Slashdot Mirror
DRM Hole Sets Patch Speed Record For Microsoft
puppetman writes "Wired columnist Bruce Schneier has an article up called 'Quickest Patch Ever', about a patch that was issued within three days to fix a vulnerability in Windows Digital Rights Management (DRM)." From the article: "Now, this isn't a 'vulnerability' in the normal sense of the word: digital rights management is not a feature that users want. Being able to remove copy protection is a good thing for some users, and completely irrelevant for everyone else. No user is ever going to say: 'Oh no. I can now play the music I bought for my PC on my Mac. I must install a patch so I can't do that anymore.' But to Microsoft, this vulnerability is a big deal. It affects the company's relationship with major record labels. It affects the company's product offerings. It affects the company's bottom line. Fixing this 'vulnerability' is in the company's best interest; never mind the customer."
So this is going to be the least installed patch for windows ever. untill they make it mandatory
I often have trouble remembering which way is out of bed in the morning.
What's their excuse going to be the next time a user vulnerability that has exploits in the wild has to wait for the next release cycle?
No matter what anyone in your company tries to tell you, this kind of rapid response is EXACTLY what we are clamoring for when we ask that you take security seriously. Please tell your bosses. Thanks...
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
is the phrase "it figures". Frankly, I'd expect nothing else from them.
Time to sit back and watch the show then...
From the article:
"It should surprise no one that the system didn't stay patched for long. FairUse4WM 1.2 gets around Microsoft's patch, and also circumvents the copy protection in Windows Media DRM 9 and 11beta2 files."
So it's not totally horrible... though I'm sure (and the article agrees here) that M$ will be quick to fix their fix.
This leads me to 2 questions: "can patching be regulated?" and "should patching be regulated?". It seems obvious the free market can't keep our computers secure. I've been wrong before though. I guess maybe it could if people didn't already have the expectation that they shouldn't have to pay for patches b/c Microsoft should fix their own faulty software.
I guess it's all pretty moot since open source is going to take over the world anyway.
Does this sig remind you of Agatha Christie?
For a second there, I thought it was Tuesday.
Reviewing just the first hour of video games.
'Quickest Patch Ever'... for Microsoft. Linux distros have definitely had patches available within 48 hours of a security hole being found. IIRC the samba team once fixed a hole within 24 hours and it was in most of the big distros within another 24.
And isn't it sad that the quickest patch they ever release is for a hole no user cares about? More proof that MS cares more about their corporate friends than users.
Developers: We can use your help.
"ut to Microsoft, this vulnerability is a big deal. It affects the company's relationship with major record labels."
what relationship? why is it important?
Do the get money from them? Is Steve B. banging a secretary in the RIAA office?
I just don't get it.
The Kruger Dunning explains most post on
Patch Wars!!
I often have trouble remembering which way is out of bed in the morning.
I know it seems like semantics, but Schneier's piece is not an article. It's an editorial, an opinion piece -- even if it is based on some real event(s). We really should differentiate between the two, as I do prefer 'news for nerds', not 'opinions for nerds'. I've already got opinions o'plenty, and the comment section is where I like to see others' opinions. :)
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
DRM Hole Sets Patch Speed Record For Microsoft & Gets cracked again!!
Wincopy
fatal holes in the browser? whatever
allowing spyware to take over? who cares
DRM? we're on it!
The fast fix suggests that rapidness of response might be a function of "whose ox is being gored".
While it may be funny to joke about it serving the customers' best interest if Microsoft were to go belly up, Microsoft is vital to our current information technology infrastructure. Windows is the de facto desktop OS standard. It is a very common server OS. And it runs most of the internet sites in the world (if you believe the press releases). It serves the customers' interests to have this OS around despite its flaws.
So if Microsoft were to leave this hole unpatched, it would seriously damage their credibility with media content providers. All devices that use the WMx formats would suddenly become vulnerable to this feature and device makers would have to drop the format altogether. It would make Windows an unviable vehicle to distribute media, in the eyes of the content publishers. You would end up with less choice as the publishers would migrate towards those operating systems that supported stronger DRM and the customers would be net losers as they would not only be still restricted by DRM but their choice of operating systems would also be restricted.
