Microsoft fights "music of mass destruction"

Microsoft fights "music of mass destruction"

Summary: Most of the time when a security hole is discovered in Windows, users have to wait until the next monthly "Patch Tuesday" to get it fixed. Sometimes an exception is made if the flaw is particularly bad. Therefore Microsoft must consider the FairUse4WM program the most critical security flaw ever!

SHARE:
TOPICS: Security
1

Most of the time when a serious flaw, such as a security hole, is discovered in Windows or another Microsoft product, users have to wait until the next monthly "Patch Tuesday" to get it fixed. Sometimes an exception is made to push a patch out earlier if the flaw is particularly bad. But other security holes may languish for months until they're publicly "outed" or an exploit is released into the wild.

Therefore, Microsoft must consider the FairUse4WM program the most critical security flaw ever! FairUse4WM is a program that cracks the DRM protection in Microsoft's Windows Media player. This would let you perform dangerous activities like making copies of music you bought, or watching movies beyond their expiration date. Apparently this set off some alarms in Redmond because only three days after the program was announced, Microsoft pushed a patch to disable it into the Windows Update stream. According to Bruce Schneier of Wired News, that's their quickest patch ever:

To Microsoft, this vulnerability is a big deal. It affects the company's relationship with major record labels. It affects the company's product offerings. It affects the company's bottom line. Fixing this "vulnerability" is in the company's best interest; never mind the customer. So Microsoft wasted no time; it issued a patch three days after learning about the hack. There's no month-long wait for copyright holders who rely on Microsoft's DRM.

 

Whew, I feel safer already. Of course, it should surprise no one that the authors of FairUse4WM have issued their own patch that evades the Microsoft patch. Can this war ever be won?

Topic: Security

Ed Burnette

About Ed Burnette

Ed Burnette is a software industry veteran with more than 25 years of experience as a programmer, author, and speaker. He has written numerous technical articles and books, most recently "Hello, Android: Introducing Google's Mobile Development Platform" from the Pragmatic Programmers.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Goes to show

    who pays the bills.
    hacked off