25 June 2002 Microsoft has unveiled plans for a new security architecture called Palladium, which it intends to push as an open standard. Palladium is in part an attempt by Microsoft to improve its credibility as a provider of secure and open technology. However, there are strong doubts over whether Palladium will even work.
Described by some as a “virtual vault”, the Palladium architecture enables PC users to store all their personal data such as banking and medical details in a specially encrypted area of their desktop PC. It will also include a security layer forcing users to identify themselves to the PC and will be able to stop viruses and worms by not running unauthorised programs, claims Microsoft.
The main drawback of all of this is that most of the technology will be implemented in a new architecture of PC hardware that users will have to upgrade to. To develop the hardware, Microsoft will work with semiconductor companies Intel and Advanced Micro Devices. However, Palladium will only be effective if there is widespread adoption and the need for hardware upgrades will slow that process down.
In addition to the cost of upgrading, there are several other factors that will make users wary of Palladium, say analysts. “The way that this is built will have a tremendous impact on privacy,” Alan Davidson, associate director for the Center for Democracy and Technology think tank, told CNET. For example, because each PC must identify its specific user on a network, film, music and software publishers can track usage to such a level that it may infringe on privacy.
Moreover, there are also questions regarding portability, such as, how do users backup and remove their personal details from one PC to another in case of a disaster or computer failure?
Microsoft admits that there are still holes in the specifications for Palladium, but says that the project is still in its earliest planning stages. The first Palladium products will not be released for another 18 months at the earliest.
The plans are also reminiscent of the Trusted Computing Platform Alliance initiative, an alliance of computer companies that have been bidding to make a more secure PC platform, but whose blueprints have so far been shunned by PC vendors.