As TFA says, it's simple. A normal security hole costs the user money, not Microsoft. This "security hole" (indirectly) costs MS money so it gets fixed ASAP. MS is, if nothing, good at protecting its bottom line.
You have to remember that the minority of M$:s customer are it's users.
The majority of M$:s customers are in it for the ride and not for the destination.
You forgot Evil Corporations grubbing for $$$$$$
So this is going to be the least installed patch for windows ever. untill they make it mandatory
Actually, this is a very serious question: is the patch marked critical, or not? This is important, because:
1. If the patch is critical, it will get criticized for being, in effect, mandatory degradation of capability (by the tech-savvy). Also, this will make light of Microsoft's security policy, to call this sort of patch 'critical'.
2. If the patch is not critical, then - oh, the irony - by default, it will not be installable on computers failing WGA. Perhaps Microsoft will get around this. But, as WGA currently works, only critical patches are allowed to systems marked as 'non-genuine'. This would be amusing - pirated copies of Windows would not receive this unwanted patch, but paid-for copies would.
I can't find, in TFA or the sources it cites, any mention of the severity of the patch. Anyone know the answer to this?
I have an idea. Let's embrace and extend DRM in Windows. From now on, the operating system will not allow anything to read any information from anywhere. Your own files on your hard drive? Sorry, you can't access them, because you might accidently pirate your English class essay that you wrote last night, and Windows, being much, much, much smarter than you could ever dream of being in your wildest dreams, is therefore charged with the duty of making sure you don't do something illegal like that.
This sort of story indicates something about Microsoft's priorities. It doesn't mean they're evil and/or going to software hell. It just indicates something about their priorities.
My turnips listen for the soft cry of your love
It's like TV where the stations customer is actually the advertiser and the stations job is just to distribute ads. Microsoft's customer is now the media cartel and their function is just to connect you with media.
Who here is prepared to take it in the ass and upgrade to Vista?
So let me see if I get this right... they'll wait a month for normal patches, sometimes longer for some that've been well known but they either can't fix or don't see the potential risk... but in general, if a new vulnerability is found on the Wednesday after black Tuesday, they'll wait a month (at earliest) to release a patch even if an exploit is in the wild... yet when it comes to protecting their cash cow, they'll fix it right away. In other words, screw the consumer... we can just damn well wait for updates to critical vulnerabilities, but when it comes to protecting their own revenue stream, they'll fix something right away. Not sure why I would've thought they'd do any different... but it would seem they rushed to provide a "bug fix" to protect their revenue stream, but won't rush to creat "critical updates" that customers need. Amazing...
Normally. Microshaft ignores security problems for at LEAST a month, they they deny that a problem exists for at LEAST another month, then they "study" the issue for at LEAST another month, then they "work on the problem" for at LEAST another month, and finally release a patch that does not really address the original problem and breaks a half dozen other things (and apparently inflicts even more sadistically controlling DRM on Microshaft's victims).
When the summary says "Within three days" they mean "three days after it was reported in engadget".
Coz,FairUSE4Wm was released on August 19th in the forum.Microsoft patched it on August 28th.So 9 Days.
Wincopy
It's a "fair use rights denial" patch :-)
Okay, okay, I'm being one-sided, but given how completely one-sided "digital rights management" is (i.e. they manage the content-owner's rights precisely and completely, but pretty much ignore the user's fair use rights), I'm inclined to be cynical.
Keep in mind -- this is to fix a hole in the circumvention of DRM usually used for *purchased* content. The user may be violating some of the terms of the distribution agreement, but they did pay for the right to listen to the material in some form.
Microsoft did not really "patch" their DRM. This wasn't a code change. Their DRM was designed to be updateable in the event that it was compromised.
There is a big difference in how fast you can roll out what ammounts to a configuration change and how fast you can roll out a code change.
That said, it didn't seem to do much good given that it was cracked again in a matter of days.
So Microsoft wasted no time; it issued a patch three days after learning about the hack. There's no month-long wait for copyright holders who rely on Microsoft's DRM.
It's nice of Microsoft to let us know where their priorities lie. Obviously, things aren't as complex as Microsoft have let on (one of the many excuses for not getting patches out) if they can patch something that quick.
