Re: Trustworthy Computing Mini-Poll

["yossarian" <yossarian () planet nl>]

> > Palladium will have an option to turn certain features "off", says
> > MS, so you can run programs deemed untrusted, outside the sandbox. If
> > there is a mechanism to turn features off, they differ from TCPA,
> > that is mandatory.

> Sounds great, doesn't it?
> What would you choose:
> 1. Run without Palladium, but your MS Office, IE and Windows update
> might not work since your computer is considered insecure.
> 2. Active Palladium.

I think i might run w/o Palladium - and search the net for cracked windows
updates, they are availale now, so why should'nt they be in the future? I
never thought it useful upgrading to a newer office since 2000, so why
should I do so in the future?

> > The only thing unclear for want of funcspecs is if I will be able to
> > take files out of the sandbox. If they want to make the systems
> > 'backwards compatible', there must be such a feauture.

> If the system is backwards compatible, what's the point with Palladium?
> It's like the "improved security" of XP or .NET server: they still use
> the NTLM-hash so LC still works.

Let's turn the question around a bit: if it is not backwards compatible, how
am i going to upgrade a 150.000 usr network? This answers your question on
XP and .NET as well - getting secure means big bang migrations. But these
are rarely feasible. So there must be a backwards compatability on some
levels, such as network authentication, which can be turned off later. Of
course, we forget, but we can't blame MS for that. Same goes for Palladium,
a system msut not only be secure, it should be useable, including during
migrations.

/Yossarian


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html