Virtualization May Break Vista DRM

Nom du Keyboard writes "An article in Computerworld posits that the reason Microsoft has flip-flopped on allowing all versions of Vista to be run in virtual machines, is that it breaks the Vista DRM beyond detection, or repair. So is every future advance in computer security and/or usability going to be held hostage to the gods of Hollywood and Digital Restrictions Management? 'Will encouraging consumer virtualization result in a major uptick in piracy? Not anytime soon, say analysts. One of the main obstacles is the massive size of VMs. Because they include the operating system, the simulated hardware, as well as the software and/or multimedia files, VMs can easily run in the tens of gigabytes, making them hard to exchange over the Internet. But DeGroot says that problem can be partly overcome with .zip and compression tools -- some, ironically, even supplied by Microsoft itself.'"

What next?

How long will it be until no one is allowed to run any executable at all that hasn't been signed by Microsoft, incase it's a DRM-breaking program?

Said before

[mcrbids]

Encryption allows Alice to send a message to Bob that can't be viewed by Jack. The problem with DRM is it uses encryption such that Bob and Jack are the same person.

Think about it.

Alice (the publisher of the song) is using encryption to ensure that you and only you (Bob) can recieve the message. But Jack (also you) is being prevented from viewing the message.

The only reason that DRM is making any kind of headway is because of the hand-waving around terms like "dual key cryptography" and "license management". When you get right down to it, the content producers exist to deliver content to me. Once I get it, the only thing limiting my distribution of that content is legal in nature - I'm afraid of getting sued or prosecuted, so I don't.

Speakers can be recorded, screens can be videotaped. DRM can make it more difficult to copy content, but it will NEVER make it impossible. And the sad part is, DRM frequently makes it more difficult to VIEW content legitimately.

As a good example, I just set up a Windows XP laptop for one of my sales associates. I spent an ungodly amount of time going thru "Genuine Advantage" this and "Genuine" that, along with some dozen or more reboots. It's riduculously annoying, especially when updating a new CentOS system takes a single line:


yum -y update; shutdown -r now;


Microsoft has it wrong, and it may well be their undoing to find this out.

Re:Said before

[Workaphobia]

> "Encryption allows Alice to send a message to Bob that can't be viewed by Jack. The problem with DRM is it uses encryption such that Bob and Jack are the same person."

That's an extremely common view (as said in your comment title), but it's not true. Bob is your television, and you are Jack. I don't care how much cybernetics has progressed, we're not televisions yet, and we as human beings can't assimilate, store, and regurgitate digital content with any kind of quality.

> "Speakers can be recorded, screens can be videotaped."

Both are analog holes. If it's not a digital copy, it's not a quality copy, and thus not in a position to compete with the real thing. Do you want to pirate an mpeg of some guy taping his television screen, or do you want to bittorrent the actual dvd contents? In the absense of the availablity of the dvd on bittorrent, would you be more inclined to buy the material? (For this paragraph, forget that you are a geek when I use words such as "quality" and when I presume you're a pirate - I'm talking about average users).

> "DRM can make it more difficult to copy content, but it will NEVER make it impossible."

Doesn't need to.

Or to frame the absurdity of that argument in an analogy that I feel works well: "Police can make it difficult to commit crimes (and not get caught), but they'll never make it impossible. Therefore we police are futile. When will they learn?"

> "And the sad part is, DRM frequently makes it more difficult to VIEW content legitimately."

No argument. We should be thankful that they have as difficult a time picking a DRM standard as they do. Fragmentation impedes their progress in locking everything down: CDs versus DVDs for instance.

Re:Said before

[taniwha]

I think his point is that it doesn't matter, breaking the crypto is hard, there are easier ways - I can pull apart my LCD TV - oooh looky here 2000 odd wires along the top, 100 odd along the bottom, that and 3 8-bit A/Ds and I can recover an HD signal good enough to play back at full quality on another TV - doesn't even break and access method in the dmca sense since it's just sample data as it is - that's a fun weekend project for a bored hardware hacker, and a business proposition for a pirate

Point is it's not hard, IMHO crypto as a means to avoid piracy is a joke, there's no point until we DO get that encrypted tap straight into the brain - the reason it's there is to piss off and control the customer

Re:Said before

[node+3]

Wow, are you secretly trying to *promote* DRM by making the anti-DRM argument look retarded?

