MUST READ !!! A Cost Analysis of Windows Vista Content Protection

Discussion in 'Windows Vista' started by WeAreNotAlone, Sep 4, 2007.

  1. WeAreNotAlone

    WeAreNotAlone MDL Member

    Aug 31, 2007
    #1 WeAreNotAlone, Sep 4, 2007
    Last edited: Sep 4, 2007
  2. WeAreNotAlone

    WeAreNotAlone MDL Member

    Aug 31, 2007
    #2 WeAreNotAlone, Sep 4, 2007
    Last edited: Sep 4, 2007
    Unnecessary CPU Resource Consumption Continued:

    This extra overhead carries a heavy cost for the typical user. It's not uncommon to find PCs so infested with malware (spyware, viruses, trojans, bots, and so on) that they can barely perform their normal tasks, let alone handle the overhead of content protection (depending on whose surveys you believe, the typical Internet-connected PC averages 20-30 pieces of malware). Despite the fact that, on paper, they may have plenty of system resources to throw around for content protection, in practice the overhead of hosting an entire zoo of malware means that any added overhead due to content protection renders them more or less unusable for content playback (while users don't seem to mind waiting around for their botnet-hosting PC to open a Word document, they'll be less happy when it drops frames or produces stuttering audio output).

    Looking at this from the point of view of the high-end rather than the average user, the problem is rather different. The high-end graphics and audio market are dominated entirely by gamers, who will do anything to gain the tiniest bit of extra performance, like buying Bigfoot Networks' $250 “Killer NIC” ethernet card in the hope that it'll help reduce their network latency by a few milliseconds. These are people buying $500-$1000 graphics and sound cards for which one single sale brings the device vendors more than the few cents they get from the video/audio portion of an entire roomful of integrated-graphics-and-sound PCs. I wonder how this market segment will react to knowing that their top-of-the-line hardware is being hamstrung by all of the content-protection “features” that Vista hogties it with?

    Unnecessary Device Resource Consumption

    “Compliance rules require [content] to be encrypted. This requires additional encryption/decryption logic thus adding to VPU costs. This cost is passed on to all consumers” — ATI.

    As part of the bus-protection scheme, devices are required to implement AES-128 encryption in order to receive content from Vista. This has to be done via a hardware decryption engine on the graphics chip, which would typically be implemented by throwing away a GPU rendering pipeline or two to make room for the AES engine (nVidia did this in their low-end G84 variant of the G80 GPU, while saving the G80's silicon for as many rendering pipelines (well, technically speaking they're stream processors now) as they can fit. Discarding GPU features to make way for content-protection hardware seems a sub-optimal business model for graphics device vendors.

    Establishing the AES key with the device hardware requires further cryptographic overhead, in this case a 2048-bit Diffie-Hellman key exchange whose 2K-bit output is converted to a 128-bit AES key via a Davies-Meyer hash with AES as its block transformation component. In programmable devices this can be done (with considerable effort) in the device (for example in programmable shader hardware), or more simply by throwing out a few more rendering pipelines and implementing a public-key-cryptography engine in the freed-up space.

    Needless to say, the need to develop, test, and integrate encryption engines into audio/video devices will only add to their cost, as covered in Increased Hardware Costs above, and the fact that they're losing precious performance in order to accommodate Vista's content protection will make gamers less than happy.

    The burden that the content-protection overhead places on resources is even more severe for portable, battery-powered devices. As a CNET review of portable devices found, “DRM not only slows down an MP3 player but also sucks the very life out of them”, with the extra overhead of processing DRM'd content shortening the battery life by about 25% across a whole range of products. This burden extends beyond DRM'd music into games as well. For example the content-protected version of the game Flatout 2 runs 15% slower than the same game without content protection.

    How Effective is it Really?

    In the introduction, I predicted that Vista's content protection, the entire mass of complex and troublesome technology covered in this writeup, would last less than a week once the hackers got hold of it. Sure enough, shortly after Vista's release, it was broken by an individual who was annoyed by the fact that he couldn't play back his legitimately-purchased HD-DVDs on his legitimately-purchased HD-DVD player (technically what he broke was the AACS content protection rather than mounting a direct attack on Vista, but the end result is that premium content under Vista is now unlocked). In a sort of re-run of the DeCSS/Xing player story from a few years, someone going by the name of muslix64 appears to have figured out how to extract HD-DVD and Blu-Ray keys from the PowerDVD player software, allowing all(?) HD disk content to be decrypted and played back on any HD display, without content-protection measures getting in the way. The manufacturers of PowerDVD claim that they've done nothing wrong and won't be updating the player, and muslix64 says that “they [players] are all vulnerable [to a] different extent”. This was indirectly confirmed in April 2007 when the WinDVD player apparently had its keys revoked, requiring that users download and install, an, uh, “security update” to re-enable the DRM.

    As a result, both HD-DVD and Blu-Ray content can now be decrypted and played without image downgrading or blocking by the OS, and unprotected content is already appearing in the usual locations like BitTorrent streams. The fact that the legally-purchased content wouldn't play on a legally-purchased player because the content protection got in the way was the motivating factor for the crack. The time taken was about a week. As a result, all of the content-protection technology (at least for HD-DVDs and Blu-Ray discs) is rendered useless. All that remains is the burden to the consumer. It lasted all of one week.

    If you want to read more about the AACS crack and its potential repercussions, Ed Felten has a long and detailed analysis in his Freedom to Tinker blog. TLS security person Eric Rescorla has looked at this a bit further and concluded that this problem is more or less unfixable as long as software players exist. A side-effect is that if the content owners decide to address this by revoking the players, it affects a huge number of innocent users, and because the problem as a whole is unfixable, the attackers can force the content owners to do this whenever they please and as often as they please, a fact that's unlikely to endear the content providers to consumers. From a chess-playing perspective it appears that the content owners' threat modelling never went any further than “Hey, I can move my rook over there!”. There doesn't seem to have been any consideration of what could happen during any subsequent moves, or maybe no-one wanted to think about it. So even though the mechanisms to address this are in place, in practice it looks like AACS is CSS all over again (see [Note C] for the reasons why).

    The AACS Licensing Authority in turn says that AACS has not been seriously compromised, which no doubt comes as a considerable surprise to people busy decrypting HD-DVD and Blu-Ray content. Given the legal implications for the various participants in AACS this finger-pointing contest is to be expected (you could just blame Canada, for example), but it's unlikely that anyone but the lawyers will care. In the meantime there's an ongoing arms race (or an amusing game if you're not the AACS LA) in which the AACS LA releases fixes and the opposition break them, often within a day of the fix being released. Overall it's probably safe to say that the future function of AACS will be mostly to act as a teaching example of how not to do security engineering.

    (The “blame Canada” comment is a reference to a carefully-planted story in the Canadian Globe and Mail newspaper designed to influence Canadian lawmakers in their vote on Bill C-60. Another Canadian paper calls the story “mostly fiction […] much ado about nothing, featuring unsubstantiated and inconsistent claims about camcording, exaggerations about its economic harm and misleading critiques of Canadian law ”, with further analysis showing that “the industry's own data reveals that the claims are based primarily on fiction rather than fact”).

    Final Thoughts

    “No amount of coordination will be successful unless it's designed with the needs of the customer in mind. Microsoft believes that a good user experience is a requirement for adoption” — Microsoft.

    “The PC industry is committed to providing content protection on the PC, but nothing comes for free. These costs are passed on to the consumer” — ATI.

    “How do I put all these companies in a position where, regardless of what they see is in their best interest, they have to adopt your technology? […] I realized that a major part of my job was to figure out how to use technology control to create economic force, or leverage, such that money and business flowed in Microsoft's direction” — Alex St.John, father of DirectX.

    “I'm not sure how the company lost sight of what matters to our customers, both business and home, the most, but in my view we lost our way. I think our teams lost sight of what bug-free means, what resilience means, what full scenarios mean, what security means, what performance means, how important current applications are, and really understanding what the most important problems our customers face are” — Jim Allchin, Platform Products and Services Group, Microsoft.

    Vista: Still has some wrinkles
    The product still has a few wrinkles

    The topic of DRM is far too complex to cover here, and in any case has been extensively analysed elsewhere. In you want a good summary of the situation then I'd recommend reading There Ain't No Such Thing as a Free Lunch by book author Eric Flint. This provides an interesting view of DRM from one of the artists/content creators that DRM is supposed to be protecting. It's an extremely insightful analysis of the topic that examines the underlying business model and indeed philosophy of DRM rather than focusing exclusively on technical and legislative measures or its counterpart, “information wants to be free” jingoism. This should be required reading for anyone who works with DRM or who's interested in the background for the whole DRM debate.

