Microsoft already has the technical ability to force every computer in the world to run their software. They have had this ability for years. How? It's simple--force every processor company to build processors that work only with a Microsoft operating system. Or, force every motherboard company to do the same; the technique would work for any critical component.

So, why has it never happened, and why will TCPA and Palladium not make it happen? It is the same reason that StackGuard, FormatGuard, OpenBSD, IIS patches, 32-character passwords, and encrypted email do not protect us. It is the same reason that PKI is damaged.

Technicals ain't everything.

Allowing users to have 32-character passwords is useless if those users only use 8 out of 32 characters, and if those 8 characters are "password." PKI is damaged if companies have incentives to weaken it, rather than to strengthen it. And Microsoft cannot force you to exclusively use their operating systems if they lack the business and legal power to do so.

Bill Gates can call up Craig Barrett and Michael Dell, today, and say, "If you don't stop supporting Linux, I won't sell you any more Windows." And Craig Barrett and Michael Dell can reply, "Okay, we'll stop supporting Linux. But we're also suing you for more than the entire Linux industry is worth. Oh, and hold on while we get the Mew York Times and the DOJ on the other line."

TCPA and Palladium do nothing to alter the business and legal landscape. They will not send Linux and open-source into exile, especially not with this many eyes watching them.

Microsoft is not so stupid as to expect that Palladium will eliminate open-source. That may be a secondary objective, but I doubt that they are betting the farm on it.

As for the technicals, details are currently scarce. Microsoft has said little, and the TCPA specs are not elucidating, either. I'm postponing judgment until I see more hard facts.

Microsoft has neither the money nor the lawyers to force every hardware and software company in the world to eliminate Linux and open-source, but neither do they have any delusions about it.

-AB

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/96/14427#14427