IT Employment

Should Intel decide what software we can run?

Intel has a brilliant new idea to make our computers safe: dictate what software we're allowed to use.

Intel has a brilliant new idea to make our computers safe: dictate what software we're allowed to use.

-----------------------------------------------------------------------------------------

Ars Technica reports on Intel's walled garden plan to put A/V vendors out of business. It starts out sounding tentatively very positive about plans announced at the Intel Developer Forum by Paul Otellini.

The idea appears to be very similar to the way Apple manages the iPhone App Store, where every single piece of software in it has to be approved and certified by Apple before it is made available to the public -- except it is meant to apply to every x86 architecture platform Intel produces in the future, most likely including a future replacement for whatever computer you use to read this article. Intel is pitching its own plan with its marketing apparently focused purely on security for now, talking about trusted vendors' software being the only software allowed to run on its platforms. The idea seems to be that a "default deny" approach to allowing software to run on the system would be preferable to the current "default allow", with only certified software offerings being able to run on the system.

While the initial careful boosterism eventually falters, the assumption inherent in the tone of the Ars Technica article never even questions the validity of such an approach to security, with Intel acting as final arbiter of All Things Trustworthy. If you know anything about real security, though -- where real security is defined by the needs of the user, and not the business model of the vendor -- your first thought upon reading the article should probably be something like, "I wonder if I should plan to move all my hardware to AMD processors."

While considering the implications of such a plan, some unpleasant questions arise.

  1. Does Intel really expect me to forget why there's no such thing as a trusted brand? The intrinsic principles of corporate responsibility ensure that the moment sufficient market gains can be had to justify it to the board members, the security of the end user will be sold for a few cents here and there. Even long before that point, though, conflicts of interest and the siren song of monopoly will lead to questionable decisions being made about who is or is not allowed to run software on the system.
  2. Is Intel unaware why Android is stealing [market] share from iOS? Even before we got a look inside Apple's insane developer agreement, before many developers took that as a sign that greener pastures awaited within the Android market, smartphone application developers had chafed at the App Store approval process. As the EFF put it last year, More Freedom Necessary as Top Developers Abandon iPhone. A particularly poignant farewell to developing for the iOS platform came from a Mobile Orchard public announcement: I'm Abandoning iPhone Development. Mobile Orchard To Stop Publication. While Apple has backed off from some of its most recent developer-hostile policies, a lot of damage has already been done.
  3. Has Intel failed to notice that Apple's attempt to maintain control of its hardware through litigation has lost its legal legs? This year, the EFF won an important victory when the Copyright Office and Librarian of Congress affirmed that jailbreaking [and rooting] smartphones is finally legal, for now, upsetting Apple's civil litigation clout in the battle against people who want to use the hardware they buy as they see fit. It did not take long before smartphone jailbreaking and rooting became a commodity service. The implications for a similar attempt at a lock-down on the Intel x86 platform are obvious.
  4. Would it even be possible to run open source software on Intel's new, managed hardware platform? The Ars Technica article takes a dismissive tone where this question is concerned. It does say that Intel's proposed "walled garden" approach will "probably be rejected outright by many Linux and open-source users," but buries it under positive spin and otherwise ignores the situation as if the five or six open source software users in the world, all of them living in their parents' basements, will not be able to raise much of a fuss. While it is likely that the biggest projects such as Firefox and Ubuntu would get a pass (at a price paid by their supporting commercial organizations, of course), it gets worse: could you even run a program you yourself wrote on the system under Intel's new plan? For that matter, one must wonder whether it would even be possible to use arbitrary, physically compatible hardware with the system, given the example of MS Windows XP Service Pack 2's notorious cantankerousness when confronted with hardware drivers that had not been "certified". When the driver in question is for the SATA interface to which the boot drive is connected, tears and hysterical laughter may well ensue.
  5. Getting right to the heart of the matter, there is one question that stands head and shoulders above the others in importance: Would Intel's plan even make our systems more secure? It is of critical importance to determine whether it would even do any good before debating whether the trade-off would be worth it. There is reason to doubt that Apple manages to provide any more secure a software ecosystem for iOS than Google does for Android with its much freer Android Market. In fact, with a conscientious and knowledgeable user, Android can be the far more secure option of the two. Intel seems to have forgotten that effective security is most often achieved when you work with end users -- not against them -- to improve security. Furthermore, while the Ars Technica article makes favorable statements about the similarity between how Website encryption works and how Intel's plan seems likely to work, it is difficult to ignore the fact that in the end the characteristics of the Web's standard PKI model prompt us to question whether the TLS/SSL Certifying Authority system is a scam.