But it's not hard to create a rig that does [capture DRM limited digital data]. Then where is all this hardware? How do you plan to capture HDCP content with a "not hard to create rig"? The whole point is that DRMing the whole system leaves only analog methods, or exploiting flaws.

Many audiophiles would disagree with you, and would argue that analog presents the best "true" copy. So an analog copy of a digital file is superior to a *perfect*digital*copy*? How did that make enough sense to you for you to type this?

See above points - it's not some guy with a camcorder of his TV, it's the "pro-sumer" guy who has good quality equipment that can kill DRM. How? Ok, you get your HD cam out and record a plasma screen viewing of a Blu-ray disc. This is going to "kill drm"? No, this is going to result in poorer quality. This poorer copy is not going to kill drm. It gets around DRM, but people will still want the superior DRMed version.

You are completely missing the point. For 200 years, merely PRINTING "Copyright NNNN - all rights reserved" has resulted in a reasonable protection for copyright holders. So why is it that all of a sudden, new technology is needed to enforce what is, at its core, a human problem? Because for the first time, virtually any copyrighted work can be perfectly copied at the click of a button, and distributed with close to zero effort. Without DRM, you could make a fully perfect copy of an HD movie in less than an hour. Prior to mass-market digital technology, it took a lot of time and/or a lot of money to make a copy of something, and that copy was almost certainly going to be of lesser quality, and distribution beyond people you have physical contact with was quite expensive and/or time consuming.

Look at copyright laws circa 1975, when the Xerox copier was really starting to take hold for an EXCELLENT parallel. No, it makes an extremely poor parallel. You could not copy a film or recording with a Xerox machine. You could not make a perfect copy of *anything* with a Xerox machine. Operating a Xerox machine is timely and significantly more expensive than copying a digital file.

A statement which largely undermines the rest of your post. Are you arguing that DRM is effective? Are you arguing that it's effective but bad? Are you arguing that it's good? Your point suddenly becomes unclear. He's arguing that it's effective but not being fully utilized. And no, his point was not unclear at all.

I simply argue that it's ineffective. DRM makes piracy *harder*. Not impossible, just harder, and that's all it takes to be effective.

The problem with DRM is that it's not only effective at slowing piracy, it's effective at locking consumers out of their own content.

Some DRM can be useful to discourage blatant piracy Wait a minute! Didn't you just say, *in the preceding sentence* that DRM is ineffective? If it discourages some piracy, it's effective. That's the only reason it still exists. The various labels and studios (except EMI) do not yet realize that DRM hurts more than it helps.

but relying on it excessively is just dumb. That is, in fact, 100% true.

Re:Said before

[Alioth]

. It gets around DRM, but people will still want the superior DRMed version.

The millions of people pirating 128kbit crummy sounding MP3s and horribly compressed DivX copies of movies would seemingly be in complete disagreement with that statement. People downloading pirated content don't care so much about quality. Those who care about quality tend to also be the kind of people who also prefer legitimate copies, DRM or not.

Re:Said before

[Charcharodon]

The Genuine Advantage always seemed like a $100 fix to a $5 problem. I don't understand why they just don't offer the customers at retail they same price they offer companies like Dell for the license or even something at 2-3x times the price. You would find people a lot less willing to pirate Windows if it costs $40 instead of $220. They could get rid of all those people they have for licensing support and whole sections of their software engineers, I'm sure that would make up a large portion of the $180 difference licensing price.

Re:Said before

[Bert64]

"Because for the first time, virtually any copyrighted work can be perfectly copied at the click of a button, and distributed with close to zero effort. Without DRM, you could make a fully perfect copy of an HD movie in less than an hour. Prior to mass-market digital technology, it took a lot of time and/or a lot of money to make a copy of something, and that copy was almost certainly going to be of lesser quality, and distribution beyond people you have physical contact with was quite expensive and/or time consuming."

So your saying that, new technology exists which makes distribution of content much cheaper...
And yet content producers want to charge the same or more for this cheaper to distribute content? While also restricting the customer more than they did with earlier distrbution methods? It looks like their business model is becoming obsolete, and theyre just trying to shore it up by restricting their own customers.

Why not sell a product/service that cannot be easily reproduced, such that your actually providing value for money... Movies shown in a cinema spring to mind, the cost of a cinema size screen and sound system is beyond the means of most people. And then there's live concerts for music.
You cant clone a live concert, because you cannot produce exact replicas of the artists (yet?) and the cost of setting up a bootleg cinema would be too high to be worth the hassle.
If you want to sell movies on dvd, they need to be priced such that copying them is not viable, and yes that is possible. Movie companies have access to factories where DVDs are mass produced at a cost of 1 or 2 cents each, no pirate group would be able to obtain blank media that cheaply, let alone the time and effort needed to write to it.

In short, piracy only exists because the original media is disproportionately priced compared to its production cost. DRM exists not as a solution to piracy, but as a method to wring more money out of their paying customers.

Re:Said before

[node+3]

So your saying that, new technology exists which makes distribution of content much cheaper... Yes, I am. I can get a $2,000.00 computer shipped to me from across the planet for $40. That does not mean the computer should cost $40.

A film (or CD, or book, or whatever), costs something to create, costs something to manufacture, costs something to promote, and costs something to ship. Due to technology, the highlighted items are, or can be, very close to zero (cents, or fractions of cents). The other costs still exist.

The problem is that, once the other costs are paid, *anyone* can just step in and perform the highlighted steps. This is taking advantage of costs paid for by others and is just as wrong (or at least, similarly wrong) to when corporations do the exact same thing to *us*. For example, corporations not paying taxes, but driving on roads the rest of us paid for; a buggy MS operating system which requires users to spend money on antivirus software, or to suffer downtime, data loss, and IT expenses; a factory which dumps toxic waste into the environment, transferring the cost of dealing with it from the company to the people who now have severe medical conditions.

At this point, I realize you have probably taken my post as being pro-DRM. It's not. It's anti-stupid-anti-DRM posts. DRM *works*. There can be absolutely *no* *doubt* *whatsoever* that people who *would* have copied a DVD or iTunes track haven't, due to the DRM. But the problem is that DRM does the exact same thing that DRM is meant to protect against--specifically, it transfers a cost to an innocent party.

DRM is, as many have posted, a flawed system, and it's doomed to eventual failure in the long run, and I *do* oppose it fully, and believe we will see more EMI's in the next few years, and should even see film and television content drop DRM sometime eventually as well, but this will *only* happen if there is an influential figure fighting against DRM. The reason for this is that *DRM works*. Just like dumping toxic waste into the nearest river *works*. It takes a counter-force to get people to stop doing a wrong thing that works. The first step in fighting DRM is to fully and honestly understand DRM. If you don't, media executives will just hear your lies, and know them to be lies, and dismiss your *entire* argument.

Pointing out the flaws in DRM is proper. Stating DRM is offensive is noble. Stating DRM does not work is a lie.

Re:Said before

[Bert64]

"Correction: It exists because people are cheap, and will pay exactly zero if they can get away with it. I like your post, it's full of missteps I see often in slashdot posts. For instance:"

Yes, people will pay zero if they can get away with it - Welcome to capitalism.

"The expense ISN'T in the distribution. It's in the initial production but recouped at distribution time."

And there you have a flawed business model, that simply cannot exist in an open market.

"So only physical things have value? Anything that can be copied easily has a value of zero? Please, go tell all the artists and production companies out there that their work is worthless, please."

Yes, welcome to capitalism.
Artists have existed for thousands of years, long before it was even possible to make recordings of music or live performances, and they got along just fine. They actually had to work for their money, rather than producing one work and reaping benefit from it endlessly. Very few people got into it for the money, they got into it because they enjoyed making music, or acting. And many of their works are still being enjoyed today, and reproduced freely... Just look at shakespeare.
The artificial ability to perform once, and make millions of dollars selling copies of that performance attracts lazy and greedy individuals who have little or no talent, and no real passion for anything other than the acquisition of money. Stop letting such people have an easy ride, and support the real artists who want to perform and have you enjoy their performance.