    So setting aside the DRM debate, the question remains: Why is Microsoft going to this much trouble? Ask most people what they picture when you use the term “premium-content media player” and they'll respond with “A PVR” or “A DVD player” and not “A Windows PC”. So why go to this much effort to try and turn the PC into something that it's not? You can get an idea of just how important content protection is to Microsoft by looking at the Windows Vista logo requirements. The primary requirement for graphics devices in the Windows Vista Logo Program isn't, as would be expected, the ability to handle a high-resolution display or display a rich palette of colours. It isn't the presence of a good quantity of memory and powerful graphics rendering. It isn't even the ability to handle Vista's much-touted Aero interface, arguably the primary reason for running Vista. Instead, the number one requirement for Windows Vista graphics device certification, “GRAPHICS-0001” in the specification, is “Display adapter supports output connectors with content protection features and provides control via PVP and COPP DDIs”. It's only the follow-on “GRAPHICS-0002” that requires that “Display subsystem meets GPU, memory, resolution, and bandwidth requirements for a premium Windows experience”. This is a pretty amazing admission, because it means that Microsoft is placing content protection above all other requirements for Vista, even the ability to handle Vista's primary feature, the Aero interface. For audio it's less critical, dropping to 14th place as “AUDIO-0014”, “Audio device implements DRM support as defined in the Windows Driver Kit”. This is probably because Microsoft haven't quite got the audio DRM sorted out yet so it's a bit hard to nail down requirements at this stage.

    So why is content protection apparently Microsoft's number one priority for Vista?

    In July 2006, Cory Doctorow published an analysis of the anti-competitive nature of Apple's iTunes copy-restriction system that looked at the benefits of restrictive DRM for the company that controls it. The only reason I can imagine why Microsoft would put its programmers, device vendors, third-party developers, and ultimately its customers, through this much pain is because once this copy protection is entrenched, Microsoft will completely own the distribution channel. In the same way that Apple has managed to acquire a monopolistic lock-in on their music distribution channel (an example being the Motorola ROKR fiasco, which was so crippled by restrictions that a Fortune magazine senior editor reviewed it as the STNKER), so Microsoft will totally control the premium-content distribution channel. In fact examples of this Windows content lock-in are already becoming apparent as people move to Vista and find that their legally-purchased content won't play any more under Vista (the example given in the link is particularly scary because the content actually includes a self-destruct after which it won't play any more, so not only do you need to re-purchase your content when you switch from XP to Vista, but you also need to re-purchase it periodically when it expires. In addition since the media rights can't be backed up, if you experience a disk crash you get another opportunity to re-purchase the content all over again. This is by design: as Jack Valenti, former head of the MPAA, put it, “If you buy a DVD you have a copy. If you want a backup copy you buy another one”). It's obvious why this type of business model makes the pain of pushing content protection onto consumers so worthwhile for Microsoft since it practically constitutes a license to print money.

    Microsoft have been saying for some years now that they'd really like the PC to go away, to turn into a kind of media platform and content-distribution center for consumers. This was a major theme of Bill Gates' world promotional tour for Vista in early 2007, and in particular something he went into in some detail at the World Economic Forum in Davos, Switzerland. Windows MCE has been the tail and of a long line of (unsuccessful) attempts to achieve this (the only reason why MCE seems to sell at all is because it's the cheapest version of Windows that vendors can pre-install on a PC). If “premium content” ever takes off, Microsoft wants to be the central controller of all content distribution and playback — only Windows can secure the content, therefore only Windows can distribute it. Even the term “premium content” is misleading: in a few years' time, most audio and video will be produced in some form of HD format, at which point “premium content” becomes normal, and so everything is subject to content protection.

    Paul Stimpson submitted an excellent analysis of this situation in which he points out that “Microsoft are being clever by releasing these protection 'features' now; The average user who goes to a computer store will get Vista but won't have either premium content or get 'premium ready' PC hardware; The ordinary person in the street can't afford a top-of-the-line machine and display. They will have a 'Vista capable' machine; Vista will look nice and not cause too much trouble or suffer from the protection overhead too much; They won't have any choice or know any different and it will be accepted. These people will dismiss any complaints they hear about these problems as a geek thing. They got their computer at the right price and it does everything they ask of it. They will only find out the truth in a few years when they buy their next computer and all machines are 'premium ready' (and fast enough to implement the protection) and every display has an HDMI connector. By that time XP will be well into its decline so there will be no going back. It's impossible to keep off the upgrade treadmill if you have Windows; Eventually you will either have to buy new hardware (with a new copy of Windows) or your out-of-support version of Windows will become such a target for malware that it will no longer be useable”.

    “In today's environment these content protection features are indeed a nonsense. I don't think, however that Microsoft are thinking about today's environment beyond keeping these features low-key for most users in order to avoid rejection. In their heads Microsoft see the 'connected home' where everyone has a network and displays around the house that integrate everything from TV to email, Internet, telephone, lighting and heating. In order to do these things on your TV you need a computer attached to it and Microsoft want that computer to run Windows”.

    So not only will Microsoft be able to lock out any competitors, but because they will then represent the only available distribution channel they'll be able to dictate terms back to the content providers whose needs they are nominally serving in the same way that Apple has already dictated terms back to the music industry: Play by Apple's rules, or we won't carry your content. And as the example above shows, they'll also be able to dictate terms to consumers in order to ensure a continual revenue flow. The result will be a technologically enforced monopoly that makes their current de-facto Windows monopoly seem like a velvet glove in comparison [Note K].

    The onerous nature of Vista's content protection also provides a perverse incentive to remove the protection measures from the content, since for many consumers that'll be the only way that they can enjoy their legally-acquired content without Vista's DRM getting in the way. This is already illustrated in the Quotes and Footnotes sections, where the people bypassing HD-DVD protection measures aren't hardcore video pirates but ordinary consumers who can't even play their own legitimately-acquired content. The sheer obnoxiousness of Vista's content protection may end up being the biggest incentive to piracy yet created. Even without overt “piracy” (meaning bypassing restrictions in order to play legally-purchased media), it makes very sound business sense for companies to produce media-player hardware that bypasses the problem, just as they have already with region-free play-anything DVD players. Perhaps Hollywood should heed the advice given in one of their most famous productions: “The more you tighten your grip, the more systems will slip through your fingers”.

    A historical feature of organisations like Beria's NKVD (and by extension any kind of state enforcers in a totalitarian society) is that the lack of any fixed goals and limits on their behaviour, the kind that would be set by the laws of a democratic country, combined with the intense paranoia of the leadership, leads to a continual extension of the security apparatus and an ongoing escalation of repressiveness by the enforcers. The result is a driftnet approach to enforcement that ends up netting more innocent bystanders than anything else. The many examples given in the rest of this writeup are an indication that Windows is already well down this path.

    Overall, Vista's content-protection functionality seems like an astonishingly short-sighted piece of engineering, concentrating entirely on content protection with no consideration given to the enormous repercussions of the measures employed. It's something like the PC equivalent of the (hastily dropped) proposal mooted in Europe to put RFID tags into high-value banknotes as an anti-counterfeiting measure, which completely ignores the fact that the major users of this technology would be criminals who would use it to remotely identify the most lucrative robbery targets (in my Godzilla security tutorial I nominate this (hastily-dropped) idea as “possibly the most stupid use of RFID ever proposed”).

    To add insult to injury, consider what this enormous but ultimately wasted effort could have been put towards. Microsoft is saying that Vista will be the most secure version of Windows yet, but they've been saying that for every new Windows release since OS security became a selling point. I don't think anyone's under any illusions that Vista PCs won't be crawling with malware shortly after the bad guys get their hands on them (there were already Vista exploits up for sale before the OS even hit the shelves). But what if the Vista content-protection technology had instead been applied towards malware protection? Instead of a separate protection domain for video playback, we might have a separate protection domain for banking and credit card details. Instead of specialised anti-debugging technigues to stop users getting at even one frame of protected content, we could have those same techniques combatting malware hooking itself into the OS. The list goes on and on, with all of the effort being misapplied to DRM when it could have been used to combat malware instead. What a waste. What a waste.

    Where could all this stuff be heading in the future?
    For some years now Microsoft have been trying to introduce software-as-a-service (SaaS), where you don't pay one lump sum for an application any more but instead rent it in an ongoing series of payments. The reason for this is that they've pretty much run out of ideas for new revenue-generation features for their two flagship produces Windows and Office. If you take a typical user and dump them in front of a ten-year-old copy of Microsoft Word (Office'97) and then ask them to compare it with the latest edition (at least before Office 2007, when they radically changed the user interface) then the only obvious change is that the paperclip is gone. Sure, there's a pile of obscure little changes that 99.99% of the user base would never notice, but for the vast majority of users the functionality of Office that they actually make day-to-day use of hasn't changed in ten years.