With any luck, this new and more restrictive sequel to the Trusted Platform Module -- another ill-conceived "security" scheme that restricts the legitimate user more than malicious security crackers and their ilk -- will be stillborn. The last thing we need in our computing lives right now is hardware that deigns to decide for us what we are allowed to do with the computer, limiting us to a short list of vendor-approved software. What are the chances, for instance, that we would be allowed use potentially security-enhancing software like TechRepublic contributor Sterling Camden's getlessmail?

Those chances would likely lie somewhere between slim and none.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

206 comments
Ocie3
Ocie3

Quote: [i]"... your first thought upon reading the article should probably be something like, 'I wonder if I should plan to move all my hardware to AMD processors.?'"[/i] :-) That was my first thought upon reading the title and subheading of this article. EDIT: deleted remainder of comments ...

DadsPad
DadsPad

If anything, Intel will probably just charge to put a certification sticker on software, like Microsoft. Most people/small businesses just want software to install and work. If the software is certifed to work with the OS and the processor, this customer may feel safer, especially with very expensive software they need to work quickly. If Intel decided to work with vendors, i.e. HP, etc, to restrict software certified to work only on their Intel product, would still fail. Some of us older techies remember when DOS first came out, there were many PC DOS computers, they all ran Lotus 1-2-3. But no version of Lotus could be loaded on any one elses different brand. Then IBM came out with its PC, most of these brands disappeared. If Intel persues this method, maybe someone could remind them of Coke when they discontinued the Coke product for New Coke (that tasted like Pepsi). Then quickly introduced Classic Coke to recover.

Tommy S.
Tommy S.

I will only buy/recommend AMD brand CPUs from now on if this is real.

kevwiener
kevwiener

i think if intel was to go down this route they will lose a lot of happy customers, developers should not have to pay a premium to have their software certified, one of the many reasons why people dont pay the developer fees for apple, hence the jailbreak and such !!! bad news Intel bad news

EEV
EEV

No, 'cause Apple already do.

blackepyon01
blackepyon01

If Intel wants to make x86 systems more secure, why not teach it's end users not to click on everything on the internet that says "click me!", which, as most of us know, is the single biggest reason why unwanted software gets on the systems we fix and manage in the first place... And to keep antivirus software up to date.

grebnetsreg
grebnetsreg

All I can say is I want whatever it is that those guys at Intel are smoking. Got to be great stuff.

Tony Hopkinson
Tony Hopkinson

I can tell them that now. Now if they were to to provide me access to the allow list on my PC, and some decent override mecahnism, I'd pay for it in a minute. There will be one, otherwise MS would drop them, unless of course somehow MS signed exes got a free pass. And how likely is that? :(

dbucyk
dbucyk

No for many good reasons. One, this will allow hackers to target IBM even more so. Do they honestly think that they will be able to produce a system by which they won't get infected. Come on! Secondly, there are more and more open-source Linux people out there than IBM realizes. People want more and more control over their systems and what they do with it. It that happens, then that is going towards a monopoly. People would be forced to use their applications and that would not go good with a lot of the public. Finally, It should be up to the individual to educate themself on the security issues out there. If you let a company protect the individual (or try), you are giving them a false sense of security and they may feel that they don't have to worry about anything.

seanferd
seanferd

are probably right out the window.

nwallette
nwallette

To be fair, I haven't yet read the Intel press releases and whatnot, but on the surface, this doesn't even seem feasible. The CPU is a dumb instruction executor. There's no difference, to it, between a series of instructions from a single .EXE file, and instructions from any number of other assorted random places. That's why malicious code can operate so freely. It can be injected into the file, into a memory location following legit code, etc. So how is a CPU supposed to understand if an instruction is part of a valid program, authorized by some governing party? The OS could potentially do this, sure.. But the CPU? It's just a really, really fast calculator! To invoke the ever-popular car analogy, that's like saying your car's tires would refuse to allow you to drive to your drug dealer's house. Only to approved locations, please. There's no technical merit to those claims. I think someone got carried away here. Or misunderstood. Or all three.

