MS Palladium Patent

Concerned Citizen writes "cryptome has Microsoft's patent for Palladium. Including such gems as: 2. The computerized method of claim 1, wherein protecting the rights-managed data comprises: refusing to load the untrusted program into memory. 14. The computerized method of claim 1, further comprising: restricting a user to a subset of available functions for manipulating the rights-managed data. And I'm sure we'll all be coerced to agree to Palliadium during a future security patch agreement."

Do you hear that too?

I think I'm hearing "The Imperial March" in the background. Weird.

Trust

[Buggered+Choirboy]

If nobody trusts this system, it will not get into widespread use. Amazingly, Micro$oft does not succeed at everything.

Re:how 'bout apple

[tunah]

Microsoft bought a bunch of non-voting stock in apple as part of a deal that included cross licensing of patents. This settled a long running dispute of MS supposedly stealing apple's look and feel.

Microsoft quietly sold their stock (for a profit) some time afterward.

Re:Doesn't Java do this?

[marxmarv]

Correct me if I am wrong but doesn't Java's sandbox model refuses to load untrusted program into memory (if set up o only run signed applets) and restricta a user to a subset of available functions for manipulating rights-managed data?

As far as I know there isn't anything in Java that distinguishes the access rights of any particular piece of data, but you can install a custom SecurityManager in the JVM that can deny certain actions taken by particular threads, use a custom ClassLoader to ensure that signed classes can take extra privileges not granted by default, and ensure only signed classes get access to rights-managed data. Unless it's in silicon, you can still break the JVM, a la Ken Thompson's famous login/cc hack.

-jhp

Re:Never gunna happen

[Cally]

"DRM will not make it on to desktop PC's. Try telling a user that the
new computer they are thinking of purchasing has less features than
their current one."

It might just be possible that Microsoft, Intel and AMD have already thought of that. It might just be that they will market it as a new feature. Indeed, in the original NYTimes Steven Levy piece it was interesting to see Gates saying (words to the effect of) "we started thinking about this technology in connection with music and video, but then we realised we could position it as a general purpose security feature." Apart from killing one of the last remaining sectors where ISVs still make money writing for the Windows environment (a/v, security, personal firewalls and so forth), you can bet that they'll be trumpeting Palladium as the pay-off from the much hyped "trustworthy computing" hype. Come to think of it, that abuse of the word "trust" - a term with a specific meaning in info-sec, crypto and other areas - as a marketing term is classic Microsoft double-speak. Or do I mean newspeak? "Palladium is watching YOU!"

Oh, and what's in it for Microsoft? Control. The same thing they've always been about. It's the same reason the MPAA are attempting to suppress deCSS: nothing to do with copy protection, everything to do with control of the distribution channel.

Re:Security Patches

[codewolf]

Actually, take a look at this article. Microsoft is attempting to sneak in as much control of your computer as possible.

Hat trick?

[TheSHAD0W]

So Palladium won't load an untrusted program into memory... How would it accomplish that? In order to determine whether a program was properly signed, one would need to get its checksum. In order to do that, you would have no choice but to load it into memory of some form. I suppose you could bypass the RAM, DMA it through a dedicated calculator... But that would be inefficient; you'd need to scan it once, and then load it for execution. And you'd need to do it every time you ran the code, or someone could have compromised the data on the system's drive by editing it on a non-Palladium system.

And what's the big deal about having "non-trusted" code loaded into RAM anyway? Actually, it's very easy to put one's own binary code into the system's memory; load it as raw data. An OOB-type exploit can pass control to that nearly as easily as it can execute a program that's been loaded but not yet determined to be trustworthy.

activex revisisted

[epine]

Palladium is just ActiveX revisited. Security is confusing because it covers two entirely different problems: 1) protecting the machine from rogue users, 2) protecting the machine from rogue software.

The second point bifurcates into two opposing camps: 1) most rogue software comes from unemployed college dropouts, 2) most rogue software comes from Fortune 500 companies.

Palladium is the approach of keeping the foxes away from the chickens by building a coop for the foxes.

