Slashdot Mirror
Vista Security The 'Longest Suicide Note in History'?
rar42 writes "The Inquirer is reporting on an analysis of Vista by Peter Gutmann — a medical imaging specialist. This isn't the usual anti-Microsoft story — just a professional looking at what is going to happen to his computer if it is upgraded to Microsoft Vista. From the article: 'Windows Vista includes an extensive reworking of core OS elements in order to provide content protection for so-called "premium content", typically HD data from Blu-Ray and HD-DVD sources. Providing this protection incurs considerable costs in terms of system performance, system stability, technical support overhead, and hardware and software cost,' says Gutmann."
From TFA:
At first, I shared some cognitive dissonance with Gutman; China, however, is governed by Chinese and for Chinese: they're allowed to act in their own best interests.
The U.S., on the other hand, is beholden to parasites and corporations; and compelled into an unnecessary decline.
You're not supposed to use a consumer grade OS for mission critical apps anyway. So if you went with a vendor that builds its apps on such an OS, then you are at fault.
Same story at http://it.slashdot.org/article.pl?sid=06/12/22/172 7245
For the kinds of purposes I'm interested in (research, science) this will make workers question the priorities of the operating system they are using. Is the priority to have maximum flexibility, performance, compatibility and extensibility (*nix) or to have maximum convenience for consumers (Windows).
Without a doubt, Windows is still the most convenient platform for consumers. But the priority behind the design is not purely performance and flexibility, but protecting content and other commercial interests.
We sure know the priority isn't security either
Nobody ever asked for Vista. Nobody wants it. I'm tired of MS trying to ram it down our throats.
Did you know DirectX 10 will only be released under Vista? Even if you have the latest and greatest G-card and a fast system, sorry, if you run XP you'll be stuck with DirectX 9. There's no technical reason for this. It's just that MS wants you to 'retrograde' to Vista.
How about someone do a web site reselling old XP licenses? eBay refused to do this because MS asked them not too. How about someone will some guts and enterpreneurship takes a go at this. Could be a huge market for XP resales especially to businesses?
As for games developers, do what I do: Switch to OpenGL next release.
Microsoft was legally forced to remove version numbers from Windows as the software they ship was technically no longer improved.
``This isn't the usual anti-Microsoft story just a professional looking at what is going to happen to his computer if it is upgraded to Microsoft Vista.''
Doesn't any professional investigation of Vista inevitably end up being an anti-Microsoft story?
(Just kidding. I actually think Microsoft put a lot of good things in Vista - although I'm not convinced it's a good product, and I'm definitely not dying to use it)
Please correct me if I got my facts wrong.
Here's a link to the actual paper referenced in the article.
I would post the entire paper, but it's too large. Here are some notable excerpts:
[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.
Peter is a security guy. He's written widely used crypto software. He is not a medical imaging specialist. Where did /. get the idea that he's a medical imaging specialist???
fta: Disclaimer
:)
Any opinions expressed on this page are not in fact mine but were forced on me at gunpoint by the University of Auckland.
He a shill!
Your sig(k) has been stolen. There is a puff of smoke!
>PS: Linux users are breaking the LAW every time they watch a DVD using their OS.
Untrue.
Distributors of some types of DVD decoding software may be doing so in violation of civil statutes in certain jurisdictions, but I must ask you to cite the specific prohibition you claimed in your PS:. Chapter and verse of the applicable law, please, don't waste our time with "DMCA". I know all about the DMCA, the DVD/CCA/CSS issues, etc.
-fb Everything not expressly forbidden is now mandatory.
Am I part of the core demographic for Swedish Fish?
The record and film industry do not want new technologies to be available to the public. They will fight bitterly until the last, until the new medium is forced on them. And then they will make money on it. Think of home video. The film industry brought the VCR manufacturers all the way to the Supreme Court until they lost. Now the film industry makes significantly more money in home video sales than in the theatres. Technology must be imposed non-consentually on the content providers. The manufacturers need to release their products regardless of the complaints of the content providers.
