On Tue, 22 Oct 2002, Rick Wash wrote:
Hardware-based attacks cannot be redistributed. If I figure out how to hack my system, I can post instructions on the web but it still requires techinical competence on your end if you want to hack your system too.
While this doesn't help a whole lot for a DRM goal (once you get the non-DRM version of the media data, you can redistribute it all you want), it can be very useful for security. It can help to eliminate the 'script kiddie' style of attackers.
Not really. It depends on what they are exploiting. Does every piece of code need to be validated all the time? Once a program is running, does something running in its code space get revalidated or soes it just run? I don't see how paladium stops buffer overflows or heap exploits or format bugs or any of the standard exploits that are in use today. (Not without crippling the entire system for bot the user and the programmer.) It seems to change little for script kiddies if the machines are going to communicate with other systems. (Unless the DRM holders will control who and how you can connect as well. And they just might do that as well...) The perveyors of this also claim it will stop spam and e-mail viruses. They only way it can do that is by making paladium based systems incompatable with every non-DRM machine on the planet. (So much for getting e-mail from your relatives!) The only problem this hardware seems to solve is shackling the user into what data they can see and use. If Microsoft follows their standard coding practices, the script kiddie problem will not go away with this technology. It will probably increase. And it will be illegal to effectivly stop them.