I was surprised by the number of email messages I received this past week from Windows & .NET Magazine UPDATE readers eager for more information about Next-Generation Secure Computing Base (NGSCB--formerly Palladium, the name I still prefer), given the fact that we won't be able to implement this technology until 2005 at the earliest. NGSCB is vast, complex, and widely misunderstood; I'm at a loss to understand the bizarre anti-NGSCB opinions that have become widespread on the Web. This week, I examine NGSCB from the mile-high view: Why it was created, what problems it will solve, and why some people are afraid of it. Next week, I'll delve a little deeper and look at the often discrete technologies that make up NGSCB.
At its most basic level, NGSCB will emerge as the product version of Microsoft's Trustworthy Computing initiative--in other words, it's all about trust. Think of it this way: When you flip a light switch, you trust that the electricity will be on, much the same way that you trust your car will start when you turn the key. Although these events sometimes surprise us, they're reliable enough that a level of trust has set in; when things go wrong, it's the exception, not the rule.
Contrast these events with the PC. At home, I have a variety of systems, each with its own personality. My wife uses a Pentium III 866 machine that's very reliable but sits unusable while the BIOS check pauses for several minutes each time the machine reboots. We don't know why, it just happens. And I have a notebook computer that I use around the house that refuses to work well with hibernation. Again, I have no clear reason why--it just doesn't work. Both systems are examples of the problems with computers today. A more drastic, and perhaps more common example occurred at the Web development company at which I worked in the mid-1990s: We had to reboot our Windows NT 4.0 Web server once a week or the resources would dry up and the Web sites would crawl. We never determined why this problem happened--it was a memory leak of some sort, I think--but the fact remains that we didn't trust that machine.
With PCs (and PC-based servers), the sad truth is that one bad experience or one unexplainable glitch that destroys data or brings down the box is often reason enough to make us never trust the PC again. This lack of trust is the reason why the public stereotypes PCs as unstable and unreliable.
So Microsoft is seeking to fix this problem by lifting our trust in PCs to the level of trust that we have in other devices and services. The problem exists at both the hardware and software level, but the problem isn't just about reliability. We put our personal information, private corporate data, and other crucial information on these devices, then connect them to one another through networks and to the world through the Internet. Virtually every day, I hear a report about some new virus, email-based worm, or hack that could potentially bring the whole house of cards crashing down around us. The PC wasn't designed to support this distributed model. And like Windows, the PC has been bandaged and patched beyond recognition to support new industry trends and technologies over the years. The time has come to start anew.
Microsoft's answer is NGSCB, a hardware and software solution that will make security, personal privacy, reliability, and stability integral parts of the PC platform. Largely because of Microsoft's long-term goal of maintaining backward compatibility, the company will build NGSCB off the PC platform, and that, perhaps, is the weakest part of the plan, although understandable from a marketing perspective. If the company simply introduced a totally safe but completely incompatible hardware and software platform, few companies would jump on board.
You might think of NGSCB PCs as "PC Plus" devices because they'll have everything a typical PC has, plus additional NGSCB circuitry, and everything Windows has, plus additional NGSCB services and features (I'll delve into the details next week). These NGSCB PCs will integrate and interoperate with other PCs on a network and across the Internet and offer additional features to users, such as secure communications, data isolation, and a trust model for exchanging data with non-NGSCB PCs. Contrary to some of the scarier reports I've seen, NGSCB isn't about Microsoft being Big Brother; the technology won't turn off access to applications or MP3 files you've "borrowed," for example, but will instead offer ways to ensure that your personal information is distributed only to whom you want, in the level of detail you want. NGSCB is about control, but not the way some describe. Under the NGSCB model, you control your data and private information.
Many people have compared NGSCB to Digital Rights Management (DRM) technology, which is bogus, other than the fact that few people understand DRM either. DRM is designed to let content creators specify how consumers use their intellectual property (or, as the critics say, to limit your fair use rights, which is an exaggeration). So you'll see DRM in use at online movie rentals or with Apple Computer's new iTunes Music Store, which lets users purchase digital songs for 99 cents each. NGSCB isn't DRM, but it would be an excellent platform for DRM because it exposes security features that would make DRM more valuable to users. For example, if a DRM-encoded song could definitively determine that you were, indeed, the true owner of that music, you could play it on any NGSCB-enabled device (and yes, Microsoft will port NGSCB to other platforms such as Linux and the Palm OS, I'm told). That interoperability would effectively end most arguments against DRM's sometimes Draconian restrictions because of the limits of today's PCs and devices.
So, is NGSCB the end-all, be-all technology? No. Like any other technology, NGSCB will have limits, and given the years-long lead time, watching how it comes together will be interesting. Next week, I'll discuss some specifics, and explain why a NGSCB-enabled PC will be more secure, reliable, and trusted than the PC you're using now.