Anti-Trustworthy computing

Microsoft's new security drive aims to appease Hollywood, comfort consumers and reinvigorate the PC. But will the price for such safety be too high?

Topics: Microsoft,

Anti-Trustworthy computing

Would you trust your life to Microsoft?

That’s the challenge the company’s “Trustworthy Computing” initiative is throwing down. First hinted at publicly in one of Bill Gates’ rare companywide e-mails earlier this year, the sweeping concept was explained in detail in a white paper written by CTO Craig Mundie for January’s World Economic Forum summit in New York.

“Computers helped transport people to the moon and back, they control critical aircraft systems for millions of flights every year, and they move trillions of dollars around the globe daily, [but] they generally haven’t reached the point where people are willing to entrust them with their lives, implicitly or explicitly,” Mundie wrote. “We will have to make the computing ecosystem sufficiently trustworthy that people don’t worry about its fallibility or unreliability the way they do today … It may take us ten to 15 years to get there.”

Microsoft is making a big play on its new push: In a wager detailed in the May issue of Wired magazine, Mundie has bet Google CEO Eric Schmidt that by 2030, passengers will routinely board commercial airline flights without a pilot. That is, United and American flights will be flown entirely by computers.

Six months after Sept. 11, you have to wonder: Is he nuts?

Those who’ve followed the company’s escapades the past few years are asking a different question: What’s the spin here? What does Microsoft stand to gain by planting in our minds the image of computer systems so reliable we’ll leave more fallible human pilots on the ground?

Perhaps, if we’ll trust computers with our lives, we’ll also trust them with our credit cards. And maybe, even more important, Hollywood will trust them with its movies. The Trustworthy Computing initiative is as much about securing intellectual property control as it is about “safety.”

Call it corporate arrogance, call it chutzpah, call it the American way: Microsoft is pushing Trustworthy Computing even as its antitrust settlement with the federal government is being fought by nine U.S. states. The company’s announced goal is to make computing a utility as ubiquitous and unnoticed as electric power — a development that would also just happen to preserve Microsoft’s PC-powered monopoly in the process. But with that monopoly comes a software monoculture, one already prone to infections by Outlook mail viruses and Windows server worms. In Mundie’s scenario, the threat could hardly be more lethal: Figure out how to hijack one remote-controlled plane, and you can hijack them all.

Still, the company’s goal isn’t really to fly planes. Onboard computer systems for airliners are a small, specialized market and will probably stay that way. Trustworthy Computing’s real aim is to secure Redmond’s hold on the desktop, by putting the PC back in the center of the action. Just as Gates’ “Pearl Harbor Day” e-mail more than five years ago refocused everything his company did around the Internet, his Trustworthy Computing memo places the company at the forefront of today’s driving interests. Bundling up consumers’ fears of crackers and e-commerce fraud, IT staffers’ worries about server break-ins and Hollywood’s paranoia that its crown jewels are being Napstered into worthlessness, Gates hands back a secure solution for all of us that fits the existing space on our desks. Don’t panic — upgrade!

One of the reasons there’s been little debate about Trustworthy Computing is that no one — including most Microsoft employees — seems to know what it is. Even the company’s public relations experts have trouble conveying Mundie’s vision. But for those willing to wade through it, his white paper details the big picture in depth: “Trustworthy Computing is a label for a whole range of advances that have to be made for people to be as comfortable using devices powered by computers and software as they are today using a device that is powered by electricity.”

That’s a tall order, and a mission statement that could be extended to almost anything vaguely related to computing — Mundie’s paper includes regulatory issues along with technical ones. But besides fixing the notorious security holes in its Web servers and virus-prone desktop clients, the company is also pushing hard on a front that goes beyond its traditional role: Digital rights management, or DRM. A trustworthy DRM system would extend Microsoft’s role where pundits focused on Web services and wireless gadgets least expect — right under their noses, on the PC.

DRM technologies aim to block unlicensed distribution or use of copyrighted material. Movies, music, books, software — any intellectual property that can be put into 1′s and 0′s and passed around the Internet for free. On the consumer side, similar worries abound over credit card numbers, passwords, account information, even mail — all of it easily pilferable from the wide-open architecture of today’s PC. Not just by crackers, but by your kids.