Palladium / TCPA FAQ

[ThatTallGuy]

A prior post mentioned Robert Cringley's articles; I found them less enlightening than one of the things he linked to, a FAQ on Palladium and TCPA that clearly and logically explains the positive and negative effects of the system. An excellent resource to point your underinformed purchasing manager or congresscritter to.

C'mon, Judge Kollar-Kotelly, make me proud. :)

Uhmm, sorry! Lot's of prior art here ;-)

[manyoso]

"The computerized method of claim 1, wherein protecting the rights-managed data comprises: refusing to load the untrusted program into memory."

Hmmm. Seems to me that this 'art' has been around since the beginning of Unix. Hell, Microsoft has been providing a form of this 'art' with NT and 2000 for quite sometime. It's called permissions! And what would you call the recent advent of the NSA's Secure Linux? Administrators have been 'refusing to load the untrusted program into memory' for quite sometime to protect data... The only thing different about this scheme is Microsoft will be instituting a system where the company itself is root/administrator and the previous system admins are relegated to subordinate positions.

"The computerized method of claim 1, further comprising: restricting a user to a subset of available functions for manipulating the rights-managed data."

Ahh, this has also has seemingly been done since time began ;-) For instance, with Unices I can restrict the user to reading the data, writing the data, executing the data or some combination thereof... Thus Unix has been able to restrict 'a user to a subset of available functions for manipulating the rights-managed data'.

Cheers!

Re:The geek responsibility

[TheConfusedOne]

There is definitely something to be said about remaining informed and trying to inform everyone else.

There's one giant problem with it though:
The desktop OS market is being dominated by a monopoly. MS makes updates (XP and WPA are a good example) and the bulk of the consuming public doesn't know and/or care. They merely get the latest version when they buy their new PC. MS really doesn't need to market their OS's, they just slowly become dominant by default (installation).

DivX failed because DVD's were already on the market and the cost of the DVD player was dropping rapidly. People were able to evaluate this as a pure cost/benefit issue and everyone realized that the DivX duck wouldn't hunt.

There will be no such evaluation with MS's latest and greatest OS.

Questions that MS needs to answer: How will Palladium treat those home videos that everyone's starting to create. (I just bough a digital camcorder myself.) How will Palladium treat home recordings? (I have a friend who is slowly putting together his own album. What if he wanted to mail around MP3's of his songs?)

This is where we can maybe corner MS. They need to answer how the "untrusted" (really uncopyrighted or copyrighted by an individual) content is treated.

Actually it would be a good thing in the long run.

[blueworm]

The more you expose the consumer to strict DRM rules the more they will come to reject it. I honestly don't believe people will keep investing in computer hardware when it doesn't let them play their favorite burned CDs or permit them to hear their own MP3 collection. The quicker it is implemented on a large scale, the quicker it will be destroyed.

Yeah, but I don't think it was Microsoft...

[da+cog]

I felt a great disturbance in the force, as if millions of server processes suddenly cried out in terror, and suddenly silenced.

I feel something terrible has happened.

*** SOME TIME LATER ***

KONQUEROR: Our position's correct except... no cryptome.org.

ME: What do you mean? Where is it?

KONQUEROR: That's what I'm trying to tell you, kid, it ain't there. It's been totally blown away.

ME: How?

It's been destroyed... by the Slashdot.

KONQUEROR: The Slashdot crowd couldn't take down the whole site! It would take ten thousand people with more free time than I've...

*Alarm bell goes off* ...*** TO BE CONTINUED ***

Is this going to be the new whipping boy?

[night_flyer]

since the 26th of June Slashdot has had five stories concerning palladium:

http://yro.slashdot.org/article.pl?sid=02/06/23/ 16 41205&mode=thread&tid=109

http://slashdot.org/article.pl?sid=02/06/27/1252 27 &mode=thread&tid=109

http://slashdot.org/article.pl?sid=02/07/02/1617 21 8&mode=thread&tid=109

http://yro.slashdot.org/article.pl?sid=02/07/04/ 13 14229&mode=thread&tid=109

and now this one... shouldnt the paranoia level be turned down a notch till we have something a little more concrete?