    This isn't due to any inability of Microsoft to innovate, but because there's only so many things that you can do with (say) a word processor, and at some point you've made the last meaningful change and the only thing left to do is repeatedly tweak the eye candy and bump the version number every few years.

    Windows has the same problem. If you take an eight-year-old PC running Windows 98, put it next to a current PC running Windows XP (with the Fisher-Price colour scheme turned off), the typical user won't be able to tell you what's changed without a point-by-point comparison of system features from one machine to the other.

    This problem is by no means exclusive to Microsoft. Here's a quick exercise: Apart from the monstrous bloat in size, what changed between Adobe Acrobat Reader 4, Acrobat Reader 5, Acrobat Reader 6, and Acrobat Reader 7? For anyone but a hardcore geek or DTP professional, the response is “ nothing”, because there really wasn't much more left to add after version 4. You can actually see this in a program called Adobe Reader Speedup, which unplugs all of the bloat from newer versions of Acrobat so that it loads and runs almost instantly, with no noticeable loss in functionality.

    The same applies to any number of other software packages: After they've reached a certain level of maturity, you just run out of things to add. This is a severe problem for large software (and hardware) vendors, whose revenue streams are dependent on users upgrading to the latest version every few years. If users have a perfectly usable old PC running a perfectly usable old version of Windows and a perfectly usable old version of Office, there's no incentive to upgrade, and so by extension no incentive to provide a new revenue stream to the vendor.

    Enter the subscription model for software.

    Instead of paying for something once and then falling off the radar as a revenue source for several years, subscription-based content and subscription-based software guarantee a continuous revenue stream for the vendor. If Microsoft controls the distribution channel for content (which is what Vista's content protection is trying to achieve) then every time you view or listen to some content (no matter whose content), Microsoft gets paid for permitting that content to be played on their system.

    This new revenue model extends beyond mere content playback and into SaaS, in a manner revealed by Microsoft's patent application System and method for delivery of a modular operating system, the first portions of which we're already seeing as Vista's Windows Anytime Upgrade. This provides a scary look at Micrsoft's view of the future of computing. As the Groklaw analysis points out, “the patent is not interesting for its technical content — all the building blocks of the described system have been used for some time now — but for the glimpse it offers into the business model envisaged by the applicant”.

    What the patent describes is a deliberately crippled system for which users then pay (and pay and pay and pay) for each feature that's allowed to run at it's actual capacity. Quoting from the patent application:

    [0003] An operating system is composed of a small basic kernel, often given away for free. The small basic kernel, may be used for simple operations and for basic application support. A user of the computer system may then have the opportunity to add specific modules supporting the functionality required for his or her particular interests.

    [0005] Digital rights management may be used to manage add-on modules. As opposed to the prior art, where the operating system is available in perpetuity, add-on modules may be available for limited periods of time, based on the license terms. It may also be possible to allow only certified or authorized add-on modules to be installed, enabling digital rights management to allow selective purchase by users, fraud control for providers and also to restrict unauthorized operating system extensions from being installed that may support unauthorized hardware and/or software.

    (The “unauthorized operating system extensions” in this case are ones that would allow the hardware to run at its full capacity rather than restricting it in order to create a payment enforcement mechanism).

    [0028] The hardware category may include power management, removable memory support, metered disk drives, multiple processor support, increased screen resolution, increased screen color depth, 3D acceleration, and patches/bug fixes/service packs. Power management offers the user options for setting power consumption, particularly in a laptop, but also for desktop environments. Removable memory support may include capabilities for rotating media such as CD and DVD, as well as solid-state memory such as USB memory peripherals. A metered disk drive (not depicted) may provide a user with a base function for small capacity disk storage at a given speed. Advanced support for disk access may include high speed/high capacity drives as well as network drives. In a base configuration supported by the operating system, the number of processors may be limited to one, or to a fixed performance level. The operating system may support limited screen resolutions and color depth, while an add-on module may expand those capabilities. 3-D acceleration is of interest to some users is discussed further below. In the area of operating system maintenance, service packs, bug fixes, and patches have been included in the original purchase price of an operating system for prior art systems. The use of an add-on module for support of bug fixes, service packs, and patches allows users to selectively pay for only the support that is of interest to them.

    [0029] The peripheral category may include installed printers, COM ports, USB ports, telephone service, and the number of peripherals allowed. A computer functioning with the operating system may have limited peripheral support. Add-on modules may allow users to select the types, speed, and number of peripherals allowed and supported.

    [0030] The communication category may include network interfaces, such as dial up, TCP, and peer-to-peer networks, etc. A computer supported by the operating system may not include any network support for use in basic applications. Add-on modules for communication may be used to support low- speed access such as dial up, higher-speed access, for example, DSL speeds up 500 kilobits per second, or speeds up to the maximum supported by the available hardware. Communication may also be limited by type, such as support for Internet browsing separate from peer-to-peer networking.

    (So absolutely everything that a computer is possibly capable of doing is crippled until payment has been received by Redmond).

    [0031] […] a power user may want specific window and background themes with associated styles, a significant number of concurrent windows, and an unlimited number of concurrent applications, up to the capacity of the hardware. A game support pack including advanced sound support, game controller support, and increased video memory may be of interest to those users primarily interested in interactive games. Users of business support applications may benefit from a support pack including high speed disk access, network drive support, and network printing, for example.

    Here's a sample cost breakdown:

    [0026] […] For the sake of illustration, it is shown that add-on module 210 is available for free, add-on module 212 has a one-time charge of $6, and add-on module 214 has an ongoing charge of $2 per month.

    (The numbers refer to parts of diagrams included in the patent application).

    This is basically a form of blackmail in which the user's hardware is held to ransom by the operating system and only released when the appropriate amount of baksheesh has been forwarded to Redmond. As the Groklaw analysis puts it, “Why would anyone agree to something like this? Perhaps I can chalk it up to Microsoft innovating again. They must be testing the outer limits of what a customer will put up with before bolting to Linux, certainly a valuable scientific study from my point of view”. Microsoft has already quietly trialled pay-as-you-go functionality for its software in out-of-the-way countries where it won't attract much media coverage, providing applications like MS Office in a manner that gives users “the flexibility to pay over time”.

    The worst thing about all of this “content protection” is that there's no escape. Hardware manufacturers will have to drink the kool-aid (and the reference to mass suicide here is deliberate [Note L]) in order to work with Vista: “There is no requirement to sign the [content-protection] license; but without a certificate, no premium content will be passed to the driver”. Of course as a device manufacturer you can choose to opt out, if you don't mind your device only ever being able to display low-quality, fuzzy, blurry video and audio when premium content is present, while your competitors don't have this (artificially-created) problem.

    As a user, there is simply no escape. Whether you use Windows Vista, Windows XP, Windows 95, Linux, FreeBSD, OS X, Solaris (on x86), or almost any other OS, Windows content protection will make your hardware more expensive, less reliable, more difficult to program for, more difficult to support, more vulnerable to hostile code, and with more compatibility problems. Because Windows dominates the market and device vendors are unlikely to design and manufacture two different versions of their products, non-Windows users will be paying for Windows Vista content-protection measures in products even if they never run Windows on them.

    Here's an offer to Microsoft: If we, the consumers, promise to never, ever, ever buy a single HD-DVD or Blu-Ray disc containing any precious premium content [Note M], will you in exchange withhold this poison from the computer industry? Please?


    This document was put together with input from various sources, including a number that requested that I keep their contributions anonymous (in some cases I've simplified or rewritten some details to ensure that the original, potentially traceable wording of non-public documents isn't used). Because it wasn't always possible to go back to the sources and verify exact details, it's possible that there may be some inaccuracies present, which I'm sure I'll hear about.

    In addition to the material presented here, I'd be interested in getting further input both from people at Microsoft involved in implementing the content protection measures and from device vendors who are required to implement the hardware and driver software measures. I know from the Microsoft sources that contributed that many of them care deeply about providing the best possible audio/video user experience for Vista users and are quite distressed at having to spend time implementing large amounts of anti-functionality when it's already hard enough to get things running smoothly without the intentional crippling. I'm always open to further input, and will keep all contributions confidential unless you give me permission to repeat something. If you're concerned about traceability, grab a disposable account at Yahoo, Gmail, or some similar provider and contact me through that. If you're worried about being identified via the machine that you connect to the email provider with, use an Internet cafe to send the message — just use standard common-sense precautions. If you want to encrypt things, my PGP key is linked from my home page.

    (In case the above hints aren't obvious enough, if you work for nVidia, ATI, VIA, SiS, Intel, …, I'd really like to get your comments on how all of this is affecting you).


