Why Microsoft’s Palladium project threatens to send Linux and open-source into exile: “Unless Microsoft signs a particular Linux kernel, it will almost certainly refuse to run on Palladium-equipped hardware.” Read the editorial at SecurityFocus.
The Devil And The Deep Blue Sea
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
This guy is a moron.
Palladium is something that only works if the OS takes advantage of it, it has nothing to do with Microsoft signing any software so that it can run on Palladium hardware.
This is just an outright pathetic attempt to bring more hatred towards Microsoft.
I’ve haven’t been following Palladium but I skimmed through this article. I don’t think this is a serious threat to open source operating systems. Too many big companies have put a lot of money into operating systems like Linux. I can’t see companies like IBM backing this. I don’t see this being widely adopted.
I wonder who would support and benefit from this endeavour, besides Microsoft?
The article gave the impression that security was implemented at the hardware level. If the article is wrong or misleading then maybe your comment could have been appropriate if it explained how. Details please.
Maybe I’m confused here, or seriously reading this wrong.
Jon Lasser speaks of Palladium as requiring all code executed to be digitally signed, and this is somehow supposed to prevent arbitrary code inserted into a running program through a buffer overflow from being executed, because the inserted code would not be digitally signed.
??!
How exactly is Palladium to know the difference between the programs normal code and that which came in as data but took the place of code? The code is already running, meaning it has already passed Palladiums checks, unless Palladium is checking every line of executable code each time it is read be the processor. I don’t see how Palladium could accomplish this.
Expose my ignorance, please.
It could also back fire.
Microsoft could end up in exile with Palladium.
Microsoft has brought a lot of hatred upon themselves.
For the damage that they have done to the industry, most technology companies, most technical people hate them.
Palladium-equipped hardware
Why on the hell would the hardware manufacturers make that kind of hardware if it is more costly, and dificult to produce and without any kind of fiability to work as designed?
Only if they want to damage their own business (as if it is great nowadays)…
Cheers…
Luis Ferro
Dell might benefit — they don’t make OS’es. Anybody who supports strong Digital Rights management would support this. The US government, if it stays in its current paranoid mode, would probably figure some way of wiring this into the national security ID program. That assumes that the national ID program will happen at all.
This is all speculation. I’ve gotten a little more even headed about this, especially considering that a WHOLE LOT of the DETAILS of Palladium are not even published, or entirely specified yet within Microsoft.
Also, there must be a place for non-Palladium aware content. No one wants to go through the pain of getting an approved content signature just to put up a free MP3 of their own original music or software. On the other hand, nobody wants their work stolen and given for free to everyone on earth without their permission (this is the core of copyright, by the way). There should be a sensible balance between protecting copyright holders and fair use, especially when the right to fair use has been PAID FOR. Now we’re beginning to discuss the rights of the consumer combined and the nature of “ownership,” but others can discuss that. The DMCA officially killed reverse-engineering, though I doubt that will realy stop people. The SSSCA (or is it the CBDTPA? or QWERTYUIOP — oh hell, I forgot what the current acronym is) goes even farther. This will allow content providers (mostly giant corporations) to legally use Palladium for all kind of crazy stuff. BUT consumers may not want certain rights they are accustomed to infringed upon. Companies and the government may be forced to show more restraint when implementing their DRM strategies. I hope this may lead to revising certain laws as well.
There’s a bit of positive speculation for you, and now I’m done.
–JM
Jerry Siebe:
Magic! No, not really. You’re right. Palladium might protect people against running bad binaries that were intentionally hacked to create new exploits, and from binaries already modified by viruses. It can’t stop a buffer overflow unless it’s a lot more complicated and clever than Microsoft is telling us. (joke) Maybe it’s a code profiling and morphing hardware virtual machine using super-secret technology!(/joke)
yc:
The right rumor (or fact) given to the right people could cause a public outcry that may last long enough to turn this whole thing on its head. Also it could be implemented wrongly. A poor implementation and rumors about fees killed DivX DVDs (not the video codec, I’m referring to the pay-or-throw-it-away DVD scheme).
