I'm with Mark and Todd.
If  "WE" don't have a choice in the way we make our own systems secure 
we will not have a choice of the vendor who supplies us with the 
software.  I see this as a way for M$ to manipulate the market, they may 
not own the company making the hardware security solution. But the 
investment in the company may be large enough to force ideas in to the 
microcode.

If they want a hardware solution why not use a dongle on a USB port, not 
a chip on the mother board. This way the security chip can follow the 
person who needs or wants it. Blanket solutions never seam to work as 
planned and tend to get in the way for people who don't need them.

Just a thought...

Sam.

Todd Young wrote:

> I'm with Mark on this one. I don't trust Micro$oft, so why sould I 
> trust their "standard" of Secure Computing. I personally believe that 
> this is just a way for Microsoft to "control" the computing market. 
> They can then "enforce" their proprietary standards and the rest of 
> the software world gets shut out, then their prices start climbing 
> upward.
>
> They may sound innocent now, but I believe they have hidden motives, 
> profit driven motives, not security motives.
>
> Mark Browne wrote:
>
>> I have a problem when the proposed standard hardware configuration will
>> *only* run software that has been signed by Microsoft, or a an authority
>> *recognized* by Microsoft.
>>
>> Period.
>>
>> This would imply that there would be some process where any software
>> written, say open source - including any OS such as Linux, has to be 
>> signed
>> before it will run on your computer. What I have read suggests that the
>> protection would be fairly comprehensive.  If the hardware protection 
>> is to
>> have any validity is should not be possible to make software that will
>> bypass security at home - or there would not be much point in having the
>> security in the first place.
>>
>> The possibility for Microsoft mischief boggles the imagination. As it is
>> now, getting things signed is enough to drive a sane person around 
>> the bend.
>> Imagine having to do this for every compile you make. Ask anybody who 
>> has to
>> work with Verisign on a regular basis - does "Security set you free"?
>>
>> Go a step further and imagine this mess intruding into every aspect of
>> program creation; every little home coder having to get permission 
>> from a
>> central body before their program will be allowed to run on the 
>> "standard"
>> computer. You see, if unauthorized software can be signed then we are 
>> right
>> back to where we are now; viruses can still be written and 
>> distributed. I
>> image that there would be some fairly restrictive policies put in 
>> place to
>> control who can be a developer - perhaps some sort of government 
>> licensing
>> or certification. Double plus ungood.
>>
>> At the risk of repeating myself: Beware of the Secure Computing 
>> Initiative!
>>
>> Mark Browne
>

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list