DRM under Vista

I'm not sure I can really do justice to this manifesto in a blog post. But I'm going to try anyway.

It begins:
Windows Vista includes an extensive reworking of core OS elements in order to provide content protection for so-called “premium content”, typically HD data from Blu-Ray and HD-DVD sources. Providing this protection incurs considerable costs in terms of system performance, system stability, technical support overhead, and hardware and software cost. These issues affect not only users of Vista but the entire PC industry, since the effects of the protection measures extend to cover all hardware and software that will ever come into contact with Vista, even if it's not used directly with Vista (for example hardware in a Macintosh computer or on a Linux server). This document analyses the cost involved in Vista's content protection, and the collateral damage that this incurs throughout the computer industry.

I have to stop here and note that even though Vista has already been released, I haven't used it yet. I sort of fell off of the PC gamer wagon a few years ago, and stopped upgrading my hardware every 6 months. I use Linux on the desktop now. Maybe someday I'll put together a Windows gaming machine. More likely, though, I'll buy a game console.

I would normally dismiss a document as negative and vitrolic as this as a crackpot manifesto. However, the author, Peter Gutmann, seems to know what he is talking about, and he raises some good questions.

The point is that all of these new features are being added to Vista to protect "premium content," currently defined as only HD-DVD and Blu-Ray content, but possibly encompassing much more in the future. When this content is being accessed, Vista will disable output devices that it can't control, such as S/PDIF. It will also try its hardest to keep non-trusted pieces of software from accessing the content. As Gutmann notes, this presents problems for technologies like noise-cancelling that require access to the audio or video output.

Microsoft is also going to strong-arm hardware companies into including special features on their hardware to discourage tinkering, like the so-called "tilt bits" which must be monitored on graphics cards. If a weakness is found in a piece of hardware or in a device driver, Microsoft can "revoke" the driver. This means that it will no longer be fed any premium content. The revocation will happen via Windows Update, which basically all Windows PCs are required to run if they want to keep up with security updates. (Apparently someone has hacked up a method of getting around the driver signing requirement called "vbootkit") Microsoft is also actually encouraging hardware manufacturers to use commercial code obfuscators on their drviers! If you thought Windows XP didn't have much visibility or debuggability, you ain't seen nothing yet...

It's kind of sad when Microsoft spends more effort securing your own PC against you, than securing their operating system against hackers and malware. I hate to say this, but it's about the money. When content protection gets broken, that threatens Microsoft's business strategies with Hollywood. It is a cost. When users' computers get hacked, that is an opportunity to sell them something like Windows OneCare, or the next version of Windows. It is an opportunity. Costs are to be minimized and opportunities are to be maximized. That's why, when the DRM for Windows Media Player was cracked, a patch was issued in record time-- far faster than any security patch was ever issued.

So what does this mean for everybody? Well, developing device drivers just got a lot harder. Users' computers just got a lot slower, although hopefully hardware companies will pick up the slack. Windows Update just became a lot more risky, due to the threat of driver revocation. Writing open-source graphics card drivers may become even harder.

Users will just have to take all this in stride, just like they took the stability problems with Windows 95, and the malware problems with 2k and XP. I still don't believe "digital rights management" will be successful. There are just too many parties who would like to see it fail. Companies in China and India hardly care about what Hollywood thinks. Legally, they're not subject to the DMCA. Practically, they're not subject to copyright at all. Most academics and computer hackers who have ever given a thought to DRM have hated it, and they will try to find every flaw in it.

I wish I could say that this will make people move away from Windows, but we all know that that's not the case. We'll just have to wait and see how people work around these problems.


Post a Comment

<< Home