Email exchange between Stephen Hinkle and NGSCB Product Team
Date: Mon, 3 Nov 2003 07:00:35 -0800
From: Next Generation Secure Comp. Base
To: Stephen Hinkle
Subject: RE: NGSCB Questions
Hello Stephen. Thanks for your mail. There is a great deal of misunderstanding around NGSCB and we appreciate the opportunity to clarify these issues for you. See answers inline.
-- The NGSCB Product Team
From: Stephen Hinkle
Sent: Sunday, November 02, 2003 1:19 AM
To: Next Generation Secure Comp. Base
Subject: NGSCB Questions
I have some questions about the Next Generation Secure Computing Base, and try to understand it from a consumers side, and the impact of this for consumers:
- Can an NGSCB computer run applications made for standard PCs of
- Absolutely. The advent of NGSCB does not mean the obsolescence of anything in Windows. Today's applications and devices will continue to work on NGSCB PCs, with a very few esoteric exceptions (e.g., some debuggers may need to be updated to work in the NGSCB environment, but they can still work). To take advantage of NGSCB features, new software must be written to NGSCB APIs.
- Can a freeware or shareware application run on an NGSCB computer, or
will NCSCB computers only run commercial apps that have been registered
with a trust authority?
- Any software will work on an NGSCB computer. Anyone can write a program that uses NGSCB features, and if you as the user say that a program is OK to run, it can run. This is similar to the way software on Windows works today. Someone may offer a program that involves certification or registration with a third party to enhance privacy or application integrity, but it would always be your choice whether you want to buy into such a program. Nothing is forced on you.
- Can a NGSCB computer run a non-windows operating system such as Linux,
FreeBSD, Lindows, or the like?
- Yes. A nexus-enabled PC will be able to run compatible operating systems and software from different vendors, just as current PCs now can. Today, operating system choice is made by the PC manufacturer and the customer, not by Microsoft. This will not change. NGSCB hardware will continue to run any OS: the OS-loading portions of the BIOS will not be affected by NGSCB. Likewise, in addition to Microsoft products, a user will be able to choose to run software from third-party ISVs and take advantage of NGSCB hardware.
Will it be possible to back up a users entire hard disk, plus internal
hardware key, in case of hard disk and/or hardware failure? Will
imaging software such as Ghost work, such as that for computer labs?
- Migration is a critical issue for many obvious reasons (including the ones you list). NGSCB will include features and services to enable migration and backup. Note that this can (and absolutely should) be done without forcing local hardware keys to be pulled and included in the migration. You really want to keep those keys secure, for a lot of reasons. We are not yet at the point in the development cycle where we can discuss specific product interop issues, but given the enterprise focus of NGSCB version 1, we know we need to work well with the leading solutions.
Can an NGSCB computer play non-DRMed music and video? For example,
non-encrypted MP3 files, OGG Vorbis Files, or MPEG1 files that are user
- Certainly. NGSCB will not prevent you from running any program or file type you like.
Can P2P music sharing software such as KaZaa, Grokster, or LimeWire
run on NGSCB PCs?
- Of course. NGSCB won't impair your ability to do the things you want or run the programs and files you want to run on your computer.
Will a user be able to transfer his/her created files from one
computer to another via removable media (such as CD-R, DVD-R, Zip, Memory
Stick, Floppy, etc)? What about from a NGSCB computer to a standard
- NGSCB will have no impact on what happens in the regular Windows mode. So you will be able to transfer files between machines as always. It is conceivable that someone, for some esoteric reason, might build an NGSCB application that would require a certain file to be opened on a certain machine only. Its really up to the developer. As with Windows today, NGSCB will just be security platform technology that will be made available to anyone who wants to write programs for it. However, if a file depends on NGSCB features in order to open or run, it will not work on a computer that does not have the requisite hardware and NGSCB software.
Will the NGSCB computers give publishers remote access to delete or
disable content on one's computer?
- Heavens no! NGSCB will not enable the ability to remotely scan and delete files, and no third party will have any inherent control over programs executing on an NGSCB PC. Note that if you wanted to today, you could install a program in Windows that would let a third-party scan your hard drive. But you would choose to do it -- it would never be forced on you. That does not change with NGSCB. As the machine owner, you will always be in complete control of the computer.
Can a user compile a program of his/her own using Visual Studio, GCC,
or other compilers on a NGSCB computer? Can the user legally distribute
the program or source to other computer users?
- Well, yeah. Why wouldn't someone be able to do this? What does it have to do with NGSCB? If you're asking whether NGSCB will stop any of this, the answer is a firm and unequivocal NO. The things you list are happening in regular Windows mode, which will not be affected by NGSCB.
Will current perhiperal devices such as Scanners, Printers, External
Drives, etc work on NGSCB computers such as those using USB, Firewire,
Serial, Parallel, PS/2, and other ports?
- NGSCB requires some design changes to the USB input system and the graphics processing unit, to enable a secure path to and from the keyboard input and screen output. Otherwise, everything works the same as with regular Windows.
Can the NGSCB lock a computer user out of a portion of his/her PC in
some cases (such as prevent a user from changing certain files or
modifiying code)? Does it give software developers the right to do so,
which the owner cannot change or override?
- Let us be clear: Nothing happens with NGSCB that you do not explicitly allow. If somebody makes a program that prevents you from changing files or modifying code, you always have the choice to NOT purchase and use that program. But NGSCB will not impose any program or feature that will force you to cede control of your PC to a third party.
Can an open source developer write code that uses NGSCB's security
features and release his/her code under a public license such as the GNU
- It's no different than Windows today. You will be able to write an app that calls an NGSCB API and then put it into the GPL.
all contents © 1995-2004 d. mayo-wells except where otherwise noted.