While the security problem will always be, well, a problem, PCs will, in the next three years or so, become inherently more secure, says Gartner analyst Brian Gammage. Unfortunately, this improved security at the hardware level will also likely see an increase in power and influence for Microsoft and Intel.
"Secure personal computing is an oxymoron," says Gammage, who was speaking at the Gartner Symposium held in Cape Town last week. "We are always playing catch up; vulnerabilities need to be exposed before we can manage and cover them. If we do not have the means to identify a virus, we cannot know how our PC is infected, or begin to take action to remove the virus."
The fundamental weakness, he says, is in the operating system. "We wanted them to be the common denominator platform that links everything to everything over the past few years. Our applications share resources, and use the same routes to most standard functions, which means any way ?in" risks giving access to the entire device and, from there, the network."
The key to secure computing, he says, is isolation - you cannot damage what you cannot touch. "PC software can be designed to contain attacks or intrusion in one area," he says, "and this principle lies at the heart of the most promising PC developments, which aim to create trusted execution environments where only trusted code can be run."
Trusted computing?
The first of these developments is the Trusted Computing Group (TCG) (comprising AMD, HP, IBM, Intel, Microsoft, Sony and Sun Microsystems), which aims to define standards for more secure computing. "But," says Gammage, "Microsoft and Intel, more than any other players, determine what goes into a PC, and both have already invested significantly in their own initiatives, which are likely to become the new PC standards. What can the TCG do that these two could not do alone?"
The TCG replaced the Trusted Computing Platform Alliance (TCPA), which produced the Trusted Platform Module (TPM). TPM is a chip that stores passwords and keys to the encrypted algorithms used on a PC. The first of these shipped with IBM Thinkpads in 2002, and have since been shipping on HP and Fujitsu machines. According to Gammage, it is estimated that only 25 percent of TPMs shipped in ThinkPads have ever been switched on.
"Legislation governing encryption obliges vendors to ship notebooks with the TPM switched off. Additionally, TPM implementation is not standard across vendors: IBM and HP use different chips, although this will change when IBM completes its move to Infineon Technologies" device," he says. Limited operating system support for TPM is a further problem. This will change with Windows Vista, however, as Microsoft has embedded support for TPM 1.2 into its next release.
"The broadest exposure to attack or intrusion on PCs is software from one vendor - Microsoft. This is due to Microsoft"s dominance, rather than design," states Gammage.
"The widespread damage caused by the SQL Slammer worm and the MSBlast virus during 2003 highlighted Microsoft"s reliance on security patches, and its failure to address the cultural weakness that results in software product releases that need many patches." It has since made progress in both patch management and security, most visibly in Windows XP Service Pack 2 (SP2).
Gammage says SP2 is a critically important update because it addresses several areas of weakness at once - port-based attacks, attachment attacks and browser (spoofing) attacks, as well as memory attacks. The feature in this last category, data execution prevention (DEP), is strong because it uses hardware support.
NeXt...
"DEP uses a processor switch called No eXecute flag to stop code from running in memory segments assigned to data. This is the method used by buffer overflow worms, like Nimda and Sasser. Windows XP SP2 is the first OS to use the NX feature, but we expect other PC OSs to follow. Additionally, all AMD Athlon64 processors have the flag, and support from Intel is beginning to emerge, although most new Intel-based PCs still use non-NX processors.
"More-secure hardware is coming to PCs," he emphasizes. "Intel"s Virtualization technology (VT, formerly Vanderpool) was formally announced in January, and will be available in mainstream PC processors during the second half of this year. VT defines four new privilege levels at which code can be run, making it possible to run code with higher levels of privilege than the OS, so the OS will not necessarily have full access. This enables the creation of boundaries around software layers, or around different partitions: Code running at a lower privilege level cannot access resources managed at a higher level of privilege. AMD"s Pacifica technology will provide similar functionality, although through a different (intercept-based) mechanism."
Intel"s LeGrande technology, which has been available for some time, reportedly enables a protected execution environment, using the new privilege levels defined by VT.
Core isolation
"By 2008, we will see PC hardware, operating systems and applications designed to isolate core system functions, making them more secure from attack or intrusion," says Gammage.
"Longhorn/Vista will enable trusted execution through the Next-Generation Secure Computing Base (NGSCB, formerly Palladium), capable of creating a trusted partition that runs alongside the main OS. This partition is managed by a component called the Nexus, which uses hardware to physically isolate the partition. NGSCB will require hardware support in processors and chipsets, which will be initially provided by Intel"s LT.
"We expect to see compatibility issues with legacy applications, however, and," he cautions, "by defining a trusted environment, what is left is (by default) an untrusted environment. Few application loads will reside entirely in the trusted environment, which means they will be partially untrusted."
"Despite these issues, we regard NGSCB as a fundamentally sound approach that can deliver a trusted environment that should provide a precursor for other components required for a secured environment. As these become available, PC-based computing will finally become more secure by design," Gammage says.
But, he warns: "There are broader implications of moving toward more-secure personal computing. If security is predicated on standardization, then those who influence standards will ultimately have more control.
"PC standards only exist with full support from Intel and Microsoft, and, 100 percent compatibility with standards means less scope for vendor and product differentiation. This means that making PCs more inherently secure will mean more influence for Intel and Microsoft," he concludes.