Slashdot Mirror
Vista DRM Prevents Kernel Tampering
mjdroner writes "A ZDNet blog reports on a new DRM feature for Vista that 'protects' the kernel from tampering. The blog quotes a Microsoft document: 'Code (CI) protects Windows Vista by verifying that system binaries haven't been tampered with by malicious code and by ensuring that there are no unsigned drivers running in kernel mode on the system.' The blog says that much of the DRM in Vista is simply a port from XP, but that this feature is new to the OS."
It's about time they put something like this in. I hope it will have a effect on the rootkits that are increasingly common these days, both the legitimate ones (e.g. Sony's) and those from hackers (e.g. rootkit.com).
Minifilter drivers don't have to be signed (at least in RC1 which is the last version I tried). That of course means you can get into ring 0 with a loadable driver - all that's needed is admin rights.
Modfying the kernel after that is just a matter of working out which bits (kill the code that checksums the binaries first, etc.)
"if unsigned code is allowed to load you won't be able to play protected high-definition multimedia content"
davecb5620@gmail.com
Don't channel 9 do a good job of news for Microsoft victims?
This unsigned driver "feature" is causing hell for those using the x64 version of Vista, which has abysmal driver compatibility. Nobody can now install 32-bit drivers.
"From: (Blair P. Houghton)
I predict that Eighth Generation computers
will compile no programs, run no applications,
and access no data. Instead they will be
designed and tuned to give a continuously
variable spectrum of elegant and precise
error messages describing your failure to
induce them to do so."
Yay Vista!
stuff |
How exactly would it accomplish this properly though? Call home periodically to get a kernel hash? Have a built-in hash check? If you want to allow the kernel to be updatable (which at times, is necessary), then you are going to have to allow the kernel to be "tampered with" somehow. A crack, virus, or other program might just masquerade as a patch to allow the on-disk kernel to be modified.
For years, people on this site have acknowledged that the driver signing feature -while valid at first blush- would inevitably be used to shut out non-microsoft drivers. Now our prediction has finally come true.
On a personal level, if I cannot uses the EXT2IFS drivers on an Vista system to access my linux drives, I will keep my XP cds and simply use XP and not bother about new games (since the games I use are from 2002, I pretty much already have abandoned new games anyway) or new versions of office.
I wonder whether or not its engineered to make vista more secure or to strengthen windows DRM (Dark ages Replayed for the Modern era). I've got a feeling its one or the other, but not necessarily both.
"We are all geniuses when we dream"
- E.M. Cioran
All your base... for great justice!!!
--- Grow a pair, liberals... stop letting the Republicans bully you!
MS can't win for losing. Clearly the subversion of the kernel through rootkitting is a growing problem. If MS doesn't fix it, they get knocked for having no security. If they fix it, it is called DRM. Myself, I find Vista less than compelling. 2003 works just fine, but it seems some of the haters in the Slashdot crowd will see anything MS does as bad. They are finally getting their act together on not running everything as root and they even get knocked for that.
Okay, I didn't rtfa, but it probably wouldn't have mattered (and it's not the /. way, after all). Will this mean there will be no unsigned drivers, or that unsigned drivers will have to work through the kernel like WinNT 3.5? Aside from all the DRM lock-down, bend-the-consumer-over-a-rail implications, this would also prevent home hacking and diy projects, and could have all sorts of implications for hobbiests.
So, is this a way to prevent crashes (a la 3.5, no Ring 0 access) or is it a way to tighten the noose for the content industry?
Is it just my observation, or are there way too many stupid people in the world?
Cracking such a thing is trivial once you answer the question who watches the watchman?
As Apple just learned with their TPM kernel extension, all that hackers need to do is replace the binary that verifies all other binaries, and the "goodies" are up for grabs.
Obama likes poor people so much, he wants to make more of them.
So this means if one does any development that requires writing any kind of driver for Windows, they have to pay Microsoft? I don't think this is going to go over well (if the previous comments are any hint, it isn't). This kills any small company that sells software that needs, say, a network driver for VPN (Hamachi and others). Or even video game developers, although I wouldn't think SN Systems, Nintendo, or Sony would care much if they had to play $500 to Microsoft to get their development setups to run on Vista. This is... just.. just... crazy, sure we might end up with malicious software, but... Ok, this just goes too far, it's not even DRM, it's just R, for Ridiculous.
Ah, but what prevents something from tampering with Code (CI)?
An incomplete DRM system can be ignored if there's still enough of a real computer (tm) left that doesn't have to jump through the DRM hoops. If you can run code in a way that doesn't HAVE to check the DRM for permission to run, then all the DRM becomes is a necissary bootstrap you need before your real software starts running.
And from what I've seen so far, a completely protected system simply isn't worth the inconvenience for a general computer. Game consoles, sure - I'll play in a sandbox, but no way would I allow Microsoft to have veto power over what I run on a real computer (tm) - it just isn't worth the costs, in all respects. And I don't think most people would want to play in a truly fully protected sandbox, once the cat-and-mouse game of patches and hacks plays out fully - it won't be a pretty sandbox.
Ryan Fenton
I'm an optimist by nature, so I'll say it'll take hackers 3 months to crack the kernel DRM.
Due to circumstances beyond my control, I am master of my fate and captain of my soul.
