Friday, February 16, 2007

Windows Vista, DRM and security

Some interesting (as in the Chinese curse) things happening with Windows Vista and DRM:

Bruce Schneier writes:

Windows Vista includes an array of "features" that you don't want. These features will make your computer less reliable and less secure. They'll make your computer less stable and run slower. They will cause technical support problems. They may even require you to upgrade some of your peripheral hardware and existing software. And these features won't do anything useful. In fact, they're working against you. They're digital rights management (DRM) features built into Vista at the behest of the entertainment industry.


It's all complete nonsense. Microsoft could have easily told the entertainment industry that it was not going to deliberately cripple its operating system, take it or leave it. With 95% of the operating system market, where else would Hollywood go? Sure, Big Media has been pushing DRM, but recently some -- Sony after their 2005 debacle and now EMI Group -- are having second thoughts.

It seems also that Microsoft's commitment to increased security isn't necessarily a commitment as such... after Joanna Rutkowska found a serious security hole in Vista, one senior engineer and Microsoft Technical Fellow suggested that:

...potential avenues of attack, regardless of ease or scope, are not security bugs.

Well, I suppose if you define away security bugs by fiat, Microsoft will be able to say they have got rid of all security bugs in Vista.

At this point it is worth bringing up Peter Gutmann's cost analysis of Windows Vista content protection:

Providing this protection incurs considerable costs in terms of system performance, system stability, technical support overhead, and hardware and software cost. These issues affect not only users of Vista but the entire PC industry, since the effects of the protection measures extend to cover all hardware and software that will ever come into contact with Vista, even if it's not used directly with Vista [...]

In order for content to be displayed to users, it has to be copied numerous times. For example if you're reading this document on the web then it's been copied from the web server's disk drive to server memory, copied to the server's network buffers, copied across the Internet, copied to your PC's network buffers, copied into main memory, copied to your browser's disk cache, copied to the browser's rendering engine, copied to the render/screen cache, and finally copied to your screen. If you've printed it out to read, several further rounds of copying have occurred. Windows Vista's content protection (and DRM in general) assume that all of this copying can occur without any copying actually occurring, since the whole intent of DRM is to prevent copying. If you're not versed in DRM doublethink this concept gets quite tricky to explain [...]

It's a fantastic document, long but not too technical.

1 comment: said...

Hi Dude,

DRM is a term used to describe technologies used for the copyright protection of digital content. Secure documents are encrypted with permissions information and controls that have a minimal impact on authorized users of the documents. Thanks...

Protect PDF