Microsoft: Full Steam Ahead for Palladium

Microsoft officials poured cold water on a published report that said its Next-Generation Secure Computing Base (NGSCB) project is being canned.

“The project is continuing full steam ahead. It’s alive and kicking and we’re very excited about it. The vision has been refined over the last year but it’s absolutely not true that it’s being killed,” Microsoft product manager Mario Juarez told

, formerly code-named Palladium, debuted in 2002 amidst promises from the software giant that it would revolutionize computer security and digital rights management (DRM). The platform is slated to provide the underlying security architecture for Longhorn, the next version of Windows.

NGSCB is often described as a virtual vault residing within each computer that lets users store encrypted information and only authorize certain entities to see it.

But the platform is also designed to provide protection for critical data against virus attacks, Trojan horses and spyware and could double as a DRM tool to authenticate who is allowed to see a file or use a program.

The project attracted widespread
last year as privacy advocates argued that the DRM system could essentially steer users from non-Microsoft-approved applications and software.

Details of NGSCB first surfaced at last year’s WinHEC conference, where Microsoft chairman Bill Gates outlined the vision of creating security technology to work on the processor, keyboard, video displays and within the Windows operating system itself.

Much has changed since that introduction. “Last year, we presented a very preliminary vision,” Juarez said. “Since then, we have refined the vision and we’re making changes to provide the broader value to customers and partners. We’re still targeting Longhorn. We’re looking to make sure that the
work we’re doing is appropriately integrated into Longhorn but the
architecture will naturally evolve as we receive feedback from customers and partners.”

One big change is the need to address concerns from large enterprises that major modifications to existing applications would be needed to adopt NGSCB. “A major bank in the U.K. is interested in NGSCB but they have concerns about changes that they would have to make to their applications,” he added.

“Then there’s a big manufacturing company in the U.S. that likes the idea of strongly authenticating remote employees and partners. But they want it available out of the box and not require changes to applications.”

Customers like the idea of high security capabilities in the platform, but want it available without rebuilding or rewriting their existing applications, he said.

As such, “they want us to broaden the capabilities of the technology,” Juarez added.
“Those are the issues we’re dealing with to evolve the project. It’s the exact opposite of us shelving or killing off the project. It’s about giving it broader value.”

News Around the Web