AnsuGisalas
AnsuGisalas

They've already been doing the hardware virtualization support thing. Could actually be pretty good if it was a hardware-level [i][b]user-choice[/i][/b] whitelisting property for the CPU. That'd be worth something, I think.

Oz_Media
Oz_Media

They invested so much into the New Coke campaign, they swore it was a winner and would change public views of Coke. Well it did but not in a positive way. In fact the Classic campaign was the big savior for them. They quickly realized that people actually associate COKE with their childhood and good times past. A NEW Coke simply destroyed those memories for consumers and almost sunk Coke completely. Good recovery though, they own literally everything these days from nutritional drinks, to power drinks, to bottled water etc.

Oz_Media
Oz_Media

The guy that wrote the article that Chad posted, seemed to have drifted off into nowhere land after the opening comments. 99% of the article is a 'what if' analogy based very loosely on what was actually said. The chances of it becoming a reality, in the way the writer implied it, is probably about as accurate as the Y2K issue or Nostradamus predicting the end of the world coming up right around the corner. I find it funny how some of the same people that deny global warming will read such articles and take them as truth. (not saying that includes yourself of course)

carlsf
carlsf

From my point of view not saying the article was correct or not is this... I dont care if it was INTEL, AMD, Microsoft, Adobe, this is my stance/opinion is... I the owner of the computer (I brought/paid for it) System/Operating System/Application and I will decide what I use/run and will not be dictated to by any one else.

Oz_Media
Oz_Media

the article is completely fabricated hogwash, if you actually read it.

apotheon
apotheon

1. Given patents, Intel can control who gets to make the chipsets that are compatible with its CPUs -- or even make sure Intel is the only company making those chipsets. 2. The chipset would contain firmware that limits what software can run on it, using a digital signing scheme.

Oz_Media
Oz_Media

Without eveb reading (or lookign fo rthe nonesistent) press release, the article Chad refers to is pure speculation and BS from another IT rag writer. Chad just takes these things and runs with it, without even offering it merely as a reference with his own facts and counter points. Just more BS made to seem as if he is reporting industry facts that cause unrest amongst users. Just look at the number of careful disclaimer comments he makes in the opening paragraphs alone. It's purely a hack's editorial.

HAL 9000
HAL 9000

Is to hard code the Black List into the Lower End Processing Units and when that works transfer the technology to the Higher End Processing Units. To that end I don't see that it's in too many people's best interests to have hardware that is connected to the net 100% of the time and with limited functionality infinitely Programmable. Be that your Pay TV Box, Refrigerator or anything of that llk where the owner or much more likely some nefarious outside Influence can take control of these devices and do as they please. Having Large Scale Unregulated Bots running all of the time on low end hardware which appears to be working properly to the average End User is only going to result in those devices becoming far more powerful than the Overall Bot should ever have been and very unlikely to ever get caught or even if it's suspected that something is wrong having the owners do anything. As it's not int he Manual, which wasn't read to begin with anyway. For God Sake it's a Fridge not a computer so why do I need to scan it for Malicious Software running? That is something you'll hear far more than you will want to and to a certain extent it has some substance. The more Intelligent that these devices are made the greater the likelihood is that they will get hijacked. To that end designing in what they can and can not do is Common Sense. Of course when those devices get far more complicated than they currently are the possibility of them doing something unwanted that is really deferential is far greater. So this week the fridge missed reordering in time and it's annoying is no biggy but when we are using Personal Fabricators daily and they start consuming Gigawatt's of Power needlessly and for no use to the end user that is a completely different story and could conceivably be very deferential to the society of that day. Col

apotheon
apotheon

If people complain about Intel's possible plans, and Intel backs off from them because of it, you'll feel justified saying "Atodaso!" I find it funny how some of the same people that deny global warming will read such articles and take them as truth. (not saying that includes yourself of course) I find it funny how some people can't tell the difference between denying something is the case and pointing out that there isn't enough evidence to be certain that a particular claim of cause is the case.

