Cost Analysis of Windows Vista Content Protection

David Gerard writes "Security researcher Peter Gutmann has released A Cost Analysis of Windows Vista Content Protection, a detailed explanation of just what the protected-content paths in Windows Vista mean to you the consumer: increased hardware cost and even less OS robustness. 'This document analyses the cost involved in Vista's content protection, and the collateral damage that this incurs throughout the computer industry ... The Vista Content Protection specification could very well constitute the longest suicide note in history.'"

Migrate to GNU/Linux, not Vista

Our company did last year, cities of Vienna and Munich did, French parliament did, it should work out very nicely for you too. Our former XP users love KDE.

No need to put yourself through pains when you can improve security, save money and achieve a good deal of vendor independence all at the same time. Why support the Microsoft monopoly by paying ridiculous prices for bug ridden software with DRM restrictions, when you can run Free software on the industry standard (and thus inexpensive) hardware?

Knowing everything I know now, I only regret that we did not migrate to GNU/Linux sooner.

Re:Migrate to not Vista

Content Protection is a explicit opt-in from content providers.
Its not mandated by the OS.

Migrating a different OS doen't give you access to the protected content.

Re:

Content Protection is a explicit opt-in from content providers. Its not mandated by the OS.

True, but the degradation discussed is a requirement for non-encrypted content streams. My understanding is that if you connect your new Blu-Ray or HD-DVD player

Re:Migrate to not Vista

Thats incorrect. Degradation is recommended by the HD standards only if the content provider has opted-in for content protection but the hardware used doesn't provide a complete protection path to the display.

So non-opted content will display with full fidelity regardless of whether a non-secured or secured mechanism is used to display the content.

Re:Migrate to not Vista

Degradation is recommended by the HD standards only if the content provider has opted-in for content protection...

Thanks for the clarification. What are the odds a content provider won't opt-in for protection? In any case, I can't really make any justification for Vista (or high-def DVD) at this point -- especially if this article is accurate.

My guess is that the tighter DRM proponents squeeze, the more things will slip through their fingers -- to paraphrase someone I heard somewhere, sometime ago...

Re:

What are the odds a content provider won't opt-in for protection?

Actually, the odds are pretty good for current HD media, because the publishers want more market penetration before they tighten the noose.

AACS vs ICT vs HDCP vs digital vs analog

Grandparent wrote:

the degradation discussed is a requirement for non-encrypted content streams. My understanding is that if you connect your new Blu-Ray or HD-DVD player via their analog outputs, or to a non-encrypted digital channel, the output is downgr

Re:Migrate to not Vista

Protected content is DRMed movies and music. We're not talking about encrypted financial documents.

You know, this point is apparently harder to understand than you realize. After all, even some people who aren't affiliated with the publishing industry still support DRM, because they mistakenly think it'll help them "protect" their own data. They fail to understand that that doesn't require DRM, but works perfectly well with plain encryption (in which the owner knows the key).

Playing Idiot's Advocate

But, but, but... what about the high cost of retraining everyone to use all these new weird applications that don't make as much sense as Windows applications!!!? What about the steep learning curve since Linux is just inherently harder to use!!!? What about the fact that when the user tries to hit some valid work related site that needs to access media like Powerpoint, Flash 9 and higher, Windows Media Video, and the like that they won't be able to or will have a reduced quality end-user experience compared to MS Windows??? I've seen the Xine plug-in for Firefox and it doesn't work right. Instead of embedding the content in the browser as it should it pops open a new window and only about 20% of the time does the content actually play!! What about the fact that unless you've got a few gurus on your staff, when there's a problem there's NO ONE to go to for support once the problem is out of your league? Forums? HAH! Yeah, you've got a down critical situation with your users and you're going to fart away valuable time on forums where you may or may not get an answer in a day? A week? A month? A year? Never? The only answer if to get Windows Vista because it was built for real work and not for geeks with no life. Got that?

[DISCLAIMER: The poster called 'eno2001' does not believe in what he stated above at all and is merely parodying the typical lies and misconceptions about GNU/Linux that come from the anti-Linux crowd. The poster called 'eno2001' expects many good responses to the false arguments presented above from the pro-Linux community. All anti-linux sentiments will be laughed at unless you're really good at what you do. The 'eno2001' has spoken.]

