Cost Analysis of Windows Vista Content Protection

David Gerard writes "Security researcher Peter Gutmann has released A Cost Analysis of Windows Vista Content Protection, a detailed explanation of just what the protected-content paths in Windows Vista mean to you the consumer: increased hardware cost and even less OS robustness. 'This document analyses the cost involved in Vista's content protection, and the collateral damage that this incurs throughout the computer industry ... The Vista Content Protection specification could very well constitute the longest suicide note in history.'"

Migrate to GNU/Linux, not Vista

Our company did last year, cities of Vienna and Munich did, French parliament did, it should work out very nicely for you too. Our former XP users love KDE.

No need to put yourself through pains when you can improve security, save money and achieve a good deal of vendor independence all at the same time. Why support the Microsoft monopoly by paying ridiculous prices for bug ridden software with DRM restrictions, when you can run Free software on the industry standard (and thus inexpensive) hardware?

Knowing everything I know now, I only regret that we did not migrate to GNU/Linux sooner.

Re:Migrate to GNU/Linux, not Vista

[troll+-1]

Why support the Microsoft monopoly by paying ridiculous prices for bug ridden software with DRM restrictions, when you can run Free software on the industry standard (and thus inexpensive) hardware?

Ah, but according to the article Microsoft is forcing vendors to manufacture more expensive "content protection" cards so the most popular cards will be made (more expensively) according to Microsoft's specs.

See the section on "Increased Hardware Costs".

[I]nstead of varying video card cost based on optional components, the chipset vendor now has to integrate everything into a one- size-fits-all premium-featured graphics chip, even if all the user wants is a budget card for their kids' PC.

So if you want to run that latest Radeon that all the gamers are using on Linux, you'll pay more and probably be hindered by all content protection junk it contains.

Re:Migrate to GNU/Linux, not Vista

[westlake]

I]nstead of varying video card cost based on optional components, the chipset vendor now has to ntegrate everything into a one- size-fits-all premium-featured graphics chip, even if all the user wants is a budget card for their kids' PC.

sounds like a plan to me.

stamp out the single super chip as fast and cheap as you can make it. build it into motherboards. video cards. set top boxes. market it as high performance video at integrated video prices.

it doesn't matter!

[bwy]

It really doesn't matter. Before long each new Dell and every other new computer will be shipping with Vista. It could be the worst operating system ever, and within a few years everyone will be using it. There is virtually no way for Vista to fail, given the circumstances.

Re:it doesn't matter!

[kyliaar]

Not true.

We don't have to look too far into the past to see that not every Microsoft OS product has been a raging success. *cough* *cough* Windows ME

Happy Windows ME users were few and far between in my experience. Not having native USB support as well as having a host of stability issues that were hard to debug, etc. few people upgraded to it or quickly upgraded away from it when XP became wildly available.

I realize that the document linked to is written with what seems to be an almost inflammatory bias, it does sound that the Vista Content Protection is a move in the wrong direction for the content publishing industry and lawyers rather than the consumers.

Not even Microsoft is immune to the forces of the market. They do have dominance in a field where migrations away from a product are often expensive and time consuming but, at the very least, if they produce a crap product, people will not upgrade to it.

People making new purchases are much freer to choose from a competitor that may not have the same problems.

Re:it doesn't matter!

[Technician]

People making new purchases are much freer to choose from a competitor that may not have the same problems.

I see Apple having a very good year.

This is hardly an analysis

[Sexy+Commando]

This so-called analysis was written by thinking of a conclusion first, then filling in the blanks. There are no citing of references to support his claims.
This is just simply a political blurb.

Re:This is hardly an analysis

[DerekLyons]

This so-called analysis was written by thinking of a conclusion first, then filling in the blanks. There are no citing of references to support his claims. This is just simply a political blurb.

I was thinking the same thing - TFA is nothing but a long winded rant against Micro$oft. Reading a 'cost analysis', I expect the discussion to center around... costs. Which were significant by their absence.

Re:This is hardly an analysis

[VENONA]

Well, Gutmann is known in my circles for having done some good work, and having a track record that goes back for years. Things like trying to get the word out on how bad RC4 encryption was (and I wish IEEE had paid attention before the absurdly-named WEP was created--the RC4 issue was *not* all about key length, despite Microsoft claims), breaking early Windows pasword encryption, breaking a couple of disk encryption schemes, pointing out some serious flaws in Linux VPN software, etc. The list is fairly long. Apparently some people here think he's some sort of standardized media pundit--just another talking head. Uh, no.

