Trusted Computing Not So Trustworthy

from the but-of-course... dept

As pretty much anyone in computer security recognizes, any bit of "secure" computing is only secure for a limited period of time. Eventually, the security will be cracked. Yet, we still keep hearing about expectations for some new technologies to solve all our security problems. For example, we've been hearing for years about the wonders of "trusted computing," which basically gets mocked every time some company tries to roll it out (which is why it's gone through five or six name changes over the years). The latest news is that Intel's implementation of a trusted computing offering, called Trusted Execution Technology, has security vulnerabilities that allow it to be circumvented. In other words, it's not trustworthy, nor secure. Of course, it's not widely used, either, so it's not a big deal. But, once again, there is no magic bullet for security that solves all security problems.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Marvin, Jan 7th, 2009 @ 8:24pm

    Whose security are they attempting to protect ?

    Secure Computing - that's funny

    This is just another in a series of sad excuses for taking away any remaining rights you thought you still had.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Caleb, Jan 7th, 2009 @ 9:01pm

    Here's one way of easy way of secure computing:

    Wait for the computer to pass the turning test - then you know you shouldn't even care!

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Zaphod, Jan 7th, 2009 @ 9:55pm

    How to make a computer truely secure.

    Step 1. Turn it off.
    Step 2. Mix 10 bags of reddi-mix concrete with water.
    Step 3. Place computer in bottom of form sitting on a slab of concrete 2 inches thick.
    Step 4. Pour reddi-mix.
    Step 5. Wait 24 hours.

    You now have a secure computer!

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Zaphod, Jan 7th, 2009 @ 9:57pm

    How to make a computer truely secure. (ammendum)

    OH I FORGOT!

    The alternative!

    Step 1. Give it to me.
    Step 2. Forget it ever existed.

    Muhahahaha!

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    James, Jan 7th, 2009 @ 11:34pm

    Re: How to make a computer truely secure.

    Already hacked your compu-sarcophagus: Better make sure the base slab has some rebar sticking up for the new concrete to grab onto, or someone might be able to pry it apart unnoticed. :-p

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Jan 8th, 2009 @ 2:44am

    None of these suggestions allow true security. I've found one way over the years to make all your computing truly secure:

    Never touch a computer.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Duane, Jan 8th, 2009 @ 3:40am

    Security My A$$

    None of these products has ever really had much to do with "security", except in the same usage as "security blanket". They make someone feel more secure, whether it's the owner of the machine, some programmer somewhere whose code can't be used except in the limited, inflexible way they envisioned when they wrote it, or an ??AA exec who now figures he can sell us a license to the same content once for each device we own which is capable of playing it.

    As for the end user, the only use case that I have heard of in real life involves using these kinds of security modules as part of a whole-drive encryption scheme. Which sounds good, but I dislike the fact that the encryption happens inside a black box, where the actual cipher key is not known (and is not supposed to be knowable) to the end user. To me, that just means that I would need to keep a separate (encrypted) copy of anything and everything on the drive, since I have no way to recover the data should the trust module experience an operational failure. Good backups are of course a part of overall data security as well, but the 'black box' aspect of how these systems work gives me, a certified information security professional, less confidence rather than more in the system as a whole.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Techflaws.org, Jan 8th, 2009 @ 4:31am

    Re: Whose security are they attempting to protect ?

    See for yourself: http://www.lafkon.net/tc/

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    TDR, Jan 8th, 2009 @ 5:32am

    Trusted computing = treacherous computing. Basically, trusted computing/Palladium/whatever you want to call it is a way for the manufacturer (ie MS in most cases) to have control over what can and can't go on your computer and what you can do with it. The computer is built in with a key - more like an encryption code - that only the manufacturer/OS maker can decrypt. And it's not accessible to the user. Vista is notorious for this. This allows for forced updates, deletion of undesired content, remote shutdowns, and more. There are signs that Apple may be following suit soon, if it hasn't already.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Jan 8th, 2009 @ 5:51am

    Trusted Computing == Oxymoron

    Trusted Computing - what it really means:
    The TC proponents want your computing to be trusted to not do anything with their content that you have not paid for. It's that simple, but as always, you have to ask - What could possibly go wrong ?

    Any way you look at it, this attempt is doomed to failure.

    Oh, and one more thing. There is one more piece to the puzzle which Pinky and the Brain need in order to take over the world. They need to outlaw any platform that does not meet their specifications.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    Adam (profile), Jan 8th, 2009 @ 7:28am

    "Trusted" Computing

    Securing a computer is akin to loading your valuables into a safe. Given time and opportunity, the safe can be opened by a crook.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Jan 8th, 2009 @ 7:51am

    Real Security

    Unique OS that can read common file types (document, spreadsheet, etc), but can't execute common executable file types. Malware simply can't exist on the system unless it is specifically written for it

    Then have 0 internet access and put it in a secure room since physical security isn't usually a problem if it is implemented correctly. You could combine IR, Audible, and laser intruder detection then have a hard 30 minute boot up time. All this inside a continuously occupied building with armed security.

    Then all you have to worry about is someone faking the credentials to get into the computer room and not being found out for 30 minutes. And that shouldn't be too hard to accomplish.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Neverhood, Jan 8th, 2009 @ 9:01am

    Computer security will never be secure in a consumer market

    There will never be a truly secure system for the consumer market, because the fact is that computer security is expensive and troublesome to implement in a system, and consumers don't want to pay for it.

    There will always be smart competitors who sell systems equally good, but without the security and at a lower price, and consumers will choose that product.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    nasch, Jan 8th, 2009 @ 9:58am

    Re: "Trusted" Computing

    Yes, but it's possible (easy actually) to make a digital safe that will take the crooks decades to break open.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    nasch, Jan 8th, 2009 @ 10:00am

    Re: Real Security

    As we know from Mission: Impossible, you also have to make sure the building doesn't have fire alarms. If it burns down, so be it - as long as the computer is destroyed along with everything else. Maybe a massive thermite charge packed around the computer so that if the room catches fire you can be sure everything's destroyed.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Jan 27th, 2009 @ 10:28am

    Smart comment with the mention of consumer security. Trusted computing isn't about consumer security, it's about enterprise protection. No enterprise security professional believes in truly perfect security, they simply want to lock down as many strong layers of security as possible, and most of all -- keep the end users from messing with the system, where most of the compromise hits. That's why trusted computing is almost entirely on enterpise-class machines build for business use, rather than the consumer machines.

    Not perfect, as no security technology ever will be. But these are the steps needed to protect in an enterprise environment, heavily regulated industry, etc. For folks worried about DRM, understandable concern but there will ALWAYS be options without embedded hardware encryption to choose for personal use, so take an extra look at what you're buying before you purchase a new laptop, etc.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This