Re:Playing Idiot's Advocate

(Equally, the pro-Linux crowd is not above lies, misconceptions, and FUD themselves.)

Except that the "pro-Linux crowd" does not generally have a financial incentive motivating them to engage in FUD. Microsoft routinely engages in astroturfing, both with its shills and by sponsoring "independent" groups who are paid to have a certain opinion (if their product were truly so great, then why the need for deception?).

However poorly they may perform the task of advocating Linux, to most members of the "pro-Linux crowd" the goal is to obtain what they believe to be a superior computing experience, both in terms of technical capability and user freedom. Whereas Microsoft would happily market an operating system that could run no 3rd party applications and popped up a dialog that said "Fuck You for Using Windows" every thirty seconds so long as people were still willing to pay for it. One is a fairly grassroots movement in which users are expressing their true feelings about a subject, while the other has its roots in a top-down corporate environment designed for the sole purpose of making money in a market where the vast majority of customers are extremely ignorant about the technical merits of the product.

There is such a thing as purity of motive, and it counts for a lot.

Incidentally, because this was mentioned in the GP, I will say that Linux (and *nix in general) is not at all difficult to use. It is more difficult to learn than Windows, but the effort required to understand how the system works is a one-time investment, after which you find yourself with a rather straightforward operating system in which it is a simple matter to perform most tasks -- my personal opinion is that this is because unlike Windows, Linux does not assume that the user is an idiot. It also does not assume that the user intends to use the same machine for months or years without ever learning more about it than what was learned during the first week of use (although perhaps I repeat myself; to me one symptom that someone is an idiot is that they do not value or even hate learning). In comparison, Windows is easier to learn how to use, but learning more and more about how the system works does not provide the user with fewer annoying explanation and confirmation dialogs to click through, nor does it make the "power user" options less buried in the user interface, to name just two examples of the tedium involved.

Re:Migrate to GNU/Linux, not Vista

Why support the Microsoft monopoly by paying ridiculous prices for bug ridden software with DRM restrictions, when you can run Free software on the industry standard (and thus inexpensive) hardware?

Ah, but according to the article Microsoft is forcing vendors to manufacture more expensive "content protection" cards so the most popular cards will be made (more expensively) according to Microsoft's specs.

See the section on "Increased Hardware Costs".

[I]nstead of varying video card cost based on optional components, the chipset vendor now has to integrate everything into a one- size-fits-all premium-featured graphics chip, even if all the user wants is a budget card for their kids' PC.

So if you want to run that latest Radeon that all the gamers are using on Linux, you'll pay more and probably be hindered by all content protection junk it contains.

Re:Migrate to GNU/Linux, not Vista

I]nstead of varying video card cost based on optional components, the chipset vendor now has to ntegrate everything into a one- size-fits-all premium-featured graphics chip, even if all the user wants is a budget card for their kids' PC.

sounds like a plan to me.

stamp out the single super chip as fast and cheap as you can make it. build it into motherboards. video cards. set top boxes. market it as high performance video at integrated video prices.

it doesn't matter!

It really doesn't matter. Before long each new Dell and every other new computer will be shipping with Vista. It could be the worst operating system ever, and within a few years everyone will be using it. There is virtually no way for Vista to fail, given the circumstances.

Re:it doesn't matter!

Not true.

We don't have to look too far into the past to see that not every Microsoft OS product has been a raging success. *cough* *cough* Windows ME

Happy Windows ME users were few and far between in my experience. Not having native USB support as well as having a host of stability issues that were hard to debug, etc. few people upgraded to it or quickly upgraded away from it when XP became wildly available.

I realize that the document linked to is written with what seems to be an almost inflammatory bias, it does sound that the Vista Content Protection is a move in the wrong direction for the content publishing industry and lawyers rather than the consumers.

Not even Microsoft is immune to the forces of the market. They do have dominance in a field where migrations away from a product are often expensive and time consuming but, at the very least, if they produce a crap product, people will not upgrade to it.

People making new purchases are much freer to choose from a competitor that may not have the same problems.

Re:

Happy Windows ME users were few and far between in my experience.

True, but then (if I remember correctly), ME wasn't out there for very long either. Not that it was replaced with anything very qucily, but I think retailers still had the choice of hav

Re:it doesn't matter!