What happens to third party, open source disk drivers like TrueCrypt?
last time I checked, DRM stood for Digital Rights Management. Security measures that protect kernel tampering aren't DRM. fucking morons
...What am I supposed to hate about this? It sounds like a good feature.
ie. It'll have three back doors and an easter-egg that, when accessed, flashes "Bill Gates sucks" in bright letters. SOP.
The kernel mode signed driver restriction has already been broken by Blue Pill. Full details are in the black hat presentation, but the basic gist is you force a driver (eg null.sys) to be swapped out to disk, overwrite a function in the copy in swap with your own code, then call that function. And now you're executing unsigned code in kernel space.
The very idea of running software on my own equipment that considers me an enemy just doesn't sit at all well.
That, and I really like the Free Software TUN/TAP driver for Windows.
I wonder if the Governments will have to pay the fee to allow their rootkits to work. This can be an interesting twist on spying.
I somewhat agree. MS is blasted because they don't secure their product very well, and they are blasted if they DO try to secure their product. MS is blasted here usually because it has "so many holes", yet there is usually no comparision with how many "holes" or "patches" have been put out by linux, SCO, Apple, SUN, etc. But they are damned if they do and damned if they don't. While many would like to see them go under, or disappear altogether, how long before the next "MS" would step up to the plate and become the "bad guy"?
Nuns. No sense of humor. -Kurgan
Now while $500 isn't too much to ask to have your driver officially supported by microsoft and allowed to run on vista, it raises an interesting issue. If a company makes drivers for vista, and microsoft, or whoever verifies that the binary blobs are allowed to impede in vista's kernel, decide that they don't like something that that company is doing, say supporting linux heavily. What is too keep microsoft or whoever from just saying nope your driver isn't good enough?
From wikipedia drm article
This new feature doesn't sound like it falls under this description to me -- although it might to others. The reason a conflation concerns me on this issue is because Microsoft could justifiably say that DRM is improving Windows security, and lay people might find DRM desirable. So why exactly is this DRM?
The new security hurdles will be great for the average home user anything that makes it more protected and stable helps. The big hurdle is going to be convincing businesses that do active in-house development that this is a good idea. Its going to be hard enough to convince companies that most of their desktop systems have to be completely upgraded and they really have to push the upgrade since runing in reduced functionality mode appears to offer no real benefit over XP. MS has really created an uphill battle for themeselves, none of my friends are planning to upgrade and the businesses I have talked to are just worried about loosing support for XP and 2003 to the point of asking about alternatives. Unless my group of friends and aquaintences are not typical of the majority the only upgrades to vista I see in their future are forced ones due to buying new desktops and laptops.
Everytime I see articles like this I am so happy I switched away from Windows. I switched to a lesser of 2 evils, Apple. But, I tell you what I have spent far less time trying to maintain the system, then using it. Defrags, virus scans, spyware scans, updates, upgrades, reboots, etc.
OS X is NOT perfect, nor is Linux. But, OS X is a lot closer then Windows AND Linux. Don't get me wrong, Linux has its place. As a server. I will use nothing but it for a server, but for a workstation it still has a long way to go.
until (succeed) try { again(); }
But 2003 is a server OS while Vista is a user OS. You'll want to compare against Longhorn server which is due out in mid 2007 which will likely be released as Windows Server 2007.
This is not new (at least the concept) at all. We have been talking about this for years now. What do you think trusted computing (palladium) is? This has always been the "good" side of the TCPA coin, media DRM being the "bad" side.
Finkployd
Is everything DRM, piracy, and terrorists, these days?
Protecting the core parts of the system against tampering is a perfectly good security measure, and it has been done by anti-virus software for years. It's also being done on Linux; at least one rootkit detector does it.
Please correct me if I got my facts wrong.
There has been some discussion of money changing hand to be licensed by MS as a kernel driver. This is not necessarily a bad thing, because not everything needs be in the kernel. One can imagine, however, that this would be a cheap way for sponsored applications to gain validity, sort of a membership to the BBB.
Ultimately this may be another case of false security, and another inroad into the PC as property of MS.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
This isn't just about supporting hardware. Several types of programs require kernel-mode drivers. Off the top of my head...
Installable file systems
Loopback mounts
Volume encryption
Rootkit detection
Packet sniffing
VPN software
I'm sure there are others. Vista's code signing requirement will make it difficult for any open-source program to do any of the things listed above. Large OSS projects backed by a company will probably be able to get a certificate from Microsoft and sign official builds, but third parties will be unable to modify and redistribute binaries, which is counter to the spirit of open source. I'm sure this is not an accident. Smaller OSS projects (such as installable file systems for ext3 or reiser) will most likely jsut disappear.
It's a relief that this change merely prohibits tampering by "malicious code." (If it were to prevent modification by the owner or administrator (or whoever they choose to delegate authority to) then it would be a usability defect and security vulnerability, rather than a security feature.) What I'm really interested in, is how Microsoft developed the AI that determines whether a modification is malicious or not. This is a landmark development in computer technology, putting Microsoft decades ahead of all other competitors.
Oops, I just read the article, and it says it works by using code signing, not AI. Ok, scratch my earlier comment about it putting them decades ahead. Still, I suppose it could be a useful feature.
Oops, I read the article further, and didn't see anything about the user having the ability control what keys are accepted as trusted signers for their own machine. Scratch what I said about it not being a security vulnerability and usability defect. I think I want to take back what I said about "useful feature" also.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
DRM is impossiable without chip level hardware security. There is going to be a whole new product field of new software that disables and replaces windows code security. Programs which actually give control of your computer back to you. But while it's won't stop computer infection (where there is a bug hole there is a way) it certainly raises the security bar for the basic default windows setup I install on (non nerd) family and friends computers.
