Visit Your Local PBS Station PBS Home PBS Home Programs A-Z TV Schedules Watch Video Donate Shop PBS Search PBS
I, Cringely - The Survival of the Nerdiest with Robert X. Cringely
Search I,Cringely:

The Pulpit
The Pulpit

<< [ 'Cause Backing-up is Hard to Do ]   |  Go to the Back of the Bus  |   [ The S-Word ] >>

Weekly Column

Go to the Back of the Bus: How Microsoft Plans to Use a New USB Standard to Cripple Linux

Status: [CLOSED]
By Robert X. Cringely
bob@cringely.com

Following last week's column about Baxter, my idea for a distributed kinda sorta peer-to-peer Internet data back-up scheme, I expected this week to write about all the problems readers found with the idea, and all the existing Baxter-like services none of us had heard about. Well, things change, and I'll be doing that column next week, leaving this space to describe how Microsoft is planning a preemptive strike against Linux using its control of the PC hardware standard.

Though I have written about it before, many readers (not to mention the Department of Justice) don't realize how Microsoft controls the PC hardware business. IBM used to have that job, simply because its competitors -- who were making "IBM-compatible" computers -- just copied whatever Big Blue did, which is how we got things like CGA, VGA, and SVGA graphics. But then Compaq diverged from IBM by daring to make the first 80386 PC when IBM was still happy to make 286-based PC-ATs. Compaq and others diverged again when IBM switched to the Micro Channel bus and everyone else stayed with ISA, and defined the alternative EISA standard. As IBM's market share and influence faded, "IBM-compatible" was replaced as a definition with "MS-DOS-compatible" and finally with "Windows-compatible," with which Microsoft slapped-down Intel and took sole control of the standard. Now Microsoft publishes a hardware standard every year or two that defines very precisely how PCs will look two years out. PC companies build what Microsoft tells them to because doing otherwise risks having their hardware go uncertified, or even worse, simply not function with Windows.

Microsoft's PC standard essentially says, "If your PC is configured like THIS two years from now, it will work with the version of Windows and our applications that we will be shipping at that time. If it doesn't look like THIS, well then you are on your own."

Maybe you noticed last week that Microsoft had suddenly discovered that portable USB devices were a threat to data security. Of course, they have always been so, but Microsoft just noticed this out loud last week, saying that they would be dealing with the problem as best they could in the new Windows XP Service Pack 2, but that the definitive solution to the problem wouldn't arrive until 2006 with Longhorn, the next and even more super-duper version of Windows.

The problem of these USB devices being misused is very real. Remember that a 256 megabyte USB wristwatch was a central part of my hurricane preparedness two weeks ago. Armed (is that a pun?) with such a watch, any worker could download and take home with them important files from their office PC. Some companies have banned such devices, but bans aren't effective because they can't be enforced even with metal detectors and full body scanners, simply because today's USB key fob or watch will become tomorrow's belt buckle or eyeglasses. Some companies disable the USB connectors on their PCs, plugging them with five minute epoxy or even with solder. Other companies rely on threats, promising that any employees caught with such devices will be fired on the spot. And many companies are still blissfully unaware this even is a problem, though Microsoft now has two years to educate them in time for their Longhorn ultimate solution. By two years from now, you can bet there won't be a PC user in the U.S. who isn't aware of how USB devices can be used to steal data.

Now to the solution. The interim solution provided by XP SP2 extends the computer's security model out to include USB ports, presumably allowing only trusted devices controlled by trusted users to do anything with the ports. But this definition of "trust" is effectively limited because all the USB devices in use today were built before Microsoft came up with this plan, so there is no way to make them an active part of it. That's another part of what will happen in two years, because the effective life of USB devices (like mobile phones) is figured at 18 months, so Microsoft can count on replacing my watch and a billion other such devices by the time Longhorn ships.

At this point, Microsoft is talking solely about software, but implicit in this is a hardware change, too. By the time Longhorn ships, Microsoft wants there to be available a whole new generation of PCs and devices designed for Longhorn. Oh, you'll be able to upgrade your 2004 or 2005 PC to Longhorn, but it will never work quite as well as a new 2006 PC actually designed to run the OS. This is called marketing, folks, and it is what keeps us buying new PCs and other electronic devices over and over again. Most of the value of Longhorn to Microsoft isn't that they get to sell us a shrink-wrapped OS upgrade, but that they'll force most of us over a year or so to buy whole new computers.

Yeah, but where does Linux come in to this?

Linux bugs Microsoft. The Open Source OS is seen in Redmond as the last credible threat to Windows dominance. So whatever portion of those 50,000 folks at Microsoft spend time thinking about the competition, most of those people are thinking about Linux.

Now imagine a meeting at Microsoft a few months ago. Twenty-something geeks are sitting around a big table along with a couple marketing people, none of whom have ever worked as adults for a company other than Microsoft. The topic is USB security and the undercurrent -- as always -- is how to extend Windows dominance and hurt Linux.

Please don't take the quotes literally since this is only a dramatic reenactment.

"To make USB ports really secure we'll need a modified USB standard," says one of the geeks. "The USB device makers will love this because they can sell another billion devices. We'll change the BIOS and the OS so that older, non-serialized, devices can be used but just for read-only applications. So you can still hook-up your older digital camera and download pictures. But to upload any data you'll need a new-standard USB device. Not only will these devices be more secure, but we'll earn a royalty on every one."

"And they won't work with Linux," pipes-in a genius from the second row.

End of dramatic reenactment.

There IS a new USB standard in the works and it is at the heart of Microsoft's sudden interest in USB security. Co-developed with Intel, the new USB standard specifically excludes Linux and probably OS X devices as well. I'm told the Intel folks are quite embarrassed about this, but feel powerless to do anything about it. The new standard will be sold to USB device makers as a chance to replace every device they've already sold, and PC makers will be told they can do the same with every desktop. But for non-Windows computers the likely result will be that Windows-standard USB devices will no longer be compatible, which means there will have to be two USB standards, and the non-Windows variety will have lower sales volume and therefore higher prices. Going further, the PC standard will lead to motherboards that will be hostile to Linux, and will likely mean that loading Linux will result in a PC with inoperative USB ports. This, too, could mean dual motherboard standards, again with the Windows variety having higher volumes and lower prices.

It's not difficult to imagine a copy control technology in the OS which would refuse to copy files to an external removable device unless the device had some matching handshake hardware to enable the copying. Sony has had something like this in their "Magic Gate" memory sticks for years which interlocks with their content protection technology. The difference here, of course, is that Sony's standard is closed, whereas Microsoft is attempting to flex their large muscles to influence the inherently open USB standard.

This hardly means the end for Linux, but it shows that Microsoft has finally some leverage against Linux beyond fear, uncertainty, and doubt.

A lot can happen in two years. Microsoft will probably change course a couple more times between now and then, but this USB security problem will remain as will Microsoft's solution for it. Redmond could decide to open the new USB standard to Linux, but in order for that to happen immense customer pressure on Ballmer and Gates and/or Hell freezing over would have to take place.

More likely the clever boys and girls of Open Source will hack the new USB, but Microsoft has a legion of lawyers ready to handle that exactly the same way that the Sun legal department once wrote the Java license solely with Microsoft in mind, and produced a $1.75 billion payday as a result. With serialized devices it should be possible to poll every compromised device on the Net just like using a traffic camera to catch drivers who run red lights. No, there needs to be another answer, perhaps one that transcends the original security problem, giving Linux yet another advantage over Windows. The clock is ticking.

Comments from the Tribe

Status: [CLOSED] read all comments (0)