People making new purchases are much freer to choose from a competitor that may not have the same problems.

I see Apple having a very good year.

This is hardly an analysis

This so-called analysis was written by thinking of a conclusion first, then filling in the blanks. There are no citing of references to support his claims.
This is just simply a political blurb.

Re:This is hardly an analysis

This so-called analysis was written by thinking of a conclusion first, then filling in the blanks. There are no citing of references to support his claims. This is just simply a political blurb.

I was thinking the same thing - TFA is nothing but a long winded rant against Micro$oft. Reading a 'cost analysis', I expect the discussion to center around... costs. Which were significant by their absence.

Re:This is hardly an analysis

Well, Gutmann is known in my circles for having done some good work, and having a track record that goes back for years. Things like trying to get the word out on how bad RC4 encryption was (and I wish IEEE had paid attention before the absurdly-named WEP was created--the RC4 issue was *not* all about key length, despite Microsoft claims), breaking early Windows pasword encryption, breaking a couple of disk encryption schemes, pointing out some serious flaws in Linux VPN software, etc. The list is fairly long. Apparently some people here think he's some sort of standardized media pundit--just another talking head. Uh, no.

Although some of what he said is new to me, I know he's dead right on some other bits. I know I'm very much prepared to give the man the benefit of the doubt on the parts that are new to me. Which sucks. To me, the best thing about Windows is that it was the central force that drove hardware into commodity status, and lowered all of our costs. Now we may have to give some of that benefit back. That isn't something I'm happy to do, particularly for the sake of Vista, which I'll never use.

I don't see how you can say the piece wasn't about costs. That thread was all through it. You expected actual numbers? That's *very* proprietary information to any vendor. Nor is it likely that the vendors themselves have much hard data yet, in the specific case of Vista, as it's very early innings. They can't even be sure of the adoption rate yet, so fabrication contracts, and a myriad other details are likely to change fairly rapidly over the next few months.

Yet it's very clear that the broader picture in one of increasing costs for hardware vendors. Some of that will probably just mean lower margins, but even that doesn't mean that only investors will be hurt. It also means less R&D, which isn't good for anyone, in the long term. And some of those costs *will* be passed on. Investors will demand it.

There are other issues, of course--reduced functionality and stability, yet more difficulty in avoiding binary blobs in GPL kernels, etc. None of this is good news to assorted non-Windows people, though much of it will hit Windows users as well. It's not the end of the world (and wasn't presented as if it were) but it's certainly bad news.

Re:

Excellent point about the non-premium content. Corporations (except those in the media industry itself) in particular mostly won't care about any of these Vista "features" - but they will end up paying extra in their budgets for new PCs for decades to come

This is absurd.

Every time I see an analysis of what DRM means to the consumer, I see all this crap about how it's going to make things more expensive and lower quality. And that's true - SOME things will be more expensive and lower quality.

But these analyses never stop to consider HOW MUCH will be more expensive and lower quality, or exactly what changes we're discussing. What will be lower quality and more expensive is the DRM-protected content. And DRM sucks. People will complain. Vendors will eventually listen.

At the moment, we have a lot of content providers who refuse to provide any content without DRM because they can't imagine making a profit otherwise. DRM gets them to provide something instead of nothing. Historically, unprotected content outperforms protected content; because you spend nothing trying to stop people from stealing it, you recover more revenue than you were losing to theft anyway. If we just let providers choose, they will eventually make the right choice. We can't force them to make the right choice NOW, because they won't make it. They'll provide zero content.

That's the false dilemma. Everyone seems to think the choice is protected content or unprotected content, but it's not - it's protected content or NO content. Fighting the protected content is not going to get you what you want. You have to let the providers make their stupid DRM plans and try them, so they'll see for themselves that it's stupid.

Re:This is absurd.

We can't force them to make the right choice NOW, because they won't make it. They'll provide zero content.

Not true. The content cabal claimed that without a broadcast flag, their government-mandated efforts to switch to digital broadcast HDTV would be tantamount to suicide, and they threatened to obstruct the production of content in HD until such a flag was passed. Here we are, three years after the FCC first tried to implement the broadcast flag by providential decree, and we have a bevy of digital broadcast high-definition programming with no broadcast flag.

