You are here: Home
Document Actions

Analysis of Microsoft's Suicide Note (part 1)

by oday posted at 2007-01-09 17:59 last modified 2007-02-14 14:30 Copyright 2006 Oliver Day, Creative Commons Attribution 2.5 License

Oliver Day is a former corporate hacker turned student. While at eEye Digital Security he wrote audits for the Retina Vulnerability Scanner and was a Principal Security Consultant for @stake. He has written an unpublished book on SAN security and found a variety of exploits in web-based applications. He is contributing to a series of posts about the presence and implications of the “content protection scheme” in Microsoft Windows Vista. This post is the first in that series.

In a controversial technical analysis Peter Gutmann goes into fantastic detail about the recently released Vista operating system and its content protection scheme. One thing became clear to me after reading this analysis. Vista is being marketed to content producers, not consumers. If Windows XP was Microsoft’s attempt to embed a browser into the operating system then Vista is the attempt to embed DRM. Digital Rights Management technology has been applied to literally every ring of the OS architecture.

Vista's target market is content producers and the underlying philosophy of the user experience will be far different then what many consumers expect it will be. Microsoft has attempted to plug the infamous “analog hole” as much as is possible by forcing all data through encryption algorithms. For those unaware of the “costs” of encryption it is sufficiently high. Pushing HD audio and video content through encryption/decryption routines is a tremendous strain on any system currently available and in the near future. Even with the application of Moore's Law a conservative estimate could place affordable and usable systems within this new content system 5 years away. It will be interesting to see how these restrictions will be spun by the large marketing and PR teams since none of these innovations will benefit consumers in any way. The job that has been handed to these PR and marketing teams is to dress up a product designed with every restriction a producer has asked for and make a consumer want to buy it. One of the most quotable lines from the Gutmann analysis sums this up perfectly as, “breaking the legs of Olympic athletes and then rating them based on how fast they can hobble on crutches.”

In the past when I have delivered lectures to web application developers I would caution them to never trust user input. Perhaps developers took this philosophy a little too far. The entire operating system now seems to have turned against the user. Zero tolerance drivers and regulation code will lock the system down if any type of deviance is detected. So called “tilt bits” will signal an attack on the system if anything is found out of the ordinary. These changes won’t enhance user security unfortunately as they were designed to protect only “premium content”. Medical data, credit card numbers, and other private things that do deserve this level of protection are completly ignored. Untrusting of any environmental changes the system will shut down or degrade performance in response to a perceived attack.

This is a marked turn from the past versions of the Microsoft operating system. In the past one could take a hard drive from a Windows OS and drop it into an entirely different system. The new hardware would be detected and drivers applied on the spot. At most a single reboot would bring the user back into a usable system. This type of resilience was what impressed me during the early days of the new Windows architecture. In those days Microsoft was fairly dominant but still pursuing new customers. The new Vista scheme signals to me that they have exhausted new customer acquisition and are now focused on milking their existing market.

In the next post I will look at who benefits (Intel, Hollywood, code obfuscation providers) and who doesn’t (consumers) and some security issues (driver revocations for DDOS)

Analysis of Microsoft's Suicide Note (Part 2) Analysis of Microsoft's Suicide Note (Part 2)
Size 4459 - File type text/html
by oday last modified 2007-02-14 14:30 Copyright 2006 Oliver Day, Creative Commons Attribution 2.5 License

Grane in Vista?

Posted by MyClass:: at 2007-01-10 12:36

Análise da nota de suicidio de Microsoft (primeira parte)

Posted by Cousas de xentiña at 2007-01-14 03:09
Esta anotación é unha tradución de Analysis of Microsoft’s Suicide Note (part 1) publicado en polo experto en seguridade Oliver Day. O meu inglés está limitado ó inglés técnico (informática), polo que a tradución pode non s...

Windows Vista, just say No!

Posted by Marcus Povey's Weblog at 2007-01-16 07:27
Badvista is a campaign being launched by the Free Software Foundation to illustrate the problems and restrictions being marketed as features in Microsoft's much hyped monster. Now, with people having to re-install everything anyway, is a perfect time to consider switching to using one of the many Free alternatives. Oliver Day writes a very good analysis (part 1|2) of Microsoft's motives. Vista is being marketed to content producers, not consumers. If Windows XP
About this blog
The BadVista campaign, started in December 2006, advocated for the freedom of computer users, opposing adoption of Microsoft Windows Vista and promoting free (as in freedom) software alternatives. It declared victory in January 2009, with supporters moving on to do the same work against Windows 7.

You can support the campaign by joining the FSF.

Support the FSF
Join the campaign
New supporter?

Forgot your password?
Vista News Watch
something went wrong 2012-09-19
500 Internal Server Error 2009-09-25
Why I'm Skipping Windows Vista: IT Speaks Out - PC World 2008-11-06
HP, Microsoft lie to boost sales-numbers for Vista 2008-08-13 - Vista's Security Rendered Completely Useless by New Exploit 2008-08-08
More news…
« February 2021 »
Su Mo Tu We Th Fr Sa
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27