Although some of what he said is new to me, I know he's dead right on some other bits. I know I'm very much prepared to give the man the benefit of the doubt on the parts that are new to me. Which sucks. To me, the best thing about Windows is that it was the central force that drove hardware into commodity status, and lowered all of our costs. Now we may have to give some of that benefit back. That isn't something I'm happy to do, particularly for the sake of Vista, which I'll never use.

I don't see how you can say the piece wasn't about costs. That thread was all through it. You expected actual numbers? That's *very* proprietary information to any vendor. Nor is it likely that the vendors themselves have much hard data yet, in the specific case of Vista, as it's very early innings. They can't even be sure of the adoption rate yet, so fabrication contracts, and a myriad other details are likely to change fairly rapidly over the next few months.

Yet it's very clear that the broader picture in one of increasing costs for hardware vendors. Some of that will probably just mean lower margins, but even that doesn't mean that only investors will be hurt. It also means less R&D, which isn't good for anyone, in the long term. And some of those costs *will* be passed on. Investors will demand it.

There are other issues, of course--reduced functionality and stability, yet more difficulty in avoiding binary blobs in GPL kernels, etc. None of this is good news to assorted non-Windows people, though much of it will hit Windows users as well. It's not the end of the world (and wasn't presented as if it were) but it's certainly bad news.

This is absurd.

[CDarklock]

Every time I see an analysis of what DRM means to the consumer, I see all this crap about how it's going to make things more expensive and lower quality. And that's true - SOME things will be more expensive and lower quality.

But these analyses never stop to consider HOW MUCH will be more expensive and lower quality, or exactly what changes we're discussing. What will be lower quality and more expensive is the DRM-protected content. And DRM sucks. People will complain. Vendors will eventually listen.

At the moment, we have a lot of content providers who refuse to provide any content without DRM because they can't imagine making a profit otherwise. DRM gets them to provide something instead of nothing. Historically, unprotected content outperforms protected content; because you spend nothing trying to stop people from stealing it, you recover more revenue than you were losing to theft anyway. If we just let providers choose, they will eventually make the right choice. We can't force them to make the right choice NOW, because they won't make it. They'll provide zero content.

That's the false dilemma. Everyone seems to think the choice is protected content or unprotected content, but it's not - it's protected content or NO content. Fighting the protected content is not going to get you what you want. You have to let the providers make their stupid DRM plans and try them, so they'll see for themselves that it's stupid.

Re:This is absurd.

[Dachannien]

We can't force them to make the right choice NOW, because they won't make it. They'll provide zero content.

Not true. The content cabal claimed that without a broadcast flag, their government-mandated efforts to switch to digital broadcast HDTV would be tantamount to suicide, and they threatened to obstruct the production of content in HD until such a flag was passed. Here we are, three years after the FCC first tried to implement the broadcast flag by providential decree, and we have a bevy of digital broadcast high-definition programming with no broadcast flag.

The reason the content cabal will never provide "zero content" is because there's too much money to be made even without DRM. The only reason they want DRM is because it provides them with additional control over the content that they sell to us that goes beyond copyright and piracy prevention. It's the same reason they have things like User Operation Prohibited and Region Codes in the DVD spec. Neither of those forms of DRM have anything to do with preventing piracy. UOP is used to force-feed advertising (and the ubiquitously-ignored FBI warning) to the paying customer, and region codes are used to exploit worldwide market arbitrage.

They are fighting tooth and nail today to get DRM everywhere they can, because they know that once the technological dust settles and the standards that we'll be using for the next 20 years mature, if it doesn't have DRM in it, it never will in any meaningful sense.

Re:Migrate to not Vista

[Utopia]

Content Protection is a explicit opt-in from content providers.
Its not mandated by the OS.

Migrating a different OS doen't give you access to the protected content.

Counterpoint

[Reality+Master+101]

The Vista Content Protection specification could very well constitute the longest suicide note in history.

If hysterical stuff like this is the best the anti-Microsoft forces can come up with (and this guy isn't the first one, just the latest in a long line of hysterical essays), it's pretty clear that Microsoft ain't that bad as a company, despite what some people want to believe. Maybe, just maybe, if you have to resort to that kind of rhetoric, maybe your position isn't that strong?

Disclaimer: I don't hate Microsoft. I am, however, frequently annoyed by their mediocrity, and unbelievably frustrated that someone doesn't have the balls to start a company dedicated to making an absolutely, positively 100%-compatible Windows clone based on a Unix-like operating system.

Playing Idiot's Advocate

[eno2001]

But, but, but... what about the high cost of retraining everyone to use all these new weird applications that don't make as much sense as Windows applications!!!? What about the steep learning curve since Linux is just inherently harder to use!!!? What about the fact that when the user tries to hit some valid work related site that needs to access media like Powerpoint, Flash 9 and higher, Windows Media Video, and the like that they won't be able to or will have a reduced quality end-user experience compared to MS Windows??? I've seen the Xine plug-in for Firefox and it doesn't work right. Instead of embedding the content in the browser as it should it pops open a new window and only about 20% of the time does the content actually play!! What about the fact that unless you've got a few gurus on your staff, when there's a problem there's NO ONE to go to for support once the problem is out of your league? Forums? HAH! Yeah, you've got a down critical situation with your users and you're going to fart away valuable time on forums where you may or may not get an answer in a day? A week? A month? A year? Never? The only answer if to get Windows Vista because it was built for real work and not for geeks with no life. Got that?

[DISCLAIMER: The poster called 'eno2001' does not believe in what he stated above at all and is merely parodying the typical lies and misconceptions about GNU/Linux that come from the anti-Linux crowd. The poster called 'eno2001' expects many good responses to the false arguments presented above from the pro-Linux community. All anti-linux sentiments will be laughed at unless you're really good at what you do. The 'eno2001' has spoken.]

Re:Playing Idiot's Advocate

[causality]

(Equally, the pro-Linux crowd is not above lies, misconceptions, and FUD themselves.)

Except that the "pro-Linux crowd" does not generally have a financial incentive motivating them to engage in FUD. Microsoft routinely engages in astroturfing, both with its shills and by sponsoring "independent" groups who are paid to have a certain opinion (if their product were truly so great, then why the need for deception?).

However poorly they may perform the task of advocating Linux, to most members of the "pro-Linux crowd" the goal is to obtain what they believe to be a superior computing experience, both in terms of technical capability and user freedom. Whereas Microsoft would happily market an operating system that could run no 3rd party applications and popped up a dialog that said "Fuck You for Using Windows" every thirty seconds so long as people were still willing to pay for it. One is a fairly grassroots movement in which users are expressing their true feelings about a subject, while the other has its roots in a top-down corporate environment designed for the sole purpose of making money in a market where the vast majority of customers are extremely ignorant about the technical merits of the product.

There is such a thing as purity of motive, and it counts for a lot.

Incidentally, because this was mentioned in the GP, I will say that Linux (and *nix in general) is not at all difficult to use. It is more difficult to learn than Windows, but the effort required to understand how the system works is a one-time investment, after which you find yourself with a rather straightforward operating system in which it is a simple matter to perform most tasks -- my personal opinion is that this is because unlike Windows, Linux does not assume that the user is an idiot. It also does not assume that the user intends to use the same machine for months or years without ever learning more about it than what was learned during the first week of use (although perhaps I repeat myself; to me one symptom that someone is an idiot is that they do not value or even hate learning). In comparison, Windows is easier to learn how to use, but learning more and more about how the system works does not provide the user with fewer annoying explanation and confirmation dialogs to click through, nor does it make the "power user" options less buried in the user interface, to name just two examples of the tedium involved.

well duh

[ILuvRamen]

The Vista Content Protection specification could very well constitute the longest suicide note in history

Hmmm, let's run through that cost analysis again. It took a lot longer to develop Vista and now nobody's going to buy it because of the restrictions. *gets outs his calculator* yup, that leaves em pretty far in the red. But thank God they don't have to worry about losing money from pirates for at least a few weeks until people find ways around everything.

I'm sure it does not matter

[gelfling]

Every touted improvement in Vista exists to make Microsoft's life and the life of their media and hardware partners better and more enriched. It is not, I repeat, not for your benefit or enjoyment. Recently MS stated this would be last 'turn of the crank' for an OS like this. I agree. This is because the only logical step next would be to lease you the OS and the hardware, only, and bar you from doing anything on your own with it. Since that's not bound to fly, yet (let's see how they react to Google) then the alternative is to lock you into their content, at least.

Re:Higher Requirements for New Media

[caldaan]

I think the point was more on the lines of, if you want to play blu-ray discs all you need to do is buy a blu-ray player.

But in reality that $2000 LCD monitor you have isn't going to help because it can't tell the video card that its a protected device, well you need to go buy a new monitor.

Wait that $500 video card can't detect trusted monitors, better go buy a new card that can.