I don't know why Microsoft is bending over for the media companies. They should just publically state that any mandated copy protection will hurt the ability of corporations to develop their own proprietary software. I'm sure there is at least a dozen companies which will gladly provide written statements about how the copy protection hurts their business. Microsoft then gives the media companies the middle finger. Pirates rape the media companies in innovative ways by releasing the content in manners not approved by the owners. The media companies are forced to create new media delivery methods to match consumer demands. This increases their revenues which were stagnant because of media executives who couldn't innovate their way out of a paper bag. The consumer benefits from new options in the market. Everyone benefits from the rape.
I don't believe piracy for profit should be legal. However, I don't believe that non-profit piracy is that bad. Many people would never purchase the movie or television show. Many people later purchase the legal version of the pirated product. For example, let's say a Slashdot reader named Jim missed out on the first 8 episodes of Heroes. He had heard it was a really good show, but didn't want to watch number nine first. Let's say that Jim downloaded the episodes in non-approved manner and watched them. Now Jim is a loyal Heroes watcher. Or let's say that Jim downloads technical books, finds which ones he likes and then purchases them online. Does Jim contribute to the media companies bottom line or does he hurt the media companies bottom line?
Could someone please like, read....something before they post a summary? I found no indication that Gutmann is a medical imaging specialist from his web page or report. He's a computer scientist who specializes in compression and encryption, which actually makes him a little bit qualified to perform a professional review of the new operating system.
The only thing remotely medicine related here is a quote from 'Brad Steffler MD.', a surgeon who claims that Microsoft's restrictive DRM methodologies make it more difficult for him to do his job.
Many industrial and medical applications run on Windows. You forget that Windows NT was advertised as a high-security C3 operating system. Many applications were ported on this advertising. Some of the lock-down permissions in Windows NT were pretty draconian, and worked really well.
With Windows Vista, Microsoft appears to be completely abandoning any pretense of high-reliability.
Many industrial and medical applications have fairly high reliability requirements. Using commodity software and hardware has some cost and reliability advantages. It is easy to source replacement parts, and implement hardware redundancy. Being able to easily obtain replacement hardware is a big advantage if downtime costs are large.
The problem is that Microsoft appears to have abandoned the high-reliability sector. Windows XP has a continuous stream of rolling updates for both XP and the Anti-Virus packages. The result is that your high-reliability application can stop working for no apparent reason. From all indications, Windows Vista will make this worse.
Recently, I have been looking harder and harder at Linux. Linux offers a much more stable platform, and I can customize the installation to make it much more difficult to corrupt. The issue is that such a high software investment has been placed in specialized Windows solutions, that it is difficult to port everything to another operating system overnight.
Sounds like a good case for a anti-trust trial in europe :-)
...but from the PR standpoint, it's a WIN. I'm all for discouraging Windows use, but I'm also one for personal
choice. And if it means someone has to give people crutches in the short-term to score points in the long run
so be it.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Look at linux... its not like we have Linux 3.0 and Linux 4.0 where nothing old works.
Its still linux. 8 year old stuff still compiles mostly, its fluid.
If windows was so great, it would stay at one version XP forever, with unlimited updates forever, SP4 SP21. etc...
Just because they are forced by marketing to make a new version is admiting its core is crap and needs a rewrite.
They could just as easily update/replace portions of XP gradually, six monthly. And make sure each other component isnt
too tied to others. ie WMP shouldnt need IE7 or something else... it should be detect and use if available.
This whole idea of , lets stop current dev and all new dev is placed into a new 'version' edition is total marketing crap, and
old school stuff of the 80s. Modern complex systems should never have a major rebuild, its always small step updates, like real
biological evolution.
OSX is basically the same, but again its articially versionized because of just new components added, and the silly side effects like
newly compiled made software not working on old OSX's even if they use no new features, thats my biggest pet pieve of OSX. Sometimes
its only the result of the installer package, not the code it self which would work fine. If X library is less than version Y, then dont use
those features.