Even with chip level security I'd be drilling into chips and hot wiring them if needed or purchase pre hot wired hardware if the modification equipment was beyond my means. I will never stop striving for control of my own property even if control is an illusion.
I beleive CoLinux is another FOSS program (and a very useful one at that) that is affected by this.
When you lose something irreplaceable, you don't mourn for the thing you lost, you mourn for yourself. - Harpo Marx
If $500 is too much for a company... sorry, guys, I don't want anything from such a company! Such a fee is just formal!
This is all part of the inexorable process to turn computers into standardized household appliances, not devices that the consumer can hack around with and do things that perhaps the originators had not yet thought of.
Alas.
File under 'M' for 'Manic ranting'
$500 and Sony = Rootkit.
This is not going to protect the consumer one bit, but instead make them grab the ankles even more...
I do agree that Microsoft is damned no matter what. The thing is, plenty of other operating systems are secure, without the need to limit third party software in such a draconian manner. I mean you could make your house safer by putting locks on the windows and doors, or you could simply cement every opening shut. One alternative is certainly more palatable than the other if you actually want to live in the house eh?
I Am My Own Worst Enemy
From the article, 64bit kernel mode drivers will need to be signed. 32 bit drivers will be allowed to run but may hamper DRM media from being played. I'm not familiar with Windows API but what is considered a kernel mode driver? Is a driver for a sound card, for example, considered a kernel mode driver? If that is the case, it seems that the most pain will be felt by developers. There will be a need for many new drivers for Vista then.
Well, there's spam egg sausage and spam, that's not got much spam in it.
The only unsigned driver I have ever seen was for an old Voodoo board.
The last time I met anyone who was using custom hardware was around 1985-6, a sound board that plugged into a C-64.
If you can't use your old hardware with Vista, then don't run Vista. New hardware shipping with Vista will be able to run it.
As a security-conscious programmer with a lot of corporate development history, I support Vista's blocking of non-signed drivers 100%. It's actually the first time I've agreed with Microsoft's plans and features since suffering the pains of Windows 3.1 development and support.
Maybe it's time for the idealists to get real about security issues. They see DRM as preventing them from experimenting; the vast majority of government, corporate, and home users either don't care or see it as a benefit that provides more protection from crackers, viruses, rootkits, etc. Even OpenSuSE has a similar enforcement option for verifying binaries, and I doubt it'll be too long before bigger commercial OS vendors do the same.
Fight a battle you have a chance to win, and stop dreaming that unsigned platforms have a future. Without someone certifying that a platform is secure, businesses are going to stop using them. Eventually client nodes that aren't certified won't be able to do much useful, either.
I object more to the use of products like Entrust web sign-in that ignores the security provisions of products like Java sandboxing, artificially blocking clients unless they are running a paid-for commercial OS from Microsoft or Apple. (Try registering with http://www.gc.ca/main_e.html for a "My Government Account" with Linux or even with Firefox under WinXP Pro.)
There is no reason for such an artificial blockage of client access, and that worries me a hell of a lot more than whether a couple dozen hackers can run custom drivers for their own hardware. Why would such a hacker go through the pain of Win32 driver development instead of Linux drivers anyhow?
I do not fail; I succeed at finding out what does not work.
Remind me why Microsoft would want to support your silly peasant filesystems, and not just make it that much harder to use an OS besides Windows?
Yeah, that's what I thought.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
If your box is rooted (which is what this is intended to prevent, I think?) then your box is rooted; unless there's a hardware/firmware watchdog on duty, I believe the technical term for this is "pwned".
SO . . . how does everybody here feel about a little Palladium today? Line up here to get your GUID's - one to a customer. Hope your LINUX box doesn't go "on the fritz" (does go "on the fritz"? Man, I'm confused).
It's coming folks. Those who refuse to believe that will see when it happens. The rest of us will labor to ensure that it's not totally onerous, while Microsoft sees to it that their monopoly is extended and made impregnable.
Couldn't they prohibit you from doing this, though?
Say they somehow incorporate the public key of the "Microsoft Uber-Master Root Certificate" into the kernel itself, which itself can't be modified. Then, only 'root' certificates which have been signed by Microsoft are allowed to be used.
So that way, the only person who can sign drivers is Microsoft, and the only valid root certs are those approved by Microsoft. No unsigned drivers, and no self-signed certificates or "illegal" CAs.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
If you don't build what your customers want, your customers are going to look elsewhere.
All my experiences with Digital Restriction Management have been thoroughly miserable. It was Microsoft's 'product activation' that conviced me that Microsoft no longer wanted me to buy Windows, and I switched to Linux. Every time I changed my hardware with XP, something went wrong with it, and it required me to 're-activate'. I don't see how corporations have suddenly found new rights to snoop on individuals in this way.
To me, this is akin to a neighbour watching through my bathroom window to see if I might be commiting some illegal act.
I didn't touch DVD until the restriction imposition layer was thoroughly defeated, and I certainly won't touch Windows Vista - ever.
If Microsoft is going to defecate on software developers like myself, they are rapidly going to find that they have none left supporting their platform outside big corporations with deep pockets.