It’s no secret in a post-Napster world that nothing digital is safe from being copied once it’s on a PC. While individual users worry about storing sensitive personal information or sending it across the Net, corporations fear their valuable intellectual property will become worthless once released into the digital wild. Enter Microsoft, offering to tame these Internet-spawned threats — by pushing its Windows operating system back into the center of every digital transaction.

“They’re trying to get the PC back into the stream of e-commerce,” says Lark Allen, VP of business development for Wave Systems, a Massachusetts company that supplies software and hardware to hold data securely inside a PC. “Today it’s just a browser. We’ve moved all the important applications back off the desktop and onto the server, which is the only thing that’s trusted today.” Adding secure systems onto the PC, he says, could be “like the original PC era, where you start moving things back onto people’s desks.”

But at the same time consumers are worrying about having their personal data stolen, Hollywood studios are worrying about consumers. Studios have balked at releasing movies and music online until they’re sure the PC users who pay to download them won’t be able to give out a million free copies. Why should Microsoft care? Because if a solution can be found, downloadable movies might be the biggest boon to PC sales since the Web caught on nearly a decade ago: To play them, you’ll want a PC even more powerful than the new crop of 2.4GHz machines with their 80-gigabyte disks. “It’s going to be the biggest, fattest client you’ve ever seen,” says Allen. “You’ll want terabytes of storage.”

Engineers like to keep intellectual property locked up behind firewalls and server room doors. But it seems to be basic human psychology that consumers prefer to have their stuff right in front of them on their computer. That’s why Microsoft filed for a patent on a “digital rights management operating system” in 1999. The patent was granted this past December — #6,330,670. If the company builds it and ships it, there’s no doubt what it will be called: Windows.

It’s also no coincidence that the proposed antitrust settlement cooked up by Microsoft and the Department of Justice conveniently excuses Microsoft from having to share any information related to digital rights management and encryption technology with its competitors.

So what’s wrong with all this? If the answer wasn’t obvious before last September, it is now: A ubiquitous box that holds everyone’s personal information is the world’s most tempting target for thieves and terrorists alike. Computer scientists call it “the monoculture problem,” drawing a parallel to the frailties of single-strain crops described in Paul Raeburn’s 1995 book “The Last Harvest” and its precursor of a decade earlier, Jack Doyle’s “Altered Harvest.” As Doyle wrote, “What appears to be a genetic godsend and an economic bonanza for the company today could become an economic nightmare for them tomorrow … should one tiny organism find a genetic window of virulence in the Russet Burbank potato … If that happens McDonald’s will have contributed mightily to the spread of a genetic epidemic.” In the early ’90s, as Raeburn documented, a single strain of blight knocked out crops from Maine to British Columbia.

Computing systems aren’t nearly as complex as living organisms, but security experts say the monoculture problem has proven to be more than theory in the wake of e-mail viruses and hack attacks that took advantage of identically weak Windows code on millions of computers — many in the hands of less tech-savvy consumers unable to recognize or remove a virus. Expand Windows’ domain so it holds our credit card info for us and U2′s entire catalog for them, and the much greater risk is obvious.

In the software world, “the existence or nonexistence of a monoculture in a particular environment is usually haphazard,” says Greg Hoglund, CTO of Cenzic, a company that makes automated security testing software. “People will buy three different types of intrusion detection systems specifically because they want to be more resilient,” he says, “but you can’t afford to have three different kinds of Web server environments, with three different kinds of programmers maintaining them.”

When it comes to consumer products, planning is even more shortsighted. “People want instant gratification,” Hoglund says. “They want [a new feature] so bad that they’re willing to buy it and use it without concern for the ramifications. If three years from now that opens me up to an attack, I’m not thinking about it.”

Dr Robert Thibadeau, a Carnegie-Mellon professor who lectures on security and privacy, says the real danger is Windows may already be compromised. “Do you remember how we won the Second World War?” he asks. “We cracked their codes and we never let them know. My concern isn’t about the stuff we hear about, it’s the ones we don’t. A really bad guy isn’t stupid enough to tell you he’s figured out how to get into your computer. You give them a monoculture and you open the door to them.”