TCPA / Palladium Frequently Asked Questions

[malakai]

This is a very scary paper. You think MS spews a lot of FUD, this papers is almost pure FUD.

First, this guy thinks a lot of himself:

The Palladium announcement appears to have been provoked by a paper I presented on the security issues relating to open source and free software at a conference on Open Source Software Economics in Toulouse on the 20th June

FUD

2. What does TCPA / Palladium do, in ordinary English?
Its obvious application is to embed digital rights management (DRM) technology in the PC. The less obvious implications include making it easier for application software vendors to lock in their users

Notice the bold FUD.

. So I won't be able to play MP3s on my PC any more?
With existing MP3s, you may be all right for some time. But in future, TCPA / Palladium will make it easier to sell music, movies, books and other content packaged so that people can play them on their PCs but not copy them.

Oh my, that sounds horrible. We could have a market finally for digital releases, one where I get my media, and the seller gets his money.

You might be allowed to lend your copy of some digital music to a friend, but then your own backup copy won't be playable until your friend gives you the main copy back.

Sounds fair. Keeps me from making 10 copies of this new movie and giving them to my friends.

Quite possibly you will not be able to lend music at all. (It looks likely that the music publisher will be able to make the rules - and to change them at will by remote control.)

And thus more speculation and FUD.

5. What else can TCPA and Palladium be used for? ...For example, you might arrange that your soldiers can only create word processing documents marked at `confidential' or above, and that only a TCPA PC with a certificate issued by your own armed forces can read such a document. This is called `mandatory access control', and governments are keen on it. The Palladium announcement implies that the Microsoft product will support this. Once TCPA is widespread, corporations can do this too - and so, for that matter, can the Mafia. This can make life harder for spies, corporate whistle-blowers, and FBI agents alike (though it is always possible that the FBI will get some kind of access to master keys)(FUD). A whistle-blower who emails a document to a journalist will achieve little, as the journalist's Fritz chip won't give him the key to decipher it.

OK, so now the open-source movement is AGAINST encryption/privacy? Does this mean PGP is bad now too? This sounds like technology I always assume US military intelligence organizations already use. I don't want a whistle-blower leaking confidential battlefield plans (we've seen it happen a lot in the last year). As for corporations, if a whistle-blower can't print, email, fax, save to disk some document, they'll find some other way to blow the whistle. This is a stupid argument as for why Palladium as a whole is bad.

10. OK, so TCPA stops kids ripping off music and will help companies keep data confidential. It may help the Mafia too, but apart from the pirates, the industrial spies and the FBI, who has a problem with it?

I'm sure the FBI would love it if the Mafia started using DRM certs on their data. It'd be much easier to ask a judge for the rights to sieze and open documents certified by this certificate, then say to ad-hoc monitor possibly private data in an attempt to get to Mafia data.
Note, it will never happen. Criminal elements will stay away from technology like DRM and pallidum.

A lot of companies stand to lose out. For example, the European smartcard industry may be hurt, as the functions now provided by their products migrate into the Fritz chips in peoples' laptops, PDAs and third generation mobile phones. In fact, much of the information security industry may be upset if TCPA takes off.

Elmer FUD would be proud. I went and pulled the membership on the EUROSMART list, and I see a lot of overlap with TPCA. I guess they don't hate it that much.

11. How can TCPA be abused?
One of the worries is censorship (...)
For example, the police could get an order against a specific pornographic picture of a child, and cause the policy servers to instruct all PCs under their control to search for it and notify them if it were found.

First, that's not censorship, that's search (and possibly seizure) and it's pure FUD to presume the government will push a button and search you hard-drives and then drag you down to the police station, for your dirty little picture. However, even if they did... this picture would have to be signed somehow, and under DRM protection. Not sure why a child pr0n peddler would take the time to DRM his pictures. And if you want to view that sick stuff, turn off the DRM system before you do it. Yes, it does have an off switch. While off, you can't use the apps in DRM mode, meaning you can't open DRM certified media.

