On TV.com: TOP 10 Shows CANCELED Too Soon
BNET Business Network:
BNET
TechRepublic
ZDNet

October 10th, 2006

Vista Mythbusters #7: How much DRM is too much?

Posted by Ed Bott @ 10:49 am

Categories: Digital media, Vista Mythbusters, Windows Vista

Tags:

In Focus » See more posts on: Vista, DRM

Myth: Windows Vista is loaded with new forms of digital rights management (DRM) that will make the Vista experience more frustrating than ever.

Reality: A new code-checking subsystem that protects the Windows Vista kernel and signed drivers is arguably a new form of DRM. How well will it perform in the field? We won't know until new hardware to take advantage of these features hits the streets.

Much of the DRM code in Windows Vista is a a straightforward upgrade of the infrastructure introduced in Windows XP and Windows Media Player 10. There's some confusion over whether and how DRM-encrypted music tracks from the new Zune service will interoperate with tracks from older rights-protected services certified with the Plays For Sure logo, even the much-hyped MTV Urge service, created in partnership with Microsoft. But in general, that code is just an evolution of the original Windows Media DRM.

One key chunk of code is brand-new, however. The Software Protection Platform rolls up activation, validation, and tamper-proofing into an integrated subsystem. A key module is Code Integrity verification, which is defined in this first look by Microsoft's Chris Corio:

Code Integrity (CI) protects Windows Vista by verifying that system binaries haven’t been tampered with by malicious code and by ensuring that there are no unsigned drivers running in kernel mode on the system. CI starts as Windows starts up. The boot loader checks the integrity of the kernel, the Hardware Abstraction Layer (HAL), and the boot-start drivers. After these binaries have been verified, the system starts and the memory manager calls CI to verify any binaries that are loaded into the kernel’s memory space. The binaries are verified by looking up their signatures in the system catalogs. Aside from the kernel memory space, CI verifies binaries loaded into a protected process and system installed dynamic libraries that implement core cryptographic functions.

You'll also find some good explanations in this PowerPoint presentation from Microsoft Security Evangelist Stephen Lamb.

The stated goal of CI is to protect the operating system from tampering or corruption. But as Lamb's presentation makes clear, it also affects the integrity and digital signature of any kernel-mode drivers. That makes it more difficult for hackers to replace a driver with an "improved" version that enables outputs and removes copy restrictions built into systems that use those drivers.

This post from programmer Scott Dorman connects the dots:

The operating system loader and the kernel now perform code signature checks. On 64-bit x64 platforms, all kernel mode code must be signed and the identify of all kernel mode binaries is verified. The system also audits vents for integrity check failures.

On 32-bit platforms, the administrator is prompted to install unsigned code. Load-time checks are done on all kernel mode binaries, but if unsigned code is allowed to load you won't be able to play protected high-definition multimedia content. [emphasis added]

Symantec has already made up its mind that this feature is a new form of DRM. In a whitepaper entitled "Assessment of Windows Vista Kernel-Mode Security" (PDF), Symantec's Matthew Conover writes:

The CI.DLL is made by the Microsoft’s DRM team to ensure the whole machine is in a trusted state to play DRM-protected content. For that reason, CI.DLL also checks the integrity of user-mode processes that are handling DRM-protected content.

If true, then this really is a form of DRM that has never been a part of Windows before. It's well tested in platforms like cable TV set-top boxes and satellite program decoders, but those single-function devices don't get customized the way a Windows PC does.

Besides being the investigative arm of the Windows Genuine Software program, the Code Integrity check is also going to be crucial to new hardware devices certified by CableLabs and various satellite providers. It's also tied to a new set of hardware-based output restrictions, which I'll get to when that hardware is available for testing.

For the introduction to this series, see Vista Mythbusters #1. For all posts in this series, see this page.

Ed BottEd Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications. See his full profile and disclosure of his industry affiliations.

Email Ed Bott

Subscribe to Ed Bott's Microsoft Report via Email alerts or RSS.

