Gutmann Vista DRM paper uses shoddy Web Forums as source

Computer scientist Peter Gutmann made a name for himself when he published his paper “A Cost Analysis of Windows Vista Content Protection” and got worldwide attention for outlining some serious concerns about Windows Vista DRM mechanisms. But Peter Gutmann admittedly doesn't use Windows Vista and he's publicly asked for others to confirm his theories and based many of his key assertions on web forum postings as his source.

Note: As of April 2007 on Gutmann's website, Gutmann stated: "Can others confirm this? I don't run Vista yet, but if this is true then it would seem to disconfirm Microsoft's claims that the content protection doesn't interfere with playback and is only active when premium content is present". Peter Gutmann has recently removed this embarrassing admission from his paper hosted on his website after Ed Bott pointed out that Gutmann admitted to never having run Vista and thus couldn't have done any experiments. An older version of the PDF can be found here which still contains that admission.

Gutmann makes the following key assertions based on forum postings:

• Vista's Media Foundation Protected Pipeline (mfpmp.exe) takes excessive CPU resources, anywhere from 10% to 50% CPU utilization.
• AudioDG (Windows Audio Device Graph Isolation) and mfpmp.exe takes massive amounts of memory.
• Vista's content protection applies to and limits non-premium (non-DRM) content.

The fact is that Peter Gutmann didn't do the research himself and relied on web forums alone says a lot about the quality of his research. But it gets much worse, those forum postings don't seem to represent anything close to reality and my tests below verify this.

Based on the research and experimentation that I have done, Karel Donk's forum posting (cited by Gutmann) that mfpmp.exe (Media Foundation Protected Pipeline) consumes "10-50%" is off by a factor of 20. Chris Martin's screenshot (also cited by Gutmann) which shows AudioDG using up 347.23 MBs is off by a factor of 30 times if we are talking about playing audio on a modern PC. Furthermore, the resources consumed by mfpmp.exe shown in task manager actually accounts for the combined CPU utilization of mfpmp.exe and Windows Media Player and should not be solely attributed to the Media Foundation Protected Pipeline.

Test results for Windows Vista mfpmp.exe and AudioDG: Typical CPU utilization of mfpmp.exe shown in the Process Explorer graph below hovers between 0.77% to 2.31% on an Intel E6400 CPU while playing back a DRM protected WMA file. As you can see below, the memory foot print and CPU utilization of mfpmp.exe is trivial and not even close to Gutmann's anecdotal evidence of 10% to 50% and 154.4 MB memory consumption. Even the playback of an NTSC resolution WMV (Windows Media Video) file only resulted in ~11 MBs of memory consumption for the mfpmp.exe process.

As you can see below, AudioDG.exe consumes approximately 10.61 MB on my task manager compared with Chris Martin's screenshot of 347.23 MB (KB to MB conversion with division by 1024). How Martin got the AudioDG process to use that much memory is beyond me and that single process would exceed the 256 MB minimum memory requirement in Windows Vista. Maybe it's an aberration but it can't possibly be common behavior or the millions of Vista users would be screaming.

[Update 9/3/07 - Microsoft's Larry Osterman explained in an email to me that AudioDG allows third party IHVs (Independent Hardware Makers) to add audio processing effects. Some earlier versions of third party effects did cause excessive memory and CPU usage but to his knowledge all these problems were fixed. The way user would check this if they suspect issues is to disable the sound effects in the sounds control panel and see if that fixes the problem. If the problem goes away then it indicates a problem with the audio effects.]

How mfpmp.exe got wrongly blamed for excessive CPU consumption: While trying to get to the bottom of this, I noticed something strange. A colleague of mine noticed that playing WMV (Windows Media Video) files in WMP11 (Windows Media Player 11) will trigger the mfpmp.exe process while my WMV files will not. This sparked my curiosity and after testing on a larger range of WMV files, I made the following discovery.

• All the movies that I recorded directly to WMV format from an earlier version of Windows Movie Maker DO NOT invoke mfpmp.exe when played in WMP11.
• All the movies that I encoded using Windows Media Encoder DO invoke mfpmp.exe when played in WMP11 but NOT when played in WMP Classic (Windows Media Player Classic). So it would appear that some kind of format difference or “flag” is set when you use Windows Media Encoder.
• HOWEVER, the total CPU load from WMP11 + mfpmp.exe is roughly 9% for me and 0% of that was attributed to WMP11 while 9% was attributed to mfpmp.exe so it looks like all the CPU utilization is counted against mfpmp.exe. If I play a file that doesn’t invoke mfpmp.exe, WMP11 will indicate 9% utilization by itself. If I use WMP Classic which doesn’t invoke mfpmp.exe under any circumstance, it also uses 9%. The point is that with or without mfpmp.exe, decoding my WMV video file will always consume 9% on my Intel E6400 dual core processor.

If I use Process Explorer, it correctly shows the mfpmp.exe process chaining off of the WMP11 parent process and it gives you the same consolidated CPU utilization of 9%. Vista’s task manager is deceptive when it makes the two processes look independent and it's easy to understand how someone can wrongly attribute excessive loads to mfpmp.exe when it was really accounting for the video compression decoding.

[Update 9/3/07 - Microsoft's Larry Osterman confirmed for me that there are two rendering pipelines in Vista. One is the Media Foundation and the other is DirectShow. Media Foundation sometimes sends the processing to mfpmp.exe which explains why WMP11 shows zero CPU utilization and mfpmp.exe shows all the CPU consumption. Media Foundation supports the newer implementation of DRM in Vista or non-DRM content.]

It really goes to show why the researcher must understand what he or she measuring and not just what the measurements are. The fact that Gutmann did no measuring at all and relied on comments from web forums as his "research" to make his bold assertions about Vista DRM mechanisms is comical. I don't know if I should laugh or cry that so many news organizations and big name researchers like Bruce Schneier cited Gutmann's paper as a credible source. One sits in amazement watching Gutmann, Schneier, Korel Donk (dubious mfpmp.exe data above), and Charlie Demerjian all cite each other in a game of blind leading the blind and circular referencing.

Does Vista really block non-commercial premium content? Gutmann cites Karel Donk's webpage on comment-1255 that mfpmp.exe also runs for DIVX or XVID files and says that this is "implying that it's always active even if no premium content is present". The bookmarked link to comment number 1255 doesn't work but searching for "DIVX" takes you down to Karel Donk's comment reproduced below.

Karel Donk Says: January 17th, 2007 at 3:39 pm Akira, for me the “Media Foundation Protected Pipeline EXE” starts for almost all avi files, which use DivX or Xvid. I don’t know about downloads going slower, so far I haven’t had issues with that. I don’t use steam however.

So this explains why Peter Gutmann told Usenix Boston 2007 that Vista Content Protection blocks non-commercial premium content (reported by Jon Brodkin PCWorld). But Karel Donk's claim is that mfpmp.exe is started with "almost all avi files, which use DivX or Xvid" can't be replicated. My tests show that WMP11 (Windows Media Player 11) only spawns the mfpmp.exe child process when it plays MP3 or WMA (Windows Media Audio) files. My results completely contradict Donk's forum posting and WMP11 will not spawn mfpmp.exe while playing XVID, DIVX, or even DVD VOB files. Furthermore, Windows Media Player Classic or any non-WMP11 player will not launch the mfpmp.exe process at all.

If Peter Gutmann has such a big problem with mfpmp.exe and he doesn't want it consuming any CPU, the simplest solution is to NOT use Windows Media Player 11 in Windows Vista. All anyone needs to do is install the Swiss Army Knife of media playback pack called K-Lite Mega Pack (download) which includes Windows Media Player Classic. I consider K-Lite one of the essential add-ons for any Windows user so it's something you'll want anyways. If you hate DRM, you have a choice of not using it in Windows Vista because no one is forcing you to use WMP11 to play your content. The only reason you need WMP11 is if you choose to purchase DRM content and Windows Vista simply gives you the choice of using DRM or not. No extra resources have to be consumed and no content is blocked.

So based on dubious web forum "research", Gutmann concluded that Vista Content Protection is like a virus that consumes unnecessarily high CPU and memory resources. Believing that Vista supposedly consumes an extra 10 to 50 percent CPU utilization, Gutmann flew halfway around the world to Usenix Boston 2007 and told the audience that Vista content protection draws so much power that it causes global warming.

Last month I debunked Gutmann's claims that encryption for HDCP causes a significant rise in power consumption and now I've debunked Gutmann's assertions that the Media Foundation Protected Pipeline consumes excessive CPU and blocks users from premium content. At this point in time Peter Gutmann needs to explain himself and backup his wild assertions with actual research data or withdraw his paper.