December 16, 2017

Next-Gen DVD Support Yanked from 32-Bit Vista

Microsoft has announced that the 32-bit version of its forthcoming Windows Vista operating system product won’t support playing commercially-produced next-generation DVDs (i.e., HD-DVD and Blu-Ray discs), according to Dan Warne’s story at APC. 32-bit Vista will be able to access the discs, reading and writing ordinary content, but they won’t be allowed to access DRM-encoded content such as major studio movies.

For those not up on the jargon, Vista is the next major version of Windows. There are different flavors of Vista for 32-bit processors and 64-bit processors. virtually all of the computers in use today, and most of the ones for sale in stores, use 32-bit processors, so they’ll run the 32-bit version of Vista – the one that won’t be able to play next-gen DVDs.

The reason, Microsoft says, is that the DVD cartel won’t license them the right to read DRMed content on 32-bit Vista. The problem is supposedly that 32-bit Vista allows the use of unsigned device drivers, while 64-bit Vista allows only signed drivers. To be signed, a device driver has to be approved by a special testing bureaucracy, according to criteria set up by Microsoft. (Device drivers are small programs that allow the system to interact with external devices or services.)

Optional signing of device drivers is a fine idea. Bad device drivers have caused many headaches for Windows users, so it’s good to give users more control over which drivers are on their systems. Users have to make choices about which drivers to install, and a Microsoft-sponsored stamp of approval, as provided by the signing process, helps users make that decision. All of this is helpful, as long as it is ultimately the user who decides what is safe to use on his computer.

But the reality is that lots of good and useful drivers are unsigned, because companies don’t want to subject themselves to the certification process. Competent users accept unsigned drivers all the time – my two-month-old Windows XP laptop has a few dozen unsigned drivers, many of which were pre-installed by the manufacturer.

In short, moving to 64-bit Vista, to get next-gen DVD playback with Windows, means giving up your current computer and some of your current peripherals and applications. You can be compatible with next-gen DVDs, or you can be compatible with the other stuff you use. Your choice.

Or you could just get one of the other Windows-compatible DVD player applications. According to an anonymous Microsoft source quoted at BoingBoing, Hollywood’s objection to next-gen DVDs on Vista-32 applies to Microsoft but not to third-party player applications like WinDVD and PowerDVD. Those apps will be allowed to play next-gen DVDs on Vista-32 and WinXP, even in the presence of unsigned drivers. If the goal is to stop piracy, this decision makes no technical sense. If unsigned drivers are a threat to DRM, it doesn’t matter whether those drivers are attacking a Microsoft-brand player application or a third-party application. So why did Hollywood refuse to license only Microsoft?

The BoingBoing source offers two hypotheses:

This leads folks at Microsoft to conclude either:

A) The studios don’t understand the technology enough to see these risks clearly, or

B) They just want to screw Microsoft

The studios all have tech consultants, and many of them are not fools, so A seems unlikely. B also doesn’t seem completely likely. It’s probably the usual: human stupidity rolled up in a big ball.

The stupidity-ball explanation is always a contender in cases like this, but I wouldn’t rule out A or B either. Yes, the studios have tech consultants, but they had equally good consultants when they chose the horribly misdesigned CSS as the encryption scheme for first-gen DVDs, which suggests that they don’t always listen to the consultants.

There’s an interesting connection to antitrust policy here. Microsoft’s business strategy is apparently to tie Media Player to Windows. Antitrust authorities, in Europe at least, didn’t like this, and so Microsoft is claiming that Media Player is an Integral Part of Windows and not just a nice application that is designed to work well with Windows. (Recall that they tried the same argument for Internet Explorer in the U.S. antitrust case, and the U.S. courts didn’t buy it.)

This may affect the DVD cartel’s decisionmaking in at least two ways. First, if they fell for the line that Media Player is not just another pretty app, they may have concluded that it made sense to hold Media Player accountable for the Windows “bug” of allowing unsigned drivers. This makes no sense from a content security standpoint, but remember that these are the same people who thought CSS was a good idea.

Another possibility is that the DVD cartel is implementing its own antitrust policy, encouraging competition in the market for Windows-compatible DVD players by neutralizing Microsoft’s tying strategy. Having acquired quasi-governmental power to regulate the design of DVD players and the structure of DVD-related markets, the cartel would naturally want to prevent any player vendor from accumulating market power.