  • Talkback
  • Most Recent of 83 Talkback(s)
Yeah
if you can use hand brake or mac the ripper, but i don't know what
the windows versions are. (Read the rest)
Posted by: Graham Fluet Posted on: 12/03/06 You are currently: a Guest | | Terms of Use
False Positives  Harry Bardal | 10/10/06
Be nice  Yagotta B. Kidding | 10/10/06
All hardware from the major PC OEMs has ...  ShadeTree | 10/10/06
These same manufacturers not making Linux drivers  slim-01 | 10/10/06
Apple  zmud | 10/10/06
You said...  Laff | 10/11/06
I read that there is NO confusion - it wont play  barstewards | 10/10/06
Since it hasn't shipped yet, it's pretty hard to be sure  Ed BottZDNet Moderator | 10/10/06
It's just another brick in the wall of a puclicly stated plan  Castanet | 10/10/06
You're thinking of Palladium  Ed BottZDNet Moderator | 10/11/06
Are you talking about Vista or Zune?  WiredGuy | 10/11/06
Talking about Zune  Ed BottZDNet Moderator | 10/11/06
Zune, November 14th debut  WiredGuy | 10/11/06
The big problem is you can't turn it off.  Resuna | 10/10/06
Macs never looked so good!  billsaunders@... | 10/10/06
Are you naive?  Yensi717 | 10/10/06
Don't throw out that PC just yet.  Hrothgar - PCLinuxOS User | 10/10/06
Disclaimer  Hrothgar - PCLinuxOS User | 10/10/06
I'd go Linux  voska | 10/11/06
Only true of 64-bit  Ed BottZDNet Moderator | 10/10/06
But! can you run in 32bit on 64bit hardware  Hrothgar - PCLinuxOS User | 10/11/06
But! Can you run in 32bit on 64bit hardware  Hrothgar - PCLinuxOS User | 10/11/06
So use Linux  morleron | 10/11/06
You just need the proper process.  jrussel21 | 10/12/06
Will they let in the next "SONY rootkit"?  jinko | 10/10/06
There's the rub  morleron | 10/11/06
Code Integrity unusable for me  Aesculapian | 10/10/06
Duh.  Hrothgar - PCLinuxOS User | 10/10/06
I'm sorry, your joystick drivers are unsigned. You can't play your movie.  CobraA1 | 10/10/06
Only a couple of years left  Hempman | 10/11/06
Looks like we...  Sysop1984 | 10/11/06
Fritz-Fiasco, here we come.  Knorthern Knight | 10/10/06
Knorthern Knight, if you're a woman, I'm proposing happy  Jeff Hayes | 10/10/06
Version x.2 Rule  perryroyce@... | 10/11/06
Dual boot  A-USA-Smith | 10/13/06
At least for the next 10 years or so  ebrke | 10/11/06
Vista  tyronet | 10/11/06
Any 'Digitally Restricted Media' is too much.  JonathonDoe | 10/11/06
One small but important correction...  Ed BottZDNet Moderator | 10/11/06
Hi Ed, Thanks...  JonathonDoe | 10/11/06
Here, Here  donthetech | 10/11/06
Does the 'slippery slope' fallacy come to mind?  TasteeWheat | 10/11/06
RE: Does the 'slippery slope' fallacy come to mind?  joe6pack_z | 11/17/06
Acually...  Graham Fluet | 12/03/06
boiling frog...  A-USA-Smith | 10/13/06
Come on over  morleron | 10/11/06
Hi Ron, Thanks, but...  JonathonDoe | 10/11/06
How much DRM is too much  Protector | 10/11/06
Do you notice it?  Roger Ramjet | 10/11/06
Much ado about nothing  TripleII | 10/11/06
Support Links For Vista Home Users  TripleII | 10/11/06
What savings are these  voska | 10/11/06
Make money  A-USA-Smith | 10/13/06
This is anticompetitive  stanmuffin | 10/11/06
Nothing says you can't use them  Ed BottZDNet Moderator | 10/11/06
Non-WHQL drivers are still very common  Punchey | 10/11/06
I don't see Vista doing very well at all  molitar | 10/11/06
and if no-one ever clicked on Spam, there'd be none of that either  Castanet | 10/11/06
Sigh  quux | 10/11/06
That's why they are sheep  voska | 10/12/06
banned  A-USA-Smith | 10/13/06
Hmmm, this isn't good  voska | 10/11/06
DRM is easy, NOW disolving DVDs aren't.  mikeholli | 10/11/06
I don't think they care much about that  voska | 10/11/06
Here I go off on a RANT  mikeholli | 10/11/06
Yeah  Graham Fluet | 12/03/06
Need A Law  Ole Man | 10/11/06
There we GO!!  mikeholli | 10/11/06
DRM is a Horrible Idea  stormkrow@... | 10/11/06
DRM is a Horrible Idea Part II  mikeholli | 10/11/06
Re: DRM is a Horrible Idea Part II  pikegreen@... | 10/16/06
The Slippery Slope Part 2  donthetech | 10/11/06
Is Vista a Trojan Horse?  none none | 10/11/06
Too Big For A Horse, Now It's An Elephant  Ole Man | 10/11/06
more than advertizing money  ayounge | 10/11/06
Vista Mythbusters #7: How much DRM is too much?  rinie@... | 10/11/06
Cracked already?  none none | 10/11/06
DRM and scumware  Thundercleets | 10/12/06
Busted Myth = Confirmed Fear  marlinj@... | 10/12/06
No DRM  wizardb@... | 10/25/06
Fine i'll install an unsigned driver for playing  GreatInca | 11/13/06
Linux  joe6pack_z | 11/16/06
Any DRM is too much  bblackmoor@... | 11/17/06

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Click Here
advertisement

Recent Entries

advertisement

Archives

ZDNet Blogs

White Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline