DRM

Everyone is talking about the way Windows Update silently updates itself when set to 'notify only' (but not when set to 'off', apparently). Bruce Schneier calls it 'a huge deal'.

And it is. But only if you never considered what it really means to run a proprietary OS like Windows.

Microsoft can remotely, silently modify your OS any way they choose. Does that scare you? What can you do about it? Only install their patches manually? But you still won't have a clue what those patches do. Not install them at all? The holes in a completely unpatched Windows XP give the entire world remote control over your PC, not just Microsoft.

Microsoft can make your computer cooperate with some external entities against you. Do you think that's worse than 'mere' remote vulnerabilities? But how do you know your existing, unpatched OS isn't already betraying you? (It was when it downloaded that update.) How are you going to protect yourself against that?

Use a host-based firewall? Your OS can bypass it; it works through Microsoft callbacks and lives on Microsoft sufferance. Use an external firewall? How can it tell the difference between legitimate browser access to tfosorcim.com and software calling home?

Running Windows in a tightly locked-down VM is a hard but tractable engineering problem. Running it on bare hardware with Internet access is like keeping a huge tiger susceptible to radio mind control in your living room. You build a Faraday cage around your house and keep a tranquilizer gun in your pocket, and you pat it on the head after it feeds. Eventually the force of habit puts you off your guard and you let your children play with it and pull the tiger's tail. But the tiger only needs to bite your head off once for this to be a losing proposition.

Windows only needs to let someone bring down or take over a billion computers worldwide once for all of today's troubles with 10-million-PC botnets to look like really small peanuts.

I'll end with an insightful (and obvious) comment from Schneier's blog:

To say that those keys are "high value" is a bit of a gross understatement. Imagine that you had a key that would let you arbitrarily load software onto 90+% of the computers in the world. How much would something like that be worth to the right person? [...] Heck, it's probably more than a lot of people working at Microsoft are going to make in their entire lifetime. (And you just wanted to get the code long enough to cause a problem, it would definitely be worth enough to kill a few people for.) That's a nuclear-weapons-grade secret.

Alex Ionescu has released (working binary, no code, to prevent it being used by malware authors) a program that circumvents the Vista Protected Processes by letting the user mark any process as protected or unprotected.

I'm not a Windows internals expert by any stretch of the imagination, and I don't even have the code in question. But while Alex gets the title of his post right - Why Protected Processes are a Bad Idea - he doesn't explicitly answer that question. A naive reading of his post would simply tell you that Protected Processes are a bad idea because the implementation's broken. So I wanted to add this commentary:

If you can't implement the desired separation of privileges with the permissions system you've already got, much more important things are broken than DRM.

All accounts of the evil of Vista DRM are careful to remind us that no users ever asked for DRM. Microsoft have sold out to the MPAA, they wail. And almost noone stops to consider if this is really true or not.

They're all making the same mistake promulgated by Microsoft and the MPAA's PR. They assume that the primary users of Windows are the people who run it on their private PCs at home to "consume" media. The same people who soon won't even get to choose what version of Windows they run, as big integrators like Dell stop selling XP.

But the real mass-users of Windows, the ones with power to influence Microsoft, are big corporations and governments.

And corporations want DRM very, very much.

There's something about DRM that makes people stupid. Content providers believe it will give them total control over customers. They drool over anything that has "DRM" in its name until they can't see it clearly. Then they spend their billions on something any competent engineer could out-design and out-code in two months.

How else can you explain ideas like Aladdin's recent US patent application for an "XCD"? (story, slashdot story.) This is an encrypted CD or DVD, with one edge shaped into a USB contact. The USB gives access to a key that lets a special player application access the data on the disc itself.