EUIST

EUIST

Just another ComMetrics – social media monitoring, best metrics, marketing metrics weblog

Windows Vista content protection – why it will fail and hurt users in the developing world the most

January 16th, 2007 · 4 Comments ·

We have previously pointed out the securit issues regarding Microsoft Vista:

Trend – Windows Vista – ET calling home to report case of piracy

Windows Vista – big brother and your security

Research that matters – Windows Vista and the Toredo Protocol – tunneling past network security and other security implications

Now comes another white paper that details how Vista is intentionally crippled, to protect “premium content”. The paper also discusses the possible effect on operating system security, drivers and so on (see also see our comments/predictions at the further below).

_Executive Summary_

Windows Vista includes an extensive reworking of core OS elements in order to provide content protection for so-called “premium content”, typically HD data from Blu-Ray and HD-DVD sources. Providing this protection incurs considerable costs in terms of system performance, system stability, technical support overhead, and hardware and software cost. These issues affect not only users of Vista but the entire PC industry, since the effects of the protection measures extend to cover all hardware and software that will ever come into contact with Vista, even if it’s not used directly with Vista (for example hardware in a Macintosh computer or on a Linux server). This document analyses the cost involved in Vista’s content protection, and the collateral damage that this incurs throughout the computer industry.The Vista Content Protection specification could very well constitute the longest suicide note in history.

[…]_Disabling of Functionality_
Vista’s content protection mechanism only allows protected content to be sent over interfaces that also have content-protection facilities built in. Currently the most common high-end audio output interface is S/PDIF (Sony/Philips Digital Interface Format). Most newer audio cards, for example, feature TOSlink digital optical output for high-quality sound reproduction, and even the latest crop of motherboards with integrated audio provide at least coax (and often optical) digital output. Since S/PDIF doesn’t provide any content protection, Vista requires that it be disabled when playing protected content. In other words if you’ve invested a pile of money into a high-end audio setup fed from a digital output, you won’t be able to use it with protected content. Similarly, component (YPbPr) video will be disabled by Vista’s content protection, so the same applies to a high-end video setup fed from component video.[…]
_Elimination of Open-source Hardware Support_

In order to prevent the creation of hardware emulators of protected output devices, Vista requires a Hardware Functionality Scan (HFS) that can be used to uniquely fingerprint a hardware device to ensure that it’s (probably) genuine. In order to do this, the driver on the host PC performs an operation in the hardware (for example rendering 3D content in a graphics card) that produces a result that’s unique to that device type.

In order for this to work, the spec requires that the operational details of the device be kept confidential. Obviously anyone who knows enough about the workings of a device to operate it and to write a third-party driver for it (for example one for an open-source OS, or in general just any non-Windows OS) will also know enough to fake the HFS process. The only way to protect the HFS process therefore is to not release any technical details on the device beyond a minimum required for web site reviews and comparison with other products.

[…]

Gutmann, P. (January 4, 2007 updated version). A cost analysis of Windows Vista content protection. Auckland, NZ: University of Auckland, working paper. Available online.

_Some matters you may want to reflect upon a bit further_

1) One has to wonder about the revocation mechanism with Windows Vista. If users inadvertently leak content and as a consequence, their device is being disabled with the help of the revocation process. But what about content owners suing Microsoft for allowing the leak and users through class-action proceedings Microsoft for having unrightfully disabled their product?

Driver revocation appears as a lose/lose proposition for Microsoft. Whether the firm invokes the system or not, in either case one stakeholder will complaint. If not enforced, content owners because the system’s digital rights management features are supposed to protect their content. If used, users will cry foul if the revocation process is not justified. We can rest assured that in a litigous society like the U.S. this will go to court.

2) Windows Vista in its current configuration has to call home frequently to check if the user’s copy running on the machine is an authorized one or maybe a pirated one instead. Not having an Internet connection or paying dearly for it makes Windows Vista truly unattractive for people in developing countries both, for home and business. Unless, one connects and allows Windows Vista to report home, certain functions are gonna be disabled pretty quickly. How is one supposed to connect to the Internet and let Vista report home, if neither a broadband connection is available nor a fix-line phone. Maybe Microsoft expects these users to connect using their mobile phone to do so. However, considering the standard of living, this could be prohibitively expensive in developing countries.

The Melinda and Bill Gates Foundation is trying to help eradicate dangerous diseases around the globe, Unfortunately, Windows Vista makes it a tough choice for people living in lesser developed countries, to take advantage of Windows Vista that according to Microsoft’s advertising, provides a unqiue user experience, when working or playing with the PC. Windows Vista is outright discriminatory to any user that may not be willing or able to afford an internet connection due to economic and infrastructure realities amongst other reasons.
Disabling functionality will give users a similar experience to driving a car that suddenly has no longer a function radio and shortly thereafter, the stick shift starts acting up. And all this just because one was unable to telephone the mechanic last week to say hello.

More stories that address the Windows Vista challenge:

How could Windows Vista make the adoption of the Open Document Format more difficult?

Why Microsoft’s Open XML is not an open standard

CONCERNS

Besides the papers we mentioned above, Peter Gutmann, does not provide data anywhere that show how he has tested his claims. So why his paper (see link above) is interesting, it provides inductive statements/claims or reasoning that is, most certainly, interesting if not valuable. Nonetheless, as a researcher he knows that claims, propositions or hypotheses need to be tested with data, before we can allow to let such claims be used as generalizations and apparent truths.

We look forward to see how Peter Gutmann backs up his claims with data. Until then we remain sceptical.

SUBSCRIPTION

To make it more convenient for you to take advantage of CyTRAP Labs’ offerings, just provide us with your e-mail address below. You can personalize your subscription to make it suit your needs (e.g., what content – ALERTs, tips, tricks, tools — e-mailed as it happens or as weekly digest).



|

→ 4 CommentsTags: auckland · audio · disabled · driver · hardware · revocation