The reason the content cabal will never provide "zero content" is because there's too much money to be made even without DRM. The only reason they want DRM is because it provides them with additional control over the content that they sell to us that goes beyond copyright and piracy prevention. It's the same reason they have things like User Operation Prohibited and Region Codes in the DVD spec. Neither of those forms of DRM have anything to do with preventing piracy. UOP is used to force-feed advertising (and the ubiquitously-ignored FBI warning) to the paying customer, and region codes are used to exploit worldwide market arbitrage.

They are fighting tooth and nail today to get DRM everywhere they can, because they know that once the technological dust settles and the standards that we'll be using for the next 20 years mature, if it doesn't have DRM in it, it never will in any meaningful sense.

Re:

The digital broadcasts currently being made are just a duplication of the analog broadcasts. The difference between the two is zero. No additional content is provided.

Re:

We can't force them to make the right choice NOW, because they won't make it. They'll provide zero content.

Totally fine with me. I'll give them zero money and find other forms of entertainment, like going to a local theater. This is capitalism, why should

Media conglomerate thinking is absurd.

That's the false dilemma. Everyone seems to think the choice is protected content or unprotected content, but it's not - it's protected content or NO content. Fighting the protected content is not going to get you what you want. You have to let the providers make their stupid DRM plans and try them, so they'll see for themselves that it's stupid.

For me, it's unprotected content or NO content. My media purchases are now less than ten percent of what they were a decade ago, specifically for this reason. (Yeah, I'm still 10% a hypocrite.) Copyright is being used to wreak a lot of havoc, and I'm not going to pay those who are doing it.

Re:

I'd rather have my freedom than their content.

Plus do we really need more than normal CD or TV quality? A choice between that and freedom versus high-def and no freedom is easy.

As for new content, if the content providers stop producing, so what, we've got

Re:

Yes, but it's a useful and convenient fiction, so I use it. Feel free to use whatever tortured linguistic construct you like to represent corporate rights as opposed to individual rights, I'll just pretend that a corporation has the same rights as an indiv

very interesting analysis ..

Very interesting analysis. I thought Vista was supposed to make money. According to this Vista is going to bring 100,000 new jobs [informationweek.com] to the US.

Counterpoint

The Vista Content Protection specification could very well constitute the longest suicide note in history.

If hysterical stuff like this is the best the anti-Microsoft forces can come up with (and this guy isn't the first one, just the latest in a long line of hysterical essays), it's pretty clear that Microsoft ain't that bad as a company, despite what some people want to believe. Maybe, just maybe, if you have to resort to that kind of rhetoric, maybe your position isn't that strong?

Disclaimer: I don't hate Microsoft. I am, however, frequently annoyed by their mediocrity, and unbelievably frustrated that someone doesn't have the balls to start a company dedicated to making an absolutely, positively 100%-compatible Windows clone based on a Unix-like operating system.

Re:

I don't think it is legally possible to make a 100% windows clone....nevermind that those with the skills to do it would not want to.

Re:

I don't think it is legally possible to make a 100% windows clone....nevermind that those with the skills to do it would not want to.

Of course it is. Lest you forget, that's exactly what the Wine project [winehq.com] is, not to mention "mini clones" like the (name

Re:

I dont think anyone is really afraid of that. All evidence suggests its just w2k/XP all again. Those wore also supposed to be the holy grail of computing but showed to be just minor improvements in some areas and degradation in others. I love DRM because

well duh

The Vista Content Protection specification could very well constitute the longest suicide note in history

Hmmm, let's run through that cost analysis again. It took a lot longer to develop Vista and now nobody's going to buy it because of the restrictions. *gets outs his calculator* yup, that leaves em pretty far in the red. But thank God they don't have to worry about losing money from pirates for at least a few weeks until people find ways around everything.

I'm sure it does not matter

Every touted improvement in Vista exists to make Microsoft's life and the life of their media and hardware partners better and more enriched. It is not, I repeat, not for your benefit or enjoyment. Recently MS stated this would be last 'turn of the crank' for an OS like this. I agree. This is because the only logical step next would be to lease you the OS and the hardware, only, and bar you from doing anything on your own with it. Since that's not bound to fly, yet (let's see how they react to Google) then the alternative is to lock you into their content, at least.

