Log in

View Full Version : Vista's Suicide Bomb: who gets hurt?



Hands0n
29th December 2006, 03:53 PM
A fascinating article on The Register which provokes a number of emotions in me ;) The M$ haters will love such articles, but it is worthwhile reading through the foggy haze that surrounds such articles to see what is quite going on behind the scenes and why.

For example, I am certain that Microsoft will not have wanted to buckle under the media producers to implement a DRM scheme that all but cripples the multimedia capabilities of the new Vista OS. But that appears to be exactly what they have done, if what we read here is true.

Then again, this may well be the brave new world of HD that we are heading towards, where the big producers stuck in their stoneage ivory towers proclaim all Customers blaggers and thieves of their precious content.

With all of this kind of stuff coming out those that subscribe to and advocate the likes of Linux are going to be laughing out loud. Although, with ever-tightening national and international content protection - such as the DMCA (http://en.wikipedia.org/wiki/DMCA) - it may well turn out to be a very hollow laugh. Europe has and will continue follow the Americans with its own legislation of similar effect as it appeals to their notions of protectionism.

I am quite inclined to eschew Microsoft's Vista until the last possible moment, in a few years time when all support for XP dries up. I really have no interest in subjecting myself to such proactively restrictive systems and services. If this continues I'll be digging out my Vinyl content :D



Analysis So have fun fighting the battle against CPRM and alike but please do not be surprised when you fail, after all the war has been lost, long live the new world order: proprietary devices, proprietary interfaces, copy protection, limited functionality, and prepare you credit card accounts for all those monthly rental and service charges you will be paying for every "computer controller consumer electronics device" you use.

If you read just one thing over the holiday break, make sure it's Peter Gutmann's cost analysis of Windows Vista, that we noted here (http://www.theregister.co.uk/2006/12/27/windows_drm_monstered/). It's an eye opening 20 minutes.

Gutmann describes in great detail the various measures Microsoft has taken to lock down Windows on behalf of Hollywood. This isn't a comprehensive look at all of Vista's DRM - Gutmann barely touches on Microsoft's new activation framework; this is beyond the scope of his enquiry.)

To recap: in order to playback HD-DVD and BluRay content, Microsoft agreed to degrade video and audio functionality in Windows. Gutman points out that when "premium" content is being played, component video - YPbPr - and S/PDIF interfaces are disabled. Third party hardware that fails to obey these orders may have its be "certified" status revoked by Microsoft - leaving the user with minimal (eg VGA) functionality.

Additional hardware specifications decreed by Microsoft, which are intended to alert the system that the "secure path" may have been compromised, open up a potentially devastating new vulnerability for net-connected PCs. As Gutman describes it -

Vista's content protection requires that devices (hardware and software drivers) set so-called "tilt bits" if they detect anything unusual. For example if there are unusual voltage fluctuations, maybe some jitter on bus signals, a slightly funny return code from a function call, a device register that doesn't contain quite the value that was expected, or anything similar, a tilt bit gets set. Such occurrences aren't too uncommon in a typical computer... Previously this was no problem - the system was designed with a bit of resilience, and things will function as normal. In other words small variances in performance are a normal part of system functioning.

This creates a new attack vector for malware:

Non-US governments are already nervous enough about using a US-supplied operating system without having this remote DoS capability built into the operating system.

With the introduction of tilt bits, all of this designed-in resilience is gone. Every little (normally unnoticeable) glitch is suddenly surfaced because it could be a sign of a hack attack. The effect that this will have on system reliability should require no further explanation.

In short, the Vista specifications explicitly cripple the PC. We say "specifications" quite deliberately, for in a sense this is a game of chicken.

This DRM only affects the playback of next-generation DVDs; which isn't a real problem for anyone quite yet: players cost $1,000 at the moment and there's next to no content available for them. In the coming few months, far more ordinary users will be affected by the DRM designed to prevent unlicensed use of Windows itself, than by these Hollywood mandates.

Nevertheless, Gutmann calls Vista multimedia DRM the "longest suicide note in history" - a phrase with some resonance to British voters [***].

This is evocative, but perhaps errs on the side of understatement. It may be more accurate to think of Vista's DRM as a suicide bomber waiting to go on his mission. For if and when Windows Vista optical multimedia DRM is activated, it destroys Windows Vista DRM reputation in the market as a multimedia playback device. The blowback will be felt most by Microsoft, the PC industry, and third party hardware manufacturers. In other words, the biggest loser would be the Windows market.

Quite rightly, Gutmann points out immediate disadvantages - such as the increased cost to hardware manufacturers who have been obliged to "secure" their digital pathways because Hollywood and the CE industry couldn't be bothered to secure their own. (The i/o interface S/PDIF is wide open). This is a cost which is passed on to consumers, whether we use the functionality or not.


DRM explodes - not many dead?

But if implemented, and the "big switch" is finally turned on, how much would it really matter?