    Because this writeup started out as a private discussion in email, a number of the sources used were non-public. The best public sources that I know of are:

    * Output Content Protection and Windows Vista from WHDC.
    * Windows Longhorn Output Content Protection from WinHEC.
    * How to Implement Windows Vista Content Output Protection from WinHEC.
    * Protected Media Path and Driver Interoperability Requirements from WinHEC.

    (Note that the cryptography requirements have changed since some of the information above was published. SHA-1 has been deprecated in favour of SHA-256 and SHA-512, and public keys seem to be uniformly set at 2048 bits in place of the mixture of 1024 bits and 2048 bits mentioned in the presentations).

    An excellent analysis from one of the hardware vendors involved in this comes from ATI, in the form of Digital Media Content Protection from WinHEC. This points out (in the form of PowerPoint bullet-points) the manifold problems associated with Vista's content-protection measures, with repeated mention of increased development costs, degraded performance and the phrase “increased costs passed on to consumers” pervading the entire presentation like a mantra.

    In addition there have been quite a few writeups on this (although not going into quite as much detail as this document) in magazines both online and in print, one example being PC World's feature article Will your PC run Windows Vista? that covers this in the appropriately-titled section “Multimedia in chains”, and ComputerWorld's article Vista and More: Piecing Together Microsoft's DRM Puzzle. Audience reactions to these proposals at WinHEC are covered in Longhorn: tough trail to PC digital media published in EE Times, unfortunately you need to be a subscriber to read this but you may be able to find accessible cached copies using your favourite search engine. The EFF has an overview of the effects of Vista's revocation mechanisms in Protected Media Path, Component Revocation, Windows Driver Lockdown.

    Use, Modification, and Redistribution

    This document is licensed under the Creative Commons Attribution 2.5 License. This means that you can copy, distribute, display, and perform the work, and make derivative works, provided that you credit the original author and provide a link back to the original work (at the URL given in the title). To quote the Creative Commons site “This license lets others distribute, remix, tweak, and build upon your work, even commercially, as long as they credit you for the original creation. This is the most accommodating of licenses offered, in terms of what others can do with your works”.

    Appendices and Footnotes

    The more formal section of the document ends here. The following sections contain various informal comments, thoughts, and other odds and ends. For people doing translations of this document, it's probably not worth trying to translate these sections.


    This document seems to produce various reactions that come up repeatedly. To respond to the more frequently-expressed views, I've added this mini-FAQ.
    This is just Microsoft-bashing.

    It's bad-technology bashing. If this had been done by Linus Torvalds, Steve Jobs, Alan Cox, or Theo de Raadt, I'd have said the same thing about it. As far as I'm concerned computers are tools to get a job done and not a platform for religious wars, and if something's bad I'll say so regardless of who's doing it. In fact Vista overall has some really nice new technology and features built into it, it's just this one aspect of Vista that's troublesome. And just for the record I run various versions of Windows on … [counting] … seven of my machines (the rest are a mixture of Linux, FreeBSD, and occasionally Solaris and QNX), so I'd be a rather unlikely Microsoft detractor if I have their software all over my machines.
    This is a biased writeup.

    Perhaps, but then I challenge anyone to read the specifications given in the Sources section above and write a positive analysis of Vista's content protection. Someone has to point out these problems, and it happened to be me in this case, but I think anyone with technical skills who reads the relevant documents would come to a similar conclusion.

    This is all a pile of FUD.

    The process that leads to comments like this tends to be (1) Quickly skim through this document, (2) Decide that it sounds a bit implausible (possibly even before performing step 1), (3) Post a rant saying that it's FUD. To pick one particular example, a Digg reader's reaction to the section of text that states that there isn't sufficient CPU power available for both decompression and encryption was:

    I'm sorry, where does this come from? You do realize that this is completely uncited, and very likely wrong? Entire paragraphs that follow are based on this magical detail pulled out of thin air. […] I'm no fan of this asinine DRM bulls**t, but the scenarios and postulates put forth in this article are complete rubbish.

    Referring to the very first source listed in the Sources section shows that this is picked not from thin air but from Microsoft's own documentation:

    The problem with regular AES is that it takes about 20 CPU clocks to encrypt each byte. This is OK for compressed or semi-compressed video, but for the multiple HD uncompressed case, it is too much even for a 2006 processor [referring to the fastest CPU available at the time the document was written].

    and then again:

    In the case of premium content, whether video can play back smoothly when using regular AES with uncompressed video will be a function of the resolution of the uncompressed video and the power of the processor. It is unlikely to work well in 2006 for uncompressed HD premium content

    If you don't believe what you've read here, go back to Microsoft's own documentation and read that (in fact read the Microsoft documents no matter what you believe, because they're quite scary). If you still think it's FUD then you can at least post informed comments about it.

    Microsoft is only doing this because Hollywood/the music industry is forcing them to.

    “We were only following orders” has historically worked rather poorly as an excuse, and it doesn't work too well here either. This is just an example of the Dank defence. The Dank defence, as reported by former Assistant U.S. Attorney Andrew Grosso, was used by someone who was picked up carrying a shotgun in a park at night. With six previous violent crime convictions on his record, he explained his presence in the park by saying that a man called “Dank” had held a gun to his head and forced him to carry the shotgun. When the police turned up, “Dank ” ran away, leaving him holding the bag (or at least the shotgun). As the Assistant U.S. Attorney put it, “the jurors chose not to believe the defendant's story”. In Vista's case, we're being asked to believe that Hollywood is holding a gun to Microsoft's head and forcing them to cripple their flagship product and inflict all manner of pain on their business partners and customers, and Microsoft has no choice but to comply.

    I choose not to believe the defendant's story. While it's convenient to paint an industry that sues 12-year-old children, grandmothers, families with no computer or Internet access, and even tries to sue the dead as the scapegoat, there's no Dank holding a gun to Microsoft's head to force them do this. There is no evidence whatsoever to show that crippling your flagship product and seriously annoying your business partners and your entire customer base will leave you better off financially than being unable to play a few HD movies, which is what Microsoft is asking us to believe. The content industry is desperate to get its content onto PCs, and it would have been quite easy for Microsoft to say “Here's what we'll do with Vista, take it or leave it. We won't seriously cripple our own and our business partners' products just to suit your whims”. In other words they could make it clear to Hollywood who's the tail and who's the dog. As security guru Bruce Schneier says, “Microsoft could have easily told the entertainment industry that it was not going to deliberately cripple its operating system, take it or leave it. With 95% of the operating system market, where else would Hollywood go?”

    Here's an illustrative story about what can happen when the content-industry tail tries to wag the dog. About 10-15 years ago, music companies told a bunch of NZ TV stations that they had to pay fees in order to screen music videos. The TV stations disagreed, saying that they were providing free advertising for the music companies, and if they didn't like that then they'd simply stop playing music videos. So they stopped playing all music videos.

    After a few weeks, cracks stated to appear as the music companies realised just how badly they needed the TV channels. One of the music companies bought an entire prime-time advertising block (at phenomenal cost, this wasn't a single 30-second slot but every slot in an entire prime-time ad break) just to play one single new music video.

    Shortly afterwards, music videos reappeared on TV. The details of the settlement were never made public, but I imagine it consisted of a bunch of music company execs on their knees begging the TV stations to start playing music videos again and let's please never bring this matter up again.

    It's the same with Microsoft, the content industry needs them as badly (or more badly) than Microsoft needs the content industry. Claiming that they're only following orders from Hollywood is a red herring — if Microsoft declined to implement this stuff, Hollywood would have to give in because they can't afford to lock themselves out of 95% of the market, in the same way that the music companies couldn't afford to cut out their primary advertising channel. Microsoft fought the US government to a standstill in its anti-trust case — they faced down a superpower to protect their products — and yet now we're supposed to believe that they jeopardised their flagship product because a few film studios asked them to. I don't buy it. The far more likely motivation for why Microsoft is doing this are given in the Final Thoughts section above.
    This overstates the potential risks.

    I work in the field of computer security. It's my job to perform risk assessments of computer technology and that's what this writeup is. If I worked in marketing, it'd be my job to tell you how wonderful Vista's content handling is. Since I don't work in marketing, what you're reading is an analysis of the potential risks of Vista's content-protection technology.

    If you go to a lawyer and say “I want to do X, what are the potential risks from a legal point of view”, they'll tell you the potential risks of X. If you go to a security person and ask the same question, they'll tell you the potential risks from a security point of view. The intent is to inform potential Vista users of possible risks and allow them to make their own decisions. Some of the risks may seem obscure, but it's up to you to decide what their impact on you might be and whether they apply to you or not.
    You're just upset because you can no longer steal content under Vista.

    Yes, someone really did send me email with this claim in it. It's silly enough that I had to include it for the amusement value :).