"Oh no. I can now play the music I bought for my PC on my Mac. I must install a patch so I can't do that anymore."
Really? I'm going to Windows Update as I write this. Mind you, good luck finding anyone who actually uses PlaysforSure. For those that are they've found out that stores selling Windows Media files are crap (you effectively rent your music - yay, what a great idea!) and they're looking to get out before they buy any more of the crap. Microsoft have some slight delusions of grandeur about the importance of their DRM software.
An opinion piece is an "article" ("piece" and "article" in the relevant senses are synonyms.) It is not a "news article". But the existence of the opinion piece is itself news, as are the underlying facts it relates too, so a Slashdot article pointing to it is not inconsistent with the slogan "News for nerds."
Of course, the full slogan is "News for nerds. Stuff that matters." Whether the second part is a limitation on, or addition to, the first is debatable.
It's a good thing I have automatic updates turned off. However, automatic updates in Vista will be turned on by default. If I ever end up using Vista, that will be the first feature that I disable which is a shame since automatic updates are a good thing if you can trust the company that performs them.
The KB891122 patch wasn't developed in response to FairUse4WM 1.0 -- MS started working on it after seeing an earlier bunch of tools (drmdbg and friends) that were released on the cover CD of a Japanese magazine a few months ago, but were too cumbersome in operation to gain widespread use.
FairUse4WM "merely" wrapped up the techniques used by these tools in a neat package, and got to the frontpage of Engadget. It was pure luck that MS had a patch available at the time, even though it took extraordinary effort on the behalf of its DRM partners to implement, and denied "legacy" OS users, as well as users of the latest Media Center version, the use of new DRM-protected tracks.
A patch for FairUse4WM 1.2 still isn't available, even though the tool was released last weekend.
BTW, if you think MS is getting screwed by class breaks like this, think again. Content providers (think: RIAA members) will call in their non-refundable advances (usually over $25K per label!) received from distribution partners (think: music stores) for "material breach of contract". MS will fix the issue, the RIAA gets richer, and the guys that actually try to get music to you get screwed. Oh, well, they're used to it...
Not the desktop anyway. It's a monopoly. The actions of Microsoft are those of a monopolist.
Deleted
Why would a windows user install this patch. Leave it to Microsoft to patch greater functionality!
If /. would link to the fix on Microsoft.com's site MS, or at least the site administrators, might see a large volume of traffic to this particular fix and put 2 and 2 together. Anyway to get MS's attention couldn't be a bad thing.
First of all, the DRM code is most likely pretty self-contained, and is only interfaced with by a limited amount of code. (All the files run through some version of the Windows Media Encoder engine, remember?). So on that front, it's a hell of alot easier to patch an issue contained to DRM-land than it is to deal with something like IE, which has to interact with a much messier set of incoming files (the Web).
Even then, the reason you don't release a patch in three days is that you're probably going to screw it up and not actually fix the problem. Amazingly enough, that appears to be exactly what happened.
First of all, it's been cracked again. Look up FairUse4WM 1.2.
Second of all, from what I've seen, it's not pushed out via windows update, but rather the client you are using for music. For instance, Napster pushed out the new version via a tiny patch when I launched the client. There IS a way to trick your client into believing that you already have the latest version (thus preventing the forced update). Look it up in the doom9 forums.
This should keep the crack working until Napster pushes out a completely new version of the client that explicitly checks the version, or Micrsoft issues a regular update.
-T
P.S. Napster provided free of charge by my university. Hell, as a grad student, I guess I get paid to use it...
And isn't it sad that the quickest patch they ever release is for a hole no user cares about? More proof that MS cares more about their corporate friends than users.
Is it proof that MS doesn't care enough about users, or is it (by extension) proof that users don't care much about OS vulnerabilities? Sure, they may complain, but do they actually take action and demonstrate that they care, by switching to more secure OS's (by moving to Apple or Linux)?
After all, MS reacts to what its customers and business partners care about. The music companies go apeshit over stuff like this, but users (both corporate and personal) haven't really demonstrated that they'd rather take their business somewhere else, so why should MS give them anything more than lip service?
