Gutmann Vista DRM paper uses shoddy Web Forums as source

Gutmann Vista DRM paper uses shoddy Web Forums as source

Summary: Computer scientist Peter Gutmann made a name for himself when he published his paper “A Cost Analysis of Windows Vista Content Protection” and got worldwide attention for outlining some serious concerns about Windows Vista DRM mechanisms. But Peter Gutmann admittedly doesn't use Windows Vista and he's publicly asked for others to confirm his theories and based many of his key assertions on web forum postings as his source.


Computer scientist Peter Gutmann made a name for himself when he published his paper “A Cost Analysis of Windows Vista Content Protection” and got worldwide attention for outlining some serious concerns about Windows Vista DRM mechanisms. But Peter Gutmann admittedly doesn't use Windows Vista and he's publicly asked for others to confirm his theories and based many of his key assertions on web forum postings as his source.

Note: As of April 2007 on Gutmann's website, Gutmann stated: "Can others confirm this? I don't run Vista yet, but if this is true then it would seem to disconfirm Microsoft's claims that the content protection doesn't interfere with playback and is only active when premium content is present". Peter Gutmann has recently removed this embarrassing admission from his paper hosted on his website after Ed Bott pointed out that Gutmann admitted to never having run Vista and thus couldn't have done any experiments. An older version of the PDF can be found here which still contains that admission.

Gutmann makes the following key assertions based on forum postings:

  • Vista's Media Foundation Protected Pipeline (mfpmp.exe) takes excessive CPU resources, anywhere from 10% to 50% CPU utilization.
  • AudioDG (Windows Audio Device Graph Isolation) and mfpmp.exe takes massive amounts of memory.
  • Vista's content protection applies to and limits non-premium (non-DRM) content.

The fact is that Peter Gutmann didn't do the research himself and relied on web forums alone says a lot about the quality of his research. But it gets much worse, those forum postings don't seem to represent anything close to reality and my tests below verify this.

Based on the research and experimentation that I have done, Karel Donk's forum posting (cited by Gutmann) that mfpmp.exe (Media Foundation Protected Pipeline) consumes "10-50%" is off by a factor of 20. Chris Martin's screenshot (also cited by Gutmann) which shows AudioDG using up 347.23 MBs is off by a factor of 30 times if we are talking about playing audio on a modern PC. Furthermore, the resources consumed by mfpmp.exe shown in task manager actually accounts for the combined CPU utilization of mfpmp.exe and Windows Media Player and should not be solely attributed to the Media Foundation Protected Pipeline.

Test results for Windows Vista mfpmp.exe and AudioDG: Typical CPU utilization of mfpmp.exe shown in the Process Explorer graph below hovers between 0.77% to 2.31% on an Intel E6400 CPU while playing back a DRM protected WMA file. As you can see below, the memory foot print and CPU utilization of mfpmp.exe is trivial and not even close to Gutmann's anecdotal evidence of 10% to 50% and 154.4 MB memory consumption. Even the playback of an NTSC resolution WMV (Windows Media Video) file only resulted in ~11 MBs of memory consumption for the mfpmp.exe process. mfpmp.exe consumes little resources

As you can see below, AudioDG.exe consumes approximately 10.61 MB on my task manager compared with Chris Martin's screenshot of 347.23 MB (KB to MB conversion with division by 1024). How Martin got the AudioDG process to use that much memory is beyond me and that single process would exceed the 256 MB minimum memory requirement in Windows Vista. Maybe it's an aberration but it can't possibly be common behavior or the millions of Vista users would be screaming.

mfpmp.exe and AudioDG uses very little CPU and memory resources

[Update 9/3/07 - Microsoft's Larry Osterman explained in an email to me that AudioDG allows third party IHVs (Independent Hardware Makers) to add audio processing effects. Some earlier versions of third party effects did cause excessive memory and CPU usage but to his knowledge all these problems were fixed. The way user would check this if they suspect issues is to disable the sound effects in the sounds control panel and see if that fixes the problem. If the problem goes away then it indicates a problem with the audio effects.]

How mfpmp.exe got wrongly blamed for excessive CPU consumption: While trying to get to the bottom of this, I noticed something strange. A colleague of mine noticed that playing WMV (Windows Media Video) files in WMP11 (Windows Media Player 11) will trigger the mfpmp.exe process while my WMV files will not. This sparked my curiosity and after testing on a larger range of WMV files, I made the following discovery.