12. Scary stuff. But can't you just turn it off?
Sure - one feature of TCPA is that the user can always turn it off. But then your TCPA-enabled applications won't work, or won't work as well. It will be like switching from Windows to Linux nowadays;

Oh my god. It's at this point I have to stop reading this horrible FUD..er FAQ. Disable DRM, and the DRM enabled functionality in DRM enabled apps will cease to work, the apps will continue to work. Sure, you can't open your ULTRA-7 security level report, that the NSA sent to you, but theres good reason for that. Turn back on the trust management, and then open that report. And what's with saying it's like switching from Windows to Linux? First, what the fook is wrong with linux bitch? and second, that makes no sense!

I honestly went to this FAQ to try and see both sides of the Palladium debate. But this FAQ is a borderline paranoia conspiracy rant. It hurts the anti-palladium side more than helps. Stick to the facts, dissect it like a Vulcan would. Show me logical arguments, and keep your emotion and fear out of it.

-malakai

DRM and DAT

[buss_error]

People forget that DAT's started out as a DRM for audio. Anyone remember listening to Digital Audio on tape? Not many, huh? Most people didn't like the DRM and it wasn't adopted widely.

The problem here is the same as it's alway been. Fair use is largely the intent of the person making the copy. Until technology can read minds (fate forfend!) there won't be a DRM that won't abridge fair use in some way. As long as DRM abriges fair use, popular adoption of DRM technology won't happen willingly. This is an attempt to ram it down on an unwilling consumer population.

That said, the backlash that might build will depend largely on how intrusive Joe Six-Pack is going to find this new DRM technology. The second J.S.P. gets pissed off about it is the second elected officials are going to feel the heat. When they feel the heat, no amount of payola from ??AA is going to save it. MS is walking a fine line between control of content and pissing off J.S.P.

Until Joe Six Pack starts screaming not much is going to change. Unfortunatly, this might be after the Fritz chip is in most consumer electronics, and it will be too late to do much about it.

Don't forget that J.S.P. doesn't give a fart in the wind for the best technology. If he did, we'd have Betamax insted of V.H.S. We'd still have a Tucker auto, and not (fill in your most hated car). Zip and Jazz drives would be moldering in the dump, and we'd be using optical disks.

Is this new technology from MS a Open Source Killer? That's going to depend on someone making MoBo's available without the Fritz chip. Sure, those systems won't be able to run XP, but there are an awful lot of people out there running systems that don't run MS products. I can't quite see (at this point, maybe in the future?) a MoBo that flat won't allow a non-DRM OS to run, just that it won't run in the "Fritz here, you can control this system" mode.

That being the case, then I don't see Plaidium being quite the Open Source killer it is being painted. Not to say that it won't hurt Open Source, but it may not kill it. That's for the next evoloution of DRM. Which might be why MS is sending a sacrifice to Linux Expo. Calm down the Open Source zelots enough to get Fritz installed, don't use all of it's control capibillities until you reach market saturation, THEN whack those commie programmers when it's too late for them to save themselves. GAMEOVER.

Microsoft may be worse than you know:

[Futurepower(R)]

"I've heard WinXP removed the cmd/command prompt."

No, they didn't remove the CMD.EXE or COMMAND.COM prompt from Windows XP. But Windows XP has reduced functionality, in many ways, not just in the command line. The command line is a big embarrassment because of its limited capabilities, but at least in Win 95 it worked. With every version since then it has worked less well. (There are two kinds of command prompt, and, according to Microsoft employees, the differences between them are not documented.)

The command line prompt sometimes begins to display short file names. Microsoft employees say that Microsoft has no fix, although someone not connected with Microsoft did make a work-around.

Cutting and pasting into a command line program often puts successive extra spaces before each line. Microsoft employees say that there is no plan to fix this.

The fast paste mode that is in Windows 98 is gone in Windows XP. Microsoft employees say there is no plan to fix this.