Stop by my site where I write about ERP systems & more
Patch turnaround time doesn't matter all that much.
What really matters is probably something like the mean time to patch install on vulnerable systems as measured from the time of vulnerability disclosure, or the % of patched hosts after a given fixed time period. Think about it: if you turn out a patch in 30 minutes, but it takes on average six months for the patch to get installed, how much did that marvelous engineering feat really matter?
It might matter a lot to a few people, but by assumption (6 month average patch rate) it didn't mean much to the average user.
As a genuine Windows user, you can be confident that you will have access to the latest features, updates, and support that will help you improve your productivity and expand the capabilities of your PC. You will also have access to the following free downloads and special offers, available only to genuine Windows customers:
Windows Genuine Advantage special offers
Customers using genuine Windows are entitled to free downloads and special offers from the Windows Genuine Advantage program. You can find downloads for several purposes, including keeping your PC healthy, learning, customizing Windows, and fun and entertainment.
Get the latest Windows information via e-mail
Genuine Windows customers can stay up to date with practical advice on security, support, product information, and more by signing up for Windows e-mail. You'll receive Exploring Windows, our bi-weekly newsletter, plus special edition communications on subjects that matter to you, like genuine Windows news. Whether you use Windows at home or for business, you'll have access to easy-to-use guides and tools to help you make the most of your PC experience, delivered right to your inbox.
Special offers just for small business
Learn how genuine Windows can help small businesses be more productive and better serve your customers. Get access to training, case studies, and other information that can help your business grow and thrive. The Microsoft Small Business Center has the resources you need to achieve your goals.
Not all fixes pose the same risks or require the same amount of testing.
A patch for a DRM component surely involves much less code churn, risk, and testing than a change to a core OS component (such as network stack or IE) would require.
Furthermore, as the original post indicated, no end-users are going to care about this patch or badmouth it in the press if it doesn't perfectly close the hole. And partner businesses aren't going to abandon their deep investments in Microsoft's platform just b/c of one hole. This scenario actually presents less pressure on Microsoft to have to get the fix right compared to other scenarios, meaning they can afford to do less up-front testing.
* I know someone will want to reply to this post to say: This is Slashdot, and you're looking for fairness?!? HahaaHAhaAHA! I know this is Slashdot, and so I know better than to expect to see fair reporting around here. Still, there's no harm in trying to raise the bar a bit.
Moderator hint: a comment is neither "Flamebait" nor "Troll" if it is true.
That Microsoft is a company that is more sensitive to itself then those it serves, IE customers? OMG OMG OMG OMG. Yes, I can understand most of the reason why /.'s villainize Microsoft, but come on, what do you expect?
People seem to be overlooking who the customer REALLY is here. The bottom line lies in corporate back scratching for multi-$$$$ contracts and agreements
One business contract with a large label, Dell, or Sony is worth more than the mutterings and begrudging updates from Windows consumers. Most of us are not the customers, we're the consumers. Most people don't buy windows from microsoft, they buy it from Dell, or Gateway, or whoever else sold them their computer. The Dells, Gateways, etc are the customers. The game companies writing for xbox 360s, the phone vendors embedding wince, they're the customers.
Bottom line, If you're bitching about this update, you're a consumer. If you think it's a good thing, then you're the customer.
That article is completely misleading. This "Vulnerability" has been known about since January 2005, the tools to bypass it were available since then, they just didn't have a fancy GUI to make it easier. This is actually one of the LONGEST periods Microsoft took to patch something.
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
So, the free market will cause Microsoft to patch quickly because if they don't do it, someone else will, faster and cheaper???
Or maybe in a free market 100s of OSs would exist, and the company that patched fastest would get all the income?
This is exactly the case were the free market does not work. Company with a monopoly is supposed to fix its product. Why?
If this improvement continues, we can actually anticipate someday Microsoft actually writing code that doesn't have holes. I'll not hold my breath!
Just like the bozos in congress that attach totally unrelated garbage to a bill trying to get passed, Microsoft will probably just attach it to another update that people will actually install...
DEAD DEAD DEAD DELETE ME
You are fucking full of it, spouting that "free market" nonsense. Your whole post has absolutely SHIT to do with markets, and everything to do with, indeed, regulation in a sense. That regulation being liability imposed by the law.
Sticking feathers up your butt does not make you a chicken - Tyler Durden
I agree, but what about the impact of EULAs? Current ones absolve the vendor of any and all responsibility. If the laws were changed as per your suggestion, all the software vendors would do is beef up their EULAs a bit more.
The average user does not read EULAs anyhow. They would be none the wiser if they ended up waiving a few more rights the next time they click "OK" to continue with the install.
It seems to me that changing the boilerplate text of the license would be an easy work-around, from the vendor's point of view.
*** Where are we going? And what's with this handbasket?
I mean, think of it. I can now play the music I bought for my PC on my Mac. I must install a patch so I can't do that anymore.
Good thing MS was on the ball with this one. Can you imagine how many billions would be lost if they waited, say, six months to fix that? They probably saved the entire econo--er, recording industry single-handedly!
</sarcasm>
The difference between spam and poop is that you don't have to dig through septic tanks looking for real food. -- Me
You're missing the entire point of this article. This demonstrates (as if we didn't already know) that the consumers aren't Microsoft's customers. Consumers are the product which miscrosoft sells to their customers -their customers being the content industry (RIAA,etc).
Microsoft used to release patches as they came up, but IT departments demanded that they instead use a monthly schedule, thus became the "every 2nd Tuesday of each month" routine. For the really serious problems they do issue out-of-cycle patches. And before any one suggests, "Release the patches as they come up for users and let IT departments use the 2nd Tuesday of each month routine", that's foolhardy because these days most malware is created by reverse engineering patches. So if MS were to make patches available to the general public while IT departments waited for a standard 2nd Tuesday security update, the bad guys would reverse engineer the general release patches and create malware that would be able to target the IT computers before the next 2nd Tuesday update occurred.
BTW, patches to WM-DRM aren't made through Windows Update, their made through a WM-DRM compliant player. WM-DRM patches are given to content providers, which attach the new "fixed" DRM to their content, then the next time a WM-DRM compliant player plays content from the provider that has been encumbered with the "fixed" DRM, the user is prompted to download the new DRM in order to play the content.
-- "I never gave these stories much credence." - HAL 9000
They could be waiting until this patch still gets, and then putting out another (securer) patch after ignoring it for a month.
"See, we put out a patch after three days, and just look how insecure it is! Obviously we should test for weeks on end before sending out patches in the future." they could say.
Guy asked me for a quarter for a cup of coffee. So I bit him.
With heavily armed bruisers deemed too sadistic to work in Bagram or Abu Ghraib.
Both. State agencies working night and day to find and severely punish patch slackards and a federal agency to abuse and oppress the state agencies. I would call this "a system of checks and balances" in my Royal Decree.
All software would be subject to patch regulation, but authors of free software would be punished as individuals, where authors of proprietary software would be punished in proportion to the number of unpatched users (who would, of course, also be punished). Thus, a vulnerability in Microsoft Office might result in thousands of users receiving a single lash apiece for failure to patch, but the employees and management of Microsoft corporation would receive thousands of lashes to be divided among them as deemed appropriate by the State Office of Patch Enforcement. The Federal Office of Patch Enforcement Regulation would of course dispute the distribution of lashes in most such cases and demand a re-administration along federally approved guidelines. My Royal Decree would refer to this as "effective oversight".
That's never stopped us before, why should we start getting reasonable about all this so late in the day?
VOTE ME FOR KING! At least I have a plan.
I've only recently figured out how to tweak the registry to allow me to disable automatic updates again. So all they have to do is change that registry setting and make it a critical update...
Even then it's not manditory. Just never update, they can't force you to update. I haven't updated Windows in more than 2 years. Just as well, now that CodeWeavers has released CrossOver Mac, I may not even need to run Windows after I get a Mac and transfer the files on my PC.
FalconShould there be a Law?
Microsoft did not really "patch" their DRM. This wasn't a code change. Their DRM was designed to be updateable in the event that it was compromised.
So is their OS, allegedly.
So you're saying somehow that an update isn't a patch?
