Feeds

Windows DRM is the 'longest suicide note in history'

The bitterest pill

Protecting users from Firesheep and other Sidejacking attacks with SSL

Copy-protection features in Windows Vista make the operating system more bloated while giving few benefits to end users, according to a new security paper.

Peter Gutmann, a medical imaging specialist, argues in the paper that Microsoft's cumbersome approach to DRM is doomed to fail and will only succeed in pushing users towards buying faster hardware to cope with degraded performance, effectively imposing collateral damage on the rest of the industry.

Many of the criticisms Gutmann makes will be familiar to those who have followed the development of Vista's copyright protection features however his hard-hitting prose style and warning that the Vista Content Protection specs could "very well constitute the longest suicide note in history" has reinvigorated the debate.

Gutmann argues, for example, that in order lock down High Definition content, Vista limits the number of connectivity options to users. 'Windows Vista includes an extensive reworking of core OS elements in order to provide content protection for so-called "premium content", typically HD data from Blu-Ray and HD-DVD sources. Providing this protection incurs considerable costs in terms of system performance, system stability, technical support overhead, and hardware and software cost. These issues affect not only users of Vista but the entire PC industry, since the effects of the protection measures extend to cover all hardware and software that will ever come into contact with Vista, even if it's not used directly with Vista (for example hardware in a Macintosh computer or on a Linux server)," Gutmann writes in an abstract to his paper here.

Microsoft is risking annoying its customer base and users in a bid to corner the market for home distribution of premium content.

Gutmann argues that hackers will find it just as easy to bypass the content protection mechanisms of Vista as they have with other versions of the OS.

These ultimately doomed efforts will lead to a more expensive and less functional operating system for users, he argues. ®

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.