But Thibadeau says it’s important not to confuse a business monopoly with a software monoculture. “It’s not bad because there’s one big ugly company doing it,” he says, pointing out that Unix code shared among vendors has similarly been exploited. The threat is created when a common code base — in this case, the Windows “kernel,” the heart of the operating system — is shared across a wide range of computers. Even if one is a PDA and one is, say, an airliner. “I can run a completely different interface for everyone,” he theorizes, “but if someone gets into the kernel … ”

And the upside? “I can’t imagine there’s anything good out of one kernel out there,” he says, echoing what seems to be the ubiquitous sentiment in his field. Instead, he suggests Microsoft take a lesson from the early days of mainframe operating systems: “There should be five giant strong architectures out there that can emulate each other,” he says. “The classic way you do risk management is you limit the amount of damage one person can do because he can’t cross boundaries.”

It’s possible to do that, even within the Windows realm: The free Outlook Express e-mail client, built from an entirely different code base than its pricey big brother Outlook, has proven to be immune to many of the e-mail viruses Outlook users have suffered from for years. But that’s the exception; the company’s usual means of gaining synergy among its software products is to give them access to one other’s data and functions using code hooks only Microsoft can build in. These tie-ins not only lock out other companies forced to use higher-level protocol standards to get, say, your e-mail to talk to your calendar, they’ve also provided many of the biggest holes exploited by virus and worm programmers. And for what? So your e-mail can show you pretty HTML designs.

Will Microsoft break up its code monoculture in order to make Trustworthy Computing more resilient, providing more separate code bases instead of fewer in order to prevent global hack attacks? Probably not. But there are some things it can do that take advantage of the company’s “Windows everywhere” goal to lessen the risks from single-strain software.

First, Microsoft can improve its hugely popular development tools for programmers to prevent them from writing vulnerable code. “Software engineers are not traditional engineers. They’re rock stars,” Hoglund says, meaning they’re less interested in meticulously removing all flaws from a design the way a skycraper architect would feel compelled to do. “But a smart development environment has the capability of being the cleanup crew that picks up the mess behind them,” says Hoglund. Right now, Microsoft’s development tools for C and Visual Basic are the most-used on the planet, and the company’s Java tools are a top contender, despite the ongoing feud over that language between Microsoft and Sun Microsystems. Building into these tools more automated checks for known security holes would help keep programmers at other companies from unwittingly creating unsafe software.

Second, Microsoft can refuse to honor software systems known to be insecure or unreliable — starting with its own. First on the hit list is Passport, the ubiquitous customer identification system known to Hotmail and MSN Messenger users. In attempting to keep sensitive customer data away from millions of individual companies’ Web sites by using a central repository at Microsoft, the company is setting up a single, giant point of failure that makes security experts nervous. One who meets regularly with the company confided that “Passport is a great example of privacy protection by half measure.”

Dave Taylor, a coauthor of the game Quake, told me last year that getting certain third-party software programs certified for Windows was a brutal, expensive process. “You wouldn’t believe the hoops they make you jump through” to get that logo, he said. Yet not too long ago, a consolidation of Passport domain name servers onto one operational team’s network in Redmond — a classic screwup motivated by internal politics rather than engineering — resulted in a day-long outage for all Passport users.

By emphasizing Trustworthy Computing, Microsoft hopes to ride the drive for greater security, privacy, and protection of intellectual property as profitably as it rode the initial Internet boom half a decade ago. The company has called the Consumer Broadband and Digital Television Promotion Act currently before Congress “simply wrongheaded,” yet people who’ve read both the bill and Microsoft’s DRM patent joke about the similarities between the two documents. As usual, Microsoft and Washington have each seen the future and are wrestling over which of them gets to dictate its terms.

Not that any other red-blooded technology firm wouldn’t do the same thing. Apple has long been pushing its Macs as “the hub of your digital lifestyle.” But the name of the new initiative points out that Mundie and Microsoft, far more than their competitors, know they’ve got a tough question to answer before we’ll let them fly that plane 10, 30 or 100 years from now:

Can we trust them?