When using the command line interface, Windows XP doesn't always update the time. After several hours, the time reported to command line programs can be several hours in error.

People often say that DOS has gone away. But Microsoft still calls the command line interface DOS, and in Windows XP has added new programs for configuring the OS that work only under DOS.

Sometimes when you press a key while using Windows XP, it is seconds until there is any response. Apparently there is something wrong with the CPU scheduler in XP, because there are a lot of complaints about this in the forums and MS people have said that they are working on it. On one particular fresh installation of XP, on an Intel motherboard with either a Matrox G550 or an ATI Radeon video adapter, it requires 18 seconds to display a directory listing of 94 items. This is apparently related to a bug in the video software, not the adapter drivers.

Something is wrong with the Alt-Tab display of running programs under Windows XP. If there are a lot of programs, not all of them are displayed. The order jumps around in a seemingly random way.

Although articles often say negative things about Microsoft, I've never seen an article that fully documents how bad the situation really is. Microsoft's management is so bad that the company has become self-destructive. For example, Windows XP is spyware. Here is a list of ways Windows XP connects to Microsoft's servers:

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

These are just the ones I know. There may be others.

So, if you use Windows XP, your computer is dependent on Microsoft computers. That's bad, not only because you lose control over your possession, but because Microsoft produces buggy software and doesn't patch bugs quickly. For example, as of July 7, 2002, there are 18 unpatched security holes in Microsoft Internet Explorer. This is a terrible record for a company that has $40 billion in the bank. Obviously, with that kind of money, Microsoft could fix the bugs if it wanted to fix them. Since the bugs are very public and Microsoft has the money, it seems reasonable to suppose that top management at Microsoft has deliberately decided that the bugs should remain, at least for now.

It seems possible that there is a connection between all the bugs and the U.S. government's friendly treatment of Microsoft's law-breaking. The U.S. government's CIA and FBI and NSA departments spy on the entire world, and unpatched vulnerabilities in Microsoft software help spies.

Windows XP, and all current Windows operating systems, have a file called the registry in which configuration information is written. If this one (large, often fragmented) file becomes corrupted, the only way of recovering may be to re-format the hard drive, re-install the operating system, and then re-install and re-configure all the applications. The registry file is a single, very vulnerable, point of failure. Microsoft apparently designed it this way to provide copy protection. Since most entries in the registry are poorly documented or not documented, the registry effectively prevents control by the user.

Note that Microsoft does not support making functional complete backups under Windows XP: Q314828 Microsoft Policy on Disk Duplication of Windows XP Installation. Only those who work with Microsoft software will understand the true meaning of Microsoft's policy. Since almost all programs use the registry operating system file, if you cannot make a functional copy of the operating system you cannot make a functional copy of all your application installations and configurations. There are other software companies that try to fix this, but Microsoft can, of course, break their implementations, as they have often done with other kinds of competitors.

Note that the registry tends to prevent you from moving a hard drive to a computer with a different motherboard. That's another implication of the above Microsoft article. So, if you have a failure, you may not be able to recover unless you have a spare computer with the same motherboard.

Note that Windows XP Professional can support only ten simultaneous incoming network connections. If you want more than that, you must use Windows 2000 server, and pay much, much more. (There is no Windows XP server yet.)

Apparently because the Windows XP GUI comes from Windows 98, Windows XP has the same problem with desktop icons that Windows 98 has. The icons sometimes flicker. Sometimes they move themselves around, particularly after the user switches monitor resolutions. Also, sometimes the taskbar settings un-configure themselves, as they do in Windows 98.

Only technically knowledgeable people know how to avoid signing up for a Microsoft Passport account during initial use of Windows XP. The name Passport gives an indication of Microsoft's thinking. A passport is a document issued by a sovereign nation. Without it, the nation's citizens cannot travel, and, if they leave, won't be allowed back in their own country. In Microsoft's corporate thinking, the company seems to be moving in the direction of believing that they own the user's computer.

