[IP] Vista DRM The 'Longest Suicide Note in History'?

To: ip@xxxxxxxxxxxxxx
Subject: [IP] Vista DRM The 'Longest Suicide Note in History'?
From: David Farber <dave@xxxxxxxxxx>
Date: Tue, 26 Dec 2006 17:56:51 -0500
List-help: <http://v2.listbox.com/doc/help_sub>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?list_id=247>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?list_id=247>
References: <DA2ACBE5-4C6E-4000-908B-DC4CADCD56F0@xxxxxxxxxxxxx>
Reply-to: dave@xxxxxxxxxx



Begin forwarded message:

From: Gunnar Helliesen <gunnar@xxxxxxxxxxxxx>
Date: December 26, 2006 3:50:46 PM EST
To: Dave Farber <dave@xxxxxxxxxx>
Subject: Vista DRM The 'Longest Suicide Note in History'?

Prof. Farber,

Highly recommended piece by security researcher Peter Gutmann. Itdetails how Vista is intentionally crippled, to protect "premiumcontent". Also possible effects on OSS, drivers and such. For IP, ifyou wish.



<excerpt>

           A Cost Analysis of Windows Vista Content Protection
           ===================================================

                Peter Gutmann, pgut001@xxxxxxxxxxxxxxxxx
        http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt
                     Last updated 27 December 2006


Executive Summary
-----------------

Windows Vista includes an extensive reworking of core OS elements inorder toprovide content protection for so-called "premium content", typicallyHD data

from Blu-Ray and HD-DVD sources.  Providing this protection incurs

considerable costs in terms of system performance, system stability,technicalsupport overhead, and hardware and software cost. These issuesaffect not

only users of Vista but the entire PC industry, since the effects of the

protection measures extend to cover all hardware and software thatwill evercome into contact with Vista, even if it's not used directly withVista (forexample hardware in a Macintosh computer or on a Linux server). Thisdocumentanalyses the cost involved in Vista's content protection, and thecollateral

damage that this incurs throughout the computer industry.

Executive Executive Summary
---------------------------

The Vista Content Protection specification could very well constitutethe

longest suicide note in history.

[...]

Disabling of Functionality
--------------------------

Vista's content protection mechanism only allows protected content tobe sent

over interfaces that also have content-protection facilities built in.
Currently the most common high-end audio output interface is S/PDIF

(Sony/Philips Digital Interface Format). Most newer audio cards, forexample,feature TOSlink digital optical output for high-quality soundreproduction,and even the latest crop of motherboards with integrated audioprovide atleast coax (and often optical) digital output. Since S/PDIF doesn'tprovide

any content protection, Vista requires that it be disabled when playing

protected content. In other words if you've invested a pile of moneyinto ahigh-end audio setup fed from a digital output, you won't be able touse itwith protected content. Similarly, component (YPbPr) video will bedisabledby Vista's content protection, so the same applies to a high-endvideo setup

fed from component video.

[...]

Elimination of Open-source Hardware Support
-------------------------------------------

In order to prevent the creation of hardware emulators of protectedoutputdevices, Vista requires a Hardware Functionality Scan (HFS) that canbe used

to uniquely fingerprint a hardware device to ensure that it's (probably)

genuine. In order to do this, the driver on the host PC performs anoperationin the hardware (for example rendering 3D content in a graphics card)that

produces a result that's unique to that device type.

In order for this to work, the spec requires that the operationaldetails ofthe device be kept confidential. Obviously anyone who knows enoughabout theworkings of a device to operate it and to write a third-party driverfor it(for example one for an open-source OS, or in general just any non-Windows OS)will also know enough to fake the HFS process. The only way toprotect theHFS process therefore is to not release any technical details on thedevice

beyond a minimum required for web site reviews and comparison with other
products.

</excerpt>


--
Gunnar Helliesen, Norwegian at large.
Blog at http://luni.net/




-------------------------------------------
<HR>
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx<BR>To manage your subscription, go to<BR>  <A 
HREF="http://v2.listbox.com/member/?listname=ip";>http://v2.listbox.com/member/?listname=ip</A><P>Archives
 at: <A HREF="http://www.interesting-people.org/archives/intere
Archives: [LIST_ARCHIVES_URL]
Modify Your Subscription: 
http://v2.listbox.com/member/?member_id=462480&user_secret=a6ff81cc
Unsubscribe: http://v2.listbox.com/unsubscribe/?id=462480-a6ff81cc-gxj0d2cw
Powered by Listbox: http://www.listbox.com

Prev by Date: [IP] Season's Greetings from NLR
Next by Date: [IP] more on Govt claims warrantless access to e-mail via third party servers
Previous by thread: [IP] Season's Greetings from NLR
Next by thread: [IP] more on Govt claims warrantless access to e-mail via third party servers
Index(es):
- Date
- Thread