Security By Aggravation

How much can you handle to get secure?

• By Em C. Pea
• August 01, 2003

Fabio got on the phone to deal with the repair critters (that’s his department) and your dear old Auntie sat down at the computer to rant (that’s my department). Of course, all I could think about was that empty wall where my movie should have been. Eventually, though, I stopped grinding my teeth and was struck by the resemblance between our erstwhile television and some of the plans Microsoft has discussed for NGSCB.

In case you missed the news, that stands for Next-Generation Secure Computing Base, the technology formerly known as “Palladium.” Microsoft finally took some of the wraps off this technology at this year’s WinHEC. (If you weren’t paying attention, there’s a whole Web site full of stuff at www. microsoft.com/resources/ngscb/default.mspx.) It’s hard to put NGSCB into a nutshell, but it’s designed to be a security architecture that allows programs to lock up their data safe from the Evil People™, among other things.

So, where’s the connection? Well, one of the NGSCB product managers re-vealed this part of the plan to CNET: “Information on secured windows will vanish if another window is placed on top of it or shifted to the background. Erasing the information will prevent certain types of attacks and remind people that they’re dealing with confidential material.” (http://news.com.com/2100-1012_3-1000584.html?tag=fd_top).

Let’s think about the scenario. You’re reading your company’s internal financial information, and you find a snippet you’d like to leak to your largest competitor. (Assume for argument’s sake that you’re one of the Evil People™.) You can’t cut and paste the information, so you open Notepad to type it in. But when you switch to Notepad, the window of financial info goes blank. Foiled again!

Or, at least foiled until you memorize a number, Alt-Tab over to Notepad and repeat as necessary. Or find a pencil and a piece of paper and write the numbers down. Or get out your digital camera. Has it escaped the brainiacs at Microsoft that once you display information on screen, it’s no longer securely locked up in the computer? There’s a class of attacks that blanking windows prevents—but information on screen isn’t secure. Game over.

But think of the poor busy user. She’s trying to work with two confidential applications at the same time (or three or six, depending on the pressures of the job), and only one blasted window will work with her at a time. There may be a sharp upswing in reports of monitors being thrown out (real) windows if this comes to pass.

Now, of course, Auntie is only picking on one little part of a vast plan, and perhaps it’s even a part misrepresented by the press. But it’s a bit disturbing that most of the information on NGSCB so far boils down to four categories:

1. Look at this nifty thing we can do!

2. It’s not our problem if someone misuses this; we’re just building a tool.

3. Trust us, we’re from Microsoft.

4. Boy, is this ever going to improve hardware sales.

I understand that some users need high-security applications. But to saddle every copy of Windows (in some future version) with technology that requires all-new hardware—and enables software vendors to make life more difficult—isn’t a very compelling story for the average consumer. Of course, as MCSEs, we’re not the average consumer. Just think of all the overtime spent fixing this stuff in its first generation or two!

Meanwhile, Auntie doesn’t want shell games with windows on screen to give her a secure feeling anymore than she wants blank pictures in place of movies on the wall. Let’s hope Microsoft is open to feedback and that the technological prowess doesn’t cause its engineers to assume that everyone thinks like they do.