In the next version of Windows, Microsoft will give big companies an easy way to block use of such devices, while making it easier for consumers to connect their home systems to them, a company representative told CNET News.com.
What's new:
Longhorn, the next version of Windows, will let big companies block access to iPods and other tiny storage devices in the name of tighter security.
Bottom line:
The new feature should make it harder for employees to grab sensitive corporate data from business PCs or to introduce malware onto local area networks.
Much has been made of the security risks posed by portable storage devices known as USB keys, or flash drives, music players like the iPod, and other small gadgets that can store vast amounts of data. Some fear that such tiny devices can be used to quickly copy sensitive data off business PC hard drives, or to introduce malicious software onto corporate networks.
"It's a real problem," said Padmanand Warrier, a developer in Microsoft's Windows unit. "That's the feedback we've gotten from IT folks."
To put the new features in place, Microsoft is hoping to move to a common model for how wired and wireless devices connect to a PC in 2006, around the time that it releases the next version of Windows, code-named Longhorn. For consumers, that means that wireless printers, networked music players and other wireless devices should be able to connect to a PC as easily as the USB drives today.
Microsoft did include a workaround in Windows XP Service Pack 2 that lets users change an internal Windows setting to prevent data from being written to USB devices. But the features planned for Longhorn will be more comprehensive.
Microsoft showed its future technology, known as "Plug and Play Extensions," at this week's Intel Developer Forum.
special coverage
Intel Developer Forum 2004
Dual-core chips are a highlight
of the three-day gathering. For
all stories from the event, plus
video, click here.
By including tools to prevent workers from connecting portable storage devices to corporate PCs, Microsoft is offering big companies another option in addition to the outright banning of such devices, as some government agencies and other high-security installations have done.
"USB keys have become ubiquitous," said, Alan Brill, a senior managing director at Kroll OnTrack, a technology services firm that does security consulting. "You can pop them into any computer after Windows 95 and all the software that's needed is already in there. It's a tool that can be both used and abused very easily."
Companies have been slow to react to the threat posed by digital storage devices in general, Brill said.
"It's one that companies have turned a blind eye to for a very long time," Brill said. "If you think back, it used to be that stealing significant secrets was difficult because it was hard to get away with that much paper."
Intel, for example, used to check the bags of employees, but eventually such searches became impractical. With roughly, 80,000 employees, the company found it didn't have the resources to prevent against someone putting files onto a flash drive or iPod, a representative said.
"You take a better approach--you make sure people understand the need to protect company information and you hold them accountable," the representative said.
Market research firm Gartner has advised big companies to disable certain "plug and play" functions in Windows as a security precaution.
IT managers do have access to tools that would allow them to block USB ports, but such tools are little-known, and little-used. "There are tools that are available to...manage USB ports, but 99.9 percent of all machines in corporations don't have anything like that," Brill said.
Longhorn in the headlights
Of course, Microsoft's changes aren't coming until Longhorn, which isn't scheduled to arrive until 2006, and it is likely to take more time before the new operating system is widely adopted by companies.
"(USB keys are) a tool that can be both used and abused very easily."
In addition to the new device architecture, Microsoft on Wednesday said it also still plans to include in Longhorn a controversial new security architecture called the Next Generation Secure Computing Base.
The company's most detailed outline of Longhorn came at a developer conference last fall, when they spoke of three main pillars--WinFS, a Web services architecture known as Indigo, and a presentation subsystem dubbed Avalon.
Microsoft is making changes to all three pillars. WinFS will be available as a beta when the Longhorn release comes out as a client. Avalon and Indigo will be part of Longhorn, but also made available separately for Windows XP and Windows Server 2003.
Microsoft has also promised improvements in manageability and ease of use, though the company has not gone into great detail on how those new features will work.
In an interview last moth, Windows chief Jim Allchin identified a few Longhorn features, including version 2.0 of the .Net framework, a new user interface, more resilience to malware and "a new photo experience."