Often discussions about DRM degenerate into self-serving hysteria about "the end of culture". So we're grateful that Gutmann took the time to state a fact so obvious, that it's often overlooked:

"If I do ever want to play back premium content," he wrote, "I'll wait a few years and then buy a $50 Chinese-made set-top player to do it, not a $1000 Windows PC. It's somewhat bizarre that I have to go to Communist China in order to find vendors who actually understand the consumer's needs."

Quite so. (I hardly think my "culture" is being thwarted when I can simply slip my over-priced next-generation DVD into an over-priced next-generation DVD player. Or download the file via Bittorrent.)

Compromising the open PC platform for the sake of playing back BluRay and HD-DVD simply nukes the PC in the consumer electronics market - but that's somewhere it arguably should never have been in the first place. Despite Wintel's best efforts, the PC makes for a lousy home entertainment hub. It's still too fussy, complicated and expensive: a case of technological overkill driven solely by the vendors, led by Microsoft and Intel.

Exactly six years ago, we broke the story of what was (and perhaps still is) the most nefarious stunt ever attempted on the open PC platform: the attempt to add CPRM into the specification for industry-standard hard drives, ATA. This provided a mechanism for content producers to lock down media to a specific machine, and would have arrived on the market by stealth. After the resulting outcry, the plans were dropped, and CPRM lives on as the standard DRM for removable flash media such as SD cards.

Consumers are now better educated, and we can be far more confident that a restricted PC will land on the market with a dull thud - and never be heard of again.

But some of the issues remain, not least for free software authors. As Richard M Stallman eloquently described it at the time:

"If users accept the domination of centrally-controlled data, free software faces two dangers, each worse than the other: [our emphasis] that users will reject GNU/Linux because it doesn't support the central control over access to these data, or that they will reject free versions of GNU/Linux for versions "enhanced" with proprietary software that support it. Either outcome will be a grave loss for our freedom."

But we'd be more confident if consumer groups and governments kept the manufacturers to a minimum standard of disclosure. For the market to arrive at an informed buying decision, it needs all the information.

So should Vista DRM require such technical counter-measures to play next-generation DVDs, then so be it: but these must be marketed as such.

And despite protests, Microsoft has proved itself perfectly able to produce a "reduced functionality" - in its own words - version of Windows on demand. It once cheerfully produced a version that didn't boot at all, for a US district judge.

Naturally, this reduced functionality version should be marketed separately. We suggest clear labelling - such as putting the shrink-wrap version in a BioHazard bag.

And the name? "Windows Vista SE".

For "Suicide Edition", of course. ®

*** Bootnote The phrase is attributed to right-wing Labour MP Gerard Kaufmann describing his party's 1983 election manifesto.

Article Source and links to related articles: The Register (http://www.theregister.co.uk/2006/12/28/vista_drm_analysis/)

Hands0n
29th December 2006, 04:14 PM
As a follow-on to the previous article .... more from Peter Guttman. The link to his website makes interesting reading for those so inclined .... :p

Whether you believe him or not, for sure there is a definite creep of scope to ever-tightening of DRM on behalf of Hollywood and others. Eventually this will render the use of multi-function systems such as Windows and the PC too difficult to use and the public will vote with their feet.

Perhaps it is time for Microsoft, and others, to look again at what they manufacture and consider a return to basics.



Copy-protection features in Windows Vista make the operating system more bloated while giving few benefits to end users, according to a new security paper.

Peter Gutmann, a medical imaging specialist, argues in the paper that Microsoft's cumbersome approach to DRM is doomed to fail and will only succeed in pushing users towards buying faster hardware to cope with degraded performance, effectively imposing collateral damage on the rest of the industry.

Many of the criticisms Gutmann makes will be familiar to those who have followed the development of Vista's copyright protection features however his hard-hitting prose style and warning that the Vista Content Protection specs could "very well constitute the longest suicide note in history" has reinvigorated the debate.

Gutmann argues, for example, that in order lock down High Definition content, Vista limits the number of connectivity options to users. 'Windows Vista includes an extensive reworking of core OS elements in order to provide content protection for so-called "premium content", typically HD data from Blu-Ray and HD-DVD sources. Providing this protection incurs considerable costs in terms of system performance, system stability, technical support overhead, and hardware and software cost. These issues affect not only users of Vista but the entire PC industry, since the effects of the protection measures extend to cover all hardware and software that will ever come into contact with Vista, even if it's not used directly with Vista (for example hardware in a Macintosh computer or on a Linux server)," Gutmann writes in an abstract to his paper here (http://www.cs.auckland.ac.nz/~pgut001).

Microsoft is risking annoying its customer base and users in a bid to corner the market for home distribution of premium content.

Gutmann argues that hackers will find it just as easy to bypass the content protection mechanisms of Vista as they have with other versions of the OS.

These ultimately doomed efforts will lead to a more expensive and less functional operating system for users, he argues. ®

Article Source: The Register (http://www.theregister.co.uk/2006/12/27/windows_drm_monstered/)