Vista Mythbusters #7: How much DRM is too much?

Vista Mythbusters #7: How much DRM is too much?

Summary: Much of the DRM code in Windows Vista is a straightforward upgrade of the XP infrastructure. But one key chunk of code is brand new. It prevents tampering with the Windows Kernel. Does it also prevent tampering with new hardware and software designed to handle protected digital media?

SHARE:
TOPICS: Windows
83

Myth: Windows Vista is loaded with new forms of digital rights management (DRM) that will make the Vista experience more frustrating than ever.

Reality: A new code-checking subsystem that protects the Windows Vista kernel and signed drivers is arguably a new form of DRM. How well will it perform in the field? We won't know until new hardware to take advantage of these features hits the streets.

Much of the DRM code in Windows Vista is a a straightforward upgrade of the infrastructure introduced in Windows XP and Windows Media Player 10. There's some confusion over whether and how DRM-encrypted music tracks from the new Zune service will interoperate with tracks from older rights-protected services certified with the Plays For Sure logo, even the much-hyped MTV Urge service, created in partnership with Microsoft. But in general, that code is just an evolution of the original Windows Media DRM.

One key chunk of code is brand-new, however. The Software Protection Platform rolls up activation, validation, and tamper-proofing into an integrated subsystem. A key module is Code Integrity verification, which is defined in this first look by Microsoft's Chris Corio:

Code Integrity (CI) protects Windows Vista by verifying that system binaries haven’t been tampered with by malicious code and by ensuring that there are no unsigned drivers running in kernel mode on the system. CI starts as Windows starts up. The boot loader checks the integrity of the kernel, the Hardware Abstraction Layer (HAL), and the boot-start drivers. After these binaries have been verified, the system starts and the memory manager calls CI to verify any binaries that are loaded into the kernel’s memory space. The binaries are verified by looking up their signatures in the system catalogs. Aside from the kernel memory space, CI verifies binaries loaded into a protected process and system installed dynamic libraries that implement core cryptographic functions.

You'll also find some good explanations in this PowerPoint presentation from Microsoft Security Evangelist Stephen Lamb.

The stated goal of CI is to protect the operating system from tampering or corruption. But as Lamb's presentation makes clear, it also affects the integrity and digital signature of any kernel-mode drivers. That makes it more difficult for hackers to replace a driver with an "improved" version that enables outputs and removes copy restrictions built into systems that use those drivers.

This post from programmer Scott Dorman connects the dots:

The operating system loader and the kernel now perform code signature checks. On 64-bit x64 platforms, all kernel mode code must be signed and the identify of all kernel mode binaries is verified. The system also audits vents for integrity check failures.

On 32-bit platforms, the administrator is prompted to install unsigned code. Load-time checks are done on all kernel mode binaries, but if unsigned code is allowed to load you won't be able to play protected high-definition multimedia content. [emphasis added]

Symantec has already made up its mind that this feature is a new form of DRM. In a whitepaper entitled "Assessment of Windows Vista Kernel-Mode Security" (PDF), Symantec's Matthew Conover writes:

The CI.DLL is made by the Microsoft’s DRM team to ensure the whole machine is in a trusted state to play DRM-protected content. For that reason, CI.DLL also checks the integrity of user-mode processes that are handling DRM-protected content.

If true, then this really is a form of DRM that has never been a part of Windows before. It's well tested in platforms like cable TV set-top boxes and satellite program decoders, but those single-function devices don't get customized the way a Windows PC does.

Besides being the investigative arm of the Windows Genuine Software program, the Code Integrity check is also going to be crucial to new hardware devices certified by CableLabs and various satellite providers. It's also tied to a new set of hardware-based output restrictions, which I'll get to when that hardware is available for testing.

For the introduction to this series, see Vista Mythbusters #1. For all posts in this series, see this page.

Topic: Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

83 comments
Log in or register to join the discussion
  • False Positives

    With a high number of false positives showing up under WGA, what
    makes us think this will go any better? Does one recommend
    collecting media under this week's "Plays for Sure Unless it's on
    Zune" initiative. Are we being asked to hope for the best in the face
    of forboding precedents?

    It would seem that under Vista, opting out of DRM will no longer be
    an option.
    Harry Bardal
    • Be nice

      [i]With a high number of false positives showing up under WGA, what makes us think this will go any better?[/i]

      To be fair, this avoids a lot of the gotchas that MS has with XP activation, since it doesn't need to look at the video card, hard drive, etc. to fingerprint a system. Of course, if your mobo dies you're SOL.

