[LINK] vista critique

Rick Welykochy rick at praxis.com.au
Fri Jan 5 15:08:06 AEDT 2007

Jan Whitaker wrote:

> A case of unexpected consequences?
> http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt
>            A Cost Analysis of Windows Vista Content Protection
>            ===================================================

Thanks for this, Jan.

I have summarised a few of the more astonishing consequences of this
DRM regime below. The gist of the changes being imposed on Vista is
that the quality of multimedia content that the typical user
gathers from here and there on the Net will degrade, look fuzzy and sound
crappy on what is supposedly state-of-the-art very HQ and expensive

Quotes from the article are indented.

   Amusingly, the Vista content protection docs say that it'll be left to
   graphics chip manufacturers to differentiate their product based on
   (deliberately degraded) video quality.  This seems a bit like breaking the
   legs of Olympic athletes and then rating them based on how fast they can
   hobble on crutches.


   Beyond the obvious playback-quality implications of deliberately degraded
   output, this measure can have serious repercussions in applications where
   high-quality reproduction of content is vital.  For example the field of
   medical imaging either bans outright or strongly frowns on any form of lossy
   compression because artifacts introduced by the compression process can cause
   mis-diagnoses and in extreme cases even become life-threatening.  Consider a
   medical IT worker who's using a medical imaging PC while listening to
   audio/video played back by the computer (the CDROM drives installed in
   workplace PCs inevitably spend most of their working lives playing music or
   MP3 CDs to drown out workplace noise).  If there's any premium content present
   in there, the image will be subtly altered by Vista's content protection,
   potentially creating exactly the life-threatening situation that the medical
   industry has worked so hard to avoid.

It must be noted here that to date, Windows as distributed by Microsoft clearly
states that their operating system *not* be used in certain critical areas like
aviation and medicine. And yet when I have visited my sister-in-law at work in
ICU, there are Windows boxes everywhere. And why Windows would be allowed
to be used to display life-critical diagnostic imaging is beyond my comprehension.
It would be child's play to introduce a rogue agent into the Windows system and
network that silently corrupts such imaging to cause surgical errors and even death.
It also boggles the mind that in the post-911 environment of heightened awareness
and security that such vulnerable systems are still be deployed at an alarming
rate throughout industries such as medicine and aviation.

So the question arises: will Vista also contain a sanction against use in certain
application areas like medicine and aviation? And one wonders if those sanctions
would be actionable under the law.

Back to the DRM ... and speaking of post-911 security:

  Even without deliberate abuse by malware, the homeland security implications
  of an external agent being empowered to turn off your IT infrastructure in
  response to a content leak discovered in some chipset that you coincidentally
  happen to be using is a serious concern for potential Vista users.  Non-US
  governments are already nervous enough about using a US-supplied operating
  system without having this remote DoS capability built into the operating
  system.  And like the medical-image-degradation issue, you won't find out
  about this until it's too late, turning Vista PCs into ticking time bombs if
  the revocation functionality is ever employed.

One starts to wonder where all of this DRM detritis is coming from. Well, we all
know, don't we:

   So if you design a new security system, you can't get it supported in Windows
   Vista until well-known computer security experts like Disney, MGM, and 20th
   Century-Fox give you the go-ahead.  It's absolutely astonishing to find
   paragraphs like that in what are supposed to be Windows technical documents,
   since it gives Hollywood studios veto rights over Windows security mechanisms.

Which raises the enevitable question: why is Hollywood now dictating the design of
software, hardware and security for all future PCs, regardless of the use to which
those PCs will be put? Their lobby in the past has resulted in increase  of
copyright lifetimes to ridiculous lengths, introduced legislation like the DMCA
and other invasions of userspace. How long before legislation is enacted that
caters to the DRM whims of Hollywood and mandates the kind of hardware and software
we are allowed to use in our homes? We all knew Microsoft has been sucking up to
the big media players for a long time now (and to other big organisations) but
the revelations coming out of the Vista design are truly gobsmacking.

   ... since even AES-128 on a modern CPU isn't fast enough to encrypt high-bandwidth
   content, companies are required to license the Intel-owned Cascaded Cipher, an
   AES-128-based transform that's designed to offer a generally similar level of
   security but with less processing overhead.

We all know what has happened in the past when crypto non-experts have implemented
their own encryption systems without peer review and analysis by the crypto
community: breakage within days of its release. I do not hold any high expectations
for crypto created by Intel, but I have not looked much further into it.

It is truly ironic and galling that Microsoft is now requiring strict adherence to its
"robustness" guidelines for Vista hardware and hardware drivers, given its own abyssmal
track record in the area of software robustness and security. When the shoe is on
Hollywood's foot, it seems that reliability and robustness are suddenly of paramount
importance. Vista is clearly Hollywood's bitch:

   On-board graphics create an additional problem in that blocks of precious
   content will end up stored in system memory, from where they could be paged to
   disk.  In order to avoid this, Vista tags such pages with a special protection
   bit indicating that they need to be encrypted before being paged out and
   decrypted again after being paged in.  Vista doesn't provide any other
   pagefile encryption, and will quite happily page banking PINs, credit card
   details, private, personal data, and other sensitive information, in
   plaintext.  The content-protection requirements make it fairly clear that in
   Microsoft's eyes a frame of premium content is worth more than (say) a user's
   medical records or their banking PIN.

How do you feel as a would-be user of technology implemented in such a manner to
hold your own personal security and safety is such utter contempt?


Rick Welykochy || Praxis Services

Under capitalism, man exploits man. Under communism, it's just the opposite.
      -- John Kenneth Galbraith

More information about the Link mailing list