.
Increasing The Visibility and Importance of the TPM
January 18th, 2008 by Rob Enderle
http://www.trustedcomputinggroup.org/blog/
No one cares about something that isn’t visible. My AV product reports just how secure I am and Windows Vista has a feature that also scans and looks for things like the firewall and AV offerings and flags whether or not I’m safe but neither looks for the TPM. Most folks I work with don’t even know if their PC has a TPM and I doubt many care. Yet I honestly believe that the TPM is the single most important commonly overlooked tool in the industry today.
With the emergance of Risk Management Officers the ability to get visiblity behind the use of the TPM now that most have purchased has never been greater but someone has to do that work.
.
.
Why TPM Scanning Should Be In Comprehensive Security Offerings
The TPM is a critical part of any desktop/mobile security solution because it assures the integrity of the system. Given that many of the attacks we are now seeing have to do with using techniques to connect trusted systems to untrustworthy systems the TPM may be the most underappreciated, and underutilized, security technology while at the same time that it is becoming the most critical.
Commercial security monitoring products that can assess the state of the TPM should be favored over those that don’t, everything else being equal, simply because they would provide a more complete view of just how secure the related desktop is.
AV companies are in constant competition and given TPMs are in most commercial shipping notebooks the ability to report on them both to increase the security of the platform and the value of the hardware already purchased should provide these firms another way to draw customers to their offerings as well.
I also think given how often AV products need to be updated and how problematic it would be if someone compromised that process and actually used an AV product as a way to put Viruses or other malware into PCs that it might be wise to actually make use of the TPM for these updates and go that extra yard to ensure this process is never compromised.
I can think of nothing that would do the AV market more damage than if an AV product became compromised and we’ve already had at least one Rootkit like scare with an AV offering.
Given both Linux and the MacOS seem to be avoiding AV products all together at this point it wouldn’t take much to convince the market that AV products are an unneeded redundancy if they were seen as a problem. Currently, on the consumer side, they are often lumped into the category of “Crapware” anyway and should this trend spread the segment could collapse.
.
.
Microsoft is Critical
Currently Microsoft represents the biggest threat to the status quo for the AV industry. Windows users want Microsoft to supply this service because they believe the company can do so without the annoyances typically found with third party products and OneCare resulted. Microsoft also has a rather serous exposure when it comes to patches because they both do a lot of them and the system was designed to allow IT managers to intercept and apply patches without them coming directly from Microsoft. Much like it is with the AV companies, should anyone be able to redirect by any means where Windows machines went for updates they could compromise much of the world, and even if they didn’t, the risk would turn one of the most widely used defenses against attack into one of the biggest exposures features in the platform to one of its biggest problems and one the updated process couldn’t be relied upon to fix.
The use of the TPM by Microsoft for software updates would better secure the pipe and dramatically reduce the possibility of someone finding a way to compromise it. Were Microsoft’s own One Care offering make use of this technology as well it would set up for a future event where another third party firm was compromised but Microsoft could point to this capability as making their product more secure and the possibility of this would likely convince the other players to make use of the TPM to prevent what could be a terminal scenario.
With companies like Digital Armaments springing up which basically buy resell successful tools used to crack security in Windows Microsoft’s exposures in this area are growing dramatically and given they are active in the TCG it may be with this organization they could find some relief.
In any case if Microsoft used this technology more aggressively others would as well and if, as part of Microsoft’s own Vista security assessment tool the use of the TPM was called out this technology would be more widely used.
.
.
Wrapping Up
The problem with organizations like the TCG is folks often spend a great deal of time on the technology and think someone else will actually sell it. If no one knows about something they probably don’t care about it, and if they don’t care about it, they won’t buy it, and if they don’t buy or if they buy it and don’t use it, it then it exists in a history book someplace as a great idea that failed.
It is by no means a good sign that most TPMs are not actually turned on and used, and in a world that is at risk and where the TPM is a critical part of mitigating that risk, the lack of awareness surrounding the technology is a critical problem that needs to be addressed.
| 