I don't know of any Windows user who wants restriction management facilities. Microsoft should forget its ridiculous dreams of dominating media delivery platforms, and give customers what they want instead, or soon they will find that neither business model is viable any longer.
People are concerned that when running an unsigned kernel-mode driver, one can't play protected HD-DVDs and BR discs (this is to prevent an "unscrupulous" unsigned driver from compromising the protection of the discs, so it is DRM in this case). Of course, Linux can't play them *at all*, regardless of what drivers are used, but whatever...
-- "I never gave these stories much credence." - HAL 9000
The real question is, is Joe Windows Vista User going to go to nvidia.com to download the latest drivers for his new videocard and find that there's now a surcharge for the file, ostensibly to cover the cost of signing the driver? Or is this expenditure going to be integrated into the cost of the hardware, artificially raising the price?
Or is this just business as usual? Do devs have to pay now for driver signatures? I honestly don't know the answer to these.
Cost of WinVista Kernel DRM - part of the $300 price of WinVista
Cost of hair torn out by DRM refusing to let you do what the Constitution explicity permits - $1000 for hair plugs
Cost of WinVista hack to "fix" Kernal DRM - priceless
-- Tigger warning: This post may contain tiggers! --
get hands on signed binary of a driver.
reverse engineer and slide your code inside the signed driver.
watch it run unnoticed to the Vista kernel.
I am expecting this to happen about 6 days after vista actually ships. The virus vector just got nasty, rootkit virus backdoors acting as legitimate signed code getting in and making it damned impossible to remove.
Why is it so hard for Microsoft to make a real secure system???? is it that hard to put in a real filesystem security and make it so that only the administrator can write to system directories and make the user not run as admin???
Apple, and Ubuntu can do this.... is it out of the grasp of microsoft programmers or is there a different agenda afoot with this whole thing being disguised as security from dangerous code?
Do not look at laser with remaining good eye.
After a certain security level, even root cannot change the kernel without rebooting to single user mode. Thats what makes immutable files immutable in OpenBSD.
Seriously, what place does this have as a method of Digital Restrictions Management? Isn't this about restriction what code will run rather then what media will play? Do we just slap a "DRM!" tag on anything related to restictions regardless of whether it has anything to do with enforcing terms of media playback? In that case, you could call all our laws a form of DRM. (And this from a site that so often points out the difference between copyright infringement and stealing.)
When the Windows DRM was cracked, how long did it take for Microsoft to issue a fix? A couple of days.
When there is an IE security issue, how long does it take for Microsoft to issue a fix? Weeks, months, sometimes not at all.
Aren't most security problems in Windows outside of the kernel? Make no mistake that kernel tampering is a problem and should be addressed by any platform but it seems that various pieces of malicious software modify the hooks of the software surrounding the kernel instead of the kernel itself. Installing a piece of modifies that modifies Explorer handles file browsing in a way the user didn't intend. Installing a piece of software that modifies the behavior of IE without knowing it. Looking at a piece of email that executes something it shouldn't. Modify the registry so anytime any piece of software queries about a file type, do something the user didn't intend. So on and so forth. Most of these things are not kernel controled and therefore protected by DRM security schemees. And I'm not sure where "mini-drivers" fall (think your USB Camera) since they should be dynamically loaded/unloaded on demand.
/. also suspect). Making the kernel harder to modify accidently or by trickery is a good thing but what is this really doing? It seems more like a way to make sure Microsoft and only Microsoft can make changes to Windows since very few outside of Microsoft can do this anyway with a thinly veiled promise of benificial security.
Please don't mistake that keeping the kernel "hardened" is important for security but I'm not sure what this really solves for the end user (which is something I suspect many out on
I guess the fundemental question is how many people want to modify the Windows Vista kernel? What is the actual threat for kernel modification? If that pool is very small then it seems kind of like a non-feature for users and another layer of API for software engineers.
- The fee for the certificate is, apparently, $500/yr
- Presumably the certificate issued to the company expires or is revoked if they don't cough up next year (otherwise a cunning manufacturer could just buy one certificate, and then use that forever)
- Therefore, if your manufacturer goes belly-up, it's likely that your (100% genuine, legitimately-purchased) driver software—and the hardware that goes with it—will cease to work.
Either that, or MS will leave the certificate valid (to avoid annoying a huge number of customers), and the company's receivers will find that the certificate has a large value on the black market...Need to type accents and special characters in Windows? Use FrKeys
Disclaimer: I know shit about driver writing and kernels in general.
Couldn't someone develop signed wrappers, if the interfaces are stable enough? Just install the wrappers and configure them to forward calls to DLL x or y?
Well they think that one OS fits all those needs, so clearly, one filesystem ought to do the job just as poor^D^D^D^D well as Windows.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Kernel drivers (which is what we are talking about here) CANNOT be installed on a platform they weren't written for. This is true in XP as in Vista. Companies have to release 64-bit drivers if you want to use it in 64-bit XP. There's no compatibility mode. Usermode applications can run in 32-bit compatibility, but not drivers.
What constitutes a signed driver? For example can any old Joe sign it or does have to be signed with the help of Microsoft? If it is the former, how much are we talking about to be able to buy a key to be able to sign stuff?
Jumpstart the tartan drive.
That's why they won't be there. Remember, a key new DRM goal here is to "close the analog hole" by not displaying video in any higher resolution than current standards out through anything but DRM capable ports. If you can write your own kernel driver you could get it in the way of that process -- potentially intercepting that stream of data or sending it to unauthorized devices.