    Open Questions

    There are a number of open questions about Vista's content protection that probably won't be able to be answered until some months after its wide deployment when users can report on real-life experiences, because no-one seems to know how certain things will work. If anyone has any more information on these, please let me know.

    Question 1.

    How easy is it to get HD content around the outside of Vista's content protection? The block diagrams in the specification documents show the layering as:

    User-space application
    Vista content-protection interface
    Vista content playback subsystem
    Vista device drivers
    Device hardware

    Reading the specs, user-space applications are expected to call down into the Vista content-protection interface to play back content (one document actually uses the metaphor of the user-space application acting merely as a remote control for the Vista content-protection and playback subsystem). The question is, can a user-space application that chooses to opt out perform an end-run around the higher-level Vista interface and go directly to the low-level interface to get its content out without Vista's content-protection getting in the way? User feedback on Microsoft's own forums indicates that even using third-party playback software like the nVidia or Cyberlink decoders instead of the Vista one will result in playback being disabled when (in this case) the Vista Media Centre trial license expired.

    Question 2.

    How will all of this affect users who want to prepare HD content, protected or not? Given that the intent of Vista's content-protection is to ensure that no HD content ever leaves the system in usable form, how do you prepare the HD content? More importantly, since Vista happens to be a multitasking OS, how do you guarantee that as your HD content is being prepared, the presence of some other protected content somewhere in the system doesn't cause it to be silently degraded for “protection” purposes? Just how deep does the protection extend? If it's on a per-task or even per-thread level then any cross-task or cross-thread mechanism (e.g. process thread injection) can be used to compromise the content protection. On the other hand if it's all your content are belong to us whenever protected content is present then innocent content will be degraded along with protected content.

    Question 3.

    If you build it, they will come. Once the DRM mechanisms are in place, there's every reason to believe that any kind of content subject to any kind of copyright will try and take advantage of it. After all, why not? The tools are there, there's no reason not to use them. We already have so-called Enterprise DRM (E-DRM) and Information Rights Management (IRM) that's intended to control access to documents like Microsoft Word, PDF documents, CAD files, and so on (about 20 years ago during the heyday of the DoD Orange Book this stuff was known as ORCON, originator-controlled access control). Now that DRM is integrated into Vista as a core technology there's no knowing how far this can be taken in the future. Indeed Bill Rosenblatt, managing editor of Jupiter Media's “DRM Watch” sees enterprise DRM as a major growth area for Vista's content-protection technology. What will computing be like in a few years time?

    Question 4.

    I've both read on the web and received via email endless reports of people unable to play HD-DVD and Blu-Ray content on Windows PCs, both Vista (beta) and XP. Has anyone actually been able to play HD-DVD or Blu-Ray content (i.e. the material that Vista classes as premium content) under Windows at HD quality levels (i.e. without resorting to hooking up an analog monitor or something similar)? If so, what HD drive, player software, graphics card, and monitor did you use?

    (So far alongside a great many reports of people being unable to play any HD content at all I've received one report of someone who managed to play back HD-DVDs. Equipment used was an XBox360 (functioning as the HD-DVD player), an nVidia 8800GTX with HDCP (a top-of-the-line graphics card currently selling for around $600), and a Westinghouse 37w3 with HDCP on the DVI input (a 37″ LCD display currently selling for around $1,200). (This particular model being discontinued- No longer available btw -WeAreNotAlone)

    Microsoft's Response

    In mid-January 2007, Microsoft responded to some of the points in this writeup. Some of the material was new and interesting (for example clarifying just what actually gets revoked when a driver revocation occurs), other parts seem more likely to have come from Waggener Edstrom (Microsoft's PR firm) than Program Manager Dave Marsh (The Inquirer wasn't too impressed by it either). I've updated the body text based on some of the clarifications, but for things that aren't directly relevant to the main text (which means the PR-spin items) I'll comment on them here. The important technical clarifications that affected the main body of the writeup are (1) exactly what happens when a driver is revoked, (2) what happens when a tilt bit triggers, and (3) which portions of the output are affected when content degradation takes place. The content-protection specifications were previously somewhat unclear about these various consequences of the protection mechanisms, so it's good to have this clarification on exactly what occurs.

    Since the portions that I'll comment on here are PR-related rather than technical content, the following section is an attempt to respond directly and try and unravel the PR spin. The technical comments have been integrated into the main body of the writeup.
    Do things such as HFS (Hardware Functionality Scan) affect the ability of the open-source community to write a driver?

    No. HFS uses additional chip characteristics other than those needed to write a driver. HFS requirements should not prevent the disclosure of all the information needed to write drivers.

    This claim is directly contradicted by a document by the same author that states:

    “Such tests could involve loading a surface with an image, and then getting the chip to apply various visual effects to the image and reporting back the resulting pixels”.

    and then later on:

    “The internal workings of the graphics chip must be kept secret, such that a hacker building an emulator could not find out the required information”.

    So this document, the primary reference for Vista's content protection, states exactly the opposite of what's said in Microsoft's response, namely that standard chip functionality (in this case graphics rendering in a GPU) is exercised for HFS, and that the device details have to be kept secret to prevent someone emulating the functionality.
    Will the Windows Vista content protection board robustness recommendations increase the cost of graphics cards and reduce the number of build options?

    Everything was moving to be integrated on the one chip anyway and this is independent of content protection recommendations. Given that cost (particularly chip cost) is most heavily influenced by volume, it is actually better to avoid making things optional through the use of external chips.

    While it's certainly tempting to quote the Slashdot response “Whose ass was this assertion pulled out of?”, I'll provide a bit more context. This comment, that the overhead of Vista's content protection will lead to cheaper hardware, comes from a Microsoft product manager responsible for the content protection. An ATI product manager responsible for producing the actual hardware says:

    “These costs are passed on to the consumer”

    “This cost is passed on to all consumers”

    “This cost is passed on to purchasers of multimedia PC's”

    “Costs are passed on to consumers”

    “Costs are passed on to consumers, especially early adopters”

    I'll let you decide who to believe.

    (Another problem with this unification of hardware is that it leads to problems like the erroneous triggering of content-protection measures that's described in Decreased System Reliability).
    Will Windows Vista content protection features increase CPU resource consumption?

    Yes. However, the use of additional CPU cycles is inevitable, as the PC provides consumers with additional functionality.

    Note the careful use of the term “additional functionality” rather than “enhanced functionality”. Vista's content protection actually provides reduced functionality (as the main body of the writeup goes into in great detail), so the comment is pretty much confirming what's in the writeup. Vista users have already complained about the excessive CPU usage of a Vista component called “Media Foundation Protected Pipeline” (here's a screenshot of it in action), complaining of it pegging the CPU at 100% load on startup and then staying at 10-20% CPU during playback. One user complained of it consuming 50% of the CPU on his 3GHz Pentium 4 machine under Vista, while there had been no problems under XP. Another user observed that this process also runs for DivX and XviD files, implying that it's always active even if no premium content is present. Another DRM-enabled piece of Windows audio, the somewhat problematic AudioDG Vista audio engine host, has similar resource problems.

    The exact nature of this Media Foundation Protected Pipeline is somewhat mysterious, it's present as a 24KB protected executable mfpmp.exe in the System32 directory. The process only shows up with Windows Media Player, not with other players like VLC or WinAMP, and even then only when certain content like MP3s or video is played. It doesn't show up for older/simpler content like WAV files, but then again it does show up for non-protected content. Karel Donk has done some further testing with this and reports that:

    “While playing an MP3 file in WMP, I ended the “mfpmp.exe” process, and then sound stopped, but WMP still worked. I then pressed stop in WMP and then Play again and the MP3 file started playing, but this time through wmplayer.exe itself. It probably detected something wrong with the “mfpmp.exe” and fell back to another playback path I think. Can't be sure. A few seconds later, “mfpmp.exe” did appear again, but with 0 CPU usage as the file was playing through WMP. I had to restart WMP in order for the MP3 to play again through “mfpmp.exe””.

    Another user has reported:

    “Whenever I play .mp3 and .wmv files in WMP11(unprotected, I assume, as they are the example videos that come with Vista itself) mfpmp.exe shows up in the task manager and uses between 5 and 15% of the available CPU cycles”.

    A way to put Microsoft's response into perspective is to rephrase the question to “Will viruses increase CPU resource consumption?”, to which the answer is also “Yes. However, the use of additional CPU cycles is inevitable, as the PC provides consumers with additional functionality” (like spamming, phishing site hosting, and so on).
    What about S/PDIF audio connections? […] Will Component (YPbPr) video outputs be disabled by Windows Vista's content protection?

    Similar to S/PDIF, Windows Vista does not require component video outputs to be disabled, but rather enables the enforcement of the usage policy set by content owners or service providers, including with respect to output restrictions and image constraint.

