DRM Hole Sets Patch Speed Record For Microsoft

puppetman writes "Wired columnist Bruce Schneier has an article up called 'Quickest Patch Ever', about a patch that was issued within three days to fix a vulnerability in Windows Digital Rights Management (DRM)." From the article: "Now, this isn't a 'vulnerability' in the normal sense of the word: digital rights management is not a feature that users want. Being able to remove copy protection is a good thing for some users, and completely irrelevant for everyone else. No user is ever going to say: 'Oh no. I can now play the music I bought for my PC on my Mac. I must install a patch so I can't do that anymore.' But to Microsoft, this vulnerability is a big deal. It affects the company's relationship with major record labels. It affects the company's product offerings. It affects the company's bottom line. Fixing this 'vulnerability' is in the company's best interest; never mind the customer."

Patch

[Damastus+the+WizLiz]

So this is going to be the least installed patch for windows ever. untill they make it mandatory

Re:Patch

[Fordiman]

Meh. It's already rebroken. And this time, with video support.

MS is just way too slow for t3h hax0rz.

Meanwhile, I'm testing the new version in conjunction with Vongo (Downloading a movie now). Let's see how that works. If so, I may stick to Vongo rather than BitTorrent ('cept, the very rare/hard-to-find stuff will still get me on BT).

I'm sure the DRM astroturfers on here will scoff, and say, "Yeah right, you spoiled rich college kid theif scumbag criminal. You're just going to keep stealing from the mouths of millionaires like the incorrugible brat you are." If you'll just take it as read that I said 'Fuck off, tool.', we can avoid the whole thing.

Futile request to any /. reading MS employee

[MightyYar]

No matter what anyone in your company tries to tell you, this kind of rapid response is EXACTLY what we are clamoring for when we ask that you take security seriously. Please tell your bosses. Thanks...

Regulation?

[linguizic]

If Microsoft abandoned this Sisyphean effort and put the same development effort into building a fast and reliable patching system, the entire internet would benefit. But simple economics says it probably never will.

This leads me to 2 questions: "can patching be regulated?" and "should patching be regulated?". It seems obvious the free market can't keep our computers secure. I've been wrong before though. I guess maybe it could if people didn't already have the expectation that they shouldn't have to pay for patches b/c Microsoft should fix their own faulty software.
I guess it's all pretty moot since open source is going to take over the world anyway.

Re:Critical, or not?

[SoCalChris]

This would be amusing - pirated copies of Windows would not receive this unwanted patch, but paid-for copies would.

That's a good question. If it isn't marked critical, that will be just one more instance of a pirated product being superior to a genuine product (Pirated games not requiring the CD to play, pirated music not being restricted to certain devices, pirated movies not displaying unskipable ads & warning, etc...)

Re:Critical, or not?

[nine-times]

How can they make it a mandatory patch, even if marked critical? It seems to me that the most they could do is impose a restriction that you couldn't install other patches until you installed this one, but they still can't force you to install it.

<microsoft bashing bitch session>It really makes me wonder whether, as Microsoft introduces more "security" and "protection" that diminish a user's capability, at what point will it cease to be worthwhile to upgrade/patch/fix? Sometimes I think that point was crossed with the introduction of Windows XP</microsoft bashing bitch session>

Re:Priorities

[PriceIke]

This is not a patch. A patch fixes a problem and makes software usable again.

This takes usable, functioning software (FairUse4WM) and breaks it.

"Patch" my ass, this is a bug, which users are expected to install themselves.

Re:Kinda blows their excuse

[buro9]

That they didn't have the bug pre-patched?

In the case of DRM, the system is setup to block comprised clients at the server level immediately.

In the case of DRM, backup DRM methods are already pre-written and ready to ship.

As soon as a system is compromised, the existing method is deactivated, servers notified to deny licenses, and the new system is delivered via the servers.

They are able to 'patch' this so quickly because they already had it written months, if not years, ago. Just like when this one gets compromised, they will be able to 'patch' as fast because they already have the next backup DRM method already on the shelf waiting.

They know this is a game with those who circumvent DRM, and a game which requires time for each DRM method to be circumvented. So they build a store of different methods of DRM and when one is circumvented they release the next. The game continues... and time is currently on the side of Microsoft as they have their next few moves on the shelf ready.

Re:Kinda blows their excuse

[HermMunster]

In WA state the programmer is a slave to overtime. WA state laws allows busineses to require overtime without having to pay for it on any salaried worker. This is a device of Microsoft. Microsoft lobbied to get he laws changed so that the programmer positions changed.

A programmer is the person who actually, through their very creativity and knowledge, makes the product come into being. This is far different than someone that works as an assembly line worker who just does their small part. Programmers are the reason the products exist. For me, that's the reason I don't work as a programmer. I don't want my blood, sweat, and creativity exploited by companies such as Microsoft that make billions of dollars a quarter on my work.

WA needs to revert back to the laws that allow these programmers to get paid overtime. It is only fair. This isn't a management position and thus should never have been changed. It only happened because Microsoft lobbied to make it happen.