Paul Boutin is a technologist and writer in San Francisco.

More Related Stories

Featured Slide Shows

  • Share on Twitter
  • Share on Facebook
  • 1 of 11
  • Close
  • Fullscreen
  • Thumbnails

    Ten spectacular graphic novels from 2014

    Beautiful Darkness by Fabien Vehlmann & Kerascoët
    Kerascoët's lovely, delicate pen-and-watercolor art -- all intricate botanicals, big eyes and flowing hair -- gives this fairy story a deceptively pretty finish. You find out quickly, however, that these are the heartless and heedless fairies of folk legend, not the sentimental sprites beloved by the Victorians and Disney fans. A host of tiny hominid creatures must learn to survive in the forest after fleeing their former home -- a little girl who lies dead in the woods. The main character, Aurora, tries to organize the group into a community, but most of her cohort is too capricious, lazy and selfish to participate for long. There's no real moral to this story, which is refreshing in itself, beyond the perpetual lessons that life is hard and you have to be careful whom you trust. Never has ugly truth been given a prettier face.

    Ten spectacular graphic novels from 2014

    Climate Changed: A Personal Journey Through the Science by Philippe Squarzoni
    Squarzoni is a French cartoonist who makes nonfiction graphic novels about contemporary issues and politics. While finishing up a book about France under Jacques Chirac, he realized that when it came to environmental policy, he didn't know what he was talking about. "Climate Changed" is the result of his efforts to understand what has been happening to the planet, a striking combination of memoir and data that ruminates on a notoriously elusive, difficult and even imponderable subject. Panels of talking heads dispensing information (or Squarzoni discussing the issues with his partner) are juxtaposed with detailed and meticulous yet lyrical scenes from the author's childhood, the countryside where he takes a holiday and a visit to New York. He uses his own unreachable past as a way to grasp the imminent transformation of the Earth. The result is both enlightening and unexpectedly moving.

    Ten spectacular graphic novels from 2014

    Here by Richard McGuire
    A six-page version of this innovative work by a regular contributor to the New Yorker first appeared in RAW magazine 25 years ago. Each two-page spread depicts a single place, sometimes occupied by a corner of a room, over the course of 4 billion years. The oldest image is a blur of pink and purple gases; others depict hazmat-suited explorers from 300 years in the future. Inset images show the changing decor and inhabitants of the house throughout its existence: family photos, quarrels, kids in Halloween costumes, a woman reading a book, a cat walking across the floor. The cumulative effect is serene and ravishing, an intimation of the immensity of time and the wonder embodied in the humblest things.

    Ten spectacular graphic novels from 2014

    Kill My Mother by Jules Feiffer
    The legendary Pulitzer Prize-winning cartoonist delivers his debut graphic novel at 85, a deliriously over-the-top blend of classic movie noir and melodrama that roams from chiaroscuro Bay City to Hollywood to a USO gig in the Pacific theater of World War II. There's a burnt-out drunk of a private eye, but the story is soon commandeered by a multigenerational collection of ferocious women, including a mysterious chanteuse who never speaks, a radio comedy writer who makes a childhood friend the butt of a hit series and a ruthless dame intent on making her whiny coward of a husband into a star. There are disguises, musical numbers and plenty of gunfights, but the drawing is the main attraction. Nobody convey's bodies in motion more thrillingly than Feiffer, whether they're dancing, running or duking it out. The kid has promise.

    Ten spectacular graphic novels from 2014

    The Motherless Oven by Rob Davis
    This is a weird one, but in the nervy surreal way that word-playful novels like "A Clockwork Orange" or "Ulysses" are weird. The main character, a teenage schoolboy named Scarper Lee, lives in a world where it rains knives and people make their own parents, contraptions that can be anything from a tiny figurine stashable in a pocket to biomorphic boiler-like entities that seem to have escaped from Dr. Seuss' nightmares. Their homes are crammed with gadgets they call gods and instead of TV they watch a hulu-hoop-size wheel of repeating images that changes with the day of the week. They also know their own "death day," and Scarper's is coming up fast. Maybe that's why he runs off with the new girl at school, a real troublemaker, and the obscurely dysfunctional Castro, whose mother is a cageful of talking parakeets. A solid towline of teenage angst holds this manically inventive vision together, and proves that some graphic novels can rival the text-only kind at their own game.