    So that would be a “Yes” then. This is another one of the sections that seems likely to have had Waggener Edstrom influence.
    Will echo cancellation work less well for premium content?

    We believe that Windows Vista provides applications with access to sufficient information to successfully build high quality echo cancellation functionality.

    The reason why I brought up the issue of echo cancellation in the first place is that a document by Dave Marsh, the same person who wrote the above text, states that content protection interferes with echo cancellation. The above text says that it doesn't. These statements can't both be right.
    Will Windows Vista audio content protection mean that HDMI outputs can't be shown as S/PDIF outputs?

    It is better if they show as different codec types, as it allows the difference to be reflected in the UI, thus providing the user help with their configuration and creating a better user experience. The user wants to know the difference between HDMI and S/PDIF, as they are different physical connectors.

    From reading the slashdot comments on this, it's nice to see that I wasn't the only one who immediately thought of Orwell when they read this reply:

    War is peace!
    Slavery is freedom!
    We have always been at war with the consume^H^H^H^H^H^Hpirates!

    This is another one of these twilight-zone comments that seem to crop up again and again when discussing Vista's content protection. The HDMI designers had very good reasons for making HDMI's audio S/PDIF-compatible, as discussed in the section Elimination of Unified Drivers above. Arguing that creating an artificial difference between the two because it gives users more control is like arguing that manual gearboxes are better because they provide more control — this may (technically) be the case, but unless you're an F1 driver you're probably not going to appreciate this very much. Less is more. War is peace.

    (A further twilight-zone DRM comment comes from Macrovision, the company that made the copy-protection system that prevented a film-maker from viewing his own movies, which claimed that DRM increases not decreases consumer value. John Gruber has helpfully provided a translation of Macrovision's comments from PR-speak into plain English that you and I can understand).
    Do content protection requirements mean that graphics chips have to provide hardware acceleration for video decode?

    No. The Windows Vista content protection requirements do not require that graphics hardware include hardware acceleration for decode for many years, but such support is highly recommended to improve the user experience for HD content.

    Like the comment about echo cancellation above, my source for this is also the original document by Dave Marsh. Here's the text straight from the original document:

    “It is a PVP-UAB requirement that discrete graphics chips implement at least iDCT and Motion Comp decode acceleration for MPEG2 and Windows Media® Version 9/VC-1”.

    As with the comments on HFS and echo cancellation, those statements can't both be right.

    There are other minor nits with Microsoft's response, but it's minor stuff and not worth picking through here.

    About the Author

    I'm a researcher in the Department of Computer Science at the University of Auckland, New Zealand, working on the design and analysis of cryptographic security architectures. In the past I've helped write the popular PGP encryption program and have authored a number of papers and RFCs on security and encryption including the X.509 Style Guide for certificates and the Godzilla security tutorial, as well as Cryptographic Security Architecture: Design and Verification (published by Springer-Verlag). Most of my time is taken up with development and support of the open source cryptlib security toolkit. This gives me a lot of exposure to industry practices and trends, so I'd say my background is a 50/50 mix of industry and academia.

    In my spare time I engage my obsession with photography, and if I had just a little bit more spare time than that the link would probably take you to a proper Flickr gallery rather than a bare web page. In addition to this, I seem to have recently taken up a second full-time job as spokesperson for Vista content security. If you feel the need for even more background info, there was a news story about all of this available that provided some more detail, but it's expired from the paper's site (in any case count yourself lucky that the online version doesn't include the photo of me). You can still get a saved copy of the story from


    This document was originally written for a technical audience and so used a number of technical terms that would have been familiar to its target audience but not to the general public. This glossary provides a few basic definitions, for more details see your favourite online source, for example Wikipedia.

    “Digital Rights Management” or “Digital Restrictions Management” or “Defective Recorded Media” (when applied to CDs, since it deliberately introduces defects into the media). Combine all three and you have a general idea of what DRM is.
    High definition, technically meaning video content of 1920×1080 (1080p) resolution, but more generally anything with better than generic TV-quality resolution. In their specs, Microsoft regard anything with more than 520K pixels or 800×600 resolution as premium content that needs to be downgraded before displaying it to the user.
    One of the proposed successors to DVDs, capable of storing HD content.

    (More definitions to come).
    AEC (automatic echo cancellation)
    HFS (hardware functionality scan)
    IP (intellectual property)


    A few fun quotes, included for amusement value.

    “I propose that each copy of the OS should ship with an orange jumpsuit and sensory deprivation goggles, since all Vista users have been unilaterally declared 'enemy combatants' by the content apparatchiki ” — Daniel Nevin.

    “Windows Vista? And what a vista! All you see as you look around your garden is a 60foot high brick wall” — Crosbie Fitch.

    “When you download licenses for protected content, you agree that Microsoft may include a revocation list with the licenses […] content owners may ask Microsoft to revoke the software's ability to use WMDRM to play or copy protected content” — Windows Vista EULA.

    “[Microsoft researcher] England has a bold plan to improve the PC and make it a secure delivery system for audio and video. England's solution involves making minor modifications to the PC's hardware to allow Microsoft to make a secure version of the Windows Media Player. Essentially, this would turn the PC into a record player as far as music is concerned” — Microsoft Research News.
    “This is obviously some strange use of the word 'improve' which I've previously been unaware of” — Arthur dent.

    “welcome to the new world of DRM where expensive pieces of hardware across the world could potentially be remotely rendered useless by over-zealous copyright holders. Way to go, Hollywood!” — Chip Mulligan.

    “I can not only say that the idea [of tilt bits] is basically insane, but I can also see hardware manufacturers refusing to implement tilt bits, or more likely, faking their functionality” — Dave Walker.

    “I purchased a new DVD/SACD player (w/HDMI out), surround- sound receiver/amp (non-HDMI i/o — they're still too expensive for me), & LCD TV with HDMI input. My DVD/SACD player was connected to the SSamp via a nice single simple optical cable (& HDMI cable to the TV). I figured that would be all I need, keeping a digital path all the way to the SSamp (& TV). Wrong! It worked beautifully until I played my one & only SACD. No sound came forth! Huh? I read the DVD/SACD player manual: in brief small print, 'When playing SACDs, audio is output only from the 5.1ch RCA analogue outputs' ” — Anthony May.

    “This is SACD silence, the purest silence known to man — It's premium and must be protected at all costs!” — Paul Stimpson.

    “I can't playback HD because I need to upgrade my 2 (SLI'd) Nvidia Quadro 4500's (~$2000) to a $200 FX7600GT because it supports HDCP. I can't wait till someone cracks this DRM/HDCP/AACS crap” — “Sy”.

    “I've just had my first experience with HD content being blocked. I purchased an HP Media Center PC with a built-in HD DVD player, together with a 24″ 'high definition' 1920 × 1200 HP flat panel display (HP LP2465). They even included an HD movie, 'The Bourne Supremacy'. Sure enough, the movie won't play because while the video card supports HDCP content protection, the monitor doesn't. (It plays if I connect an old 14″ VGA CRT using a DVI-to-VGA connector)” — Roger Strong.

    “when I disable my HD monitor, I can watch the movie, on my old VGA screen, but, what is the point of having a HD monitor and not being able to watch a HD movie on it” — “muslix64” (muslix64 was so upset at not being able to play his legitimately-purchased movies on his legitimately-purchased monitor attached to his legitimately-purchased player that he broke the AACS protection just to be able to see his own movies, see How Effective is it Really?).

    “With the HD-DVD, I wasn't able to play my movie on my non- HDCP HD monitor. Not being able to play a movie that I have paid for, because some executive in Hollywood decided I cannot, made me mad… I'm just an upset customer. My efforts can be called 'fair use enforcement'!” — “muslix64”, author of the HD-DVD and Blu-Ray cracks.

    “I build 2 Media Center 2005's one for Satalite and one for Cable TV. Never had a problem recording my kid's show's. Upgraded to Vista MCE/Ultamite and like most people not able to record their 'Standard definition' HBO. I cannot record the show Avatar: The last airbender. So abviously the technology existed but now with Vista's DRM it is now being envorced much more strictly then the previous operating system's Microsoft has made” — “Lupo”.

    “Thanks alot, Muslix64 [author of the HD-DVD crack] you're not the only one with a monitor/vid card that doesn't support hdcp, your work is greatly appreciated” — “yodoso”.

    “[Vista] refuses to send content through the component output for my plain jane video files. So the content system disables all content through the non protected output. Its listed in the nvida vista driver news that vista's content protection disables this output [See “NVIDIA Features No Longer Supported towards the end of the page ”]. Many forum posts, search engine results for problem. Content protection is active in some form, as I can attest. The mere disabling of UNPROTECTED output while playing UNPROTECTED content is proof enough as far as im concerned.” — Kevin Cripe.

