Windows IT Pro is the leading independent community for IT professionals deploying Microsoft Windows server and client applications and technologies.
  
  
  Advanced Search 


November 2002

Microsoft Palladium


From the November 2002 Edition
of Windows IT Pro
Paul Thurrott
Need to Know
InstantDoc #26712
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Security Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

Palladium may be the most misunderstood project Microsoft has ever devised. Maybe that's because the company divulged information about it more than 3 years before it will see the light of day. What is Palladium, and why should you be thinking about it now?

Palladium is Microsoft's Trustworthy Computing initiative made real—a hardware/software solution that will form the basis of next-generation computer systems. Microsoft intends Palladium to protect user privacy and present a secure environment for sensitive data. Here's what you need to know about Palladium.

Part of Longhorn
Essentially a new computing platform for security, personal privacy, and system integrity, Palladium is due to ship in 2005 as part of Longhorn, the next Windows version. But Palladium isn't just software: It will require a new type of PC with a specially designed microprocessor—Intel and AMD are on board—and security chipset. Palladium will also be optional: Users who want to load Longhorn on a non-Palladium PC can do so—and forgo Palladium's benefits.

But make no mistake: Palladium is an all-new PC architecture. And if Palladium is successful, the PC as we know it will disappear. Post-Longhorn, Palladium could easily become a requirement for future Windows versions.

A Secure PC Environment
As the agent of Microsoft's Trustworthy Computing initiative, Palladium will create a secure execution space on a PC or other Palladium-compatible device. This runtime environment encompasses three areas of integrity: machine integrity, data integrity, and user integrity. Machine integrity requires the underlying hardware to meet Palladium's standards. Data integrity uses Digital Rights Management (DRM) to protect crucial software systems and associated data, such as email. User integrity incorporates OS-type security, such as logons, smart cards, and other forms of authentication.

This three-tiered approach has two interesting—and often misunderstood—results. First, because Palladium directly handles only machine and data integrity, it requires an underlying OS to provide a complete solution, and this OS needn't be Windows—or even supplied by Microsoft. Second, Palladium essentially moves attacks and other electronic threats from the software application and OS levels down to the hardware. In this sense, Palladium is bigger than Windows or any other OS.

Digital Identity Protection
Cast aside any comparisons to Microsoft .NET Passport, Microsoft's current online identity service. With Palladium, the company is taking a different approach to creating, managing, and protecting a digital identity. Instead of using a centralized server as .NET Passport does, Palladium puts control in users' hands.

The goal is to protect users from identity masquerades and theft by providing an architecture that enables user identities to be uniquely verified. So, for example, you'll be able to securely transmit credit card transactions online or send an email message and be sure that only the intended recipient can access the enclosed data.

The Chipset Is the Key
Combining a Palladium-compatible OS such as Longhorn with Palladium-specific hardware creates a special microkernel-like environment, called the Trusted Operating Root (TOR), that can instantiate the Palladium software. As the software loads, it sets aside a secure, or trusted, processing environment called the vault within the hardware chipset. Data in the vault is physically isolated, protected, and not accessible to other applications and services on the PC. Only users, processes, services, applications, other computers, or other entities that can be verified as trustworthy can access the vault's data. Microsoft says that hardware channels inside Palladium-based PCs will be "impervious to snooping, hardware/software-based attacks, and masquerading or impersonating on the screen."

Recommendations
Palladium isn't happening this year, next year, or even the year after that. So, you have time to plan for the future—and, of course, suffer from the malicious attacks that Palladium intends to obviate. Will Palladium deliver on its promises, or is it doomed to be another far-reaching Microsoft initiative that doesn't live up to its hype? Time will tell, and we've certainly got plenty of that.

End of Article

Reader Comments
hipe? the only hipe in Palladium is hapening in the music industry and in Microsoft. For the users there is no hype in Palladium

Roger October 29, 2002

Interesting Pro-Palladium point of view. My opinion is quite different. As a consultant I must try to examine every angle of the emerging technologies. In the short run, Palladium may propose nice incentive... downloadable time-activated software, secure corporate documents. But in the long run it may prove a monopolistic... Use MS Office or the Palladium protected document won't open. Certainly my own mother would HAVE to buy MS Office ($400+). I know of many people who would install Open Office (FREE) and somehow attempt (and succed) to force their way into their own documents. Further more, actual technologies enbeded, but rarely used, exist in current Operating Systems (OS) like Windows 2000 and Windows XP.

Secure transactions? Secure from who? Hackers… or better said… crackers and script kiddies do not proposed so much of a threat to a regular individual. Medium and large size should worry about intruders and corporate sabotage and/or espionage. Home users should be worried about anti-virus updates and backups… no one do them as they are supposed to. Corporate users should have specialized personnel that take cares of those chores, as well as security.

Palladium will indeed change PCs as we know it. Some who HAD knowledge to innovate and the others that TRIED to aquire that knowledge will become a dying breed. Take for example file sharing. And I do not mean "illegal" P2P sharing of copyrighted materials, I do mean that someone can jack the security to its highest levels (lets say at a PUBLIC library, school or at the office) and any document created in that PC could not be readable in a non-authorized machine (ie home, school or office). Many of my collegues would use Palladuim at its highest levels of encryption and security... only to be slapped in the face when they can NOT open their own documents in another PC (ie a client).

Supposedly Palladium will be optional in the next-gen Windows (CodeName: Longhorn), but its just another way of feeding the Moms & Pops who do not dominate computers very well. Don't beleive? Think… what happens when you decide NOT to run a Palladium-compliant PC? Will you be stuck with out-dated hardware? Will you be able to communicate efficiently with Palladium friendly networks? Once Palladium advocates have over 70% of the market, they can offer weak alternatives to non-Palladium PCs (like an 8-track tape) and hoard newer and faster technologies for themselves. It happens NOW! Your average secretary does not NEED Office XP… Office 97 suffice. Microsoft ceased all support for 97… companies had to move. Thay are doing the same with the software icensing. Palladium will, eventually, not be any different.