The sick part is, we're all paying for this DRM so that we can then be sure to pay for future content.
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
The other big nail in the coffin is that pirated versions of Vista will be shut down. A lot of people complained about MS in the past, but they used it because it was "free," to the point that they purchased one copy of something and used it on a bunch of computers around the office, or they had some legal machines and some with pirated versions of XP. When MS starts forcing people to be 100% legal, people are going to see the true TCO for MS products...and they are going to start looking for replacements.
While I have no idea where this took place, I happen to know a company with a legacy NT machine. They wanted to build a mirror of it and turn off the old system. So they installed a second copy of NT on a new(er) server. It was that easy. Imagine four or five years down the road when all of the easy to install versions of Windows have run their course (which they almost have) and every install involves jumping through Microsoft's hoops to get it activated.
Transporter_ii
Doctors destroy health, lawyers destroy justice, universities destroy knowledge, religion destroys spirituality
this is hardly a new feature, it has been in WindowsXP for a few months now, its to stop kernel patching, which people shouldnt be doing. this is the reason that demon tools stopped working for a few days.
anyone who NEEDS to kernel patch, is a lazy coder.
portfolio
As other replies to your post have noted, the option to run unsigned drivers is still quite important for many people in many fields. Thing is, I can sort of see why you would take the stance you do. I'm not much of a Windows programmer, least of all for Vista which I never plan to touch, but I have to ask: would it really be so hard to keep the option to run unsigned drivers available to the end user? There's got to be a better way, even if you needed to do something so hardcore and idiot-proof as changing an INI file or registry entry by hand in a text editor, download a disclaimer-filled patch from MS, or click through a gang of rabid "Are you sure?" / "Are you really sure?" / "Are you really, really, piggy-squealy sure?" dialogs to enable unsigned drivers.
It seems to me that if MS doesn't provide the option to even its most expert users, the developers-developers-developers-developers could end up either banging out their own unsupported hacks to defeat the purpose, or just abandoning Vista for a platform which doesn't charge them out the eyeballs for supplying reasons to use it.
Slashdot Burying Stories About Slashdot Media Owned
REALLY old days
1. create your own dos macros, and dos solutions, load your TSR drivers and play games how you want.
Old days
1. Regedit the annoying crap Microsoft puts into XP out.
2. Enjoy Windows XP your way because you paid for it.
New days.
1. Break kernel DRM.
2. Break all other DRM.
3. Enjoy Vista your way because you paid 400 dollars for it.
Just one more step for us to take.
My Answer is, This is a Weasel...
Factually, most of the information in the article is correct, as Vista does add in new technology for driver checking (especially in x64 version for kernel model drivers).
However how this can be 'deemed' as a NEW DRM component is about as far from reality as it gets.
The ONLY way this plays a part in DRM is when 'driver' checking is required by software/hardware for HD-Content that will require it.
The MS Code does little more than to ensure the drivers are what they say they are, and on x32, just like in WindowsXP you can INSTALL ANYTHING you want, even KERNEL level drivers. There is nothing stopping the administator from doing this.
In x64, kernel mode drivers MUST be signed, and I don't think this is the right Move for MS, but it does have a legitimate basis for the level of stability they would like the x64 platform to have.
Also of note, kernel mode drivers are less common in Vista, as even the Video is now a User mode driver. Besides, if you are running the normal x32 version of Vista, it behaves NO differently than XP, although the OS does make sure any drivers YOU HAVE CHOSEN to install are the same ones in place and that no 3rd parth access by any application can touch them without specific authorization from the administrator.
This is more about MS tightening security, than having anything to do with DRM.
So this article is a freaking FUD based Weasel, why trying to add some actual 'technical' facts, they mislead the subject to add in assumption that this is a DRM component.
And it is not...
(I may be wrong but..) The $500/yr is for the signing certificate. There isn't an expiration on a signed driver. The company simply looses the ability to sign *more* drivers after a year.
Would that work?
I.e. someone writes a program (interface) that takes another program (file) as input and runs it. Only need to get this one program signed, then all others can run.
There's probably some obvious reason this wouldn't work, but I'm curious.
MS gets knocked for having no security for years now, deservedly so. It is just now that their insecure model nips them in the butt. Even a virus scanner is too late if it catches a misbehaving piece of code before execution. Why? Because you can't tell intent from binary code. Virus scanners work based either on signatures or on heuristics. Both models are flawed, because the idea of a virus scanner is flawed. If a virus gains access to the administrator level priviledge in a system, it is already past the last line of defense, game over, hasta la vista!
There is a right model to stop these things: it's called sensible design and secure default settings.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
Let's just hope that all this leads to a day when people use Open Source software because "It just works..."
MjM
XKCD:Xeric Knowledge Comically Dispen
So we should live under a tyrant because other people want to be tyrants too? I don't see the logic behind that.
--
Given enough personal experience, all stereotypes are shallow.
Preventing unknown code from running in kernel-space is a good idea - though it's no silver bullet.
However, the issue at hand is simply:
Does it work?
It looks like their solution is badly implemented, ref. pagefile attack. So no, it doesn't work. So trusting this is like installing a new lock when you know your enemies has the master key to the new lock.
Stop the brainwash
Compare the two. If they match, then the file hasn't been tampered with... Tampering with this requires...