Papa_Bill
Papa_Bill

If not, you don't own it. Same for apps.

apotheon
apotheon

Your comment is completely without substantive content, if you actually read it (or if you don't, for that matter).

carlsf
carlsf

Ill let each reader decide.... Intel = Mussolini..... Microsoft = Hilter.... And look what Mussolini and Hilter did to the world? Thanks but no thanks Ill decide which CPU and Operating/System as well as Application software I use.

nwallette
nwallette

I see where Chad's coming from, but I believe it is blown way out of proportion. Intel's idea sounds completely participatory. The imagined scenarios are as follows: - In a mobile/embedded industry, it would be possible for the device OEM to opt-in to a walled-garden. This could be one where Intel (along with their new subsidiary, McAfee) is responsible for the app approval and signing process. Or, a third party could set up the signing authority. Or the vendor could set up their own. Either way, the chipset would provide hardware-level tools to enable the security aspect of secure code execution. This enables product vendors the OPTION to create a platform where they have Apple-like control of app distribution, and possibly beyond. Yeah, for better or worse, malicious code probably wouldn't run. That means no malware, but also no jailbreaking. Vote with your money. - For appliances, like set-top boxes and such, the situation would be much the same as above. But given the typical paranoia of content producers, it would probably be mandated as an essential Trusted Platform requirement before they hand over AACS keys, etc.. - For desktops, it would have to be more user-driven, where a corporate environment could publish applications signed using their own certificate; or home users could subscribe to a service just like current AV software, except instead of reactionary protection, it would be proactive. You would probably have some control over how aggresive the protection gets. Or you could decide not to participate at all and accept the risks. This would be great for kiosks, public access computers, your grandma, etc. NO ONE said anything about a mandatory imposed limitation on choice of software. And even if that was (or is, or potentially could be) the plan, I don't see a way around OS participation. There HAS to be more intelligent involvement for this to work. Network connectivity, for one. Is your CPU likely to have a built-in TCP/IP stack? I doubt it very much. There is a push toward integration, but that doesn't look like a good option, in the engineering sense. So, if it's down to software cooperation, we're looking at a scenario just like HDMI's security mechanism. If the OS says "it's cool -- don't bother protecting this content", the CPU is free to run whatever code is given to it. Your Linux OS is likely to hand you the keys and assume you know how to drive. Now, Microsoft could potentially intervene and release "authenticated" platforms that only run trusted code, but I don't even see THAT as a major risk. There's too much custom software out there in the business world. A heavy-handed approach would cause major backlash, from businesses, consumers, and governments alike. I understand that Chad is a security professional, and as such, his role in society is to lean toward the paranoid "what-if" scenario where innocent-sounding innovation can quickly turn communist. Most of us miss those potential threats. We rely on people like him to see it coming and warn us. However. What concerns me most is how many folks jumped straight to panic mode, and started pricing AMD parts on NewEgg. Guys... use your heads. If the sky did fall, and the public at large lost their minds and allowed it to happen, AMD would pretty much be forced to follow suit. Lest they be judged as the "insecure" platform. So, your newfound loyalty would be challenged before you can say "AMD Instead." Don't worry about it. Keep your heads up and pay attention, but have a beer and relax.

apotheon
apotheon

You actually believe what you read as fact and are unable to determine the different between an article written tongue in cheek and a presentation of facts. Even the writer of the original article obviously didn't see it nor state it as fact, simply speculation. It's kind of shocking to me that you can say that in all apparent seriousness without pausing to consider whether you overlooked a few disclaimers and obvious bits of speculation in my own article. If you really had such skills, your copy would be published in print, not posted to a web forum. I've been published in print, too. Goes to show what you know. As for you CLAIM that these are Intel's possible plans, that's as absurd as the article you stole you original post from. 1. I don't think you know the meaning of the word "possible". 2. "Stole"? What exactly are you claiming -- plagiarism?