Btw does apple make the old OS10.1 and 10.2 upgrades from 10.0 FREE NOW? what about any one left in 10.2 land, do they get a free 10.3 upgrade
once 10.4 is widely installed? Having too many versions installed out there should be a worry for them, they should allow all 10.3 machines to upgrade
for free. It would surely be cheaper to have no support for pre 10.3 if you provide free upgrades.
Liberty freedom are no1, not dicks in suits.
http://www.microsoft.com/about/legal/useterms/defa ult.aspx
this is a microsoft hosted page that you can pull up any EULA you want (MS products only of course)
Microsoft requires the right to DISABLE YOUR COMPUTER if it fails a validation check (WGA BOFH style anyone?)
Any person using FTFY or editing my postings agrees to a US$50.00 charge
If you're watching BBC programmes in the UK then there is no such legal circumvention. The law is very comprehensive in that area and has covered computer viewing for years.
You're wrong. The TV licence covers the receiving and recording of broadcasts as they are being broadcast. I've got the documentation on my lap right now. The website clarifies this here. This does not cover the shows that are available for viewing on BBC sites such as BBC Two's Watch Now. (IANAL though)I don't much care for the TV licence.
I currently have a Chinese-made upconverting DVD player. Chinese made because the US and Japanese manufacturers have knuckled under to the demands of the entertainment industry that no DVD player will output HD content over component video cables. (Now think for a moment just how mind-numbingly stupid this restriction is. Upconverting DVD players don't actually output video in true HD, because the movie isn't on the DVD in HD in the first place, and no process can add more information that was there to begin with. All an upconverting DVD player does is interpolate. An upconverted signal is the absolute last thing that any pirate could want, because it massively increases the amount of data required to copy the signal, without adding any information. So the entertainment industry, out of sheer ignorance has added a completely useless restriction that imposes considerable inconvenience on the consumer. Many older HD TV's only have component inputs, and even newer ones typically have only one HDMI or DVI input. And HDMI/DVI switchboxes are much more expensive than component ones. So consumers end up switching cables, shelling out extra money for switchboxes--or doing what I did, and buying a Chinese DVD player that is oriented toward the consumer instead of sucking up to the content industry.
The world never had any entertainment before the dawn of DRM & copyright.
[sarcasm off]
--- Grow a pair, liberals... stop letting the Republicans bully you!
use Vista, but not DRM content...
Is there anything limiting the use of high quality, non-DRM'd media?
Mainly, I think it's a question of complance with laws like the DMCA, and not getting sued. if the RIAA sues hundreds/thousands of individuals for large amounts of money, do you think MS wants to have to defend a case that they 'aided' copyright violations?
I find it hard to, in the same breath, fault Microsoft for violation of the law for extending their markets, and fault them for not disreguarding the laws reguarding others IP.
Imagine what would happen to the market for iTunes purchases if Windows had the built in ability to crack iTunes content protection...
Live banjo music, played by relatives, close relatives. Very close relatives.
This issue is a bit more complicated than you think.
I don't know why Microsoft is bending over for the media companies.
They're not. Microsoft has a monopoly. They can tell anyone to get lost.
But "compliance" with "requirements" of the RIAA and MPAA is perfect cover for their real game plan, which is to eliminate Open Source (Linux, etc). If Microsoft simply pressured hardware manufacturers (video cards etc) never to release specs, and also to spend billions making it impossible to reverse-engineer their programming specs, just to stop programmers from developing Linux drivers, they'd lose an antitrust action in court.
But by wrapping the plan up in the excuse that it's to meet RIAA and MPAA requirements, Microsoft has a perfect defense.
Warfare is endemic in Humanity.
From the Book of Joshua (abbreviated)...
Chapter 6 -
1. NOW Jericho was straitly shut up because of the children of Israel: none went out and none came in.
21 - And they utterly destroyed all that was in the city, both man and woman, young and old, and ox, and sheep, and ass, with the edge of the sword.