Re:

Every touted improvement in Vista exists to make Microsoft's life and the life of their media and hardware partners better and more enriched ... not for your benefit or enjoyment

The idea that no new features in Vista are there to make the end-user's life

Yes, I read TFA

I think what Microsoft is doing right now is analogous to the old practice of offering a product at a higher cost initially just so you can then negotiate down to the price you really want.

You might claim it is apples and oranges. I think it's not. They design the product with more restrictive DRM knowing the consumer will not want ANY DRM. Then they 'listen' to the consumer by removing some, but not all of it. Thus arriving at a middle ground, but really closer to their originally planned position. This serves to possibly give them what they want while simultaneously making them look good in the eyes of the consumer.

Of course, most intelligent consumers decry ... well why finish the sentence. "Most intelligent consumers" probably accounts for a very small percentage of the total consumer base.

TLF

Re:

> Microsoft is just stuck between a rock and a hard place with content
> providers, or more specifically the RIAA and MPAA.

Why does Microsoft have to do their bidding?

Peter Gutmann

In case anyone doesn't already know him by reputation, Peter Gutmann [wikipedia.org] isn't just some random blogger with a grudge against Microsoft.

Yes, he tends to be a bit outspoken at times. He's also a veteran contributor to the security field and tends to know exactly what he's talking about. So before dismissing what he has to say, you owe it to yourself to check his reasoning.

Sharks circling

In the article, he a section on the potential hazard of Vista disabling video resolution in medical imaging applications. Leaving aside any issues of playing CD's in a work computer, I can see one outcome of this. The first time a blown diagnosis can be blamed on this, the malpractice lawyers will be heading after Microsoft. It's something they've got to be salivating over: The ultimate deep pockets! (cue theme from Jaws)

Should have created a new hardware product class

Simply put, MS could have made their life a LOT easier if they had put in support for a new product class - the Media Accelerator.

Imagine a card that had a couple of SATA interfaces, a video pass through input, and an audio pass through input. The card would have its own OS/firmware, and it'd be easy to control from an external software API.

Unprotected input would flow into it, but only it could generate video/audio for protected media. It'd automatically substitute its own video/audio for protected stuff.

This way, if you didn't care about "protected media", your computer and OS wouldn't be encumbered. If you did, you'd pop a couple of hundred for the Media Accelerator, and go from there.

Of course, this would have benefited the rest of the non-MS industry, too. Guess it is a bad idea.

jh

More like Lock-Out than like Lock-In

So, from what this and other articles say MS Vista is designed to

• Lock out pirates
• Lock out competition
• Lock out any improved features unless 'comsumers' pay more for added feature levels or extra/compliant hardware (beyond buying the OS already)
• Lock out

Wrong.

Content protection in Vista will not hurt Microsoft or their sales. Two reasons for this. Consumers are not educated enough to understand digital restrictions management. They will interpret it as “just how it works” and deal with it one way or another. Claiming these impedences to copying will damage Vista is similar to claiming that content scrambling of movies will damage the DVD market. The second reason comes from established expectations. People appear used to dealing with technology not working how they want it to or think it should. Crashing computers and malware are just part of life. Pretty soon, the inability to copy files will become subject to the same perception. That is, not being able to copy media will be seen as a technical limitation or just another failing on the part of the industry. People will buy it all the same because the water is being brough to a boil slowly and we all seem to have such ridiculously short-term memories.

Mancur Olson again

A classic, absolutely classic instance of the thesis which Olson demonstrated in lots of case studies.

All special interest groups will find it in their interests to impose on society costs hundreds, thousands, millions of times greater than the benefits they receive.

In the present case, Big Content, to protect its rents, is imposing measures which will end up costing the US and the West enormously more than any benefits to Big Content.

But they don't care, of course, because even if we are all worse off, they are a little better off.

And so, you discover if you examine economic history, that revolutionary convulsions every 50 years or so benefit economic performance, by abolishing encrusted priveliges of various groups. And this is why 19c France in constant turmoil outgrew 19c stable Britain. And why the post civil war South did so well in the 20c... And why Germany grew so fast in the fifties.

And why the US is falling into paralysis today....