All of this brings us back to Tim Wu’s paper about the drawbacks of putting one small group in charge of a whole economic sector. Markets may make good decisions – if they’re competitive – but there’s no guarantee that a single entity will make good decisions. That’s especially true if we put a small group of movie executives and lawyers in charge of technology design.

Comments

  1. This strategy may also reflect a misguided attempt by the content industry to have their DRM and eat it too.

    On the one hand, the movie industry wants to do what they can to restrict platforms from being vulnerable to driver-based attacks, so someone tells Microsoft they can’t play DRMed content on 32-bit Vista.

    On the other hand, they realize that they are excluding a ridiculously large percentage of the Windows install base with this strategy (not just 32-bit Vista users, but lots of 2000/XP users who have no plans to switch), so someone tells the makers of other software-based players that they have the green light.

    Obviously, if a vulnerability is to be found in this plan, it’s in the third-party software that will eventually be hacked to permit unfettered access to protected content. But the cake is too sweet, moist, and delicious to have it just sit there without having at least a taste.

  2. Not only was CSS a stupid idea, but it goes right up there hand-in-hand with region encoding. Neither is a good security measure but thanks to DMCA and similar laws we’re stuck with them.

    Re the new HD-DVD issue, Microsoft could, perhaps should, but certainly won’t, tell the HD-DVD consortium to go take a flying leap: “We won’t support ANY of your DRM-encumbered DVDs if you try to tell us we can’t support them in our most popular environments!” Since Micorosoft largely “owns” the market for computers that will be used to play the media, this would certainly get the attention of the suits in hollywood.

  3. James Bailey says:

    Option C, Microsoft is not telling the whole truth about this issue. Maybe the Studios have a vague requirement that the media paths be secure from end to end and Microsoft is using that as an opportunity to force users to a must-be-signed model for drivers that they otherwise might not accept.

  4. Sigh …

    C) The geek chain-of-reasoning process is wrong

    The problem is that there’s no incentive to be correct if there’s a wrong but popular answer :-(.

  5. Michael Kohne says:

    One nit that should be picked: for Vista 64 bit, drivers do NOT have to go through the MS qualification process to get signed. All that will be required is that you have a code signing certificate from an authorized certification authority (Versign was the only planned one, last I looked). This means that signing doesn’t give the user confidence that your driver isn’t garbage, just that they’ll be able to figure out who wrote the thing.

  6. How is this different from the way things work on XP with normal DVDs? I recently assembled a ‘white-box’ XP machine and was dismayed to discover that Windows Media Player can’t decode normal DVD content – MS doesn’t supply a codec. You must use 3rd-party applications for this. If you assembled your system yourself and bought the DVD drive ‘bare bones’ you have to buy the player application separately.

    I eventually found a copy of PowerDVD that had been included with an old DVD-ROM drive that someone had given me so I was able to get it working. The point however is that the support isn’t native in the current OS, so it shouldn’t be a big surprise that future versions follow the same model.

  7. Since most people use PowerDVD, WinDVD, Dell Media Center, or whatever else comes with their computer, does this even really affect the consumer?

    And more importantly, why does the 64-bit version refuse to run unsigned drivers? Aren’t they violating antitrust law by telling the user that it can’t run unapproved software or hardware, rather than leaving it to their own discretion?

  8. Another alternative, MSFT themselves didn’t want to assume the liability of being financially responsibe for a breech which exposed HD content to piracy. I wish I could remember where I read that possibilty being suggested.

  9. The forced use of only signed drivers may relegate 64-Bit Vista to being the OS that no one wants. How long will Microsoft allow this to be the case?

    Will it be until peripherals with signed drivers are common in the market place and people are willing to ditch their existing peripherals just to run 64-Bit Vista?

    Next-Gen DRM playback is not enough of a ‘carrot’ to overcome the ‘stick’ of losing compatibility and having pseudo trusted computing forced upon your computer. Hopefully if the hackers like 64-Bit Vista enough, they will circumvent the signing requirement.

  10. Wes Felter says:

    Symantec already figured out how to patch out the driver signing requirement:

    http://www.symantec.com/enterprise/security_response/weblog/2006/08/assessment_of_vista_kernel_mod.html

    “we are now able to patch both NTOSKRNL.EXE and WINLOAD.EXE to successfully disable driver signing and code integrity within the Windows Vista kernel with a simple one byte modification. “

  11. Hmm. Could Symantec’s actions in any way be construed a DMCA violation? If Symantec disables the driver signing requirement, do they do so only for their crappy anti-virus wares, or for the entire OS? If they do it for the entire OS and this enables easier malware infection and DRM circumvention, are they liable? Will there be a cat-and-mouse game of patch and unpatch the kernel between Symantec and Microsoft?