Fine.
Then I don't want a security "patch" to fix [whatever is today's security exploit in XP], I'd like an "update" instead. Does that mean I'll get it in days instead of months?
-Styopa
Microsoft's level of quality in the Windows software offerings is similar to GM's level of quality in their car offerings -- good enough for most. Then they both put further efforts toward matching the competition's features and product line.
Finally, just talk a good game about quality to your sales people and the general public. New car buyers don't follow advice from professional drivers or mechanics, any more than consumers listen to IT pros or technicians about what OS to install.
I can just see it now -
they're probably a lot less worried about this patch breaking then, say, a critical networking component or one of IE's major dlls.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
if this patch were to open up a real security hole (as in hacker taking over PC security hole, not as in people being able to use their music in legal ways security hole) in Windows. That would rock if they were actually screwing consumers over even more by being the music industries bitch.
The Gospel according to lolcat
Free markets can keep your computer secure. However a free market requires you to stop using a monopolist's products and switch to one of the more secure competitor's products in order to function. If you're not willing to do that then please stop whining. Those of use who have switched are reaping the benefits.
Deleted
Fixing this 'vulnerability' is in the company's best interest; never mind the customer.
Are people really this brain dead? Of course this is necessary for the customer. If DRM doesn't work then record labels will not distribute in Microsoft format. They will find a method that works in such a way that their music stays secure. The article is silly with its anti-Microsoft, anti-DRM rhetoric without even considering that there wouldn't even be online music sales without some kind of promise of secure DRM.
I love my sig.
The amount of testing needed for any patch, as variable or fixed as it may be, does not in itself justify the "second Tuesday of the month" approach.
I fully understand that there may be very critical patches that may take a few weeks to develop and test properly. I also fully agree that MicroSoft should not release those prematurely. However, it is not because one critical patch isn't ready that others that are ready must be queued up for up to a month. After all, if said critical one doesn't make the deadline, do they then also postpone publishing the others for an extra month? No. So why postpone at all the first time round? MicroSoft should just release each patch when it is ready, testing included. Not sooner, but also not later.
Linux user since early January 1992.
It's because the lusers who think they really need MS products are too stupid and too lame to insist on a consumer warranty. They'll bitch and moan, but keep shoveling the cash to microsoft-all while eating the caveat emptor no warranty license. Why they put up with that shit is beyond me. Why some big business doesn't get together with a few other big businesses and sue the ever lovin crap out of those billionaire snakeoil crooks is one of the great mysteries in life. MS is big, but a collection of ten other large businesses that AREN'T software businesses could be a lot bigger, have more lawyers, and most likely win, because ALL other products must carry a warranty (direct or implied) in the US. Software is the last one that gets a free skate, and they are the ones who INSIST their shit is a "product" suitable for patents, etc, instead of just a copyright issue like music or movies or a novel, etc, which it is in reality closer to. If it's a product, it needs a warranty, endstop. if it can be found as a work of art type thing, fine, copyright only, but no patents!
I can't wait until that happens, much less releases of much better quality code for everyone then, get rid of early releases, code bloat, insecuritues, etc. Most of them anyway. All other products have some bugs and recalls-but ya know what? They stay in business and got the quality issues taken care of a lot better than software, which is the WORST quality (and mostly expensive) stuff people use on a daily basis. I do NOT care if 90% of the software companies go out of business either, the ones who stay WILL write much better quality code, the perpetual whiners who say it can't be done will be forced to go get a real job someplace,like outside in the weather doing grunt work where they can work off some of that cheetoh flab, the others who know it is possible to write better code will stay and do well, and the *engineers* will decide when it is ready, not the marketing dweebs and billionaire chair throwers..
DRM is money, quick fix needed. Other horrible bug that needs to be patched (just pick one) not the same kind of emergency, after all is just joe schmo losing out to the evil haxxors of the world, he can wait until the next big patch.