    Ten spectacular graphic novels from 2014

    NOBROW 9: It's Oh So Quiet
    For each issue, the anthology magazine put out by this adventurous U.K.-based publisher of independent graphic design, illustration and comics gives 45 artists a four-color palette and a theme. In the ninth issue, the theme is silence, and the results are magnificent and full of surprises. The comics, each told in images only, range from atmospheric to trippy to jokey to melancholy to epic to creepy. But the two-page illustrations are even more powerful, even if it's not always easy to see how they pertain to the overall concept of silence. Well, except perhaps for the fact that so many of them left me utterly dumbstruck with visual delight.

    Ten spectacular graphic novels from 2014

    Over Easy by Mimi Pond
    When Pond was a broke art student in the 1970s, she took a job at a neighborhood breakfast spot in Oakland, a place with good food, splendid coffee and an endlessly entertaining crew of short-order cooks, waitresses, dishwashers and regular customers. This graphic memoir, influenced by the work of Pond's friend, Alison Bechdel, captures the funky ethos of the time, when hippies, punks and disco aficionados mingled in a Bay Area at the height of its eccentricity. The staff of the Imperial Cafe were forever swapping wisecracks and hopping in and out of each other's beds, which makes them more or less like every restaurant team in history. There's an intoxicating esprit de corps to a well-run everyday joint like the Imperial Cafe, and never has the delight in being part of it been more winningly portrayed.

    Ten spectacular graphic novels from 2014

    The Shadow Hero by Gene Luen Yang and Sonny Liew
    You don't have to be a superhero fan to be utterly charmed by Yang and Liew's revival of a little-known character created in the 1940s by the cartoonist Chu Hing. This version of the Green Turtle, however, is rich in characterization, comedy and luscious period detail from the Chinatown of "San Incendio" (a ringer for San Francisco). Hank, son of a mild-mannered grocer, would like to follow in his father's footsteps, but his restless mother (the book's best character and drawn with masterful nuance by Liew) has other ideas after her thrilling encounter with a superhero. Yang's story effortlessly folds pathos into humor without stooping to either slapstick or cheap "darkness." This is that rare tribute that far surpasses the thing it celebrates.

    Ten spectacular graphic novels from 2014

    Shoplifter by Michael Cho
    Corinna Park, former English major, works, unhappily, in a Toronto advertising agency. When the dissatisfaction of the past five years begins to oppress her, she lets off steam by pilfering magazines from a local convenience store. Cho's moody character study is as much about city life as it is about Corinna. He depicts her falling asleep in front of the TV in her condo, brooding on the subway, roaming the crowded streets after a budding romance goes awry. Like a great short story, this is a simple tale of a young woman figuring out how to get her life back, but if feels as if it contains so much of contemporary existence -- its comforts, its loneliness, its self-deceptions -- suspended in wintery amber.

    Ten spectacular graphic novels from 2014

    Through the Woods by Emily Carroll
    This collection of archetypal horror, fairy and ghost stories, all about young girls, comes lushly decked in Carroll's inky black, snowy white and blood-scarlet art. A young bride hears her predecessor's bones singing from under the floorboards, two friends make the mistake of pretending to summon the spirits of the dead, a family of orphaned siblings disappears one by one into the winter nights. Carroll's color-saturated images can be jagged, ornate and gruesome, but she also knows how to chill with absence, shadows and a single staring eye. Literary readers who cherish the work of Kelly Link or the late Angela Carter's collection, "The Bloody Chamber," will adore the violent beauty on these pages.

  • Recent Slide Shows



Comment Preview

Your name will appear as username ( settings | log out )

You may use these HTML tags and attributes: <a href=""> <b> <em> <strong> <i> <blockquote>