Microsoft's Palladium: What the heck is it?
COMMENTARY--Palladium. It's the newest word in our Microsoft vocabulary, but hardly anyone knows what it really means. Published reports so far have told us that it's Microsoft's new "trustworthy computing" architecture, and that we'll have to buy new computers and updated software to run it. But beyond that, it's hard to tell what, exactly, Palladium is.I want to take a shot at changing that. Though the details are still sketchy, here's my first attempt at a Palladium FAQ.
What is Palladium?
According to Microsoft, "Palladium is the code name for an evolutionary set of features for the Microsoft Windows operating system. When combined with a new breed of hardware and applications, Palladium gives individuals and groups of users greater data security, personal privacy, and system integrity....The fundamental benefits of Palladium fall into three chief categories: greater system integrity, superior personal privacy, and enhanced data security."
Palladium is not a separate operating system. Rather, it consists of enhancements to the Windows kernel and to hardware, including the CPU, peripherals, and chipsets. Together, these enhancements will support a trustworthy execution subsystem within the PC--think of it as a very secure little computer inside your larger, insecure one.
Current applications will continue to run on Palladium-enabled hardware, but they'd require changes to benefit from Palladium features.
What does Palladium do?
"Palladium prevents identity theft and unauthorized access to personal data on the user's device, while on the Internet and other networks," a Microsoft white paper says. "Transactions and processes are verifiable and reliable and cannot be imitated."
Palladium locks a system's secrets within the computer and reveals them only when presented with permission from the user/owner of the system.
There are multiple layers of security, allowing only specific secrets to be revealed, as the user wishes them to be. Users can control how their personal information is revealed to others. Microsoft calls this a "closed sphere of trust," in which machines and applications are able to work together, while protecting information from outside access.
Palladium-enabled software will contain "trusted agents" capable of securely interacting with trusted agents on other computers. Palladium systems will utilize "sealed storage"--secure data repositories, such as a hard drive, protected by the Palladium technology.
Sounds like Palladium knows a lot about the user...
Not true. Palladium authenticates hardware and software, not users. According to Microsoft, Palladium is about platform integrity--things like preventing unauthorized software from running and unauthorized computers from connecting. I do, however, expect to see user authentication built atop Palladium at some point. User information is not, however, required for Palladium to work.
Here's an example that Microsoft uses: "An employee logs onto the corporate network from home. A trusted gateway server at the corporate network mediates the remote access connection, allowing only trusted applications to access the network. This assures that the network is protected against infection and attacks by viruses that the home users might have received through personal e-mail. Once connected, the employee can use Remote Desktop to access the computer at the office or save a file back to the corporate server using 'trusted agents' and 'sealed storage' running on the home machine."
Microsoft says that Palladium will provide an environment where trusted code runs in memory that is physically isolated, protected, and inaccessible to the rest of the system--thanks to a new design for system hardware. This makes the system "inherently impervious to viruses, spyware, or other software attacks."
I'm not sure I'd use the phrase "inherently impervious"--sounds too much like a challenge to me--but that's what Microsoft is promising. From its lips to God's ears.
Doesn't this just reinforce the Microsoft Windows monopoly?
In some ways, of course it does. But Microsoft has promised to create an open process around the creation of the Palladium technology, and to publish significant parts of the source code. Palladium functionality will be delivered turned off, by default, so customers will have to opt-in if they wish. Microsoft also promises that all Palladium hardware will work with any software written to the Palladium specification.
When does this happen?
Published reports have suggested as early as 2004. I'm pretty skeptical about that. I don't think Palladium will be ready for significant commercial release that soon.
Once Palladium is released, I expect it will receive a very cautious reception. Customers with the greatest need for security--financial, health care, and government organizations--will be the first to adopt it. But even then, there will be a lag. The market will wait for proof that Palladium really is trustworthy. It will also wait for all the new hardware and software that will be required for Palladium to function. If Palladium is successful, it could be a nice shot-in-the-arm for the beleaguered hardware industry.
My best bet is, we won't see significant real use of Palladium in real-world applications before about 2006, and that the whole grand strategy won't really hit until the 2008-2010 time frame.
So Palladium isn't something you need to worry about today, but it is something you should watch. To learn more, visit the Microsoft Security site. And keep an eye on AnchorDesk and ZDNet News for continued coverage as more details emerge.
What do you think? Do you trust Microsoft to create a system that will truly protect you and your data? Or do you think this is just another power grab by MS? TalkBack to me below.