Oz_Media
Oz_Media

You mean you also agree that it was unsubstantiated and unsupportable? That's not a trick it is called being able to understand what you read. I pointed out there wasn't enough validity in the original article. I then pointed out how yo post such articles repeatedly, as if posting industry facts, which I believe is your role here after all. if you really want a personal attack, I think you are a simpleton, a fool, the village idiot. You actually believe what you read as fact and are unable to determine the different between an article written tongue in cheek and a presentation of facts. Even the writer of the original article obviously didn't see it nor state it as fact, simply speculation. Clearly that is above your level of expertise when it comes to writing articles on TR. If you really had such skills, your copy would be published in print, not posted to a web forum. As for you CLAIM that these are Intel's possible plans, that's as absurd as the article you stole you original post from. Funny how that same viewpoint is not shared anywhere else on the Internet. I suppose your professional insight and business acumen is well beyond that of the billions of computer users on the planet. Talk about narcissism, you need to step down a rung and grasp reality for once.

HAL 9000
HAL 9000

The Bike Maker made you agree to a EULA and provided a License for the Bike. Most don't even bother to provide a Destruction Manual worth a dam let alone a License. Of course if they did provide a License Agreement it would be a different story. However I'm wondering what the License Agreement for Windows 7 for Automobiles will be and how you agree to it. Will it mean that you are unable to resell the car when you are tired of it? Will the OS be tied to original Hardware and require a new License when the car has been crashed because the OS BSOD out? I remember the old joke of If Microsoft Made Cars then....... Now it appears that they are involved in making cars. :( Col

Sterling chip Camden
Sterling chip Camden

You didn't design or build that, either. So I guess you're only allowed to use it according to the terms of the license you agreed to when you opened the box.

apotheon
apotheon

Define "own" in this context.

Oz_Media
Oz_Media

I do write copy for investors in mining exploration projects, housing development projects, corporate investor portfolios,etc. I also interview artists for two music magazines, have been published in several automotive engineering magazines etc. I manage bands, I am a licenced mechanic, uuum, swept chimneys, Novell administrator (MCNE) and a bunch of other stuff. Jack of all trades, master of nothing. Not exactly a one trick pony though.

ultimitloozer
ultimitloozer

"Edit as for why I am not writing these articles: I write factual copy for a living, not science fiction." Under Job Role, you claim "Sales/Marketing/Business Development". What part of any of those deal with facts? When it comes to facts and honesty, sales and marketing ranks on a par with law and politics. Anything that will sell a product or service is a "fact" and anything else is a distortion, lie, etc. If you are really in sales and marketing, you write science fiction daily.

apotheon
apotheon

You make up grandiose claims about what a corporation's business model is and expect it to sit verbatim without challenge. You clearly don't know the difference between "claims" and one or more of the following: 1. speculation 2. analysis 3. demonstration 4. an attempt to inspire discussion of principles I offer two exaggerated scenarios that are equally as irrelevant as your own and you simply can't get your head around it. Poppycock. Face it, this editorial stuff just isn't for you, stick to security facts and you might gain the much needed respect you so desperately require. Learn a little more about psychology before trying to psychoanalyze. You clearly can't even grasp the simplest of concepts, yet alone a carefully written and disclaimer filled article from a magazine. Learn your own lesson before trying to pass it on to others. It'll play better that way. The only part of what you just said that doesn't apply to you is the word "magazine".

Oz_Media
Oz_Media

You make up grandiose claims about what a corporation's business model is and expect it to sit verbatim without challenge. I offer two exaggerated scenarios that are equally as irrelevant as your own and you simply can't get your head around it. Face it, this editorial stuff just isn't for you, stick to security facts and you might gain the much needed respect you so desperately require. You clearly can't even grasp the simplest of concepts, yet alone a carefully written and disclaimer filled article from a magazine.

apotheon
apotheon

I'll let that absurdity speak for itself.

