With the struggles that Microsoft has had in the software world, are we really ready to start trusting them with hardware security?
Four years ago, Microsoft laid out an ambitious plan for building an NGSCB (Next-Generation Secure Computing Base). NGSCB was to be a trusted computing environment extending from motherboard-embedded security chips, through the Windows kernel and out to the application windows and input peripherals with which users interact with the system. As a major player in the server space, Microsoft should offer the sort of mandatory access controls we’re beginning to see in Linux and Solaris. For now, though, the bulk of Microsoft’s privilege management is centered on the desktop.
* Reduced rights for Internet Explorer IE doesn’t require all the rights of a limited user, let alone an administrative one, to do the work of rendering Web pages. In Vista, IE will run by default with less privilege rope with which to hang itself (and the system as a whole).
* A Vista for nonadmins Perhaps it’s silly to worry about limiting applications to the fewest privileges they require when, according to Microsoft officials, the difficulty of run-ning current Windows versions with appropriately limited rights leads about 80 percent of business users to run as admins—a management gap that Vista should help patch.
* Virtualized system file stores If you can’t control exactly what a particular application is allowed to do, you can at least issue it a safer sandbox in which to run. Vista will let applications that want to run as administrators modify system files and registry keys, but do so in a branched-off, virtualized area.
* Still hankering for NGSCB? Microsoft’s NGSCB developers are now called the System Integrity Team, and they have a blog at blogs.msdn.com/si_team/default.aspx. Source: eWeek