I was just reading A Cost Analysis of Windows Vista Content Protection, written by Peter Gutmann, referred by Bad Vista.
In short, it describes how the content protection features incorporated in Microsoft’s latest-and-greatest operating system Windows Vista actually backlashes… not to Microsoft, but to Microsoft’s loyal users. Innocent people who actually shell out money to watch movies… and simply can’t play them:
Say you’ve just bought Pink Floyd’s “The Dark Side of the Moon”, released as a Super Audio CD (SACD) in its 30th anniversary edition in 2003, and you want to play it under Vista (I’m just using SACD as a representative example of protected audio content because it’s a well-known technology, in practice Sony has refused to license it for playback on PCs). Since the S/PDIF link to your amplifier/speakers is regarded as insecure for playing the SA content, Vista would disable it, and you’d end up hearing a performance by Marcel Marceau instead of Pink Floyd.
Why? High-end graphic cards are “useless” in Vista:
But what if you’re lucky enough to have bought a video card that supports HDMI digital video with HDCP content-protection? There’s a good chance that you’ll have to go out and buy another video card that really does support HDCP, because until quite recently no video card on the market actually supported it even if the vendor’s advertising claimed that it did.
As the site that first broke the story in their article The Great HDCP Fiasco puts it:
“None of the AGP or PCI-E graphics cards that you can buy today support HDCP […] If you’ve just spent $1000 on a pair of Radeon X1900 XT graphics cards expecting to be able to playback HD-DVD or Blu-Ray movies at 1920×1080 resolution in the future, you’ve just wasted your money […] If you just spent $1500 on a pair of 7800GTX 512MB GPUs expecting to be able to play 1920×1080 HD-DVD or Blu-Ray movies in the future, you’ve just wasted your money”.
The reason is Vista deliberately disables anything that doesn’t conform to its guidelines, err… specification:
Vista’s content protection mechanism only allows protected content to be sent over interfaces that also have content-protection facilities built in. Currently the most common high-end audio output interface is S/PDIF (Sony/Philips Digital Interface Format). Most newer audio cards, for example, feature TOSlink digital optical output for high-quality sound reproduction, and even the latest crop of motherboards with integrated audio provide at least coax (and often optical) digital output. Since S/PDIF doesn’t provide any content protection, Vista requires that it be disabled when playing protected content [Note E]. In other words if you’ve sunk a pile of money into a high-end audio setup fed from an S/PDIF digital output, you won’t be able to use it with protected content. Instead of hearing premium high-definition audio, you get treated to premium high-definition silence.
The article lists lots of other interesting information (regardless of their accuracy, which I don’t really know, they’re at least interesting to me).
Users aren’t the only group of frustrated people, our beloved hardware vendors also:
As of this writing, major vendors like nVidia (graphics) and Creative Labs (sound) still don’t have their Vista drivers ready, and other vendors like ATI have resorted to fudging their Vista certification, selling Radeon X1950 graphics cards with no certified drivers but with a “Certified for Windows Vista” label on the box, although nVidia them followed suit, selling their GeForce 8600GTS without a
certified driver but with the same “Certified for Windows Vista” label. In fact nVidia only has beta (pre-release) drivers available from its web site (and a pending class-action lawsuit to match, with an accompanying class-action suit against Microsoft for good measure), and when ATI finally released a Vista-certified driver for the X1950, it crashed Vista and would only work reliably in basic VGA mode, circa 1987.
It’s even weirder, that even if the whole uber-complicated mechanism works, you’d pay more just to get less:
This problem is a nasty catch-22 from which there’s no escape. In theory it would be possible to add a DVI-to-HDMI (with HDCP) encoder to bypass this (a typical example would be the Silicon Image Sil139x or Sil193x devices, which were specifically designed for this application. Silicon Image TMDS transmitters are widely used on graphics cards), but HDMI doesn’t have the bandwidth to carry the high-definition images that the Cinema Display provides. Even without explicit image degradation via constriction, the
requirement to use the lower-quality HDMI link to carry what should be a DVI signal means that image quality is lost, and to make it even more painful the resulting graphics cards will be more expensive because it costs extra to add the quality-downgrading HDMI transmitter. In other words consumers will be paying extra in order to get a lower-quality image.