24 - And they burnt the city with fire and all that was therein.
Does this sound familiar to anyone? This is almost pre-historic siege warfare and what could be described as ethnic cleansing. I'm not picking on the Jewish Nation, it's just that they were kind enough to record their deeds where so many others did not. The archaeological record shows many examples of pre-historic walled cities that were destroyed in sieges, so from the earliest days of 'civilisation' we have fought each other.
Travelling forward in time at a rate of 1 second per second.
"The technology in Vista also doesn't PREVENT you from doing anything, it has the 'requirements' so that HDCP content CAN BE PLAYED, something NO OTHER OS OFFERS!! It takes away NOTHING..."
Whoa, wait a second...
From the Wikipedia page on HDCP:
"HD DVD and Blu-ray Disc players allow content providers to set an Image Constraint Token (ICT) flag that will only output full-resolution digital signals using HDCP. If such a player is connected to a non-HDCP-enabled television set and the content is flagged, the player will output a downsampled 480p signal."
That sounds like it's taking away quite a lot. That sounds like it's making it so all of your HDCP-"protected" videos can only be watched at a maximum resolution of 640x480. Even worse, "downsampled" pretty much means "scaled down using some cheap commodity chip that pixelates the crap out of your video".
Were you actually being serious when you were trying to make it seem like HDCP is a feature in Vista actually beneficial to users in any manner at all? Buying HDCP-"enabled" products is just paying up your protection money so you can watch your legally purchased videos at the resolution you paid for.
In fact, buying Vista or other HDCP-enabled products makes it that much easier for companies to prevent you from doing what you want with the media you spend your hard-earned cash on. Hey, it's your choice if you want to maintain the idea that DRM is a good thing, but somehow I have a feeling you're not going to feel so good in the end when you're locked into such crippled technology.
From http://www.microsoft.com/whdc/device/stream/output _protect.mspx
From the doc
"By contrast, the Windows-based PC is designed to be an open platform. Anyone can load software on it; it is easy to write software for it, because all the interfaces are well defined and published; and there are many good software tools available."
Open platform? By who's definition?
LOL!
Let me say that again: Businesses!
Most businesses aren't concerned that their employees may not be able to view HD content on their desktop PC's, as that is not what they hire people to do (in general). As long as Microsoft can assert that a desktop machine running Windows Vista will continue to be able to fulfill enterprise business requirements in a stable, reliable way there will be plenty of businesses perfectly ready to plunk down their money to get what Microsoft promises will be "the most stable and secure computing experience to date."
Better have a look at Microsoft's balance sheet - somehow, I doubt that the majority of profits come from individual user sales! Their big bucks come from per-seat volume licensing of OS and productivity products - that's their bread-and-butter! I don't think a financial clearing-house, or a medical supplies company, or your average insurance office will really get sweaty about HD-DVD playback being broken because there's no HDMI interface to the ol' VGA monitor.
Before the masses point out that there are plenty of productivity killing traps in Microsoft Vista (and there are), Microsoft will simply assure businesses that as long as their hardware doesn't change drastically they can expect their machines to continue operating flawlessly. The relative truth or falsehood of that assertion is irrelevant; Microsoft will say it and businesses will accept it. There are way too many large organizations with PHB's at the helm for the technically savvy to prevent this from happening. After that, those businesses which were insightful enough to avoid the "Microsoft upgrade cycle" will ultimately be forced to come along by way of remaining compatible with the rest of industry.
Don't like what you see in Vista? Too bad - once it's entrenched in business it'll make inroads in the home (how many /.'ers use software at home similar to their employer's software so that they can be more productive at work? I, for example, run openSuSE at home because my employer uses SuSE Linux Enterprise Distribution in the workplace; it lets me be more productive at home and at work because I can leverage what I learn in one environment to the other).
Don't need to borrow a Mac, I own four (one of which, due to a careless incident involving irreplacable single-malt scotch, is defunct). So now you're wondering, "Dude, you've got... Macs... up the wazoo... whyyyyy?"