  • All the movies that I recorded directly to WMV format from an earlier version of Windows Movie Maker DO NOT invoke mfpmp.exe when played in WMP11.
  • All the movies that I encoded using Windows Media Encoder DO invoke mfpmp.exe when played in WMP11 but NOT when played in WMP Classic (Windows Media Player Classic). So it would appear that some kind of format difference or “flag” is set when you use Windows Media Encoder.
  • HOWEVER, the total CPU load from WMP11 + mfpmp.exe is roughly 9% for me and 0% of that was attributed to WMP11 while 9% was attributed to mfpmp.exe so it looks like all the CPU utilization is counted against mfpmp.exe. If I play a file that doesn’t invoke mfpmp.exe, WMP11 will indicate 9% utilization by itself. If I use WMP Classic which doesn’t invoke mfpmp.exe under any circumstance, it also uses 9%. The point is that with or without mfpmp.exe, decoding my WMV video file will always consume 9% on my Intel E6400 dual core processor.

If I use Process Explorer, it correctly shows the mfpmp.exe process chaining off of the WMP11 parent process and it gives you the same consolidated CPU utilization of 9%. Vista’s task manager is deceptive when it makes the two processes look independent and it's easy to understand how someone can wrongly attribute excessive loads to mfpmp.exe when it was really accounting for the video compression decoding.

[Update 9/3/07 - Microsoft's Larry Osterman confirmed for me that there are two rendering pipelines in Vista. One is the Media Foundation and the other is DirectShow. Media Foundation sometimes sends the processing to mfpmp.exe which explains why WMP11 shows zero CPU utilization and mfpmp.exe shows all the CPU consumption. Media Foundation supports the newer implementation of DRM in Vista or non-DRM content.]

It really goes to show why the researcher must understand what he or she measuring and not just what the measurements are. The fact that Gutmann did no measuring at all and relied on comments from web forums as his "research" to make his bold assertions about Vista DRM mechanisms is comical. I don't know if I should laugh or cry that so many news organizations and big name researchers like Bruce Schneier cited Gutmann's paper as a credible source. One sits in amazement watching Gutmann, Schneier, Korel Donk (dubious mfpmp.exe data above), and Charlie Demerjian all cite each other in a game of blind leading the blind and circular referencing.

Does Vista really block non-commercial premium content? Gutmann cites Karel Donk's webpage on comment-1255 that mfpmp.exe also runs for DIVX or XVID files and says that this is "implying that it's always active even if no premium content is present". The bookmarked link to comment number 1255 doesn't work but searching for "DIVX" takes you down to Karel Donk's comment reproduced below.

Karel Donk Says: January 17th, 2007 at 3:39 pm Akira, for me the “Media Foundation Protected Pipeline EXE” starts for almost all avi files, which use DivX or Xvid. I don’t know about downloads going slower, so far I haven’t had issues with that. I don’t use steam however.

So this explains why Peter Gutmann told Usenix Boston 2007 that Vista Content Protection blocks non-commercial premium content (reported by Jon Brodkin PCWorld). But Karel Donk's claim is that mfpmp.exe is started with "almost all avi files, which use DivX or Xvid" can't be replicated. My tests show that WMP11 (Windows Media Player 11) only spawns the mfpmp.exe child process when it plays MP3 or WMA (Windows Media Audio) files. My results completely contradict Donk's forum posting and WMP11 will not spawn mfpmp.exe while playing XVID, DIVX, or even DVD VOB files. Furthermore, Windows Media Player Classic or any non-WMP11 player will not launch the mfpmp.exe process at all.

If Peter Gutmann has such a big problem with mfpmp.exe and he doesn't want it consuming any CPU, the simplest solution is to NOT use Windows Media Player 11 in Windows Vista. All anyone needs to do is install the Swiss Army Knife of media playback pack called K-Lite Mega Pack (download) which includes Windows Media Player Classic. I consider K-Lite one of the essential add-ons for any Windows user so it's something you'll want anyways. If you hate DRM, you have a choice of not using it in Windows Vista because no one is forcing you to use WMP11 to play your content. The only reason you need WMP11 is if you choose to purchase DRM content and Windows Vista simply gives you the choice of using DRM or not. No extra resources have to be consumed and no content is blocked.

So based on dubious web forum "research", Gutmann concluded that Vista Content Protection is like a virus that consumes unnecessarily high CPU and memory resources. Believing that Vista supposedly consumes an extra 10 to 50 percent CPU utilization, Gutmann flew halfway around the world to Usenix Boston 2007 and told the audience that Vista content protection draws so much power that it causes global warming.

Last month I debunked Gutmann's claims that encryption for HDCP causes a significant rise in power consumption and now I've debunked Gutmann's assertions that the Media Foundation Protected Pipeline consumes excessive CPU and blocks users from premium content. At this point in time Peter Gutmann needs to explain himself and backup his wild assertions with actual research data or withdraw his paper.

