Tech Talk (08/02) Palladium - Better Computer Security?

Sarasota PC Monitor

Tech Talk (08/02)

Palladium - Better Computer Security?

by Brian K. Lewis, Ph.D.*
Member of the Sarasota Personal Computer Users Group, Inc.

Palladium is the new code word circulating rapidly through the tech world. This is the name of Microsoft's new technology for improving the security of every computer running Windows. However, there are also those who say this is Microsoft's new technology for eliminating competing operating systems like Linux. It could also be the method for preventing software piracy and blocking the reproduction of music CDs, video DVDs and the running of "unapproved" software on any computer using an Intel or AMD CPU.

Palladium appears to be a Microsoft extension of the work being done by the Trusted Computing Platform Alliance (TCPA). This organization was formed by Compaq, HP, IBM, Intel and Microsoft. To copy from their background statement: "An open alliance was formed to work on creating a new computing platform for the next century that will provide for improved trust in the PC platform." http://www.trustedcomputing.org/tcpaasp4/index.asp. Palladium is expected to be comprised of both software and hardware components. It has been predicted that it will eventually be part of the central processing unit (CPU) of every computer using an Intel or AMD chip. As a hardware component, it will be very difficult to "hack." Once it becomes part of the CPU, hacking it will be next to impossible without affecting the CPU operation. Also, the applications can't be tampered with, and they can communicate freely and securely with the application vendor. Part of this assumes that all users will be connected to the Internet in some fashion.

Based on currently available information, Palladium will be part of a monitoring component, sometimes referred to as a "Fritz" chip that will be soldered to the motherboard. The name is in honor of Senator Fritz Hollings of South Carolina. He is working in Congress to make TCPA a mandatory part of ALL consumer electronics (see this site for comments on the Hollings bill - Security Standards & Certification Act: http://www.eff.org/IP/SSSCA_CBDTPA/20020308_eff_sssca_alert.html).

When the computer is booted, TCPA takes over and verifies the hardware and software state of the machine. If it conforms to the known state or saved state of the machine, then the Operating System, and presumably Palladium, take over control. Palladium can then be used to "certify" or approve any application or document used on that computer system. It can also encrypt and decrypt documents so that only "approved" computers can read the document. In a corporate environment, this could be used to distribute documents on a network, which could then be read only by "approved" computers. Keystrokes will be encrypted on their way into the computer as will information stored in RAM on the computer. Palladium can also be used to prevent screen captures based on specific instructions programmed into software applications. This would prevent recording videos or copying them to a DVD.

Microsoft has filed patents related to "Digital Rights Management" or DRM. There is a presumption that Palladium will incorporate DRM. DRM would allow companies to sell CDs/DVDs that could be played only on a Palladium platform and would not be copyable. You could also download music (MP3s), for a fee, that would play only on your computer and possibly for only a limited time.

Another aspect of Palladium is that certification of software is handled by servers controlled by the software manufacturer. For example, if you install a "pirated" copy of Microsoft Office on your computer, the fake serial number will be reported by your computer to a central server. That server will have the capability of inactivating or deleting the software from your computer. One of the primary aspects of TCPA/Palladium is to place the control of "authorized" software in the hands of the software manufacturers to prevent piracy and loss of revenue. It can also be used as a form of censorship through this remote control operation. Further, it can be used to rent software for a limited period of time, automatically removing it from the users computer at the specified time. Another extension would allow censorship of material by using the remote removal of "forbidden items" from your computer.

A problem does exist relative to backup and/or hardware upgrading or even system replacement. Any data encrypted on one computer can be read only on another computer with specific key authorization. From some comments made by Microsoft personnel they have not worked out the details of just how you would transfer data from your old system to a completely new system or even restore backup files if there has been a hardware change.

So, what does TCPA/Palladium offer the computer user? Microsoft's authorized publicity states that since Palladium won't run unauthorized programs, viruses, worms and Trojan horses will be stopped dead. Spam won't reach your mailbox. And, the information on your computer will be absolutely private. No one will be able to access any of your private, confidential information. However, other sources indicate that viruses, et al., will not be affected by Palladium. The primary beneficiary of TCPA/Palladium will be the PC vendor, the software supplier and the content provider. There will be little user related benefit. Apparently Microsoft's Palladium developers believe it is appropriate to create technology that permits software and media vendors to set, and enforce, any policy the vendors desire to control the use of their software on your computer.