As for cinemas being a bad environment, there you have an opportunity, go make a better cinema.

American idol is different, television works differently, and you can make recordings from your television to watch later anyway. Television provides entertainment, and intersperses this with advertisements that pay for the TV company to acquire the content. If the content were cheaper, you could have more movies and less ads. TV also provides useful services like news.
Infact, many movies make all their money from being sold to various TV stations, they dont get sold on DVD nor shown in a cinema.

Tens of Gigs? No way. Try 10kilobytes.

Why would the file have to be so large? There's no need to exchange the entire VM file... just swap the key file which is produced after authentication. To explain, if two VMs are set up as identical (e.g. same HDD size, same virtual processor, same virtual RAM, same video card, etc.) they will produce the same hardware "hash". Once an authentic software ID has been used to unlock the first file, a file will be written to disk which contains an encrypted signature which authenticates the software and thus "unlocks" it. That same key, copied elsewhere to an otherwise identical environment, will also authenticate the other environment. Put another way, one key will unlock them both.

I'm sure there's a legal use for this. I just can't think of one...

Re:Huh??

A remedial lesson in file compression is in order for you.

Not the whole story

[earlymon]

I believe that there's more to Microsoft's dislike of VM than simply DRM, and I think that they're hoping to be shielded by a bit of DRM FUD.

Last year I was in Taiwan running WinXP under VirtualPC - with the appropriate upgrades after Microsoft had bought the product from its creators - and I had zero trouble.

This year, I'm in Taiwan again, but this time I'm running WinXP under Parallels. Shortly after my use of the machine here on the internet, I got this message telling me that my hardware had significantly changed since the original installation and that I needed to re-validate - I don't recall the rest of the message, but it involved Genuine Advantage and suggestions of unusability. So, even though I'm not carrying my original box around with the keycode (would you??), I decided to be brave and tapped on the warning from the tray as instructed. Took me right to an MS page at what appeared to be Microsoft-Taiwan, and it was quite persistent that I should continue to be routed to some Chinese language page. Long story short, I got some embedded wizard launched, got the MS phone number for the USA (Bangalore notwithstanding), called in, got re-validated and woot, woot, woot.

It seems - very strongly to me - that the only thing that Microsoft could have detected was my location in a way that didn't make sense to them, and I think I triggered something that decided I had a pirated copy. I really haven't had any use of my machine or anything change in any other way to cause me to suspect anything else.

So, how long before business travellers - and we fill a lot of 747s, virtually all running Windows - picking up VM for one reason or another start pitching fits when they discover that they can go into a full-screen presentation and be tagged publicly as potential software pirates?

I couldn't understand why MS had a real problem with Vista under VM, but if the cause I posited is in fact true, then the problem Microsoft is worried about goes back to the XP codebase. Say anything about Vista's new codebase, but it's all from the same company..... so, I think DRM is a specious explanation but it allows them to hide behind something where they can try to claim some innocence regarding VM - when in fact the OS may be more seriously broken w.r.t. VM than they're admitting.

I hope *IAA keeps wasting thier money on DRM

[symbolset]

These jerks think they define popular culture. They don't.

DRM doesn't work. People steal the stuff before it's encoded with the DRM. The key is always distributed with the content or recoverable.

DRM can't work. Their attempts are hilarious. In order to be perceived by a human it has to be rendered in analog format, at which point capturing and encoding it in an open format is trivial in all cases.

DRM shouldn't work. If they won't sell me the content for the device I want to play it on when I want to play it where I want to play it, I'll convert it and to hell with what they think I should be allowed to do. Fair use.

DRM is a security risk. I will not surrender control of my PC to render your content.

The more they annoy people, the more visibility worthy indie acts get. People will listen to their popmart derivative garbage less.

I am personally opposed to straight pirating the stuff but I have to admit my conviction on the subject is wavering at this point.

Re:devil's advocate

[Tuoqui]

Well the problem is that with virtualization. A guest OS is only as secure as its host OS. Which is why I presume that they don't want any WinXP or other machines that are lacking in the DRM department to be running Windows Vista virtual machines.