No, all that is required is to copy one key over the other in memory. Alternatively, one could modify a single comparison instruction in the loader. Then the match occurs, and the code will be allowed to load.
This is well within the range of an experienced hacker:
The society for a thought-free internet welcomes you.
You can bypass CI using bcdedit (the vista bootloader editor).
I won't give the actual command since I'm not sure if doing so would break my NDA.
If its not public knowledge now, it will probably be soon. Although doing so puts "Test Mode" in all corners of the desktop.
Hmm, I've read the articles people have linked to more closely (should have done that first, rather than trusting the posters ;-) and it's possible that that's how it will work (i.e. you sign the driver with your certificate and send it to MS—so they know it's from you—then they sign the driver with their certificate, so Vista PCs will know that MS knows who it's from. Some posters implied that you'd get a certificate from MS with which you'd then sign your own drivers)—but there are still questions. For example, all certificates are required to have an expiration date. What happens when the certificate on your driver expires? I guess MS will put the expiration date 100 years into the future. More worryingly (as always), what if MS's root certificate gets compromised? There's certainly a huge incentive for it to be broken—how many botnets will be set to work on it as soon as Vista is released? And if it is, what could MS do—they'd have to revoke the certificate, causing all drivers released so far to become invalid. And I don't like the possibility that, if MS had a dispute with a hardware vendor, they could threaten to revoke the certificates to the vendor's drivers that were already in the field...
Need to type accents and special characters in Windows? Use FrKeys
The last time msobkow met anyone who was using custom hardware was around 1985-6. However, msobkow != the world, and the people that msobkow meets are not necessarily an unbiased sample. It appears that you do not frequent hardware hacking message boards such as sections of the nesdev.com and gbadev.org forums.
Or they will sell computers preloaded with their software. This is the route that TiVo has taken with its DVRs.
No, it only gets called DRM when MS triggers lockdowns of functionality when the signed driver check is disabled. Such as disabling playback of high-def protected content when unsigned drivers are loaded.
DRM or no, this measure stinks of a band-aid approach, and of typical CYA mentality: it's not about protecting the user's data, it's about protecting Microsoft's data (and business deals, etc.).
Yes you would. A console controller conversion requires a way to talk directly to a parallel port to send first-button and next-button request signals and receive button state signals. Input device drivers have additional restrictions; Microsoft's user-mode driver framework FAQ states the following:
This will have negative ramifications for the disability community, as it will become harder for hobbyists to develop novel assistive devices
You have to be an administrator to install an application anyway. So an application that includes malware would just get the administrator's permission to become root in order to install the application, and then go on to install its own root certificate. This is why, as I understand it, Windows Vista won't let even an administrator add a root certificate capable of signing drivers.
Would you say that if you were one? What should Kevin Horton, developer of the CopyNES development kit, or Memblers, developer of the Squeedo development cartridge, do?
Microsoft doesn't, but VeriSign charges a $500 annual fee (plus whatever your state charges for incorporation papers, as VeriSign won't sell a cert to a sole proprietorship), and VeriSign has the exclusive contract with Microsoft to sell code signing certificates.
No it isn't. Input device drivers must run in kernel mode.
And folks with the "congenital or acquired disability gene" who really do need to write an input device driver just for the assistive device that allows someone with a disability to use a computer at all.
Microsoft does offer such a license, and Microsoft doesn't even charge people directly. <sarcasm>Steps to obtaining one are as follows: 1. incorporate (price varies by state) and then 2. get a code signing certificate from VeriSign (499 USD per year).</sarcasm>
There is no payment to Microsoft, but there is a payment to your state to establish a corporation, plus a 500 USD payment to VeriSign so that VeriSign can verify your corporation's identity.
Input device drivers are still kernel mode. If you have a disability, and you want to build an assistive input device, and you can't afford $500 a year for a cert from VeriSign plus whatever your state charges to form and maintain a corporation to receive the cert (VeriSign does not sell code signing certs to sole proprietorships), tough copulating manure.
Because they've been signed and MS took money (and, ostensibly, did work checking) that any future driver BSOD will be MS's fault now?
My emphasis. So why does it have to be an company, and not a hobbyist, that releases the driver? Is it that VeriSign slipped Microsoft a fat check for the exclusive right to provide code signing certificates for Windows Vista?
How can an entertainment software developer working on its first title go console-only? Don't platforms other than Windows and Macintosh require a licensing agreement? Consoles and gaming handhelds won't run anything not approved by the manufacturer, and phones often won't run anything not approved by the mobile network operator. Console makers and network operators tend to be very reluctant to talk to developers that have not already released a commercially successful title on some other platform.
Im sure that and likewise groups are ALREADY tampering with your kernel somewhere ...
Read radical news here
Do you boycott entities that are not companies? Let's pretend you were disabled, and a hobbyist who had not yet incorporated wanted to build and sell you an assistive input device that works around your disability to allow you to use the computer efficiently. Would you shun this hobbyist because he does not represent "a company"? Some people who build these kinds of things do it as a side job, not a day job, and 500 United States Dollars per year would eat up a significant portion or even all of the earnings from the activity.