    “The funny thing is that I cant see how HDCP will actually even prevent piracy. In fact the only thing I can see it doing is encouraging piracy because everyone whose bought a new computer/monitor/HDTV in the last few years which don't have HDCP are now screwed out of the several thousand dollar purchases. So instead of buying new products they will turn to pirated/cracked Blu-ray/HD-DVDs which will work without the HDCP” — “Gizza”.

    “The HDCP scheme will serve to make the illegal product the most full featured and least restrictive, and thus the most attractive to the consumer. Add in the expense of buying new equipment to view the legal content (when existing equipment is perfectly capable) and the performance drain imposed by in-line encryption/decryption and they've put out the biggest incentive to piracy yet” — “Greg”.

    “The HDCP (high-definition content protection) overlords are coming to get us. They are basically saying you can't watch video unless you have a digital monitor and a special video card that supports the end-to-end content protection they have built; So that you, the un-trusted-consumer-who-bought-their-expensive-product, can't possibly make backup copies or anything else with that fancy new HD-DVD or Blu-ray disc you have” — “verifex”.

    “Digital rights management technology will still fail to prevent widespread infringement. In a related development, pigs will still fail to fly. I predict that every year, and it turns out to be true every year” — Ed Felten.

    “The whole premise of the PC is that it's a UNIVERSAL MACHINE, a machine that can do anything any other machine can do. I have a horrible feeling that Bill may have lost sight of this original vision. But if he does it the consequences will be catastrophic for him. If the Vista PC is so hobbled that it can't play the role of a universal machine in the household, then you might as well throw it out the window and just get separate components that do separate functions - i.e. bang goes the PC's raison d'etre” — Peter Stewart.

    “Microsoft wasted no time; it issued a patch three days after learning about the hack. There's no month-long wait for copyright holders who rely on Microsoft's DRM. This clearly demonstrates that economics is a much more powerful motivator than security” — Bruce Schneier on Microsoft's DRM re-enabling patch for FairUse4WM.

    “As a not-so-long-ago electronics design engineer, I can imagine the rage & pain felt by engineers & their employers […] This is total insanity from anyone's perspective except the content providers, and they don't care because it's everyone else who's picking up the tab for it!” — Anthony May.

    “Good job, industry! Spend an incredible amount of time and effort developing the next generation of video quality only to step on it BEFORE THERE'S EVEN A DECIDED UPON STANDARD in the name of Copy Protection which will just be outflanked by a couple of 14 year old hackers and distributed over BitTorrent anyway” — “SweetMercury”.

    “By any standard, Vista's new DRM capabilities hardly qualify as a selling point; after all, it's hard to sing the praises of technology designed to make life harder for its users” — Matt McKenzie, Computerworld.

    “Why would anyone agree to something like this? Perhaps I can chalk it up to Microsoft innovating again. They must be testing the outer limits of what a customer will put up with before bolting to Linux, certainly a valuable scientific study from my point of view”. — Groklaw.

    “Sony, MS, movie studios… here's the deal. You've screwed up so bad that i'm not buying either HD drive option until they're so cheap that I end up getting one included with my computer because it was the minimum optical drive” — “zweben”.

    “When screwing the customer is one of the FEATURES of a product the people selling it are #$#$%$% morons!” — “JWW”.

    “I was reminded of a quote from a Disney executive that I read a while ago [in the Economist]. The quote is: If consumers even know there's a DRM, what it is, and how it works, we've already failed. If I went to play premium content and all that shows up on my monitor is a message telling me that part of the display process isn't supported by content protection, this would scream DRM to even the most unsavvy users” — Steven Grueber.

    “I could not be more skeptical about the viability of the DRM included with Vista, from either a technical or a business standpoint. It's so consumer-unfriendly that I think it's bound to fail — and when it fails, it will sink whatever new formats content owners are trying to impose” — Matt Rosoff, lead analyst, Directions On Microsoft.

    “The [AACS] design prevents legitimate purchasers from playing legitimately purchased content on legitimately purchased machines, and fails to prevent people from ripping the content and sharing it through bittorrent. The DRM people wanted something that could not be done, so unsurprisingly they winded up buying something that does not do it” — James Donald.

    “Music executives have come to realise that DRM simply doesn’t work. It is supposed to stop unauthorised copying, but no copy-protection system has yet been devised that cannot be easily defeated. All it does is make life difficult for paying customers, while having little or no effect on clandestine copying plants that churn out pirate copies ” — “Criminalising the Consumer"”, The Economist.

    “The net effect of these concerns may constitute the real Vista revolution as they point to an unprecedented loss of consumer control over their own personal computers […] Vista seemingly wrestles control of the 'user experience' from the user ” — Michael Geist, Canada Research Chair in Internet and E-commerce Law at the University of Ottawa, Faculty of Law.

    “There has to be a whole new division at Microsoft. The 'Office of Consumer Apology' or something. Responsible for 'I'm sorry your content didn't PlayForSure. That isn't meant to be literal you know' and 'yes, I know you're supposed to be able to play HD at full resolution, but you see, your cable has a kink in it, which changed the electrical characteristics slightly and, well, I guess I'm just sorry'” — Blake Ramsdell.

    “Microsoft could have easily told the entertainment industry that it was not going to deliberately cripple its operating system, take it or leave it. With 95% of the operating system market, where else would Hollywood go? […] This isn't about stopping pirates and the small percentage of people who download free movies from the Internet. This is about the overwhelming majority of honest users and who owns the distribution channels to them. And while it may have started as a partnership, in the end Microsoft is going to end up locking the movie companies into selling content in its proprietary formats.” — Bruce Schneier in Forbes Magazine.

    “DRM causes too much pain for legitimate buyers […] There are huge problems with DRM” — Bill Gates (reported by blogger Michael Arrington).

    “The only reason this debate over DRM as it applies to electronic text is still going on is simply because our opponents have what amounts to a quasi-religious and sometimes downright hysterical blind faith in the magic powers of DRM. As a test of competing business strategies in the real world of economic intercourse, the debate is over. We won, they lost — and it was a rout.” — Eric Flint, content producer and artist.

    “Looking for a Senior Software Engineer/Designer to work on our Digital Rights Management (DRM) technology. Must […] have a strong understanding of consumer expectations and behaviors in this space” — email I got from a recruiter. Maybe they're trying to generate power from the matter/antimatter reaction arising from “have a strong understanding of consumer expectations” and “work on our DRM technology”.

    “your latest girly moan bitch rant is making the rounds on every news site just about isn't it? are you on cnn yet? are women throwing their panties at you?” — A friend (who requested anonymity).


    Note A: This comment was inspired by Sir Gerald Kaufman's similar comment about the British Labour Party's 1983 election manifesto, which resulted in Labour turning in its worst election results since its founding (it was so bad that Labour's opponents in the election reprinted and distributed it themselves. Maybe Apple could take a hint from this and use Microsoft's content-protection details in their advertising for OS X). At 44 pages, Microsoft's “Output Content Protection and Windows Vista” document squeezes out Labour's 37-page manifesto to take the crown.

    Note B: This document uses “cost” in the sense of “penalty”, “damage”, “harm”, “injury” and “loss” rather than the more financial “expense”, “outlay”, and “price”. A full financial analysis would require a top-to-bottom internal audit of the design, development, production, distribution, support, and legal costs for each vendor involved, something for which even the vendors themselves would have difficulty producing a precise figure.

    Note C: In order for content to be displayed to users, it has to be copied numerous times. For example if you're reading this document on the web then it's been copied from the web server's disk drive to server memory, copied to the server's network buffers, copied across the Internet, copied to your PC's network buffers, copied into main memory, copied to your browser's disk cache, copied to the browser's rendering engine, copied to the render/screen cache, and finally copied to your screen. If you've printed it out to read, several further rounds of copying have occurred. Windows Vista's content protection (and DRM in general) assume that all of this copying can occur without any copying actually occurring, since the whole intent of DRM is to prevent copying. If you're not versed in DRM doublethink this concept gets quite tricky to explain, but in terms of quantum mechanics the content enters a superposition of simultaneously copied and uncopied states until a user collapses its wave function by observing the content (in physics this is called quantum indeterminacy or the observer's paradox). Depending on whether you follow the Copenhagen or many-worlds interpretation of quantum mechanics, things then either get weird or very weird. So in order for Windows Vista's content protection to work, it has to be able to violate the laws of physics and create numerous copies that are simultaneously not copies.

    (Someone has pointed out that Microsoft is trying to implement a quantum encryption channel in software that attempts to make premium content non- observable, detecting problem states and discontinuing transmission if any are observed).

    A simpler explanation of the problem faced by DRM authors is provided by Cory Doctorow: “For DRM to work, it has to be airtight. There can't be a single mistake. It's like a balloon that pops with the first prick. That means that every single product from every single vendor has to perfectly hide their keys, perfectly implement their code. There can't be a single way to get into the guts of the code to retrieve the cleartext or the keys while it's playing back. All attackers need is a single mistake that they can use to compromise the system”.

    Note D: I'll make a prediction at this point that, given that it's trying to do the impossible, the Vista content protection will take less than a day to bypass if the bypass mechanism is something like a driver bug or a simple security hole that applies only to one piece of code (and can therefore be quickly patched), and less than a week to comprehensively bypass in a driver/hardware-independent manner. This doesn't mean that it'll be broken the day or week that it appears, but simply that once a sufficiently skilled attacker is motivated to bypass the protection, it'll take them less than a day or a week to do so.

    Note E: There is SCMS, but that has all the effectiveness of a “Keep out” sign.

    Note F: Incidentally, if anyone wants to send me one of these amazing 27″ monitors for, uh, evaluation purposes, I promise to evaluate it and return it by 2012.

    Note G: The question of how content producers other than the major studios who can afford expensive custom equipment are supposed to create and manipulate high-definition content has been raised by a number of readers. For example one contributor who works with people in the content industry comments that “I have seen [smaller content producers] going from just recording weddings and the like, to ones that have gone all the way to make a full featured movie. They have gone through problems like where to edit HD material, which cameras to use, which format, etc. Their decisions have been based on availability of equipment to make their projects, not really costs”. It has been suggested that the large content producers are quite happy with this situation, since it prevents any competition from more innovative, creative, and agile newcomers.

    Note H: I see some impressive class-action suits to follow if this revocation mechanism (“bricking”) is ever applied. Perhaps Microsoft or the content providers will buy everyone who owns a device that inadvertently leaks content and is then disabled by the revocation process replacement hardware for their system, although that will in turn trigger the WGA time-bomb.

    For anyone who's read Guns of August, the situation seems a bit like pre-WWI Europe with people sitting on step 1 of enormously complex battle plans that can't be backed out of once they're triggered, no matter how obvious it is that going ahead with them is a bad idea. Driver revocation is a lose/lose situation for Microsoft, they're in for some serious pain whether they do or they don't. Their lawyers must have been asleep when they let themselves get painted into this particular corner — the first time some “feature” of Vista's content protection inadvertently takes out a hospital, foreign government department, air traffic control system, or whatever, they've guaranteed themselves a front-row seat in court for the rest of their natural lives.

    (Several people have suggested that this move was deliberate in order for the lawyers to guarantee themselves lifetime employment, but this seems highly unlikely. Firstly, lawyers have an obligation to protect their clients, so deliberately getting a client into trouble in order to generate more work would be a severely career-limiting move. Secondly, they're corporate in-house counsel rather than independent counsel, so they'll get paid anyway. Making more work for themselves would not be a big priority for them).

    Note I: Some insider comments indicate that it'll be mid-2007 at least before Vista's non-Microsoft graphics and sound drivers are finished enough to be stable and reliable. Vendors were still frantically rushing to get drivers ready in time for Vista's release (they didn't even make it onto the RTM media and will have to be downloaded after the install), but even those have been described as 'beta-quality at best'. Now that Vista is publicly available, you can use Google to find all the problem reports arising from not-quite-ready-yet drivers.

    Note J: The Enterprise and Ultimate editions of Vista do feature this type of encryption (BitLocker) (to quote Microsoft “all user and system files are encrypted”), but the features of these high-end versions will never get into the hands of typical users. What's really important is to provide swap-file encryption for all users of all versions of Vista (independent of whether they use BitLocker), since that's what contains copies of sensitive in-memory data. The OpenBSD approach of generating a random swap-file encryption key at boot time and encrypting any memory data that gets paged to disk is the correct way to handle memory protection. Oddly enough, Windows Readyboost does encrypt all data swapped to a USB drive so the technology is present and active in Vista, it just doesn't seem to be enabled for disk swap files instead of USB swap.

    Note K: Video and audio playback aren't the only areas in which Vista's inner control freak comes to the fore. A Gamasutra article Vista Casts A Pall On PC Gaming looks at Vista's new Game Explorer “feature”, which subjects all games to parental controls. Any games vendor who can't afford to obtain an extremely expensive ESRB rating has their software treated as “Not Rated”, the equivalent of the MPAA's X-rating for films which was originally intended to mean “Not Rated” (for example the multiple Oscar-winning Midnight Cowboy is an example of an early X-rated film) but has since become synonymous with hardcore porn (Midnight Cowboy was later re-rated R). Obviously any parent would block Not-Rated content, which means that anyone who can't afford to pay the ESRB (in other words any small, independent game producers, including the ones most likely to produce free and low-cost family-rated games) can't work with Vista's Game Explorer. Alex St.John, Microsoft's gaming evangelist, calls the Game Explorer “a roadblock right in the center of the screen that developers and users are going to have to maneuver around”. This seems like yet another area of Vista in which the words “anticompetitive” and “class-action” will feature prominently in the future.

    Note L: The “kool-aid” reference may be slightly unfamiliar to non-US readers, it's a reference to the 1978 Jonestown mass-suicide in which Jim Jones' followers drank Flavor Aid laced with poison in order to demonstrate their dedication to the cause. In popular usage the term “kool-aid” is substituted for Flavor Aid because it has more brand recognition. There's also an earlier, less well-known link to fruit juice laced with LSD, I'll avoid the obvious comment linking that and some of the thinking behind Vista's content protection.

    Note M: If I do ever want to play back premium content, I'll wait a few years and then buy a $50 Chinese-made set-top player to do it, not a $1000 Windows PC. It's somewhat bizarre that I have to go to communist China in order to find vendors who actually understand the consumer's needs.

    A reductio ad absurdum solution to the “premium-content problem”, proposed by a Slashdot reader, is to add support to Windows Vista for a black-box hardware component that accepts as input encrypted compressed premium content and produces as output encrypted (or otherwise protected) decoded premium content. In other words, move the entire mass of hardware, driver, and software protection into a dedicated black box that's only used in media PCs where it's (arguably) required.

    Now compare this add-on black box to the canonical Chinese-made $50 media player. Why would anyone buy the black box (which will almost certainly cost more than $50) merely as an add-on to their already-expensive PC when they can buy a complete dedicated media player that does the same thing and more? A BBC World Service commentator agrees, people will just buy dedicated players instead of using Vista. In fact the entire market's reaction to Windows Media Centre PCs has been a single colossal yawn, with HP, the last remaining major MCE vendor, dropping its entire product line in early 2007. What's left now is a bunch of “niche players making nice products […] but they're not HP or Dell or Gateway or Alienware for that matter. In other words, they're not mass-market products”. As HP channel development manager Doug Robert put it in a piece of doublespeak that would make any politician proud, “This not a statement about Media Center PCs. It doesn't mean Media Center isn't going to be successful. It's just that we're discontinuing development”.

    Compare this to something like the MediaGate 350, a Korean-made player that's small, silent, fits in with current A/V gear, and plays back HD video at full 1080p resolution over a DVI connector, with no DRM encumbrance anywhere in sight. This player, just one example of many currently available, is everything that a Media Center PC isn't: Inexpensive, silent, small, fits into the living room, and non-crippled. It's not surprising that vendors are discontinuing development of Media Center PCs.

    (It's possible that people in countries conditioned to region-locked minimal-functionality DVD devices may not understand the appeal of one of these low-cost players. For about $50 you'll get a totally region-free PAL + NTSC DVD player with upscaling to 1080i that plays pretty much anything you can get onto a CD or DVD, not just the usual DVD, VCD, and SVCD formats but also MPEG4/DivX, XviD, and so on. Add another $10-20 and you get features like an SD/CompactFlash card reader, a USB interface, 1080p, and DVI and HDMI output. So with a slightly more expensive player and an external USB drive or SD card to hold the content I get everything that Microsoft is promising us for Vista, but without any crippling and without the high cost, size, and ungainliness of a full-blown PC in my living room. It's really no contest).

  3. Kamar

    Kamar MDL Junior Member

    Dec 24, 2009
    #5 Kamar, Feb 23, 2011
    Last edited: Feb 23, 2011
    Man ! , I did buy the ATI Radeon X1900 XT graphics cards waiting patiently for affordable HD content to watch some day . I haven't used it much , just packed and kept it . now I think I will start using it on other resolution. I have to think again about buying a sony Vaio with 1900x1080 res laptop if it won't display HD content .

    Thanks for article, and details. How about Win 7 ?? Is there some Hope ? thanking you.