  12. It could be an abomination. Who knows?

  13. Buckaroo Bitwise says:

    I have tools in both Windows and Linux that will make exact bit-wise copies of CD’s and DVD’s. I assume the same methods will be just as easily employed on the HD stuff, so how does this DRM stuff prevent copying? If I make a bit-wise copy of Star Wars Episode III on my computer, my DVD player that is connected up to my TV set will play the bit-wise copy just as well as it plays the original DVD (including reading the region code and having to use the player’s licensed CSS decoder to actually show the movie). Really, what good does this DRM on DVD’s do for anyone, except cost manufacturers money to licensing consortiums that are no more than bureaucratic leaches?

  14. http://blackhat.com/presentations/bh-usa-06/BH-US-06-Rutkowska.pdf has details on how you can patch a signed driver – swap it out to disk, then since a user-mode app can access the raw disk device, patch the driver, then call their patched code in signed kernel space directly. So signed drivers provides no actual protection.

  15. Wes Felter says:

    You can’t make a bitwise copy of a CSS-protected DVD, because the part of the disc that holds the keys is not writable on DVD+-Rs. I would guess HD-DVD and Blu-ray are similar. Besides, I doubt the studios are too worried about disc-to-disc copies; they seem to fear Internet copyright infringement more.

  16. dvrblogger says:

    This report is not true. I checked with several sources and 32 bit Vista will allow next gen DVD support.

  17. Even if it is true, this statement by Microsoft seems like a direct challenge to hackers. They will be falling all over themselves to be the first one to figure out a work-around. Just like hacking the hardware protection on Xbox and Xbox 360…

  18. It amazes me that this is event debated. I strongly doubt any full version of the truth was exposed in the article.

    The simplest explanation is probably true: MSFT won’t pay the licensing fee for the player. And why would they? When you have a dominant market position with no reasonable competitor, disaggregation of operating system components to extract the highest possible producer surplus through price discrimination makes economic sense for the monopoly.

    My Lenovo and Sony laptops shipped with the ability to play DVDs out of the box. I paid the additional costs to Lenovo and Sony. MSFT took the same share of the profit without doing any work to allow me to play DVDs. It sounds like a win for Windows profit margins.

    My question: Is there a stable 64-bit DVD player ready now from a third party source that works on Vista 64? If not, MSFT is probably paying the fee to guarentee a good user experience for DVDs on their top end OS, but wishing that third parties were already filling that void.

  19. Yep, seems obvious that the answer is not that manufacturers stubbornly refuse to license to MS come what may, but rather that MS doesn’t want to pay what the manufacturers are asking. This would also make sense of the difference between 32 and 64 bit Windows. 32-bit has a dominant market share, thus should, in the manufacturers’ estimation, carry a high license fee. 64-bit has low market share, therefore what the manufacturers are asking by way of fee is presumably more acceptable to MS.

  20. “I have tools in both Windows and Linux that will make exact bit-wise copies of CD’s and DVD’s. I assume the same methods will be just as easily employed on the HD stuff, so how does this DRM stuff prevent copying? If I make a bit-wise copy of Star Wars Episode III on my computer, my DVD player that is connected up to my TV set will play the bit-wise copy just as well as it plays the original DVD (including reading the region code and having to use the player’s licensed CSS decoder to actually show the movie). Really, what good does this DRM on DVD’s do for anyone, except cost manufacturers money to licensing consortiums that are no more than bureaucratic leaches?”

    That’s exactly what the DRM does — enable the licensing consortium leeching business model. What, you didn’t think it was to prevent piracy, surely?!

  21. “http://blackhat.com/presentations/bh-usa-06/BH-US-06-Rutkowska.pdf has details on how you can patch a signed driver – swap it out to disk, then since a user-mode app can access the raw disk device, patch the driver, then call their patched code in signed kernel space directly. So signed drivers provides no actual protection.”

    Interesting. Allowing user-mode apps to access the raw disk device, at least for the swap partition, is a major security hole, IMO — the potential for privilege escalation on a multiuser system is obvious.

    It may also allow circumventing the HD-DVD limitations by accessing the raw HD-DVD drive device and doing your own decoding, without involving the OS beyond its most basic role of providing low level access to devices.