Some sophisticated hacking involved, but the iSCSI driver is going to come from Microsoft, the file server can be a customized iSCSI implementation on a Linux box that will present the legitimate file for signature checking and substitute a different file when called for loading. Nobody's discussed firmware, the drivers good, the validation procedure can test till the cows come home, but days after release the soundcard firmware has been subverted. What about AMD promotion of using Socket M for hardware add-ons. Somehow, I believe, that MS does not have all the bases covered. Even if they actually have people talented and smart enough to do DRM right, the PHB and bean counters will never give them the time or money needed to totally accomplish the goal. As usual, corners will be cut and hand waving substituted for functionality, it is the Microsoft way. They are far from owning the trust channel end-to-end and eventually someone will leverage a hardware or emulation or man in the middle exploit and those poor souls that are required to run Twisted Computing environments will probably be willing to pay bucks, possibily BIG bucks to recover some of their freedoms. MS will NEVER "get it right" and unlike virus exploits, these exploits stand a good chance of being kept close to the chest, empowering the end user for extended periods of time. How about a clever little snippet that automatically uninstalls a needed security patch. MS has to be perfect, while the freedom fighters can flail away at the problem until they find the inevitable imperfection.
There is no right to feel safe thru security vaudeville at the expense of everyone's freedom, privacy and tax money.
... it is simply another security measure. I know it's a nit pick but given all the FUD (on both sides) surrounding DRM I thought I'd point it out.
Nah you just send them the $500 from somebody's credit card that you got via your phishing scheme.
They'll "follow the money" for sure, but to where?
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Try this:
Q. What's with the screen shots? Other magazines seem to have better quality images.
Reviews in Gamer Reports do not use screen shots provided by the game's publisher. These images are considered advertising and may misrepresent the game experience. Instead, GR reviews provide images of the actual game display, taken with a camera. They look a bit less clean in print but represent more accurately how players will see the game at each of its image quality settings.
Soytainly. A price of $50 per year for small businesses, including sole proprietorships, would be much more palatable. That's less than the price of a Windows OS license for two developer workstations over the three- to five-year life span of a Windows major release. It would be much easier for low-volume hardware makers to recover such a reduced fee from their customers.
If you care deeply about principles, you know where to find them.
I'm wondering if there will be a dramatic increase in piracy for Vista, as compared to XP.
Here's my thinking:
I'm assuming that eventually there will be a pirated version of Vista that will have all of the crap stripped out of it.
This "cleaned up" version of Vista may, in fact, offer significant advantages for people who are having problems with drivers, DRM, activation, WGA, etc.
In the future, the easiest solution for many problems may be to simply download "Pirate Pete's Vista Lite" and get all of the benefits of Vista with none of the pain.
I can see this catching on like a wildfire.
The is really about Microsoft extorting money from every hardware vendor on the plannet in exchange for driver certification.
Andy Out!
If virus writers are smart, they'll work with it instead of against it. Imagine a virus that used Microsoft's DRM to "lock" all of the user's files, only to demand a ransom to provide you with the unlock code?
...
In a case like that, I can think of only two upsides: MS probably won't be able to make anything secure, and fewer people will want to use Windows after crap like that.
In an unrelated note, these captchas are really odd. Mine is "bribing"
While it is annoying that legit OSS projects have extra hurdles to go through, I will sleep a little sounder at night knowing it is making it just that much harder for Symantec to snark up my relatives' boxen.
Unfortunately, input devices are one of them. This is going to hurt hobbyists and small businesses that build assistive devices, who often can't afford $500 per year.
1. This is not news. Driver writers have known about this for years. This is how XP-64 and Server2003-64 work already. And this has been posted on Slashdot at least twice before.
2. Win64 (whether Vista, 2003, and XP) requires signed drivers unless you boot up in "debug" mode. Win32 does not, although it will warn you.
3. If you have any unsigned drivers running (Win64 OR Win32), certain "trusted path" applications (i.e. DRM-enabled video players) will not run. Basically, the content author says "I only give permission to watch this video if your system is trusted" (for some definition of trusted, as defined by the content author). Microsoft is providing a way to certify your system as trusted. Without this certification, you don't have permission of the content author to view the content. (Workarounds will be found, I am sure, but legally, that's how it works.)
4. Microsoft will issue a PIC (driver signing certificate) to pretty much anybody with a valid code publishing certificate from an accepted certification authority. Currently, "accepted certification authority" means Verisign, but MS claims to be willing to entertain other applicants. It is the certification authority that gets the $500, not Microsoft.
5. The point of the signature is identification, not security. Basically, Microsoft wants to be able to identify the author of any kernel-mode code running on Win64. Stable? Well written? That is a completely separate matter covered by a different process. The idea is that if a kernel-mode driver does something stupid/illegal like sniff for passwords, Microsoft wants to be able to track down the author and possibly blacklist/revoke the driver signing certificate if flagrant violations are found.
Yes, this presents some inconvenience for small or not-for-profit organizations that want to write drivers. In most cases (something like WinPCap), I suspect they'll be able to find a "sponsor" organization willing to sign the driver. Other drivers can really never be trusted (CoLinux, for example) because the driver loads arbitrary externally supplied code into the kernel, so sponsors might be more hesitant to sign them (their certificate would probably be blacklisted).
On the other hand, it means that any rootkit/sniffer/malicious driver will have a name and address associated with it -- very handy for picking up the trail of the author (or at least shutting him/her down via certificate revocation).
Time flies like an arrow. Fruit flies like a banana.
For a long time I have talked about the features they are going to add to DRM. Such as this one: requiring signed drivers for everything. But microsoft shills modded me a troll.