Here in 2005? Maybe in a full implementation. But evidence shows that Intel's Serial Identification scheme in their CPUs was an ill attempt to mark PCs. Sure, you could turn it off… but you would not be able to use this-or-that function. Fortunatelly for everyone, the people saw thrught the scheme and refused it. Microsoft's arch-famous registration fiasco (there are several ways to recover your lost registration numbers) is a way to manipulate your cyber-identity. Many users got bitten by the system once they installed SP1. Much more... the ever-changing-no-body-wants-to-read EULAs make every automatic update a potential Big Brother Is Watching issue. Palladium will just make it worse.


The Palladium future is starting to percollate. Check out the new Windows Media Center OS that just shipped out. Encode any MP3z from any of your legal music CDs on the machine... or try to create a backup SVCD or DVD of your weeding decaying VHS tape. Now try to play it in another PC. Good luck... now you have to hack your own backups and, what is worse... your own PC! Much to the RIAA’s collective sigh, you are victim of… security? You want a PC that can do what you want to do… not what others decide it should do.

Think that 80% of the home-users do not have critical data (ie life or death), and corporate crucial information is stored in company servers (or at least it should be.) We do not need Intel, Microsoft nor the Trusted Computing Platform Alliance (TCPA) to dictate how to "keep our children safe."

A note to the MIS and IT Professionals out there... imagine your company right now, with the Palladium security making things worse among users. I rest my case. I urge the author, Mr. Paul Thurrott, as well as all his readers to investigate further at the links provided by Mr. Tom Shiner (editor of WinXP News at http://www.winxpnews.com):


http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html#additions
http://www.cl.cam.ac.uk/~rja14/tcpa-faq-0.2.html


Thanks,

Edwin O. Molina A.
Independent Computer Consultant

Edwin Molina October 29, 2002

Read Edwin Molina's comments completly. Many of the basic freedom rights will be violated with Palladium!

John Smith November 03, 2002

Well, it'll be time for a VIA Cyrix Processor and Mandrake Linux for me, or maybe I'll consider buying a Mac. I don't want Bill Gates to control everything in my life.

Cesarino Ramirez November 16, 2003

Right off the bat, know that Paul Thurrott is a well-known mouthpiece for Microsoft. His own site pretends to be a Windows consumer information site, but acts as nothing more than Gates' Promotion Dept. Therefore, if Paul writes that any MS product is "good" for users then assume it's bad; "efficient" means it's overdesigned and slow; "great" or "excellent" mean it's mediocre at best. Conversely, his declaring a product to be "average" or "typical" indicates poor performance or lagging behind the competition.

Palladium technology might well be the light-at-the-end-of-the-tunnel for users, though. But not in the way MS desires: it might provide the incentive for many users to finally break free of MS arrogance and tyranny and try alternatives more respectful of users, like ever-reliable Mac systems or various other PC OSs.

Anonymous User February 06, 2005

You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor? Register now




Top Viewed ArticlesView all articles
Battery Life Issues Almost Certainly Not Windows 7's Fault

While Microsoft is still investigating a notebook battery life issue that was supposedly caused by Windows 7, some interesting trends have emerged. ...

Confirmed: Battery Life Issues Not Windows 7's Fault

Microsoft on Monday issued a lengthy statement about the recent Windows 7 battery controversy, echoing my assessment from earlier in the day, but backing it up with hard, cold evidence. ...

Getting your iPhone to Sync with Exchange 2003

Follow these steps to use an iPhone with Exchange. ...
Security Whitepapers Reducing the Costs and Risks of Branch Office Data Protection

Solving Desktop Management Challenges in Healthcare

Solving Desktop Management Challenges in Education
Related Events The Increasing Threat of Financially Motivated Data Theft

Deep Dive into Windows Server 2008 R2 presented by John Savill

Introduction to Identity Lifecycle Manager "2"

Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys
Related Security Resources Introducing Left-Brain.com, the online IT bookstore
Looking for books, CDs, toolkits, eBooks? Prime your mind at Left-Brain.com

Discover Windows IT Pro eLearning Series!
Clear & detailed technical information and helpful how-to's, all in our trademark no-nonsense format


ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Collaborate with Confidence
Accelerate deployment and simplify Microsoft SharePoint management with EMC solutions and services.

Calculate your savings now
See how SAN is 57% cheaper than DAS over three years

Announcing Symantec Backup Exec 2010
With integrated deduplication and unified archiving technology.
Feb 25 - Are your IT Systems distributed? Or Convoluted?
Find out why integrated management solutions are more important than ever in today's IT environments and what criteria to consider when evaluating those solutions.

Virtualization Faceoff – Join the Discussion
Blogs, free poster, videos, community commentary – IT experts and peers face off on VMware & Microsoft virtualization solutions.

Should Your Email Live in the Cloud?
This Forrester report shows how-to calculate your on-premise email costs and compare with cloud-based alternatives and offers best practices for reducing email costs.

Exchange Server 2010: Deploying Unified Communications
register for this free virtual event and build your Unified Communications future on a strong Exchange Server 2010 foundation

New from Left-Brain.com - Manage VMware with PowerShell
Learn how to perform everything from simple ad-hoc reporting at the command-line to complex scripts that automate a massive deployment of hundreds of virtual machines.  Solve your old problems using less code than you thought possible!
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro DevProConnections IT Job Hound
Left-Brain.com Technology Resource Directory asp.netPRO ITTV Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 © 2010 Penton Media, Inc. Terms of Use | Privacy Statement