Luis Ferro:
Hardware makers would do it if enough big “content providers” agreed on it. (content is software and media; big content providers are Sony, AOL-Time Warner, Microsoft, Adobe, etc.) Being locked out of the newest and greatest stuff will hurt hardware makers’ profits. If the content providers were really devious, they would extend great discounts and benefits for using Palladium euipped hardware, and then take them away once they’ve lured everybody onto the platform. I suspect that hardware makers will still make Palladium-free stuff for awhile, and some will continue to make hardware where the user can disable Palladium features.
–JM.
http://www.neowin.net/staff/users/Voodoo/Palladium_White_Paper_fina…
Many clues within.
I’ve done some brief research – it’s hard to sort out the fact from the fiction though.
It has been postulated that non-signed OSes won’t be able to boot on such hardware. Is this fact or fiction – possible fact if the BIOS developers are reigned into this scheme. Time for open source BIOSes I guess.
If the essential fact is software signing from initial bootup, it would seem to me that ownership of the hardware changes from a fully owned model to that of a licensed model.
While I can see some benefits from a licensed software developer’s point of view, these are at a significant loss of rights for the hardware owner. What right does a third party like a software developer (e.g. Microsoft) have to store confidential information on your computer which you can’t access, and can be used to exert full control of your entire computer?
The bottom line of this is that when you buy a computer, you no longer buy something outright that is for your sole purpose, but rather you are buying something that will always be partially owned by someone like Microsoft. We have learned to live with this concept with regard to copyrighted material, but is it fair to extend it all the way to the hardware?
I would have thought that governments would be up in arms at such proposals – the level of control afforded to large corporations by such schemes would not be tolerated in other market sectors.
P
…won’t be an option with Palladium. The crypto hardware specifically protects the bios from any alteration by checking it before allowing it to boot the system. The bios->system path is probably crypto’d too. You have to get through it to modify the bios (as far as the architecture looks to me, at least). It would (seemingly) be obvious to assume that even pulling the bios chip and altering it would fail since the crypto hardware stores checksumming/hashing/whatever keys internally.
To speculate, the government would probably be all for this idea. Remember recently a bill was (maybe still is) on the table to enlist the services of every mailman and meter-checker to intentionally spy on regular joe blow and make sure they were not up to any suspicious terrorist activities.
I can see the black apache helicopters circling my house right now…
Ok. I’ve read some more literature..
It would appear that Palladium is currently planned to be an “opt-in” proposal, and that existing software is not supposed to break – Hah.
However, there is nothing to say that that the rules won’t change over time – and this is where legislators need to be realistic. You have to look at the track histories of the companies concerned and so forth.
It also does not prevent the owner of the operating system from arbitrarily deciding not to authorize the running of untrusted software. Ultimate control rests with the operating software manufacturers.
The point has correctly been stressed that if operating system developers cannot acquire certification under reasonable costs and terms, any palladium equipped computer will ultimately be owned by the software companies, in particular operating system owners. If this fact alone does not start alarm bells in governments, it really should.
I never thought I would see the day in my lifetime that software development would become as politicized as it now has become.
P
I can’t the guy who wrote the article is wrong and doesn’t know what he is talking about.
Palladium cannot stop buffer exploits. It is not designed to anyway.
What can stop them is security permissions. Or writing better code.
If the program being exploited has limited permissions then the exploited code has limited permissions as well. Of course most of this software is monolithic and uses those permissions in another part. If you break the code down into seperate programs and give them seperate permissions it would be safer.
Of course the safest path is to never use libraries or functions that can be buffer exploited. Check every thing to make sure you do not go out of bounds.
All this talk is simply a waste of time.
Your new computer will have government mandated security, including Palladium or whatever new name it gets down the road, maybe “Universal System Security Architecture”, or “USSA” for short.
Uh, folks, did anyone notice the government is creating an army of spies? Compared to the dealing with the world’s largest secret police force, Palladium is just another brick in the wall.
#m