Topics: Windows, Browser, Microsoft, Processors

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Windows contributes to global climate change

    #courtesy of: cjm LT
    Why should anyone feel defensive about "being cheap?"
    America and Americans are in debt to the eyeballs and have no savings because we spend the money as fast as we get it and then we borrow so we can spend some more. The people are in hock to consumer credit companies and the nation is pushing bonds to China.
    We rarely speak of <i>citizens</i> anymore...we're now <i>consumers</i>.
    Money represents <i>energy</i>.
    Given the environmental and economic costs (including long term energy availability and cost), an IT sector based on planned obsolesense that emphasizes ongoing consumption of throw away manufactured goods is absurd.
    One of the most attractive aspects of GNU/linux is that it redefines short lived,throw away, consumer items as durable goods through rigorous adherence to backwards hardware compatibility on the part of kernel maintainers and several of the mainstream distributions.
    And when new hardware is purchased, GNU/Linux permits purchase of hardware resources sized to meet the demands of the load, without the overhead imposed by an overly (and arbitrarily) bloated OS.
    Most of us "get" the idea of "free as in beer and free as in speech," but we're overlooking another important factor that could be exploited to boost the rate of adoption of open standards, FOSS, and Gnu/Linux, among governments and other large institutions:
    <b><i>GNU/linux is the environmentally friendly OS.</i></b>
    Computer hardware represents <i>embedded energy</i>. Embedded energy, is the energy derived from fossil fuels, that went into its manufacture.
    That is embedded energy that caused greenhouse gas emissions when it was embedded in the hardware we refer to as a computer.
    On a Microsoft driven average three year hardware upgrade cycle, that embedded energy is wasted and winds up in a landfill -- and more greenhouse gas is produced to build replacement hardware with its own embedded energy load onboard to be under-utilized over its short service life as a Windows desktop or server.
    All but one of the machines I administer at my small business have been "recycled" after I obtained them from other businesses "upgrading" to the lastest version of Windows. The one new machine, I assembled myself, from "new old stock," components five years ago, for use as a terminal server for a LAN of "recycled" PC based Xterminals, and it is only a PIII.
    The average age of machines on the LAN I built and maintain is 12 years -- <i>that is four times the fossil fuel embedded energy efficiency of a similarly sized Windows shop running on a Microsoft driven average 3 year hardware upgrade cycle</i>.
    Moreover, ever more powerful hardware consumes more and more greenhouse gas emitting fossil fuel in the form of AC utility power. We don't see many new PCs with 250 watt power supplies these days, do we?
    The bottom line is this: <b>Windows contributes to global climate change. GNU/Linux is the environmentally friendly and responsible choice</b>.
    Promote that to governments and large corporations under pressure to respond to concerns about global climate change and fossil fuel depletion, and there isn't a ready made answer they can provide to justify their continued reliance on Microsoft, Windows, and proprietary standards, that help dictate Windows use by everyone else who interacts with them.
    • 12 years

      If you love running in Red Hat 5.x or 6.x days, typing up your emails in vi, and sneaking in some Gome from that era... to each his own.

      I think your assertions are fundamentally flawed. Just because an upgrade takes place, doesn't mean the replaced PC goes to the landfill. If the PC was leased, it goes back to the leasing entity and gets resold.

      As far as the "older" computers you speak of, parts are hard to come by (heat sinks, CPU fans, RAM modules) and architecture limitations (ie. IDE bios elements) often make using new parts troublesome.

      So unless you extend your argument to everything, and ensure everything has a long upgrade cycle from drives to video cards, to nic cards, making a computer run 12 years is meaningless. People will upgrade because they want 3-d graphics, or gigabit ethernet... not solely because MS says so.
      • So...

        People upgrade because we are misinformed about the attributes of the latest 3d graphics, or gigabit ethernet. The reality is often a let down. Its like the fact that soap powders have been washing my whites whiter then the soap powder before them. My whites are so white they are now invisible. Which reminds me, have you seen the emperors new clothes lately....
        • Ya... ok

          I'm pretty sure at 12 years, the different between 10 megabit and gigabit ethernet would be self evident and self-promoting.

          Same for graphics. 12 years ago would have been 640 x 480 or for those lucky to own a higher end monitor 800 x 600 @ 256 colors. I'm pretty sure most people can see the advantage to 1280 x 1024 @ 32 bit color.

          Modems... same deal. 12 years ago would have been 19200 maybe. I think if you get 10 people in a room, they could tell the difference between 19200 and a final-generation 56k modem.
          • re: ok ...

            [i]"...the different between 10 megabit and gigabit ethernet would be self evident and self-promoting."[/i]

            [i]"12 years ago would have been 640 x 480 or for those lucky to own a higher end monitor 800 x 600 @ 256 colors."[/i]

            1) To take advantage of the gigabit ethernet, one would also have to change switchs and hubs.

            2) 12 years old hardware (Windows 1995) specs were able to run Win95, 98 and ME at high resolution and 10/100 ethernet..
          • Circle talk

            Its one of the worst fallacies that there is in the reasons for upgrading computer hardware; the Microsoft OS demands it. Garbage. If that was the case I never would have switched out of Win98se. The fact is that I upgraded the hardware first, and it was Win98se that wasn't able to keep up. The switch to XP was the best thing for the upgraded hardware, it didn't take the upgraded hardware to run Win98se, I upgraded the hardware for the performance improvement, and yes, the improvement was noticeable.

            Switching from Win98se to XP didn't make for a "noticeable" hit on the performance, so if it did reduce performance once it was installed on the newer hardware upgrades it wasn't significant. Secondly installing XP most definitely created a performance boost in one very significant way, it created a new high in stability that Win98se had been lacking with the newer hardware upgrades. I also know that my experience was typical of what most people I know went through who upgraded to XP eventually, hardware upgrades came first, performance improved but increased instability reared its ugly head and the switch to XP cured it without diminishing the performance upgrade with the newer hardware in any significant way.

            I asked a tech at a shop quite some time back why he thought Microsoft made such a big deal out of publishing new hardware requirements for Vista when I knew people who had started running it on machines that were close to 2 years old without a glitch. His response I believe hit the nail on the head. While he did point out, that no doubt about it, Vista will run on machines that are not new, it will run better generally on a newer machine, but the problem lies in the fact that in 2007,there are alot more people who are struggling along with 5 and 6 year old machines then there was even a few years ago, its a question of sheer numbers. He told me he services or upgrades about twice as many 5 year old machines then he did two or three years ago and most of them have seen far more use then a 5 year old machine had on it two or three years ago. As he pointed out; these machines would be very unsuitable for running Vista on and its his guess Microsoft wanted to make that much clear.

            But, a 5 year old machine (if thats the performance level you can live with) will run XP just perfectly so not only would you definitely not be required to upgrade your hardware, you don't need to upgrade your OS. But knock off the nonsense that if you do not want to upgrade your hardware you cant go MS. Knock off the nonsense that newer hardware is not better performing hardware.
  • Give It A Rest Already

    Your interest in this man is bordering on obsessional now.

    • I agree

      Keep your personal spats off the Internet please. You're no better than the man you seek to discredit.
      • You sure of that?

        George is just trying to debunk a lazy academic who is trying to calumny MS for no good reason other than "he wants to".
        • Just a quick grammar lesson for the day...

          The word "calumny" is a noun. But you still get credit for the effort of contributing vocabulary that we don't usually see around here. ;-)

    • The IEEE disagrees with you

      When the IEEE just emailed me to congratulate me on debunking the false claims of a computer science academic, I know I'm doing the right thing. So why don?t you take your own advice.
      • pat on the back

        very childish in my opinion. very.
      • How Nice For You

        Did they give you a badge as well? 'I Debunked Peter Gutmann and lived?... Loved the nicely arrogant 'So why don?t you take your own advice' as well :)

        Seriously George, you blog style is confrontational and primarly designed to drive hits and advertising $$'s. And you always have to have the last comment. Even when you were plainly wrong, like in OSX fonts, your last comment was 'It still doesn't look right to me'

        Your headline for this blog entry skews the blog into more personal attack territory, where as you are actually using some reasonable research and testing to debunk him. People would take you more seriously if you didn't turn everything into a person crusade.

        And I do take my own advice... I rest quite often :)

        • Seems to me he's just disproving wrong information.

          Why do the ABMers get so offended at someone who disproves their sorry excuses to attack Microsoft?
          • Not an ABM'er

            Oh well you got that completely wrong init.

            I am not an ABM'er at all. I use whatever tool is best for the job at hand.

            For my business laptop I have XP (it used to be vista but I downgraded) and office 2007. I have a Unbuntu based router. I have RHEL for working with Oracle databases and related tools. I used to have an IPAQ running windows mobile but got an n95 that does everything I need it to.

            Hardly an ABM'er! :D

          • My apologies if your not.

            You just exhibited the attitude of one.
      • Then...

        Please feel free to show the world this fine email from IEEE.
        • Why would you expect him to share private e-mail?

          I wouldn't share private e-mail correspondence.

          And what does it matter? It seems evident that Peter Gutmann is not in a position to
          be writing the paper in question. We should welcome that he was exposed instead of
          shooting the person who exposed him.
          • Then why should he mention it?

            That and he was perfectly ok sharing a private email from Lynn Fox, so why should he change that habit.

            Besides, surely he'd be able to strengthen his position by showing that email.