Sunday, September 10, 2006

Microsoft quicker to patch DRM than bugs

Bruce Schneier has noticed that Microsoft is much quicker to patch bugs in Digital Restrictions Software than actual security bugs. While regular Windows users have to wait weeks or months for Microsoft to do something about vulnerabilities that could destroy their data or give criminals access to their computers, Microsoft scrambled like mad to fix a hole in their DRM software.

Now, this isn't a "vulnerability" in the normal sense of the word: digital rights management is not a feature that users want. Being able to remove copy protection is a good thing for some users, and completely irrelevant for everyone else. No user is ever going to say: "Oh no. I can now play the music I bought for my computer in my car. I must install a patch so I can't do that anymore."

But to Microsoft, this vulnerability is a big deal. It affects the company's relationship with major record labels. It affects the company's product offerings. It affects the company's bottom line. Fixing this "vulnerability" is in the company's best interest; never mind the customer.

So Microsoft wasted no time; it issued a patch three days after learning about the hack. There's no month-long wait for copyright holders who rely on Microsoft's DRM.

And, hardly surprising, the DRM system didn't stay patched for long: it was hacked again almost immediately.

As Schneier is fond of saying, "trying to make digital files uncopyable is like trying to make water not wet". If your business model depends on trying to making dehydrated water, get another business model.

No comments: