The Suicide Note | Jan 10, 2007 10:41
My thought as I started reading the essay
Windows Vista includes an extensive reworking of core OS elements in order to provide content protection for so-called "premium content", typically HD data from Blu-Ray and HD-DVD sources. Providing this protection incurs considerable costs in terms of system performance, system stability, technical support overhead, and hardware and software cost. These issues affect not only users of Vista but the entire PC industry, since the effects of the protection measures extend to cover all hardware and software that will ever come into contact with Vista, even if it's not used directly with Vista (for example hardware in a Macintosh computer or on a Linux server). This document analyses the cost involved in Vista's content protection, and the collateral damage that this incurs throughout the computer industry. He's also saying that the overwhelming focus on locking down "premium" content has significant implications for security, especially if any PC component is deemed to have a content leak:
Content-protection "features" like tilt bits also have worrying denial-of-service (DoS) implications. It's probably a good thing that modern malware is created by programmers with the commercial interests of the phishing and spam industries in mind rather than just creating as much havoc as possible. With the number of easily-accessible grenade pins that Vista's content protection provides, any piece of malware that decides to pull a few of them will cause considerable damage. The homeland security implications of this seem quite serious, since a tiny, easily-hidden piece of malware would be enough to render a machine unusable, while the very nature of Vista's content protection would make it almost impossible to determine why the denial-of-service is occurring. Furthermore, the malware authors, who are taking advantage of "content-protection" features, would be protected by the DMCA against any attempts to reverse-engineer or disable the content-protection "features" that they're abusing.
Even without deliberate abuse by malware, the homeland security implications of an external agent being empowered to turn off your IT infrastructure in response to a content leak discovered in some chipset that you coincidentally happen to be using is a serious concern for potential Vista users. Non-US governments are already nervous enough about using a US-supplied operating system without having this remote DoS capability built into the operating system.
The extent of supplication to content owners is indicated here:
As security researcher Ed Felten quoted from Microsoft documents on his freedom-to-tinker web site about a year ago
So if you design a new security system, you can't get it supported in Windows Vista until well-known computer security experts like Disney, MGM, and 20th Century Fox give you the go-ahead. It's absolutely astonishing to find paragraphs like that in what are supposed to be Windows technical documents, since it gives Hollywood studios veto rights over Windows security mechanisms.
There's a lot more in the full essay. It's not essential that you understand all the technical details to get the gist of it, but I'd welcome geekier readers coming in here with some explanatory comments for non-geeks. I confess, I find it hard to believe it could be this bad, but Peter Gutman is a lot smarter than I am.