Now, if you think that this type of security chip is a rather far-fetched idea that will never be implemented, think about this. Some inkjet printers have chips in their ink cartridges that prevent printer operation if the cartridge has been refilled. Some cell phones have chips in the battery that prevent operation if the battery isn't the right brand. Compact discs (CDs) can have copy-protection systems that keep them from being played in personal computer CD drives.

Part of the problem in getting a real handle on Palladium is that Microsoft has not published any documents on the topic. Instead, they "authorized" an article in Newsweek magazine and some of their executives have consented to interviews. However, most of these have been PR puffery, with little technical detail. One reason given is that the plans are only in the formation stage and Microsoft is looking for industry feedback. Given that work on Palladium and DRM started as early as 1997 and that patents on DRM have been filed, it would seem to be well into an early development stage. Microsoft has indicated that Palladium could be incorporated in a version of Windows as early as 2004. That would indicate that Intel/AMD CPUs would be available in the same time period. Microsoft may release a "white paper" on Palladium about the time that this issue of the Monitor appears.

From my position, this whole project, including Senator Hollings bill, sounds much too much like "Big Brother is watching." I have no desire to use pirated software, nor do I have any interest in copying music CDs. However, I do want to convert my personal vinyl record library to CDs. Will Palladium prevent me from doing that or from playing them after I have done the conversion? I like to burn backup CDs of any software that I download from the Internet. Will this be affected? I also would like to continue testing Linux, free BSD and other alternative operating systems on my Intel based computers. From everything I have read, there may be a real problem trying to run Linux on a Palladium computer. Although Linux could be re-written to be Palladium compatible, that would probably mean royalty payments to Microsoft and possibly abrogation of the GNU license. Indeed, some Microsoft sources indicate that the "open" kernel of Palladium won't be made available until some time after Palladium has been put on the market. And then, it may not be freely provided because of patent restrictions and protection of proprietary information.

I also like to try alternatives to Microsoft Office. Will I be able to do that after my computer becomes Palladium equipped? Yes, I know that Microsoft's executives have indicated that Palladium can be turned off, just as Intel's CPU serial number is turned off on all new computers. However, Palladium-enabled software, CDs, DVDs, etc., will not run on a computer that has the Palladium system disabled. Another consideration is that Microsoft has also indicated that the first versions of Palladium may be "buggy". Who wants "security software" that may be "buggy," especially when it is reporting to some manufacturer's central server. Just how much trouble can that create? What do we do while we are waiting for the bug-free version 2.0 or 3.0 of Palladium?

This article only touches on the tip of the Palladium iceberg. There is much more information available on the Internet on this subject. The time is now for computer users to become informed about Palladium before it is hardened into a hard-wired component of your computer. Learn as much as you can about it.

If you would like more references, try a Google search for "Microsoft Palladium." Be very aware that Palladium could have significant effects on your computer use.

*Dr. Lewis is a former university and medical school professor. He has been working with personal computers for more than thirty years. He can be reached via email at brian_klewis@hotmail.com or voice mail at (941) 925-3047. :

Return to Brian Lewis' Index

Return to Columnist's Index

Copyright 2002. This article is from the August 2002 issue of the Sarasota PC Monitor, the official monthly publication of the Sarasota Personal Computer Users Group, Inc., P.O. Box 15889, Sarasota, FL 34277-1889. Permission to reprint is granted only to other non-profit computer user groups, provided proper credit is given to the author and our publication. We would appreciate receiving a copy of the publication the reprint appears in, please send to above address, Attn: Editor. For further information about our group, email: admin@spcug.org/ Web: http://www.spcug.org/
The Sarasota Personal Computer Users Group, Inc. has 1,300+ members and was established in 1982. We are members of the Assoc. of PC User Groups (APCUG), the Florida Assoc. of PC Users Groups, Inc., and we are members of the America Online Ambassador Program.

See http://www.spcug.org for all reviews from the Sarasota PC Monitor, go to the Newsletter Section.