Another potentially real problem would be that vista as an actual OS in a computer runs slow as hell. People using virtual machines to 'test' Vista would end up with an even slower crummier machine and thus taint their perceptions for the negative. Nothing kills a product faster than the good old 'Word of Mouth' and there has been plenty badmouthing of Vista by all levels of tech support (not sales people though they gotta sell those Vista pieces of crap any way they can.

In short, the only 'acceptable' virtual environment for Vista would probably be Vista itself. They want to lock you into this crappy and crazy DRM scheme that they probably cooked up with Hollywood and hardware vendors to keep people on the upgrade treadmill indefinitely. (since if you cant watch the latest movies you need to upgrade to a computer that can run Vista, which means probably buying a whole new computer which means whole new hardware...)

What about Vista Business or Vista Ultimate?

Apparently Vista Business and Vista Ultimate are immune to DRM issue, as their EULA does allow them to be run under VM. I smell a fish here.

Come On...

[Kennego]

Ok, I know we bash Microsoft all the time, but...

"that problem can be partly overcome with .zip and compression tools -- some, ironically, even supplied by Microsoft itself" ???

Come on, that's the most worthless statement I've heard in like a month. What the fuck was the point of that little jab? Microsoft makes compression tools... that can be used to compress something that Microsoft doesn't like! And some compression tools... run on WINDOWS, a Microsoft PRODUCT even! Holy crap they must be so pissed at themselves right now for going along with that whole compression thing. How blind could they have been!?

In other news, people can use their brains to think of shit they don't wanna think about! They don't want to think about it and yet their brains are being used to think of it anyway! That's just so ironic...

Choose something else

[symbolset]

Ok, you've got many PCs most of which run Windows XP. They've been crashing every Exploit Wednesday since October. Every one has a license that was paid for three times (six times under Software Assurance). You have seventeen core apps. Some of them are paid for several times. Some have a licensing server so that some people can use them when other people aren't, and come with a utility so that priority users can kick off nonpriority users. A couple of them are free. Four of them are nagware that came with your PCs or that you thought were a good idea at the time. One is an in-house app that only runs in a DOS box and accesses dBase files stored on your server. Every month a couple get pwned for no detectable reason.

Even if they don't run Windows you've paid over and over. You have to because they've made it happen what "enforcement" will happen if you don't.

Every software vendor you buy from makes it clear the software you bought is being split into "basic" versions that include most of the features you use, and an "Enterprise" version that includes must have features you can't live without. Both new versions will be annual subscriptions instead of purchases. Naturally, the Premium version you require will cost many times what you already paid and the cost will be annual rather than once each. Of course they're entitled to this conversion of your purchase into a "revenue stream" because they've upgraded their product from an application to a "platform framework" that "optimizes" your "TCO".

You're thinking about investigating this multicore thing that people are talking about, but it seems impossible to reconcile the software licenses with multiple "cores" on one or more CPUs. You want to do server consolidation, but every server app has to be evaluated both by a professional enginner and by a hideously expensive team of lawyers who also want to audit every piece of software you've purchased since 1974. Your CPA wants to know why you licensed the same software 3-6 times for each PC, and why you're buying licenses for software that won't run on the PCs they're purchased for. And what's this entry for "SCO Linux licenses"? You live in dread of being audited by jack-booted thugs, not because you're pirating but because the danger of a paperwork snafu that destroys your budget is nearly certain and the slightest discrepancy is going to get you canned.

I have one question: What the hell are you thinking? Get off the train to crazy town. The free stuff isn't just good, it's better. So much better that you're not going to believe you put up with this crap. If it's truly free you don't have to account for each copy/user/use/year/processor/incidence. It's not free because it's less worthy: it's free because you're not the first person to be disgusted by the experience you're having. Pay for support. Nobody ever got sued for terminating their support contract. Figure it out. The world has changed. The future is open.

Re:Whats more likely

What happened to your tv sucks, but I think blaming it on DRM is a bit dumb. HDCP cannot "shit itself and disable an hdmi port", at least not permanently. That's not how HDCP works if it is correctly implemented. The HDCP should reset itself when something is plugged into the HDMI port; if it doesnt, then there is a either a hardware problem, or a problem with how the HDCP was implemented. Both would be JVC's fault.

