Off v Online attacks; Administrator trust and power
1) Offline versus online attack prevention - I understand how secure startup will thwart offline attacks like trying to boot the pc with a cd or floppy, or taking hd out and trying to boot it in a different pc. The tpm recognize not same os and will deny access and prompt for a recovery key. However what about online attacks. A hacker comes in through a open firewall port, a virus executes. On a tpm enabled pc The virus could execute in a unprotected partition of the hard disk, if any. If user makes it through firewall an gets password that are in the clear he can view hard drive if it is unencrypted. Well, I am about to solve my scenarios. Virus would not be allowed to execute on pcs that are tpm enabled. Virus will not make it through firewall if untrusted .exe and future firewall hardware had a tpm. I think a TPM world should not need firewalls and anti-virus software. Also if the pc(s) are tpm enabled passwords will be sealed and hard drives, thanks to Seagate Momentus, and Vista, will be encrypted.
All of above assumes TPM encyption, FDE, sealed keys, absolutely cannot be hacked. The geeks will try.
Have the TCG and Wave asked them to try and hack for R&D, validity, liability purposes?
2) System Administrators will have access to recovery keys per KTM ES AD to migrate data to new employees, recover data after a TPM is fried, etc. So the human elements of power and trust still exist in trusted computing. Lets say the IT admin is PO'd and just before he quits he, well, you know, locks all data and throws away the keys. Scary. You'd better do a pre-hire psych evaluation and criminal check. I imagine the way to prevent this is to give employees other than IT this privilege, like CEO, Chairman of Board, a third party certified by gov't or TCG as a saint. That party could be none other than the Wave and its TAN or ACM Barge promotes daily.
Thank you for allowing me to think out loud.
