Legendary insecurity

In his epic poems about ancient Greece, the poet Homer vividly captured the spirit of war — the endless battles, the manipulative leaders, the constantly changing strategies. If he were alive now, he’d find a welcome home at Microsoft.

The software company recently took its inspiration

directly from The Iliad and the Odyssey when it announced the code name for its “”trustworthy computing”” project: Palladium. Apart from knowing that it will involve some combination of hardware and software, the name Palladium is really all we have to go on. Microsoft based it on the Greek goddess of wisdom. Legend says she protected the city of Troy from danger. That’s right: Troy, the city whose only claim to fame was its capture through the clever placement of a large wooden horse. Microsoft could only have made users feel less secure if they created a logo using an image of the helm from the Titanic.

The layers of irony in Palladium only deepen when you explore the name further. Greek legends say her statue fell from sky, directly from Heaven. Microsoft could only wish for such divine intervention after a series of hacker and denial-of-service attacks showed just how vulnerable its IIS is. Palladium was said to keep Troy safe as long as it stood protected, but readers of Ovid and other poets will know the statue was stolen by at least half a dozen characters in Greek mythology. Palladium did not represent security, but served as a symbol of just how insecure something as priceless as the statue could be. Today, that statue would be an enterprise database.

These factoids become more telling when you consider how important the Palladium project is to Microsoft’s reputation in the marketplace. The strategy is in response to a memo Bill Gates issued (and which was subsequently leaked), which advocated better privacy management within software and minimizing downtime, among other areas. Palladium, according to an article posted on the Microsoft Web site, would put these principles into action by encrypting keystroke or video-display signals carried over wires, as well as boosting authentication in software.

All worthy goals, but other Microsoft-related documents don’t carry the same kind of diligence to keep users’ best interests in mind. Take the End User Licence Agreement that users confront when they download a patch from the TechNet site to fix security holes in Windows Media Player:

“”You agree that in order to protect the integrity of content and software protected by digital rights management (‘Secure Content’), Microsoft may provide security related updates to the OS Components that will be automatically downloaded onto your computer. These security related updates may disable your ability to copy and/or play Secure Content and use other software on your computer. If we provide such a security update, we will use reasonable efforts to post notices on a web site explaining the update.””

The key phrase here is “”reasonable efforts,”” which means Microsoft could legally install code without users being aware. This is not something that builds trust, and it just goes to show that the elements of trust concern policies as much as technology. Polices and practices have tripped Microsoft up before, through statements that have enraged users and brought on antitrust trials. Palladium may represent an opportunity to make amends, but the company would do well to remember that each time you put your foot in your mouth, your Achille’s heel may be exposed as well.

sschick@itbusiness.ca

Share on LinkedIn Share with Google+