TCPA eliminates external checks and balances, such as antivirus. As the user, I'm not trusted to audit operations within a TCPA-established sandbox. Antivirus is essentially a user system auditing tool, and TCPA-based systems have these big black boxes AV isn't allowed to analyze.Uh, you *really* have no idea how much the black hat community is
looking forward to TCPA. For example, Office is going to have core
components running inside a protected environment totally immune to
antivirus.
How? TCPA is only a cryptographic device, and some BIOS code, nothing else. Does the coming of TCPA chips eliminate the bugs, buffer overflows, stack overflows, or any other way to execute arbitrary code? If yes, isn't that a wonderful thing? Obviously it doesn't (eliminate bugs and so on).
Imagine a sandbox that parses input code signed to an API-derivable public key. Imagine an exploit encrypted to that. Can AV decrypt the payload and prevent execution? No, of course not. Only the TCPA sandbox can. But since AV can't get inside of the TCPA sandbox, whatever content is "protected" in there is quite conspicuously unprotected.
It's a little like having a serial killer in San Quentin. You feel really safe until you realize...uh, he's your cellmate.
I don't know how clear I can say this, your threat model is broken, and the bad guys can't stop laughing about it.
I use cryptographic devices everyday, and TCPA is not different than theI do a fair number of conferences with exploit authors every few months, and I can tell you, much worse. "Licking chops" is an accurate assessment.
present situation. No better, no worse.
Honestly, it's a little like HID's "radio barcode number" concept of RFID. Everyone expects it to get everywhere, then get exploited mercilessly, then get ripped off the market quite painfully.
--Dan