Oz_Media
Oz_Media

Those were both just fallacious, intended to be non applicable, as you quickly pointed out. Th point is, they are non discussions because they are fabricated, speculation. Your initial post here, the one which you feel pertains to your field of expertise, is also just fabrication and speculation. Once again, you cannot have a rational, reasonable or sensible 'discussion' about something that simply does not exist. There's no "discussion" to be had about whether or not Santa Claus delivers presents worldwide in 24hrs. If you implied there was a reality an someone said you were full of it, you would be unable to accept it and would say they are just being nasty and spiteful, attacking your character etc.? You think that a newspaper printing the same would garner editorial respect from readers? Get real, your entire thread is hogwash and was proven so, yet you pretend to be a qualified voice on such matters, what a farce! Edit as for why I am not writing these articles: I write factual copy for a living, not science fiction.

apotheon
apotheon

You obviously don't know anything about this topic area. 1. "Why not post about Bill Gates most recent heart surgery and how it was found out that Steve Jobs was left MS in Gates' will?" Maybe because that has nothing to do with IT security. 2. "Why not post how Linux is finally teaming up with MS to streamline Windows and offer increased security?" Maybe because "Linux" isn't some business entity or other organization -- or person, for that matter -- that can "team up" with anyone. That's like saying that "coffee cup is teaming up with Starbucks to streamline the coffee-making process and offer increased beverage temperatures". Are those not meaningful discussions? Maybe they would be, if they were relevant (the first example fails that test) and if they weren't nonsensical (the second example fails that test). Go back to your hole, and stop trying to destroy the discussion that other people are having here.

Oz_Media
Oz_Media

You want meaningful discussion? Why not post about Bill Gates most recent heart surgery and how it was found out that Steve Jobs was left MS in Gates' will? Why not post how Linux is finally teaming up with MS to streamline Windows and offer increased security? Are those not meaningful discussions?

apotheon
apotheon

I refer to the discussion where a bunch of other people respond to the article, with varying levels of agreement or disagreement -- some disagreeing even more than you do -- without descending into pointless personal attacks. You are not the only person commenting here, but you certainly are the only person with such a dedication to destroying the potential for meaningful discussion.

Oz_Media
Oz_Media

The one you embelished on from another person's completely fabricated editorial? That's not discussion, that's just telling stories. But as ALWAYS when I suggest that the information you provide is pure falacy, you have never, not once, ever been able to support the hogwash you purport to be news. If you feel you are right and just in your commentary, provide some actual supporting facts that would indicate that intel has this in their plans. Not just some article full of admitted supposition and speculation. No, you can't, you never can, just the character attacks with NOTHING to support what you claim, never have done, never will. And you excpect to gain respect for offering insightful editorials on IT security. I have credited your knowledge in that field many times and I still do. It is certainly a field where you have more expertise than many and the information you provide is accurate and helpful. Then you have a habit of offering crud like this, with nothing factual or even realistic about it and you put it forth the same way you offer iT security insight. Public speaking, writing rule #1, speak on a subject that you know, have facts and knowledge to support your comments. This tripe offers nothing, and you couldn't even HOPE to provide facts to support the Bs you posted. You then bitch and moan because someone disagrees with the tripe you post, then pretend you are innocent and ever so pure in your comments. What a two faced, hypocrite.

apotheon
apotheon

What -- because I pointed out he wasn't contributing to discussion?

Oz_Media
Oz_Media

TR forums are a playground with snippets of useful information in between the swings..

dbucyk
dbucyk

Some people are learning open source software and are competant in working with the security issues of today. To me, that's the lazy man's way of dealing with the issue is by passing the buck.

pirate?
pirate?

@Oz and apo why don't you settle your problems in the sandbox, if you can't act your age here?

apotheon
apotheon

Neither Perspectives nor a proper web of trust is based on mass opinion. One is based on certificate consistency, and the other is based on who you personally choose to trust. As for Wikipedia -- I don't trust it to be 100% error-free, either, any more than I trust Britannica to be error-free. Each is prone to errors for different reasons. Neither should be taken as the last word on anything.

nwallette
nwallette

We stand to benefit from the collective mind on some things. Wikipedia is a great reference, for instance, but I would never assume that knowledge to be without error. The majority rule is what brings us Lady Gaga, after all. While I expect there to be a financial burden that the maintainers would want to recoup, I'm not sure a purely commercial system is the best way to approach TLS. I would rather have it in the hands of an organization (preferably international) designed as a public service, and have some sort of processing fee or tax on services make its way to that party for the initiation and upkeep expenses. It's unrealistic to assume *any* entity won't have some degree of bias. But if it's diverse enough, hopefully the inertia would be too great to be easily swayed. That said, putting security (solely) into the hands of the masses is asking for trouble, IMO. There ARE concerns of poisoning. And, who screens organizations asking for entry? How long before "the collective" has knowledge of a site's existence and trustworthiness? This is a little like having the phishing protection enabled in your browser. Maybe it isn't KNOWN to be a phishing site, but maybe it just hasn't been up long enough to get caught. As far as I remember from having signed up for a cert on behalf of a former employer, there was quite a bit of information required before we were "accepted". Contact info, business info, etc. It may not be fool-proof, but it's at least something to aid in intervention if a site turns out to be nefarious.

