Digg it
Twitter
Imagine the nightmare your company would face if one of its computer hard drives landed in the hands of a competitor. It’s a situation that Feisal Hurzook has been thinking about recently.
Hurzook is the chief technical officer of Archronix Corp., a Toronto tech design and integration firm specializing in control systems. He said some of his company’s clients — corporations and political groups for whom data security is paramount — have found themselves in awkward spots when such things befell them.
“We have clients in very sensitive situations that have stumbled over that issue,” he said, explaining that some Archronix customers have come close to essentially handing important information over to the competition because they didn’t wipe old hard drives before putting the disks out to pasture.
Once a competitor has sensitive company details in hand, “it’s hard (for the firm that created the information) to backpedal out of it,” Hurzook said.
That’s why Hurzook’s ears perked up when Microsoft Corp.’s reps described “Secure Startup” at WinHEC, a conference for hardware developers, held in Seattle late last month. He was there when the software giant’s executives explained how Secure Startup – part of Microsoft’s ensuing “Longhorn” operating system – would foil people trying to access data that doesn’t belong to them.
Secure Startup locks info away from prying eyes when hackers come calling on a hard drive, according to Microsoft. The application uses a Static Root of Trust measurement (SRTM) and Platform Configuration Registers (PCRs) ensconced in a hardware component, the Trusted Platform Module, to decide who gets to see what data on the disk.
A computer armed with Secure Startup would scrutinize the SRTM that the operating system creates during the boot process, and compare it to the static PCRs. If the SRTM matches what’s in the PCRs, the computer offers access to files and documents saved to the PC. If the SRTM doesn’t match the PCRs — as would happen if someone were using a hacker tool to scan the hard drive — the PC would offer no access.
Stacy Stonich, a Microsoft program manager, demonstrated Secure Startup’s capabilities at WinHEC. She had two PCs at her disposal, each representing a stolen laptop. One had Secure Startup. The other didn’t. Stonich used a hacker tool on the unprotected machine, while a colleague used a hacker tool on the Secure Startup box.
Stonich’s machine offered up 33,000 files, one of which happened to be a document describing the inevitable bankruptcy of the imaginary firm that owned the computer. “I could sell this to the Wall Street Journal,” she said. Her colleague’s hacker tool found not one file on the Secure Startup-protected computer. His view field showed nonsense — useless characters indicating serious data encryption.
Hurzook seemed impressed by what Microsoft had to say about Longhorn’s security features. He pointed out that his clients are keen on reliability and security. Secure Startup could help them keep data safe in the future.
Longhorn spotlighted
Secure Startup isn’t the only Longhorn feature that Microsoft talked about at WinHEC. While the software company didn’t unveil all of the details of this much-anticipated predecessor to Windows XP, it touched on the highlights, including:
• anti-malware functionality that bakes protection against Trojans and viruses right into the OS. It closes a hole left open between boot and protective application start-up — a short time during which the PC is vulnerable. Today, malware creators could exploit that gap, according to Elliot Katz, Microsoft Canada’s Co.’s product manager, Windows client. He said the built-in Longhorn anti-malware should help keep data locked down.
• new user privileges that let computer operators add printers and software in the “user” rather than the “administrator” mode. Users need administrative functions to perform simple tasks on Microsoft machines today, Katz said, pointing out that the administrator mode also gives users access to program files in the OS that most users shouldn’t be allowed to touch. Longhorn aims to close the door on inadvertent file-system amendments and, at the same time, make “user” functionality worthwhile.
• a new graphical user interface (GUI) with animated windows and improved resolution for on-screen images.
icon.
