Lets take a look at NGSCB shall we: http://www.microsoft.com/technet/security/news/ngs cb.mspx "Strong process isolation. Users can wall off and hide pages of main memory so that each nexus-aware application can be assured that it is not modified or observed by any other application or even the operating system." Once again, relying on a hardware function of a CPU, to cover their ass. "Sealed storage. Information can be stored in such a way that only the application from which data is saved (or a trusted designated application or entity) can open it. With sealed storage, a nexus-aware application or module can mandate that the information be accessible only to itself or to a set of other trusted components that can be identified in a cryptographically secure manner." Do you get this? you use the 'trusted' program, say oooh MS Office TCI, your cannot open or view it, without using that program, and only that program or another that Microsoft designates as 'Trusted' Do you think they will certify open office? or sun office? I think not Locking your data into their formats, and accessible only at THEIR discretion. "Secure path to and from the user. Secure channels allow data to move safely from the keyboard/mouse to nexus-aware applications, and for data to move from nexus-aware applications to a region of the screen." Wow, a 'secure path' means 'You can only view/interact with this data in the manner WE dictate, and any usage we do not EXPLICITY 'permit', by default will be prevented. (no more feeding that DVD out via S-video to your VCR, you think macrovision is a PITA..... RIAA's wet dream. Or how about: "NGSCB is being designed so that a Windows-based PC with the requisite hardware will be able to run different nexuses, although only one nexus at a time will be able to run on a machine. Anyone can write a nexus (licensing issues will be involved and licensing terms have not yet been announced). The user always has the ultimate authority over what nexuses are allowed to run." 'licensing issues' eh? CLOSING STANDARDS And take a look, even MS is trying to pollute TPM 1.2, since NGSCB will be: Q: I have heard that NGSCB will force people to run only Microsoft-approved software. A: This is simply not true. The nexus-aware security chip (the SSC) and other NGSCB features are not involved in the boot process of the operating system or in its decision to load an application that does not use the nexus. Because the nexus is not involved in the boot process, it cannot block an operating system or drivers or any nexus-unaware PC application from running. Only the user decides what nexus-aware applications get to run. [Anyone can write an application to take advantage of new APIs that call to the nexus and related components without notifying Microsoft or getting Microsoft's approval.] Did you catch this? [] ? How can 'anyone' write an application, when the standards and specifications are subject to MS's whim on who and how to license it? "It will be possible, of course, to write applications that require access to nexus-aware services in order to run." In otherwords, Office and all applications we license the use our standards, which will be made nexus-aware (ostensibly to prevent piracy) but will require us to 'call home' in order to use it. What about: Q: Is NGSCB Microsoft's implementation of the TCG or TCPA specifications? A: No, NGSCB is not an implementation of the existing specifications developed by TCPA or TCG. The upcoming version of the trusted platform module (TPM 1.2) is expected to work as the security support component in the NGSCB architecture. and Q: In what ways do TCG and the NGSCB architecture differ, and what do they have in common? A: The NGSCB architecture encompasses a much broader set of functionality than TCG, but both efforts are designed to enable a more secure and trustworthy computing platform. [This is embrace and extend, even when its supposed to be 'Trustworthy' - Authenticated booting of nexus This is 'call home or dont run' Q: Will other software products still run on machines with the TPM? A: Yes. If the software runs on systems today, it is very likely that it will continue to run on systems with a TPM. Hahah, they already say XP SP2 may 'break' existing applications, and they cover their ass 'its very likely it will continue to run' For the first few years, possibly, but once the claws are in, MS's behavior is well documented. Q: Which versions of TPM are available, which are planned, and how will they support NGSCB architecture? A: The current version of TPM is 1.1 and is available from three sources: Atmel Corp., Infineon Technologies AG and National Semiconductor Corp. Additional vendors are developing future versions. It is important to note that the TPM 1.1 will support TCG functions defined today; however, systems built with these parts will not support NGSCB. In otherwords: You have to buy a computer with a hardware chip that says what you CAN and CANT run, in order to get the 'advantages' of this NGSCB. Can anyone say 'forced upgrade' do you think if the DoD or something were to move to this hardware, that ANY contractor working with them would have a choice? Of course not. My fav: Microsoft is actively working within TCG to define a new version of the TPM specification that will meet NGSCB requirements and provide a superset of the current TCG requirements. Microsoft is avtively working against TCG to corrupt the newest version of the TPM specification that will be what WE want, and provide us with the ability to embrace and extend, thereby making interoperability with NON-MS versions as difficult as possible, and we will hold our specifications to our chest (unless you have big pockets) so as to prevent any NON-MS implementations from gaining ground. Picking 'Trustworthy' computing was the worst mistake you made Anonymous Coward, I may hate MS a lot, but the idea of someone else dictating what I do/dont do with *MY* computer, really raises my hackles. You cannot win the argument, MS is fucking with everyone on this, why do you think they change the name of it every few months? TO CONFUSE the issue, and SLOW organized protest of its adoption. And you know what, Intel found that out with Processor serial #'s, remember that? supposed to be security, but everyone saw it for what it could be, an extreme invasion of privacy, and Intel backed down. It doesnt matter what company comes out with 'Trustworthy' computers, their usage in classified, or enviroments where security is a prime concern, FINE, but MS would have us *ALL* buy 'Trusted' computers, because you know once they get a certain % of the users out there 'switched' via GIVING them away to 'seed' the market, they will start introducing Trusted/Non-trusted computer incompatibilities, and telling developers 'If you want access to our source/API's you have to code for this hardware, no more non-NGSCB runnable applications!' They have done it before, I could lay out the little cartoon footprints on the floor, they have to learn a new dance.