On a separate note, if you paid $7000 for an JVC tv (in US, Canadian or Austrailian dolars, anyway) then you probably spent way, way too much.

Apt analogy

[Rix]

The police analogy is more apt than I think you realize. Like all victimless crimes, it's nearly impossible to enforce, because there's no one to complain to police.

Re:Huh??

[neomunk]

You don't need a 5GB VM for every song (hell, the 5GB number is twink anyways, but whatever) you need ONE VM for your whole library, to run the OS that'll let you play the video while the OS that's actually on the bottom REALLY running the show does all those dirty things the boys at the RIAA and MPAA have nightmares about.

Re:Microsoft has nothing to do with Hollywood

[jez9999]

This just sounds wrong. You said you can use computers for free at the library... so computer+word processor = better typewriter. Assuming you also have it attached to a printer. Personally, I find the most annoying part of using public computers to be printing stuff out. There's invariably a per-page fee, and a complex system of topping up your 'account', all because a few utter morons would otherwise abuse the system. Sigh. Screw utter morons.

The advantage of digital for piracy

[Skapare]

The advantage of digital for piracy is not that you can get a perfect copy. Perfection is not the goal in piracy. In many cases a camcorder shooting a screen is fine. Instead, the advantage of digital is that the quality is not degraded further as an infinite number of generations are made. Traditional pirates were limited to making 2 to 5 generations of VHS tapes because after that, almost nothing was left of the original movie. But an analog ripped (not cracked) MPEG file can be traded all over the world without any further single bit errors (although some of that will happen at times). The internet scares the content industry because of the speed (the latest release can be in the hands of millions before the big opening). Digital scares them because it enables the multi generational sharing as we already see in P2P. The problem is, they are fixated on encryption, which is at best going to prevent the average Joe from making a perfect copy and sharing with his neighbor across the street. When Joe finally figures out how to make an analog rip or just shoots it off his screen with a camcorder, his neighbor might reject it because it's not perfect, but you can bet the world will eat it up via the internet.

Re:devil's advocate

[Eustace+Tilley]

You are mistaken. DRM cannot be secure.

The task is "allow A to send a message to B such that B can read it, but C cannot."

Under DRM, B and C are the same person.

Q.E.D.

The claim that a process will allow a customer to manage digital rights are akin to claims that a chemical process will allow a customer to change lead to gold. They are the claims of a fool, a charlatan, a newborn, or someone desperate. Or a devil's advocate.

So what?

[fastest+fascist]

Will encouraging consumer virtualization result in a major uptick in piracy? No, because DRM doesn't hinder piracy in the first place.

Re:devil's advocate

[gmplague]

Well the problem is that with virtualization. A guest OS is only as secure as its host OS. Which is why I presume that they don't want any WinXP or other machines that are lacking in the DRM department to be running Windows Vista virtual machines. This is the problem that "Trusted Computing" is supposed to solve. The TCG (formerly TCPA) has an entire architecture for this laid out, that enables a "trusted boot" process, in which only a computer (or platform in TCG parlance) which has exactly the right hardware and boots exactly the right BIOS, bootloader, and OS in exactly the right sequence is allowed access to certain content, DRM keys, etc.

This system does have a number of problems (and in its current state is still victim to virtualization), and as mentioned above is very difficult to implement, but Microsoft and others are pushing very hard to make it work.

Re:devil's advocate

[Eustace+Tilley]

I noted your "(relatively)." I disagree with the usage. I believe a coin made from lead that has been soaked in extra-sticky yellow paint is not (relatively) closer to being a coin made from gold than is a coin soaked in extra-degradable yellow paint, and I suspect you'd agree. Lead cannot be turned to gold by chemical or mechanical processes, full stop. No chemical or mechanical process makes lead "relatively" more golden than any other.

DRM can make it very inconvenient and very onerous for A to send a message to B, but it can never secure that message against interception by C where B and C are the same person. Telling worried rights-holders that one protocol is "less insecure", when security is impossible under all protocols, is a way to prey upon those worries and can be profitable, but never correct.