Now we know what's really important to Microsoft. It isn't Vista, and it isn't Zero Day Vulnerabilities. Mess with DRM, however, and you're dead.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
So release "wild" exploit patches immediately and "unreleased" exploit patches monthly... That'd make everyone happy except for Microsoft who would have to turn around fixes quickly. In their defense, they actually did this with a wild exploit recently.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Microsoft sets DRM patch hole speed record
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
We tend to think of all patches as security patches, but that isn't the case. A change to DRM should not, on the face of it, appear among the security updates seen on Tuesdays.
Its not ONLY about music, DRM From Wikipedia : We are talking about information, and WHO, WHERE and HOW, a user can access to that information (like a private document). Yes, maybe to the end-user this is not a BIG deal, but this could give access to sensitive information inside an organiztion... the whole DRM design goes to hell.
Just my 2 cents
Cheers
Rock and Roll
When you got an economic fire lit under their ass to the tune of millions and billions of dollars, sure they'll bust a patch out real quick.
We're all hypocrites. We all have hidden parts, it's the contrast between them that make us more a hypocrite than others
it just amazes me why people would pay for that crap in the first place :)
I've read that this "fixed" drm is already cracked again...
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
Seriously, I'm curious to know.
Is this because (not trolling, just genuinely don't know and asking):
o Ford have to meet federal (or other national) safety standards and Microsoft don't?
o Microsoft sell software "as is" but Ford don't sell cars this way?
If it's the latter, how do you fix it without creating a lawyer's paradise?
Comment removed based on user account deletion
The clock is still running. And its a personal privacy bug called Windows without curtains.
I know I personally, and therefore scores of people who ever released an open-source project posted the tarball and fired the announce and within five-ten minutes realized they botched something and have a new version out...
Think it's really impossible to quantify 'Qucikest Patch Ever', but the one you point out may be in the running for quickest patch any significant amount of people gave a damn about..
XML is like violence. If it doesn't solve the problem, use more.
As of now we can still turn off auto updates. If you do a weekly update manually on your windows machine and go to the site you can choose which updates you want. All you people holding their guts over this minor obstacle take a bottle of TUMS and chill out. Until the software giant falls from the fling of a slingshot the software giant will reign over over us all.
I was going to suggest this. When I really need to run something that's Windows-only, I run it in a WinXP virtual machine on my Linux box.
I was actually surprised at how spry Windows feels, when it's not bogged down by a lot of anti-virus/spyware/adware, automated backup programs, and the like. Of course, without those things it's not a terribly useful host OS, because it gets owned so easily (click on wrong link in Internet Explorer -> ActiveX control -> rootkit), but as a guest OS, I just disable all patching and auto-updates.
When I'm done with whatever I'm doing with it, I just roll the image back to its saved state and shut it down. Basically I can abuse the living shit out of it, and then just kiss it goodbye the second it starts acting up.
Obviously you need to take steps to make sure that you save your work somewhere not on the VM's drive (duh...), but I could definitely see the possibility for working like this. I still hate working in Windows, but Windows as a VM is orders of magnitude nicer than Windows running on the actual metal.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
You have taken on faith that M$ puts into patches what they say they put into patches. During the anti-trust trial, M$ swore that divulging the source code to Windoze would create a national security risk. Imagine that, they were hysterical before 911 but still have one of the easiest to crack OS's in the world. Next thing you know, they are selling the same source code to China and the former KGB. Now you trust them to not sneak in anything they please onto your system? Why? Isn't it part of their EULA that they can change any part of their OS on your computer with or without your consent?
Friends don't help friends install M$ junk.
thousands of companies worldwide could be losing millions from a security hole in IE or XP and they just can't seem to get out a patch for weeks and weeks but ohhhhh watch out when there's a problem with the almighty and all powerful DRM and the RIAA and MPAA might lose a buck or two. Then they can pull a patch out of their asses and deploy it in 3 days. Thou shalt have no other gods before DRM!
now stop reading and go play Dance Dance Revolution!
Microsoft is Evil - film at 11.
bullshit
MS can patch media related functions quickly because it ISN'T their core competance there aren't hundreds of thousands of mission critical applications running in enterprise environments worldwide that depend on specific functionality of the WMP10 DRM. for server, network, IE, or shell related things there are so they can't just fuck around with it till it works.
Snowden and Manning are heroes.
Nope. I once messed up the least significant bit of a character. The other 7 bits were fine!