Not only has Windows XP definitely gone further in the direction of allowing the user less control over his or her own machine, but with Palladium, Microsoft apparently intends to finish the job: Microsoft will have ultimate control over the user's computer and therefore all his or her data. Even now, under Windows XP, a recent security patch gave Microsoft administrator privileges over user's computers. If users want to patch their system against a bug which would allow an attack over the Internet, they must give Microsoft legal control over their machines. See this article also: Microsoft's Digital Rights Management-- A Little Deeper. You may need to be a lawyer to take apart the crucial sentence. "These security related updates may disable your ability to copy and/or play Secure Content and [my emphasis] use other software on your computer" legally includes this meaning: "These updates may disable your ability to use other software on your computer." Note that the term "security related updates" is meaningless to the user because the updates have no relation to user security. So, the sentence effectively means that Microsoft can control the user's computer without notice and whenever it wants. That kind of sentence is known in psychology as "testing the limits". If there is no strong public complaint about this, expect to see more and stronger language like this.

This Register article shows the direction Microsoft is going: MS Palladium protects IT vendors, not you. Absolute power corrupts absolutely, and Microsoft is well down that road. See this ZDNet article, also: MS: Why we can't trust your 'trustworthy' OS.

Microsoft's self-destructiveness does not mean that the user should be self-destructive. There is no need to apologize for using Microsoft software. The correct solution to abuse is persuading the abuser to stop being abusive. Once I posted to a Slashdot story a link to an article on a web site of mine. By far the majority of visitors from the Slashdot story used Microsoft operating systems. Rather than feel embarrassed because Microsoft is abusive, action needs to be taken to prevent the abuse. If you are against Microsoft abuse, you are not against Microsoft; you are more pro-Microsoft than Bill Gates.

These Microsoft policies mean that any government which wants to be independent of the United States government, and any government which represents itself as controlled by the people, cannot use Microsoft operating systems, or other Microsoft proprietary systems.

Corrections and additions to this comment will be posted at http://hevanet.com/peace/microsoft.htm

Rebuttals of some of those points

[Anonymous+Brave+Guy]

First, this guy thinks a lot of himself:

He's entitled to. He's an established expert with credentials in the industry, and it's quite possible that his understanding and information on this subject is ahead of most people's, including the MS guy posting on this thread.

The less obvious implications include making it easier for application software vendors to lock in their users

Notice the bold FUD.

It's nothing of the sort; it's a very real issue. If you provide a means to lock people out of data -- which is essentially all DRM is -- and then appoint MS as the effective custodian of that data, what is to stop them abusing the technology to stop you loading a document you created in MS Word with, say, a translator for OpenOffice? As those crying "FUD" are shouting so loudly here, there is precious little solid information available and even fewer guarantees, and MS has a demonstrated history of abusing any power it gets through its dominant position in the market. A little caution is more than justified here. It's only paranoia if they're not all out to get you.

Oh my, that sounds horrible. We could have a market finally for digital releases, one where I get my media, and the seller gets his money.

It's also a market where critics could potentially be stopped from using controlled material in a legitimate way. Worse, that potential is controlled by whoever owns the DRM controls -- MS in our current scenario -- and not by a suitable legal system. This is not in the interests of the common consumer of these products.

First, that's not censorship, that's search (and possibly seizure) and it's pure FUD to presume the government will push a button and search you hard-drives and then drag you down to the police station, for your dirty little picture.

This is a bad caveat, because I doubt anyone here would have any sympathy if a child pornographer got screwed to hell; the ability to do this in such cases is a definite plus point of the proposed approach. The problem is that the same technology could be used to prevent the distribution of, for example, information certifying that Microsoft's accounting practices are highly dubious (such as is currently freely available on the web), and once again, the control is in the hands of the DRM guys, not the duly appointed government.

And what's with saying it's like switching from Windows to Linux? First, what the fook is wrong with linux bitch?

There are far fewer applications currently available for Linux, and hence you are limited in what you can do with it. If you can't see the parallels to the DRM scenario, and the problems potentially created, I'm afraid you really aren't looking very hard.