A worrying amount of sensitive enterprise data is falling into the wrong hands because hackers highly skilled in the art of bypassing traditional security measures can easily access such data on lost, stolen and discarded PCs.
If this does not sound like much of a problem, consider the fact that hundreds of thousands of PCs are believed to fall into this category each year.
Microsoft openly admits that current Windows password and encryption methods can be circumvented using recovery software available on the Internet, enabling hackers to access computer disks when the operating system is shutdown or in hibernation.
Microsoft software design engineer Jamie Hunter says up to 50% of discarded computer disks contain confidential information and according to Windows security unit manager Peter Biddle, a large multinational organisation recently admitted it loses an average of one computer laptop a day in taxis of just one US city. This is a reality and naturally a huge concern for business.
Starting securely
Clearly, something has to be done if Windows is to maintain or grow its market share.
Warwick Ashford, technology editor, ITWeb
The next major release of Microsoft`s Windows operating system, code-named Longhorn, incorporates a new, hardware-based security feature called Secure Startup as one of the main security innovations for enterprise Windows editions in an attempt to allay this concern.
Clearly, something has to be done if Windows is to maintain or grow its market share. Unsurprisingly, at a recent Microsoft conference in Seattle, Washington, it was obvious Microsoft is going to great lengths to make Longhorn as attractive to the business world as possible.
Security appears to be the main front chosen by Microsoft to encourage business to remain with or return to the Windows operating system that has long been dogged by security issues.
Despite Microsoft`s bravado about not being concerned about rivalry from Linux, which has a comparatively clean security record, it is likely that the emphasis on security in Longhorn has a lot to do with counteracting the much vaunted superiority of Linux in the security stakes.
Microsoft has rather astutely chosen to focus on data security for the enterprise and more specifically on providing mobile information workers with more data protection when systems are lost, stolen or discarded.
Help from hardware
Although merely one component of Microsoft`s overall security strategy for Longhorn, Secure Startup is probably the most interesting, signalling as it does, a definite step in the direction of greater integration between software and hardware.
Is this perhaps a concession by Microsoft that software alone cannot provide all the answers?
Regardless of the real answer to this question, the fact remains that Microsoft`s answer to easily stolen data is a security feature that is hardware-based and not solely a software solution.
Secure Startup is designed to protect data by preventing unauthorised users from breaking Windows file and system protection on lost or stolen computers. Developers say Secure Startup achieves this by encrypting the entire Windows volume.
With full volume encryption, all user and system files are encrypted, theoretically eliminating the opportunity for hackers to access information stored in hibernation or other temporary files, typically unprotected by standard encryption.
A hardware-based solution removes the encryption key from the hard drive so that the entire Windows partition can be encrypted, including the global system key.
The hardware component of Secure Startup is a Trusted Platform Module (TPM), which is a micro-controller usually attached directly to the motherboard that stores key, password and digital certificates.
Secure Startup is designed to ensure boot integrity, which means that if any of the monitored files are tampered with while the system was offline, the system will not boot and will alert the user.
The keys that unlock the encrypted Windows partition are released from the TPM only once the booting operating system has been validated. In other words, the TPM ensures the software asking for the keys is the same software that stored those keys.
This is aimed at detecting tampering that may have taken place while the operating system was shutdown or ensuring an alternative operating system is not been used.
The full volume encryption protects data while the operating system is shutdown or in hibernation and PC recycling or disposal is made easier because data on an encrypted volume can easily be rendered useless in seconds by deleting the TPM key store.
Secure Startup is certainly an interesting new approach to security in Windows. Let`s hope it proves as effective in the field as it promises to be in theory.
Overall health
Further indication of Microsoft`s commitment to improving things on the security front comes with today`s launch of an internal beta of the planned Windows OneCare service for supplying anti-virus, anti-spyware, firewall protection and PC cleanup tools to Windows users.
The subscription-based service is aimed at providing PC users with a way of ensuring the overall health of their system, with automatic notification of security updates.
Windows OneCare will also feature a live support element that will take the form of e-mail, chat or telephone assistance and will be marketed by Microsoft`s MSN division later this year.
As always, it remains to be seen whether Longhorn will truly deliver on the security front, or whether it will be too little, too late.
Whatever the outcome, it may be argued as a point in Microsoft`s favour that the corporation seems to be making a concerted effort to get real about the shortcomings of Windows, even though if it is successful, the move will undoubtedly translate into continued profitability.
Share