"1" vs. "0"
Now that we know they can patch non-security bugs in 3 days if they put their mind to it, will someone sue them if they fail to take security bugs just as seriously?
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
It's "Arrrr".
You sound like Biff Tannon when you get it wrong.
This patch protects Microsoft. The other patches protect the users. It should be suprising that Microsoft looks after itself better than it looks after everyone else.
Forget thrust, drag, lift and weight. Airplanes fly because of money.
The customer's security is important for Microsoft. That is what they (MS) say and it's true. We just must notice that the "Customer" for Microsoft is not the PC user or owner, but the media companies that sell DRM content !
One of the many M$ troll accounts that cloud around here challenged me to produce references to M$'s infamous Windoze source code national security claim swiftly followed by sale of said code to China and Russia. Of course, I'd love to trot that whole mess out again. Non free software exists on trust alone and M$'s performance there really shows what contempt they have for the US Government and their customers.The memory hole has not yet extinguished the information presented by eweek and Microsoft themselves. You can read it all yourself.
From eWeek, 2002:
If you need to, you can always reference the anti-trust evidence, which is still published and available. The quotes in the article are more than enough for me.
A quick Google Search digs up all the articles here and a parade of Wintel rags falling over themselves to toe the party line. ZDNet echos Alchin again in 2004, a year after they had already sold out! Something called Neowin joins the chorus of woe that someone might look at the source code to W2k or NT4 and see how crappy it is. All as if any real hacker needed it.
The very next year, 2003, M$ announced sale to the highest bidding governments as noted above. Included was China and other friendly countries. But you know, Bill Gates it's just business buddies being chummy. Microsoft would never place the interests of Communist dictators over the rights and well being of their fellow citizens, would they?
The double talk going on at M$ was glaring and all of was bullshit. Access to the OpenBSD source code has not made OpenBSD less secure, it's made it better. The whole episode represented more perjury and a three year FUD attack on free software than it did treason, but you have to wonder what they really believe. Looking back, it's a low point in US corporate history that will only be made worse when they unravel like Enron did. The biggest lie of all is that the Microsoft Monopoly is based on anything more than mass delusion.
I ask you once again, do you trust Microsoft to do as they say? With your business? Code so crappy, it can't be shared but is shared with your worst enemies. If you do, you probably will tell me that Windows XP is easy to install, has good uptimes and other nonsense like that. I'm not sure anyone really believes anything other than Windoze is "good enough because I'm using it for one or two specific tasks." No, that's not good enough and Vista's imminent flop is a good chance to move on to something better. The market is filled with better contenders and M$ will not be missed.
Friends don't help friends install M$ junk.
Not installing this patch is a method of circumventing the DRM.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
LOL @ fat nerds with goatees.
Listen p*ssy. I'm sure your the same homo that posted earlier about alf's boner and you just want to remain anonymous fo
If it's pushed during some odd days, a few days after a vulnerability, stay away from it. If MS takes their time to hammer it out and push it on a Patch-Tuesday, it's safe for use.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
For other 99.9% of us who never heard of Vongo, it's a subscription-based movie download service from Starz (an American cable channel). Basically, it looks kinda like a Napster of movies where you're allowed 3 movies at a time and the distributors' rights are managed by Microsoft Windows Media DRM (and you, the viewer, get none).
Why the parent would give up torrents is far beyond my comprehension.
Anyone know how the GetFileVersionInfo() call works? Does it just read the IBX file version as a sequence of unencryted bits from the .key file? If so, why not just take a hex editor to it and 'update' your old version to one which fill pass the DRM checks?
... Windows Vista has been delayed another 6 months.
I have found the best security fix I could do on my laptop was to wipe the drive and install linux. I haven't had any problems with spyware, malware, viruses, trojans, or DRM. Aint life grand?
"If the patch is critical, it will get criticized for being, in effect, mandatory degradation of capability"
What makes you think M$ cares what users think, let alone tech users?
Newsflash: Microsoft is a M O N O P O L Y. They don't give a crap about C U S T O M E R S.
They'll mark it "critical." Of course.
"And the meaning of words; when they cease to function; when will it start worrying you?"