Re:

What's not funny at all is to think about what China could do in a really near future. For instance, selling millions of EDV players for peanuts. Hiring 2nd zone occidental actors or singers to reenact classic films or make near copies of popular music sty

Dont need rocket science to guess that its so

Think - up to this date os'es were mainly the basic framework to run programs on them. Even in that state, phletora of exploits, hacks, a million ways to hamper or exploit usage of a computer have surfaced in the last 15 years.

Now they are putting strong elements integral to os that are able to block, modify, permit or limit usage of some elements of os, software, 3rd party software, and even hardware. They are this way decreasing the workload of hackers/exploiters - now they just need to find a way to exploit the mechanism already present there.

Its no guessing that this will make using computers with vista both a pain in the ass, but also a security risk.

Competition

SOOOoo...this system makes it's way out into the marketplace, and soon after, content providers are providing "high quality" deliveries via wire or disc, and for the most part, the systems slowly go through an upgrade process to conforming hardware, finally letting the "high" in quality reach the user. Balloons fall, confetti flies and whistles and claps abound - you are running a "trusted system"

  In a country far far away, a series of specifications, hardware manufacturers and technology folks band together to build the impossible: To make a machine decrypt the "high quality" content and push it to a jack. Nothing more, nothing less. They use a non-MS embedded OS and cook their scheme into an IC and viola! We have an unencumbered HD-DVD/BluRay player.

The market for this is illegal - in certain countries. But no matter, since once tapped on the above device, said port burns a new HD-DVD/BluRay disc, without licensing scheme. Some Volks-haXXor posts code to read port, strip tags from the raw stream, and pump back into a disc. Cheers from the masses, "it's been hacked!". Said streams make their way onto existing distribution mechanisms (torrent,p2p,the corner cart downtown) and you've got (wait for it) THE STATUS QUO.

Currently, only the tech-enlightened really got through the ever-lowering hurdles to download copyrighted content. Scare tactics and ethics keep most people in the DVD isle of the buy-it stores. I'm sure that will stay the same.

So, we'll simply have the MS bundled-systems with their crazy bugs, people complaining and conforming media for high quality. On the flip side will be folks not so much skipping the DRM in Windows, but getting non-DRM content to begin with. Windows has simply gone the way of the yes-man for DRM enforcement, leaving you with two choices: Lower audio/video resolution or playing only proper discs. Guess what you do with your big collection of "improper" discs: Play them on Linux. It could reinforce the sentiment that "Linux is for hackers, aka criminals" but I doubt that'll fly for long.

MS, like the media players before, will have to allow for "personal" content to be played at "high quality" eventually, since consumers are also media generators. Like now with audio, if you can get source content out of the DRM shackles, making it look personal, the entire SYSTEM from disc to monitor is bypassed quietly.

I'm prepared for a long period of relative component stagnation, while all this DRM for Vista gets sorted out. I doubt the legacy cards and peripherals will go away anytime soon.

Vista will improve your social life guys!

You get to talk to frequently talk to lovely ladies in India and swap very long strings of digits with them. Isn't re-activation fun? And if it is a stressful day at work, just hold the phone up to your ear while you rest and tell anyone that bothers you that you are on hold with Microsoft - you should be able to get away with an hour at a time before anyone gets suspicious. What fun! Every disaster recovery plan gets to add a few hours to acoount for waiting on hold to get new activation numbers for each rebuilt system.

Re:Higher Requirements for New Media

I think the point was more on the lines of, if you want to play blu-ray discs all you need to do is buy a blu-ray player.

But in reality that $2000 LCD monitor you have isn't going to help because it can't tell the video card that its a protected device, well you need to go buy a new monitor.

Wait that $500 video card can't detect trusted monitors, better go buy a new card that can.

Oh yeah, and that all digital surround sound system, well it isn't going to work at all so you need to go buy an analog one.

Re:

Yes DRM sucks, but who honestly thinks that it is unreasonable to require new hardware and new drivers for new technology.

Raising hand.. Of all the media players I have, I have no wish to replace it all. I buy compatible content and leave the other stuff

Re:

The content has to be degraded UNLESS the rendering device (e.g. your HD projector) correctly answers an HDCP cryptographic challenge and agrees to play by the system/content's rules.

http://en.wikipedia.org/wiki/High-Bandwidth_Digita l_Content_Protection [wikipedia.org]

O