Pd has flaked off

Eugen Leitl eugen at leitl.org
Wed May 5 12:06:15 PDT 2004

That nagscab Pd zombie will be back in no time, though. Maybe we could
brainstorm a funky new name for it.


Microsoft Shelves NGSCB Project As NX Moves To Center Stage

After a year of tackling the Windows security nightmare, Microsoft has killed
its Next-Generation Secure Computing Base (NGSCB) project and later this year
plans to detail a revised security plan for Longhorn, the next major version
of Windows, company executives said.

On Tuesday, Microsoft executives confirmed that NGSCB will be canned. The
project, dreamed up with Intel in 2002, was once code-named Palladium.

"We're evaluating how these NGSCB capabilities should be integrated into
Longhorn, but we don't know exactly how it'll be manifested. A lot of
decisions have yet to be made," said Mario Juarez, product manager in
Microsoft's Security and Technology Business Unit. "We're going to come out
later this year with a complete story."

Juarez said the project is being shelved because customers and ISV partners
didn't want to rewrite their applications using the NGSCB API set.

Though Microsoft plans to use the NGSCB "compartmentalizing" technology in
future versions of Windows, the company is moving swiftly to support No
Execute (NX) security technology in newer AMD and Intel processors. NX
reduces memory buffer overruns that many hackers exploit to insert malicious
code into Windows and allows developers to mark pages as nonexecutable.

"Two years ago, we went public with something that was very, very far off in
the future," Juarez said, noting that customer and ISV feedback and
faster-than-expected chip security advancements led Microsoft back to the
drawing board. "There's no tie between [NGSCB] and NX, but it is reflective
of innovations in hardware we hadn't foreseen."

At WinHEC 2004, for example, Microsoft product managers said Windows XP
Service Pack 2 and Windows Server 2003 Service Pack 1 will exploit AMD's
Enhanced Virus Protection or NX technology for 32-bit applications.

Microsoft's 64-bit Windows XP and Windows Server 2003 for Extended Systems
will also support the NX feature in Intel Itanium processors for clients due
out in the second half. In addition, Microsoft will continue to support
Intel's LaGrande security architecture, Juarez said.

ISVs will have the flexibility to "NX-enable" their applications, said
Richard Brunner, AMD Fellow and software architect, who presented the
technology at WinHec 2004. "No Execute can be selectively disabled for a
particular application," Brunner said. NX is one of several new hardware
technologies that will be supported by Windows XP SP2, including iSCSI and
Serial ATA.

The NGSCB code won't be updated in the enhanced Longhorn developer's preview
update, due out later this week, but in the future it will be used in some
capacity, Juarez said. "The investment is high in this," he added. "It's in
an important realm."

Microsoft announced the NGSCB plans for Longhorn at WinHEC 2003 and released
NGSCB code in the Longhorn Developer Preview software development kit last
fall at the Redmond, Wash.-based company's Professional Developers

Eugen* Leitl <a href="http://leitl.org">leitl</a>
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]

More information about the cypherpunks-legacy mailing list