evers writes for IDG News Service

Read more on IT strategy