"Plays well with others" aren't the first words that come to mind when we think of Microsoft and Sun Microsystems. Throw Intel and AMD into that mix, along with Hewlett-Packard, IBM and Sony, and you have the seven principal members of the Trusted Computing Group. The TCG is augmented by an impressive roster of contributors, including prominent desktop-security and patch-management vendors, but not everyone who should be involved is. Cisco Systems, Computer Associates, Novell, PalmOne, Red Hat and 3Com aren't on board.
Still, enough major players are involved in the group that there's a corresponding load of hype. One whopper is that the TPM (Trusted Platform Module) and trusted computing are synonymous with DRM (digital-rights management). The reality is that strengthening content key distribution to enable DRM is one use of a TPM, but the main attacks against digital rights, such as copying data in memory after it has been decrypted, are possible with or without the TPM (for more on the rumors versus the reality, see "Myths and Legends,").
Have Faith, Will Compute
Like most security pros, we don't view the world through rose-colored glasses, so we don't expect products based on TCG specs to work perfectly and interoperate from the get-go. Time and again, we've seen well-meaning, smart people develop specifications that result in interoperability nightmares--the standards around PKI and IPsec come to mind. But if TCG specifications don't get bogged down in infighting or go awry (see "Enforcing Trustworthy Use,"), there's a good chance these initiatives will make our lives easier. The TCG specs address the technical aspects of trusted computing, but the real challenge will be incorporating the technology into products that will be useful without adding undue administrative overhead.