The faq (see attached) claims that "anyone can write a nexus" and that "users control which nexus(s) run". I certainly didn't see anything that suggests that anyone can force you to run arbitrary code, regardless of who has signed it. I also find it absurd to worry about what code Microsoft is running on your system. If you are running their operating system, you are already running arbitrary code from them. If you install a security or functional patch, you are running arbitrary code from them. How would this be different? My only real concern is that once this becomes widespread, having the correct "nexus" + DRM software installed will be the only way to get play digital media. I have a feeling I won't be playing any of that content from the MythTv box in my living room... AdamL -- http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/... Q: What is the "nexus" component of NGSCB? A: The nexus is a new Windows OS component that will be introduced as part of NGSCB. The nexus, what we used to refer to as a "nub" or "trusted operating root," is essentially the kernel of an isolated software stack that runs alongside the existing software stack. The nexus provides a limited set of APIs and services for applications, including sealed storage and attestation functions. Think of nexus-aware applications as residing in the user mode space of the parallel execution environment and the nexus as residing in the kernel mode space. Anyone can write a nexus for use with nexus-aware systems. The user always has the ultimate authority over what nexuses are allowed to run. Only one nexus at a time will be able to run on a machine. Q: What is the privacy model associated with NGSCB? A: The user is always in control of whether or not nexus-aware technology is enabled on his or her PC and what nexuses have access to specific functions. The technology being developed as part of NGSCB provides a fine-grained access control model that allows users to specify (by hash) whether an individual nexus has the right to invoke a specific security operation. In addition, SSC functions that reveal potentially machine-identifying information, such as the RSA public key, can only be performed once per SSC reset (and the SSC cannot be reset from software; you have to power-cycle the PC). -- Adam Lydick <adam.lydick@verizon.net>