Saturday, April 21, 2007

Trusted Computing

There are many initiatives that promote security and reliability addressed under the generic term of "Trusted Computing". Nevertheless, this term does not mean what the non-initiated think it means, and this ignorance has been used to sugar-coat mechanisms for intrusions of privacy and weakening of consumer rights. Since I have been posting about Vista and DRM that implement some "Trusted Computing" concepts, I thought appropriate to complement the discussion of those subjects with this topic.

Trusted Computing is not "trustworthy" computing. The word "trust" in this context has a meaning closer to its opposite, it comes from the Cold War era when the Department of Defense was the largest commissioner of technology projects and imprinted their military view on language, "trust" in this case means "risk". When an organization in the military gives you credentials to access the weapons in a depot, it is trusting you, because you may misuse the permissions and cause harm, that is, you are trusted not because you are trustworthy but because you have become a risk. When approaching "Trusted Computing" one must be very careful to understand what point of view is assumed.

There is a "Trusted Computing Group" founded by the usual suspects: AMD, Intel, Microsoft, IBM, Hewlett Packard, Sun Microsystems and Infineon that strives to develop technologies to make computing predictable, and consequently, more secure and reliable. AMD in particular, in relation to Virtualization has brought SVM, the Secure and Virtual Machine specification, what was known as "PacĂ­fica/Presidio".

The goal of "Trusted Computing" is to make computing devices to behave in predictable ways, exactly as the designer and manufacturer expected. This is an attractive selling point because it is a manufacturer warranty that the devices are going to do what they are supposed to do. A computer infected with virus or malware would be a counterexample. When you have a TV set, if you push the power button and nothing happens, you exercise the warranty. Unless you opened it and messed with the circuits, the seller or manufacturer will quickly admit its fault; trusted computing tries to replicate that dynamics to computing devices.

But that warranty comes at a price: For the device to be "trusted", it can only do what the manufacturer has deemed appropriate and nothing else; and this is the problem, computing devices are generally better the more flexible but the "trusting" limits them to very specific things. This imposes limitations far beyond the usual restraint of not messing with the circuits of a TV set to not void the warranty or not touching a configuration of your Cisco router done by the the consultants so that they don't have an excuse to say "we left your network working, your people must have made a change that broke it"; trusting computing works because the devices are guaranteed to enforce the manufacturer's policies, they may be designed to ignore the requests of their lawful owners, or even worse, to report to authorities, including the manufacturer, attemts at breaking the mechanisms that guarantee the enforcement of policies as tampering. "Trusted Platforms" among other positive things mean platforms designed to disobey the user to guarantee the enforcement of the policies coded by the manufacturer, as very aptly Richard Stallman put it.

In connection with my previous discussions about Vista and DRM, for example, the limit in the number of times you may change the "zone" of a DVD is an example of "trusted computing": The DVD consortium imposes policies regarding which players may play which DVDs that the devices enforce, even against the express wishes of their lawful owners and users. The DMCA criminalizes the circumvention of "protection" mechanisms, that is, it is criminal to interfere with the enforcement of the policies coded into the devices. Observe that just like one must be careful to notice what is the point of view about "Trust", in this context it is equally important to notice the point of view of the words "Copyright" (1), "Security", "Protection".

Microsoft sells Vista as an O.S. with improved security, but in reality that is a marketing claim with little support. It is true that Vista keeps asking you for permission to do things that require administrative privileges, but since it is so annoying, you end up clicking "yes" without thinking the same way you pretty much ignore the internet browser warnings on "secured" or "unsecured" transactions, or never take a look at the warnings regarding the validity of cryptographic certificates(2); then in practice this annoyance barely improves security; or this other thing of bitlocker; it is nice to have the Operating System to check the validity of BIOS and the hard disk partition where the O.S. resides, but in the end, this is just a tool to block users to boot Linux after installing Vista: The Linux tools regarding bootstrap that worked magnificently to correct problems with Windows 2000 and Windows XP boot can't work with Vista booting and the user is locked to use the very defficient Microsoft tools, deteriorating boot security in your systems!. Anyway, all the colander of holes in Windows security are just the same in Vista.

So, the "Trusted Computing" may mean improved security in the sense that the computing devices will not do something harmful to the interests of the manufacturer although the user may experience more problems. Just as it is easier to infect Vista with a virus causing harm to the user/licensee/owner than it is to correct a Vista booting problem with Linux tools, Microsoft's interests are better preserved with Vista, in that sense it is more secure, at least from Microsoft's point of view, although not the user/licensee/owner's. My advise would be to not pay Microsoft extra money to protect its interests hurting yours.

