Dell to Add Security Chip to PCs

[Dan Kaminsky]

>The best that can happen with TCPA is pretty good -
>it could stop a lot of viruses and malware, for one
>thing.
>
>  
>
No, it can't.  That's the point; it's not like the code running inside 
the sandbox becomes magically exploitproof...it just becomes totally 
opaque to any external auditor.  A black hat takes an exploit, encrypts 
it to the public key exported by the TCPA-compliant environment (think 
about a worm that encrypts itself to each cached public key) and sends 
the newly unauditable structure out.  Sure, the worm can only manipulate 
data inside the sandbox, but when the whole *idea* is to put everything 
valuable inside these safe sandboxes, that's not exactly comforting.

--Dan