There are reasons why “this whole complex mechanism” are so slow. First, they encrypt everything, even things not flowing on the Ethernet wire or your wireless:
(I’ve used conventional bits-on-the-wire notation for this, the values are actually fields in a structure so for example the sequence number is provided in the
ulSequenceNumber member). This is very similar to the protocol used in SSL or SSH (in practice some steps like cipher suite negotiation are omitted, since there’s a hardcoded set of ciphers used). Finding SSL being run inside a PC from one software module to another is just weird.
A better reason is because your computer would do things to ensure nothing:
In order to prevent active attacks, device drivers are required to poll the underlying hardware every 30ms for digital outputs and every 150 ms for analog ones to ensure that everything appears kosher. This means that even with nothing else happening in the system, a mass of assorted drivers has to wake up thirty times a second just to ensure that… nothing continues to happen (commenting on this mechanism, Leo Laporte in his Security Now podcast with Steve Gibson calls Vista “an operating system that is insanely paranoid”).
Of course, they best blow is that all of these hard sweat work are somehow useless with the latest “invention”:
As a result, both HD-DVD and Blu-Ray content can now be decrypted and played without image downgrading or blocking by the OS, and unprotected content is already appearing in the usual locations like BitTorrent streams.The fact that the legally-purchased content wouldn’t play on a legally-purchased player because the content protection got in the way was the motivating factor for the crack. The time taken was about a week. As a result, all of the content-protection technology (at least for HD-DVDs and Blu-Ray discs) is rendered useless. All that remains is the burden to the consumer. It lasted all of one week.
And thanks to I’m-not-sure-who-to-thank-to, the good guys get the actual damage:
This was indirectly confirmed in April 2007 when the WinDVD player apparently had its keys revoked, requiring that users download and install, an, uh, “security update” to re-enable the DRM.
He demonstrates why Microsoft’s (and hence, Bill Gates’ and Windows Vista’s) current state has historical resemblance:
A historical feature of organisations like Beria’s NKVD (and by extension any kind of state enforcers in a totalitarian society) is that the lack of any fixed goals and limits on their behaviour, the kind that would be set by the laws of a democratic country, combined with the intense paranoia of the leadership, leads to a continual extension of the security apparatus and an ongoing escalation of repressiveness by the enforcers. The result is a driftnet approach to enforcement that ends up netting more innocent bystanders than anything else. The many examples given in the rest of this writeup are an indication that Windows is already well down this path.
Of course, there’s a “speculation” (which is amazingly quite accurate) of Microsoft’s business model of the future (or today):
Enter the subscription model for software. Instead of paying for something once and then falling off the radar as a revenue source for several years, subscription-based content and subscription-based software guarantee a continuous revenue stream for the vendor. If Microsoft controls the distribution channel for content (which is what Vista’s content protection is trying to achieve) then every time you view or listen to some content (no matter whose content), Microsoft gets paid for permitting that content to be played on their system.
This new revenue model extends beyond mere content playback and into SaaS, in a manner revealed by Microsoft’s patent application System and method for delivery of a modular operating system, the first portions of which we’re already seeing as Vista’s Windows Anytime Upgrade. This provides a scary look at Microsoft’s view of the future of computing. As the Groklaw analysis points out, “the patent is not interesting for its technical content — all the building blocks of the described system have been used for some time now — but for the glimpse it offers into the business model envisaged by the applicant”.
Ah, Microsoft… you could’ve been a great company. You really could still be, just look into your heart and see the real pure-hearted child inside you. 🙂
Disclaimer: This blog post is content protected, including its title and even date of posting. You should not read or provide any service using the contents of this blog post without compliant content-protection-enabled devices. Using a web browser than displays unencrypted view of this blog post is prohibited, and will be prosecuted to the greatest extent possible under the latest version of our law. Of course, this entire disclaimer is a big joke, as somebody will have cracked its content protection mechanism in a very short while… 😉
Important Security Update to Disclaimer: Seriously, the linked post is licensed under the Creative Commons Attribution 2.5 License. And this one is too. 🙂