The reason is, building a music workstation is a massive money and time investment. Money, because buying the proper cabling, software and gizmos is expensive. Time, because learning how to use that equipment properly doesn't happen overnight.
Since I really just do music production for a hobby (and the occasional vanity CD), that means I invest in new software and hardware once every, oh, ten or twelve years.
We're in year 6 for the old system.
Because of the need for an entire industry to work together, audio interfaces change even less often than that. MIDI is still the only way to get control data to and from legacy equipment, and is thus a required portion of any setup. S/PDIF will be around for a long time because it's more than good enough for pro recording quality and it's a standard.
What's ironic is that DirectX had become such a terrific multimedia I/O system that Windows was becoming a much more capable system for music development than Mac (and it pains me to admit that). And both are light years beyond what Linux can do. Good LORD is sound ever a mess under Linux.
So the point is not just that I won't be buying Vista to replace XP on my music machine anytime soon; the point is that 4 years from now, when it comes time to replace my existing music machine, I will be effectively locked out of any Windows-based solution.
Of course, a lot can happen in 4 years. Maybe Microsoft will realize their error and un-gimp their OS by then. Maybe Linux will have a sound architecture w... I can't even finish that sentence, let's stick to reality. Yeah, the next machine pretty much has to be an Apple, provided Apple doesn't do anything goofy like this.
This is part of the subtext both of the original article, and of this most recent post, so I thought I'd share what I know about it. FWIW, I'm a radiologist--that is, an MD who interprets the results of imaging studies--and an informatics geek.
Images are created on whatever imaging device--CT scanner, MR scanner, ultrasound machine, digital X-ray machine--and manipulated by the device's controlling system to do simple annotations, reformatting, etc. This is typically a Unix-based system running custom software designed and maintained by the device's vendor. The images are not usually interpreted on these systems.
From there, the images are sent to the PACS (Picutre Archiving and Communication System), which is just a gigantic central image database. These also tend to be Unix-based systems.
There tend to be two front-ends for looking at images in the PACS database. The first is the radiologist's interface, which is a high-end video workstation dedicated to showing medical images with the greatest possible fidelity. Most systems I've seen are Windows-based (Windows 2000, in our case) and run software which was built by the the imaging system vendors in the late 1990's. Much is made of the "lossless" nature of the images which are displayed; for example, when you log into such a machine, you're warned about how "This is a medical device" and that you shouldn't mess with it. Much is also made of "diagnostic-quality monitors" and high-end video cards to drive the monitors. This is an artifact from the early days of digital imaging interpretation in radiology, when there was a great deal of concern about whether the quality of the digital images would be adequate for us to figure out what was going on in Grandma's chest X-ray if we weren't looking at a piece of acetate. Most of these concerns have died away, as the differences in resolution and dynamic range turned out to be relatively minor and the added conveniences of being able to manipulate the images digitally turned out to be huge. For example, the new LCDs I seen being put on PACS workstations are off-the-shelf Dell 22-inchers, as far as I can tell.
Finally, there are "non-diagnostic" interfaces to the PACS images, which do tend to be web-based. These are so non-radiologist doctors can look at the images, too. Some are IE-based, and use an ActiveX control to display the images, and some use a Java applet. These are displayed with lossy compression (since someone might want to look at them from off-site via a VPN), and officially are not allowed to be used for interpretation. And in fact, I wouldn't want to; it's a lot harder to see subtle things on them than on a full-blown PACS workstation. Part of that is just the interface (it's hard to use those stupid ActiveX/applet things) and part of it is crummy/mis-configured monitors, but I suppose compression artifacts could also play a role.
So, to review: you go see your doctor, Dr. Smith, in her office, and she orders a chest X-ray for you because you're coughing and have a fever. You come to the hospital, and the nice technologist takes frontal and lateral view of your chest on the digital X-ray machine. He then goes back to the X-ray control room, and sees that the images are pretty good, and so he sticks your name on them, and a marker of the date/time and his name, and so on, and then sends them to the hospital's PACS system. I (the radiologist) am working at my PACS workstation, going through the long list of all of the CT scans, MR scans, and X-rays taken in the hospital. I get to your chest X-ray and look at it; I don't seen any sign of pneumonia, so I write a report (the subject of a whole different set of informatics) that basically says "Clear lungs" and that gets entered into your electronic medical record. Then, Dr. Smith back in her office can see your X-ray via her Web-based interface. If she wonders about something she sees, she can call me up and say, "What's that stuff at the left ape
Happy Premise #3: Even though I feel like I might ignite, I probably won't.
Some of what he says is actually correct. While I won't respond to everything you've posted I'll try to answer some of it so that you can at least get a sense of where the guy is coming from. Note that I'm not saying I agree or diagree with his position but I've been forced to research VISTA a good bit for work so I'm not completly clueless as to what's in store for us :-(
:-)
1) Laws of physics. Yes actually he's right. You see DRM is supposed to prevent us from being able to copy signals that are in the end analog. In order for it to actually work 100% we would have to have our ears replaced with digital jacks. Obviously not going to happen so in order for this to work Microsoft must have found a way to prevent you from using a microphone to record the audio (for instance). This is why folks says that for DRM to work it must break the laws of physics - this isn't just Peter saying this. I'll also note that some cmopanies have claimed to have the ability to close this "analog hole" buit to date nothing has materialized that actually does it.
2) Driver signing - in 64BIT VISTA Microsoft says all drivers must be signed. In 32BIT it's optional but encouraged and we'll get the usual pop-ups. If a driver is found to be vulnerable yeah they probably WILL kill it's certificate. Why? Because they are bending over to the media companies like CableCard and will not wish to lose that certification. An example of how far companies will go to get these certifications can be found with the TIVO S3 where they threw out significant functionality (Tivo2Go) in order to become "certified" and in their addition of DRM to retain their Macrovision license. Microsoft has now made themselves subject to much the same arm twisting... BTW, the MS blog I read that mentioned driver signing stated that they did this in 64BIT because there was little chance of breaking backwards functionality and that they couldn't quite do it in 32BIT but really wanted to. I do not know if 64BIT is required for the advanced media features but I'll bet that signed drivers will be required throughout for the advanced stuff to work on 32BIT.
3) Broken hardware... I will point out the HDMI video cards that turned out had an HDMI capable chipset (HDCP and all) but no hardware keys for the HDCP that sort of screwed the consumers. Yeah, they do sometimes ship "broken" hardware and when folks found out their spiffy vid cards wouldn't be compliant they were pretty pissed off!
4) Killer NIC card? I know some hardcore guys that play in tournaments considering that thing. es, a few milliseconds makes a difference to them and yes they run HIGH end video cards as a result. It makes no sense to me either but if the price were right I might consider that card too
5) Installing Blu Ray of HD DVD drives in the system doesn't matter. All of this DRM crap is in there working anyway and the addition of this hardware doesn't somehow suddenly turn it all on. This is part of his ppoint, the system could be more fragile because of these design considerations. As I understand it the DRM drivers all run at a special priv level seperate from the others - now that seems like an odd decision to make if you were trying to build an optimal system for the user doesn't it? I would also point out that there are other DRM contents out there over and above that which comes on physical media. I own a Buffalo Linktheater and it can play a TON of content. However certain DRM'd WMA files tip it right over because the damned media wants to phone home for authorization blah blah. You can get screwed by stuff like that without ever having installed goofy DRM'd hardware. Windows Media Player has been chock full of this DRM crap for awhile on XP if you've been paying attention.
On the flip side Microsoft has REALLY worked hard to make Vista more secure. Buffer overflows may have just been shot dead - memory space shuffling, NX bit for the OS, signing of code, canaries in the stack, no more users running as admin all the time, the lis
Build it, Drive it, Improve it! Hybridz.org