Vista and DRM

The new and improved security in Microsoft Vista regarding DRM may have (and probably will) have great consequences for the end-user. Peter Gutman published his research on the DRM features in Windows Vista, and his findings are staggering.

The biggest concerns are related to hardware certification revocation, and dynamically downscaling quality.

Dynamically downscaling qualit means that if Vista plays some DRM enabled media on the PC (HD-DVD, or whatever), all other in and outputs are degraded. This means that your high quality pr0n has a lousy quality, while you're listening to DRM enabled music..... Well that suck, but implications can be huge, as Peter Gutman explained.

Furthermore, the revocation of driver certificates. If, somehow, a driver signing certificate gets stolen from a manufacturer, Microsoft has the ability to revoke that particular certificate. This means that the complete install base for that drives becomes totally useless. It could mean that your PC won't be able to boot (and everyone else's) if you have that particular brand of motherboard. What if key public services become useless because of this driver revocation? No more fresh water, traffic lights gone haywire??

Peter also mentiones that the DRM scheme in general is very weak;
Note B: I'll make a prediction at this point that, given that it's trying to do the impossible, the Vista content protection will take less than a day to bypass if the bypass mechanism is something like a driver bug or a simple security hole that applies only to one piece of code (and can therefore be quickly patched), and less than a week to comprehensively bypass in a driver/hardware-independent manner. This doesn't mean it'll be broken the day or week that it appears, but simply that once a sufficiently skilled attacker is motivated to bypass the protection, it'll take them less than a day or a week to do so.


Funny thing is that engadget recently posted an article about a piece of software that claims to remove DRM from HD-DVD movies...... So Peter's thoughts on that weren't that far off :).

Personally I think that the entire Music and Movie industry needs to come to their senses, and stop treating every customer as a criminal. But unfortunatelly, I don't think that that's gonna happen
soon.
Posted on December 28, 2006 and filed under Annoying, Microsoft, Security.