In my reading for an essay in LIS2000 I cam across a paper on trusted computing, "Trusted Computing: Promise and Risk", Electronic Frontier Foundation. I had never heard of it and was at first shocked on the first read.
"Trusted computing" enthusiasts believe that today's computer security issues can be solved through hardware changes in our personal computers.
To take advantage of the new hardware designs companies such as Microsoft are designing new OS software.
A consortium originally called the Trusted Computing Platform Alliance, now called the Trusted Computing Group (TCG) has been working on the new architecture which has four different "features"; Memory curtaining, Secure I/O, Sealed storage and Remote attestation.
Computing experts believe each of the features will be useful to computer security, although not foolproof. The idea is to contain and limit the damage that may result from a virus or other malicious activity.
To be used these hardware features need to be supported by software.
The computing community is skeptical and there are serious concerns especially in regards to the risks of possible anti-competitive and anti-consumer behavior.
These fears are directed particularly at the "Remote Attestation" feature which is capable of detecting "unauthorized" changes to software for example by a virus. Because the attestation is remote other computers that you and your computer interact with would be aware of the "break in" as well.
The article authors believe that the current approach to attestation is flawed because "it fails to distinguish between applications that protect computer owners against attack and applications that protect a computer against its owner". This reality can lead to the owner sometimes being treated as another attacker trying to alter the computer software.
If you are one who likes to modify the software on your PC this new hardware feature effectively eliminates your freedom to do so without risking the interoperability of your computer with others.
At this point in time software companies have no good way to detect what software you are using nor do they have any reliable way to compel you choose any specific software type. This status quo is a benefit to computer owners because it improves competition, allows for software choice and interoperablility. Basically, the computer owner is in control of his/her computer.
The Internet that is supposed to allow for a free and egalitarian use of a communication network may become another avenue for large corporations to control another aspect of life and make lots of money along the way.
I can guess where this "security" idea originated. Our government is afraid of cyber-wars and I understand their fears. And I am sure that there is a lot of research money being thrown at computing security issues. It would be wonderful if the hardware and needed software were successfully developed and implemented on government computers. Maybe they already are? But what will stop corporations from putting such security hardware on all the machines they produce?
What would be next? A web site such as your bank locking you out because you don't have the required "recognizable" browser?
Oh, Come on...like that would ever happen!
No comments:
Post a Comment