When the devices guarantee the enforcement of policies, you can put DRM on top. With DRM the media companies may feel "secure" to publish their content for that DRM; the problem for the user/licensee/owner is that she has to waive her privacy and consumer rights.

For AMD, the "Trusted Computing" thing is harmful, because AMD/ATI does not have the critical mass to impose its "Trusted Computing" mechanisms as de facto standards while it needs innovation to take market and mind share from Intel but the emphasis in predictability intrinsic in "Trusted Computing" hurts innovation, as has been explained in detail in my previous posts.

On a personal level, you can construct your own "Trusted Computing" experience: I wrote about how thanks to Virtualization you can work around the severe Windows security problems [this points to the fragment that details how], if you read that other post, you will see that distrusting both the host Operating System and the Guest Operating Systems, breaking on purpose insecurity vectors like the Internet Explorer, and denying privileges to Guest Operating Systems you get more predictability, security and reliability.

If you own businesses, I would advise you to cease using Microsoft Office, to institute a policy of working memos, letters and internal messaging in html whenever possible rather than proprietary formats and tools, and running Linux hosts with virtualization Windows Guests. You would be applying "Trusted Computing" principles to increase productivity:

  • Microsoft Office is so complex that among other things it is prone to security vulnerabilities, to crash, and all kinds of hard to predict behaviours; then, if there is a problem, you don't know what's wrong, you have to scramble to provide a solution to your idled employee, your employee needs more time to learn a complex tool rather than your business needs, you encourage your secretaries to distract "fixing the margins on the page" rather than the real writing. A substitution for HTML will help in many ways, including predictability to your business productivity.
  • Linux gives you incredible flexibility, in this context, I am advising Linux as a platform where you can easily construct your own standard configuration where you minimize the number of applications and services in the interests of simplicity, predictability and security; since you may have needs that can only be satisfied with Windows, you can sandbox the Windows problems inside virtual machines; see that in this case you limit and control what can happen inside a Windows machine from the host that is an Operating System much easier to administer.
  • This is not advocating to distrust the employee, although the techniques work very well for that purpose. Rather than using trusting computing principles in an employee-hostile way, you can use the benefits derived from the implementation of employee-friendly trusted computing principles to further improve job satisfaction. For example, a computer fully equiped to comfortably run Linux, Gnome or KDE, with normal tools and even a Windows 2000 virtual machine costs as little as $250 without monitor instead of the ~$800 a Windows Vista with Microsoft Office licenses would cost; with the $550 difference you may buy a gigantic LCD screen and lots of RAM (that *will* be fully made use by Linux) for a very responsive, reliable and pleasant system to use [beyond Microsoft Office, after all those computers would not have the "printer driver" bloatware that comes with any Epson, HP, Dell, Lexmark, Cannon or whatever firm, it won't have Norton antivirus, firewall, anti-adware, it won't have the many "trialwares" that in reality are "adware" your OEM forced you to accept, it won't have the Yahoo messenger nor the MSN; nor any of the productivity zapping junk most Windows computers have, but their well-thought of substitutes]
(1) I don't like the word "Copyright" because whoever has the copyright in reality may or may not exercise the right to copy but always imposes a prohibition to copy in all other entities, thus, what is really "owned" is the universal prohibition of copies. To clarify: Copyright is not the right to copy but the faculty to prohibit others to copy. An example: Apple has to pay to the copyright holders for the right to copy (and sell) songs in iTunes. But is Apple the owner of the copyright?, no, it is just a licensee. What is owned by the Music companies, then? a right or the faculty to impose a prohibition?. I propose copyprohibition as a better word. Furthermore, the "ownership" of copyrights imposes a burden on the rest of the society, to enforce the copy prohibition. It worries me that this form of artificial property requires not only the burden of enforcement to exist, but that its enforcement is harmful to liberties essential to prevent tyrannies. Since it costs nothing to allow people to copy, but it costs to prohibit to copy "copyrighted" works, "copyright" seems a particularly bad word for the concept.

(2) I laugh at the many inconsistencies at and regarding Microsoft's web certificates; they are assigned to one Microsoft domain but used at another, sometimes they are expired, etc. I understand that the certificates management is hard to do; for instance, you can not just copy a web site to another domain, you must update the certificates code; the web master must be very attentive to their validity, etc.; but if something this delicate, the only way the browsers can be sure that, for instance, "Windows Update" is the real thing and not a spoof copy to seed malware, can not be done by the largest technology company exposing hundreds of millions of computers to several internet attacks; there is very little hope for smaller firms...