Maybe some will listen now.
I get unsigned driver warnings when I'm trying to install the LAME ACM or XviD binaries. Makes you wonder how useful these will be initially when people start using Vista.
Plus I have noticed there are a few well known hardware manufacturers (Belkin's rebranded USB Bluetooth adapter for one) that are intentionally shipping unsigned drivers with their stuff. Their installation manuals either tell you to ignore the unsigned driver warnings or the installer will automatically disable whatever protection Windows is using against unsigned drivers so you never see the warning in the first place.
Either way, it's not just going to affect people using custom or old hardware. It will affect businesses and open source projects the same.
What if they just cease to care about their hardware - like HP for example. Watch that $10000 plotter become worthless unless you keep a legacy PC handy for people to print from that PC and not over a network.
What about the module that performs the verifcations (probably just a hash comparison, like Tripwire on *nix)? Suppose somebody conveniently inserts a JMP instruction to the location of the code following a successful verification, allowing the comparison binary to otherwise behave as if the check had succeeded (probably either terminating at that point or trying to perform another verification if a binary hash exists)?
(I personally don't grok x86 ASM well enough to do this. But some people do.)
As with privacy, the question is "who watches the watchers?"
Is Capitalism Good for the Poor?
There's certainly a huge incentive for it to be broken--how many botnets will be set to work on it as soon as Vista is released?
:-p
Barring any revelations about P and NP that would have consequences far more broad than MS's certificate being broken (many FAR, FAR more dire consequences (as essentially all crypto from the last few decades is based on the assumption that P!=NP) than just MS having to decide whether to revoke its certificate), I think you can sleep well. There's an outstanding $30,000 reward for anyone who can factor a given 704-bit number. A year ago a team finished putting 30 processor-years (2.2 gHz Opterons) to breaking a 640-bit number. These signatures are probably 1024 or 2048 bits. This is not an easy problem by any means. You could probably throw today's computers at it for millenia and be little closer to breaking MS's certificate.
And I don't like the possibility that, if MS had a dispute with a hardware vendor, they could threaten to revoke the certificates to the vendor's drivers that were already in the field...
Yeah, this you can lose sleep over.
I think the issue is that of the user's right to fully use the hardware capabilities of their own system. DRM effectively grants ownership of your hardware to the big media corporations.
Granted, while this does protect against malware, Microsoft has incessantly provided upper-level access to malware writers, and shows no sign of stopping. It does little good to have a signed, verified OS layer if the mail layer will arbitrarily execute code without prompting the user*. This specific approach may prevent one type of malware attack, but the goal is DRM; that is, security for content providers, not for the end user. Security is just the moniker being used to deprive the end user of capability which is rightfully theirs.
* - granted, this may be patched, but you can count on the "Microsoft Mindset(TM)" to introduce yet more security holes in required components of the OS.
The society for a thought-free internet welcomes you.
It only takes a person knowledgable with Vista to find this, re-write and, crack a few files to seem legit, and you've got no more DRM once the 'updated' OS hits bittorrent. Guess you guys haven't heard of Windows XP - Scene Edition, have you?
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
How about just suspend the virtual machine you are running the software under. Get some program to mess with the suspended image (make a backup if you're paranoid), resume the altered image.
Once you get the hang of it, it probably makes it easier to alter things on a real machine.
The hardware virtualization stuff is improving so the virtual machines will be running not much slower than the real machines, and the stuff in the virtual machine may not be able to easily tell whether it's in a real or virtual machine.
The DRM stuff doesn't protect you from Sony, and I doubt it will protect you from the bad guys.
For example: say Python/Perl stumps up the USD500 and gets certified. It doesn't mean that perl and python scripts will be safe to run.
I'd say spammers or bot farmers can do practically all they want with perl or python, so what if it's slower? Those quad core CPUs are coming soon, and most people aren't going to be using all of the cores anyway...
Running stuff in a virtual machine could help bypass DRM and those bootloader issues. You can fiddle with stuff as much as you want, and at best the stuff stuck in your Matrix is going to have a bit of Deja Vu, or time dilation...
Things aren't going to be safer. This is because DRM isn't being used to make things safer. DRM is being used to make the rich richer.
Sony and friends will still get their evil stuff certified.
Hackers will still find holes in signed stuff and thus run stuff at higher privileges.
Spamware/Malware/Botware people can just run malicious scripts. I doubt the intepreters or byte code executors will all require stuff to be signed. There's a lot you can do with a single line of perl...
Need to type accents and special characters in Windows? Use FrKeys
My graphic card (an old 3DFX Voodoo 5 6000) happen to run on community-developped drivers (see downloaded from http://www.3dfxzone.it./
...Oh wait, I guess Vista won't install on non-quad-gpu-DirextX-12d-compatible-5Ghz-4096Mo gfx boards.
This is the exact kind of situation where not giving an alternative to signed kernel drivers is going to hurt.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
And my idea about your opinion is that the hardware hacking community is a useful resource that doesn't deserve some monopolist stepping on it. In fact, stepping on the assistive hardware hacking community with an unaffordable entry fee ($500 per year plus whatever your state charges for incorporation) might run up against Section 508 of the Rehabilitation Act as amended, causing developers of computer operating systems that are locked down in this way to lose their U.S. Government contracts.
Which e-mail address, postal address, or fax number should I use?
Which e-mail address, postal address, or fax number should I use?