Oh yeah, and that all digital surround sound system, well it isn't going to work at all so you need to go buy an analog one.

Yes, I read TFA

[The+Living+Fractal]

I think what Microsoft is doing right now is analogous to the old practice of offering a product at a higher cost initially just so you can then negotiate down to the price you really want.

You might claim it is apples and oranges. I think it's not. They design the product with more restrictive DRM knowing the consumer will not want ANY DRM. Then they 'listen' to the consumer by removing some, but not all of it. Thus arriving at a middle ground, but really closer to their originally planned position. This serves to possibly give them what they want while simultaneously making them look good in the eyes of the consumer.

Of course, most intelligent consumers decry ... well why finish the sentence. "Most intelligent consumers" probably accounts for a very small percentage of the total consumer base.

TLF

Re:Migrate to not Vista

[Utopia]

Thats incorrect. Degradation is recommended by the HD standards only if the content provider has opted-in for content protection but the hardware used doesn't provide a complete protection path to the display.

So non-opted content will display with full fidelity regardless of whether a non-secured or secured mechanism is used to display the content.

Peter Gutmann

[starfishsystems]

In case anyone doesn't already know him by reputation, Peter Gutmann isn't just some random blogger with a grudge against Microsoft.

Yes, he tends to be a bit outspoken at times. He's also a veteran contributor to the security field and tends to know exactly what he's talking about. So before dismissing what he has to say, you owe it to yourself to check his reasoning.

Sharks circling

[NorbrookC]

In the article, he a section on the potential hazard of Vista disabling video resolution in medical imaging applications. Leaving aside any issues of playing CD's in a work computer, I can see one outcome of this. The first time a blown diagnosis can be blamed on this, the malpractice lawyers will be heading after Microsoft. It's something they've got to be salivating over: The ultimate deep pockets! (cue theme from Jaws)

Media conglomerate thinking is absurd.

[mkcmkc]

That's the false dilemma. Everyone seems to think the choice is protected content or unprotected content, but it's not - it's protected content or NO content. Fighting the protected content is not going to get you what you want. You have to let the providers make their stupid DRM plans and try them, so they'll see for themselves that it's stupid.

For me, it's unprotected content or NO content. My media purchases are now less than ten percent of what they were a decade ago, specifically for this reason. (Yeah, I'm still 10% a hypocrite.) Copyright is being used to wreak a lot of havoc, and I'm not going to pay those who are doing it.

Re:Migrate to not Vista

[fahrbot-bot]

Degradation is recommended by the HD standards only if the content provider has opted-in for content protection...

Thanks for the clarification. What are the odds a content provider won't opt-in for protection? In any case, I can't really make any justification for Vista (or high-def DVD) at this point -- especially if this article is accurate.

My guess is that the tighter DRM proponents squeeze, the more things will slip through their fingers -- to paraphrase someone I heard somewhere, sometime ago...

Mancur Olson again

[Budenny]

A classic, absolutely classic instance of the thesis which Olson demonstrated in lots of case studies.

All special interest groups will find it in their interests to impose on society costs hundreds, thousands, millions of times greater than the benefits they receive.

In the present case, Big Content, to protect its rents, is imposing measures which will end up costing the US and the West enormously more than any benefits to Big Content.

But they don't care, of course, because even if we are all worse off, they are a little better off.

And so, you discover if you examine economic history, that revolutionary convulsions every 50 years or so benefit economic performance, by abolishing encrusted priveliges of various groups. And this is why 19c France in constant turmoil outgrew 19c stable Britain. And why the post civil war South did so well in the 20c... And why Germany grew so fast in the fifties.

And why the US is falling into paralysis today....

Re:Migrate to not Vista

[mrchaotica]

Protected content is DRMed movies and music. We're not talking about encrypted financial documents.

You know, this point is apparently harder to understand than you realize. After all, even some people who aren't affiliated with the publishing industry still support DRM, because they mistakenly think it'll help them "protect" their own data. They fail to understand that that doesn't require DRM, but works perfectly well with plain encryption (in which the owner knows the key).

Vista will improve your social life guys!

[dbIII]

You get to talk to frequently talk to lovely ladies in India and swap very long strings of digits with them. Isn't re-activation fun? And if it is a stressful day at work, just hold the phone up to your ear while you rest and tell anyone that bothers you that you are on hold with Microsoft - you should be able to get away with an hour at a time before anyone gets suspicious. What fun! Every disaster recovery plan gets to add a few hours to acoount for waiting on hold to get new activation numbers for each rebuilt system.