When Microsoft distributes the preview release of Longhorn at the WinHEC at the end of this month, it will look quite different from the early Longhorn bits it distributed at the same show a year ago.

Unlike last year's Longhorn Windows Hardware Engineering Conference preview build, this year's will include the first pieces of Microsoft's built-in Windows security system.

That system—originally code-named "Palladium," (and more recently, "Next-Generation Secure Computing Base," or NGSCB)—has been one of the most controversial of the planned Longhorn components, since Microsoft first detailed it in 2003.

NGSCB, as Microsoft originally outlined it, was to be one of the key components of the company's overarching Trustworthy Computing Initiative.

The two foundations of NGSCB were designed to be the Trusted Platform Module on the hardware side, and the Trusted Operating Root (or "nexus") on the software side.

The nexus was to be the kernel of an isolated software stack that was designed to run inside the standard Windows environment.

The nexus was slated to provide a set of APIs that would enable sealed storage and other foundations for trusted-computing.

The goal for NGSCB was "to marry hardware and software to gain better security," said Jim Allchin, Microsoft's group vice president for platforms.

That continues to be Microsoft's ultimate goal for NGSCB, Allchin said. But the Redmond software vendor is planning a longer and different route to achieve that end, he acknowledged.

During an interview this week on a whistle-stop press tour stumping for Longhorn, Allchin admitted that Microsoft's original idea of requiring applications to be rewritten to support a different NGSCB application-programming was ill-received by customers and partners.

Microsoft officials admitted this at WinHEC 2004, as well, and said at that time that Microsoft was going back to the drawing board with NGSCB.

During the past year, Microsoft executives have declined repeated requests for more information on NGSCB. The silence led some industry watchers to speculate that NGSCB was dead.

But Allchin countered that notion.

"The NGSCB vision is continuing. We had to change our plan. But we're piecing it up," Allchin said.

Microsoft will deliver the first pieces of NGSCB in Longhorn client, Allchin said.

Click here to read more about a preliminary injunction against Microsoft in connection with a patent infringement case.

Specifically, Longhorn will require Internet Explorer to run in its own protected space, thus isolating it from other parts of the operating system.

Longhorn also will deliver "secure startup" by providing a TPM (Trusted Platform Module) to lock the hardware and software.

To read more about networking details in Longhorn, click here.

Later this year, Microsoft is shooting to test the "user experience" with beta customers via an interim NGSCB release, Allchin said.

"The most difficult [NGSCB] problem is the user experience," Allchin said. "If you have two partitions and you want to share information across them, how can you do that? It's not obvious what the best experience is."

Allchin said the next NGSCB step will involve combining software virtualization and hardware. The code name for that effort is "Unity," Allchin said.

"With Unity, the goal was to marry virtualization and hardware," Allchin said. "That's a ways out. In the meantime, we are experimenting with ways to do virtualization without requiring the hardware to do it."

In theory, this kind of virtualization would enable the isolation of execution environments, thus reducing the various threats to various software applications.

Such a virtualization scheme could deliver desktop, network and process isolation.

In the meantime, Microsoft is continuing to work on ways to ensure trusted input and trusted output as part of its long-term NGSCB vision, Allchin said.

On the input side, the operating system needs to be able to verify that a mouse that someone plugs into a system is a safe mouse.

On the output side, Microsoft is working on coming up with a type of new secure graphics system. On the output side, there is still a considerable amount of work to do, Allchin said.