Longhorn to Clamp Down on Storage
The next version of Windows, code-named Longhorn, will do away with Microsoft's laissez faire approach to connecting portable storage devices to systems.
Instead of the familiar Plug and Play (PNP), which has seen little change in function since Windows 95, a new technology called "Plug and Play Extensions" will make its debut in Longhorn to allow businesses to regain their rightful jurisdiction over PNP devices.
A consensus has formed among security professionals that the industry's chief concern with PNP devices is portable storage. Unauthorized portable storage devices have been viewed as a growing risk to corporate networks.
"As these drives become smaller, yet have more capacity, organizations are worried that users will use them to steal corporate information," Directions on Microsoft analyst Michael Cherry told BetaNews.
In 2003, Touchtone Entertainment produced a film called "The Recruit" where a rogue agent of the Central Intelligence Agency was able to circumvent the US Military's National Security Systems (CNSS) standards and covertly extract sensitive data from the agency's computers simply by using a USB key storage device hidden in a coffee mug.
Although "The Recruit" was just a movie, it is a tangible example of the type of threats organizations face from a bevy of devices including USB hard drives and key-chain drives. Even seemingly innocuous gadgets like portable music players, media smart cards and digital cameras can pose a risk.
A July 2004 report by Gartner Inc. went as far as to recommend that its clients consider banning such devices, citing the risk of virus infection and the exposure of data.
However, some organizations may want to allow limited use of portable storage devices. To this end Microsoft has taken the interim step of including a registry key in Windows XP Service Pack 2 that changes the permissions on block storage devices to read-only.
When asked for comment, a Microsoft spokesperson declined to elaborate any further.