apotheon
apotheon

While SSL certs are certainly overpriced, how do you prove a site's identity without an arbiter? How do you get an arbiter without conflicts of interest under the current PKI model? Answer: you don't. Web of trust models such as that used with public key encryption systems like OpenPGP, and distributed verification systems like Perspectives, are far superior to the PKI model used by TLS/SSL certifying authorities. I recommend you read The TLS/SSL Certifying Authority system is a scam.

nwallette
nwallette

While SSL certs are certainly overpriced, how do you prove a site's identity without an arbiter? Encryption is easy. Verifiable content delivery is also easy. Identification? I can't trust someone to be who they say they are unless there's a point of reference somewhere.

apotheon
apotheon

Not all sites that are HTTPS are trustworthy, and not all sites that transfer private data in clear-text have been hacked, but if your bank dropped SSL, would you use it anymore? That depends on what it might use instead. If some alternative, better encryption scheme was introduced to replace TLS/SSL, I'd certainly use it. Remember, this whole "public key infrastructure" deal with TLS/SSL is little more than a scam.

nwallette
nwallette

The idea, in certain environments and in certain cases, is not a bad one. HTTPS has done a pretty decent job of keeping transactions secure. Not all sites that are HTTPS are trustworthy, and not all sites that transfer private data in clear-text have been hacked, but if your bank dropped SSL, would you use it anymore? I think having a walled garden implementation would be better than NO executable protection in implementations that warrant this approach. For e.g., imagine DISA using this technology on the SIPR network. All I ask is that it not be forced upon me on my home desktop.

apotheon
apotheon

It is sure to fail in several ways to provide real security. It is sure to succeed in many ways at keeping perfectly benign software from running on the system.

AnsuGisalas
AnsuGisalas

How do we know that malware won't be put into the authenticated apps anyway? Sure you can have hashes and verifications, but these are not magical tools that can't be subverted. A hash is only as secure as the one that checks it, and as the list from which it checks it. It's a three-part security, but the wrong way around, each of the two authorities providing an additional avenue of attack, rather than an additional layer of protection. Like the biometric lock with a key-lock as a bypass. And then what? A walled garden is likely to grow full of hothouse flowers, so if the wall has portal to darkness in it, that's going to be bad news.

apotheon
apotheon

Chipsets are already shipping with integrated encryption modules. All it takes is ensuring that included in the module's functionality is the ability to validate a particular type of digital signature, and Intel's dream is reality.

nwallette
nwallette

I suppose that's possible. If you look at the state of the PC BIOS now compared to 10-15 years ago, there is *A* *LOT* more code in there now. Can you imagine the USB stack in a Phoenix BIOS ca. 1995? I guess it isn't out of the question, especially with the likes of EFI, to see far more intelligence in the bootstrap phase. Nevertheless, I think the only way hardware, software, and content vendors can get away with locking things down is to make something either so desirable that we willingly trade it for freedom (see: iPhone), or so subtle that we don't question the requirements (see: HDMI). It's one thing to be told "you need a new monitor because now it plugs in with this thingy (and.. psst.. also it needs decryption keys built-in)"... but it's another thing entirely when you take someone's Amazing 3D Screen Saver from them because it's not "authorized code." WHAT? I'm not buying one of those computers then!

apotheon
apotheon

That's a pretty balanced, reasonable way to be skeptical about the implications of my article, and I think it really contributes to the discussion here. On the other hand, it is theoretically possible for Intel to do this in a mandatory, hardware-centric manner. It would involve more than just the CPU, as we currently define the term "CPU", but it certainly wouldn't require more than firmware in the hardware chipset. The OS itself need not be directly involved.

Editor's Picks