      The whole "all drivers must be signed by MS or the sytem gets locked" thing is not being well-received by the hardware vendors who have previously opted out of MS' (expensive) driver signing program on the grounds that it was costly and otherwise of no benefit. Well, HP has other things to worry about for now.
      Yagotta B. Kidding
      • All hardware from the major PC OEMs has ...

        ... shipped with WHQL signed drivers for years. It is part of the logo program and they are rewarded for doing so. Please tell me which hardware vendor you are refering to that opted out. If it's got the made for Windows logo it has a signed driver.
        ShadeTree
        • These same manufacturers not making Linux drivers

          are also part of the same program.

          It's the new form of what MS was doing to the PC makers who dared to install a dual boot as an option.

          No one is able to pay more or be left out if they don't do MS only installs or drivers.
          slim-01
        • Apple

          The last Ipod driver I saw wasn't certified. They would count as a major manufacturer wouldn't they?
          zmud
        • You said...

          "and they are rewarded for doing so" Sort of like when the
          Republican's got a big donation from Foley so he could continue to
          flip through the pages?

          Rewarded for doing so.....sort of sounds a lot like payolla to me.

          Pagan jim
          Laff
  • I read that there is NO confusion - it wont play

    "There's some confusion over whether and how DRM-encrypted music tracks from the new Zune service will interoperate with tracks from older rights-protected services certified with the Plays For Sure logo,"
    barstewards
    • Since it hasn't shipped yet, it's pretty hard to be sure

      (nt)
      Ed Bott
      • It's just another brick in the wall of a puclicly stated plan

        Unfortunately, I can't recall the exact source/event, but it was around the launch period of the "Trusted Computing" initiative.
        BG himself outlined the scheme then of a kernel structure that would only run approved apps.
        Sorry I can't recall details, but someone else will remember.
        What I clearly remember was the immediate clamouring of alarm-bells in my brain.
        Castanet
        • You're thinking of Palladium

          That was the code name of the original TPM plan.
          Ed Bott
      • Are you talking about Vista or Zune?

        Neither product has shipped yet, but Zune will ship before Vista, right?
        WiredGuy
        • Talking about Zune

          It's due to ship in November, I believe.
          Ed Bott
          • Zune, November 14th debut

            http://www.engadget.com/2006/09/28/zune-price-and-date-tk-tkth/

            Everybody (that has inside info) is saying that Zune is incompatible with "plays for sure". I would suspect that "plays for sure" will be abandoned for the newer DRM technology.
            WiredGuy
  • The big problem is you can't turn it off.

    I would happily give up being able to play DRM-protected Windows Media format files in exchange for having control over the computer, particularly in control systems where custom drivers are common. But to do that in Vista, according to comments elsewhere, you have to break into the boot sequence with F8 and disable it *every boot*.

    That pretty much rules Vista out for safety-critical systems, even in a console role.
    Resuna
    • Macs never looked so good!

      In an industry where we often use PCs to automate CNC lathes and other critical processes, we often write our own drivers. With the advent of XP this posed a minor headache but we didn't have to worry about our machines not operating the code properly unless there was a major conflict within the code itself. Now, Microsoft has gone too far. They may control the OS, but they don't own my PC, my Equipment, or the way I operate my business. I am also sympathetic with Microsoft in combating piracy of software because it cost Microsoft millions of dollars in lost revenue. But, Microsoft has gone too far with the DRM protection and although I honestly haven't looked into whether it will affect the machines now in operation, I know at some point in the future I will have to deal with the all too intrusive Microsoft! After being an avid "Windows" supporter for nearly two decades, the Mac is looking very promising. At least I still will control my machine!
      billsaunders9
      • Are you naive?

        I don't think there's a company on the planet with a stronger DRM, "we'll sue and own your ass" company than Apple.
        Yensi717
      • Don't throw out that PC just yet.

        Check this http://linuxcnc.org/ Take the money you'd use on Macs and get some training you be worry free and in control.
        Hrothgar - PCLinuxOS User
        • Disclaimer

          The money thing was a blanket statement. I don't know the worker to PC ratios or the program. The CNC program can be tried out using a live cd (based on the unbuntu distro) simply boot from CD then try it out shut down and remove CD and reboot to return to windows.
          Hrothgar - PCLinuxOS User
      • I'd go Linux

        At least then you'd have all the freedom you need with access to the source code. For your situation Linux looks even better than the MAC.
        voska
    • Only true of 64-bit

      You can use unsigned drivers in 32-bit Vista without any special boot gymnastics. The restrictions are in 64-bit Vista.
      Ed Bott