Comments on: On Trusted Computing … Part II http://blogs.mcafee.com/mcafee-labs/on-trusted-computing-part-ii Tue, 29 Nov 2011 07:51:20 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: William H. http://blogs.mcafee.com/mcafee-labs/on-trusted-computing-part-ii/comment-page-1#comment-17244 William H. Thu, 12 Jun 2008 19:41:36 +0000 http://www.labs.com/research/blog/?p=666#comment-17244 Lenovo and other OS vendors as manufactures are already locking in their hardware by means of using DMI during BIOS booting. I bought a new wireless minicard, to replace the OEM unit in my Lenovo Y510 IdeaPad which is sold on the Y510 notebook. To make a long story short, I had to purchase the same wireless card from Lenovo so the computer would boot. This insures only Lenovo hardware that's been certified with their blessings to run in my Lenovo Y510 computer. It works against competition, as now i have NO choice, but to purchase only what Lenovo wants to offer me for that specific type of notebook. I only had needed to replace the old OEM wireless minicard that came with 802.11.g with another using 802.11.n here. Nobody selling me the same product will tell me about DMI management. It's like DRM, as it should be called "digital rights restrictions" and not digital rights management for which is very misleading. If things continue ahead in this direction, it will not be long before even the most simple task will be beyond our reach as a consumer. We will be living in a word completely under the policies of some corporation, that has no accountability, as the legal code forbids suing any corporation as an individual. Meaning, these restrictions can be abused by denying competition, restricting usage, and worse limiting prior innovation to the hands of only a few. It only serves the wealthy, while making the people indentured servants. So how is that wise? Lenovo and other OS vendors as manufactures are already locking in their hardware by means of using DMI during BIOS booting.

I bought a new wireless minicard, to replace the OEM unit in my Lenovo Y510 IdeaPad which is sold on the Y510 notebook.

To make a long story short, I had to purchase the same wireless card from Lenovo so the computer would boot.

This insures only Lenovo hardware that’s been certified with their blessings to run in my Lenovo Y510 computer.

It works against competition, as now i have NO choice, but to purchase only what Lenovo wants to offer me for that specific type of notebook.

I only had needed to replace the old OEM wireless minicard that came with 802.11.g with another using 802.11.n here. Nobody selling me the same product will tell me about DMI management.

It’s like DRM, as it should be called “digital rights restrictions” and not digital rights management for which is very misleading.

If things continue ahead in this direction, it will not be long before even the most simple task will be beyond our reach as a consumer. We will be living in a word completely under the policies of some corporation, that has no accountability, as the legal code forbids suing any corporation as an individual.

Meaning, these restrictions can be abused by denying competition, restricting usage, and worse limiting prior innovation to the hands of only a few.

It only serves the wealthy, while making the people indentured servants. So how is that wise?

]]> By: Hal http://blogs.mcafee.com/mcafee-labs/on-trusted-computing-part-ii/comment-page-1#comment-17243 Hal Tue, 03 Jun 2008 20:51:03 +0000 http://www.labs.com/research/blog/?p=666#comment-17243 I think the situation with PCs is going to continue to be very different than for small specialized mobile devices. The PC is traditionally an open platform, and customer expectations will insure that it stays that way. Actually there is nothing about the TPM that would particularly entice OS vendors to close the platform. In fact to the extent that TPM and improved OS technology improve separation between processes, the argument for closing the platform is weakened, as insecure applications cannot harm other applications or the OS. To take this argument to its logical conclusion, imagine that Microsoft announced that Windows 7 will only run Microsoft-approved applications. Anyone who does not understand that this would doom the product and probably the company forever should not be commenting on this issue. Yet when people talk about TPM they automatically assume that just such idiotic maneuvers will be common among OS vendors. Vendor lock-in is potentially an issue, but here it is best left up to the market. Products with open specifications and data structures will compete with those that close their specs. I think in today's world we are seeing movement towards more open source, open specs and open implementations. I suspect this concern about lock-in is largely going to be a thing of the past. I think the situation with PCs is going to continue to be very different than for small specialized mobile devices. The PC is traditionally an open platform, and customer expectations will insure that it stays that way. Actually there is nothing about the TPM that would particularly entice OS vendors to close the platform. In fact to the extent that TPM and improved OS technology improve separation between processes, the argument for closing the platform is weakened, as insecure applications cannot harm other applications or the OS.

To take this argument to its logical conclusion, imagine that Microsoft announced that Windows 7 will only run Microsoft-approved applications. Anyone who does not understand that this would doom the product and probably the company forever should not be commenting on this issue. Yet when people talk about TPM they automatically assume that just such idiotic maneuvers will be common among OS vendors.

Vendor lock-in is potentially an issue, but here it is best left up to the market. Products with open specifications and data structures will compete with those that close their specs. I think in today’s world we are seeing movement towards more open source, open specs and open implementations. I suspect this concern about lock-in is largely going to be a thing of the past.

]]> By: badidea http://blogs.mcafee.com/mcafee-labs/on-trusted-computing-part-ii/comment-page-1#comment-17242 badidea Mon, 02 Jun 2008 17:22:10 +0000 http://www.labs.com/research/blog/?p=666#comment-17242 This system is basically the ultimate whitelist. However, total control of this list is in the hands of the OS vendor. If the OS vendor allows another vendor's software, then that vendor has some control over what other (OS vendor approved) software runs concurrently and can interact with your software. Microsoft would have the capability to, for example, deny the ability to run Quicken and approve only MS Money for your financial software needs. A more insidious setup would be to allow Quicken to run but deny access to the internet for transaction downloading. From a common sense perspective, I just don't see any government or corporation wanting Microsoft to be in absolute control of their servers, desktops, and data. This system is basically the ultimate whitelist. However, total control of this list is in the hands of the OS vendor. If the OS vendor allows another vendor’s software, then that vendor has some control over what other (OS vendor approved) software runs concurrently and can interact with your software. Microsoft would have the capability to, for example, deny the ability to run Quicken and approve only MS Money for your financial software needs. A more insidious setup would be to allow Quicken to run but deny access to the internet for transaction downloading.

From a common sense perspective, I just don’t see any government or corporation wanting Microsoft to be in absolute control of their servers, desktops, and data.

]]> By: Ken Y-N http://blogs.mcafee.com/mcafee-labs/on-trusted-computing-part-ii/comment-page-1#comment-17241 Ken Y-N Sun, 01 Jun 2008 13:46:24 +0000 http://www.labs.com/research/blog/?p=666#comment-17241 Remote attestation is more useful, I think, for corporates and software licensing. I could see virus protection software, for instance, being properly managed in a corporate environment through the use of attestation. I'm not sure of what the cost/benefits are, but I feel that one of the first real uses of the TPMs in the corporate environment will be for accounting of site licenced packages. TPMs on mobile devices (MTMs) are mandatory (well, MRTMs only, not MLTMs, but let's not get into that!) but they need that to enforce legal regulations surrounding wireless use, and to protect the SIM card, etc. Looking forward to the article on trusted virtualisation, but every time I think about it my brain hurts! Remote attestation is more useful, I think, for corporates and software licensing. I could see virus protection software, for instance, being properly managed in a corporate environment through the use of attestation. I’m not sure of what the cost/benefits are, but I feel that one of the first real uses of the TPMs in the corporate environment will be for accounting of site licenced packages.

TPMs on mobile devices (MTMs) are mandatory (well, MRTMs only, not MLTMs, but let’s not get into that!) but they need that to enforce legal regulations surrounding wireless use, and to protect the SIM card, etc.

Looking forward to the article on trusted virtualisation, but every time I think about it my brain hurts!

]]>