Click here to receive your FREE subscription to Campus Technology
Featured News
Trustworthy Computing: Examining Trust
3/11/2008
Security Development Lifecycle. Progress is already being made in these areas, but there is much work still to be done."Trusted Versus Trustworthy: What's the difference?
It was 2002 when Microsoft first co-opted the term "Trustworthy Computing" as catchphrase in its efforts to shore up public trust of its IT market offerings. But Redmond needed a conduit to the consumer and business procurement customer base, people who were in the trenches. This is what led to the formation of the advisory board a year later.
After that the company focused on gathering information to improve its performance in four core areas: security, privacy, reliability and business integrity.
All agree that the initiative both altered and sharpened Redmond's focus within the confines of its internal development paradigm, but it also raised the eyebrows of some questioning its aims.
"First off let me say that it would be unfair to say that there hasn't been progress with this group," said Michael Cherry, an analyst with Directions on Microsoft, an independent think tank tracking Microsoft's strategic endeavors since 1992. "I think the issue is that there's no metric to truly measure security. Security is not a fixed end point and that's the main challenge with Microsoft and its products going forward."
Add to that the fact that Trustworthy Computing can be an ambiguous distinction, different altogether from Trusted Computing. According to the National Security Agency, arguably the biggest, most thorough anti-hacker operation in the world, a software or operating system can be "trustworthy" but not "trusted." On the other hand, it can be deemed "trusted" but not "trustworthy." The exact denotation found on the NSA's Web Site. It says a "trusted system" is one vulnerable to attacks and not foolproof, a system that while secure in some areas can still be compromised by hackers. Conversely, a "trustworthy" processing environment is considered virtually impenetrable and "will not fail."
This is certainly not the case with Microsoft's Vista OS, as 49 percent of respondents in a recent survey by Virus Bulletin said Vista has not made they're system safer. For the remainder of the responses, 26 percent said the OS did make their system safer and more telling, 25 percent didn't know.
In Microsoft's defense, TCAA board member Richard Kammerer of UC Santa Barbara, who has been involved in IT security since 1976, says it's not so much a technology problem as a "crime problem" facing such a large software company.
"Microsoft is in the same boat as other software vendors," he said. "Is there such a thing as one-hundred percent secure? Of course not."
Kammerer went on to say that in the board's work throughout its duration, Microsoft has been very open -- in fact, more than he thought it would be.
"When we ask to see something they usually show it to us. And if we discover something through another channel and ask them about it, they usually show it to us. You can't put a grade on their products after five years; there are too many products to grade."
Recommended Reading
- Yuba Community College District Renews with AT&T for Wireless
Yuba Community College District (YCCD) has contracted with AT&T to provide wireless Internet access to the 11,000 students attending the district's two Northern California colleges, Yuba College in Marysville and Woodland Community College.
- Surveys Raise Doubts on Virtualization Security
Migration to virtualization won't be the quick transition that some technology evangelists have predicted, according to recent surveys by two IT security companies. Nor is virtualization as secure as many might want it to be.
- What Was Your First Pet's Name? Lessons Learned About E-Mail Security
The intrusion last month into Vice Presidential candidate Sarah Palin's e-mail highlighted the frailty of some types of data security measures. What are the lessons for the rest of us?
- Report Casts Doubt on Anti-terrorism Tools
A new report from the National Academy of Sciences, part of which was co-authored by an Indiana University School of Law-Bloomington professor, casts doubt on the effectiveness, lawfulness, and appropriateness of using data-based tools such as data-mining and biometrics to fight terrorism.
- University in South Africa Set To Install Quantum Cryptography on Municipal Network
Physicists at South Africa's University of KwaZulu-Natal are set to install a quantum communication security solution over the eThekwini Municipality fibre-optic network infrastructure in Durban.
- Cedarville U Sets Up SonicWall Firewalls
Cedarville University in southwestern Ohio has implemented SonicWALL firewalls to provide high-speed gateway firewall protection for its 3,000 students.
