Slashdot Mirror
Virtualization May Break Vista DRM
Nom du Keyboard writes "An article in Computerworld posits that the reason Microsoft has flip-flopped on allowing all versions of Vista to be run in virtual machines, is that it breaks the Vista DRM beyond detection, or repair. So is every future advance in computer security and/or usability going to be held hostage to the gods of Hollywood and Digital Restrictions Management? 'Will encouraging consumer virtualization result in a major uptick in piracy? Not anytime soon, say analysts. One of the main obstacles is the massive size of VMs. Because they include the operating system, the simulated hardware, as well as the software and/or multimedia files, VMs can easily run in the tens of gigabytes, making them hard to exchange over the Internet. But DeGroot says that problem can be partly overcome with .zip and compression tools -- some, ironically, even supplied by Microsoft itself.'"
Encryption allows Alice to send a message to Bob that can't be viewed by Jack. The problem with DRM is it uses encryption such that Bob and Jack are the same person.
Think about it.
Alice (the publisher of the song) is using encryption to ensure that you and only you (Bob) can recieve the message. But Jack (also you) is being prevented from viewing the message.
The only reason that DRM is making any kind of headway is because of the hand-waving around terms like "dual key cryptography" and "license management". When you get right down to it, the content producers exist to deliver content to me. Once I get it, the only thing limiting my distribution of that content is legal in nature - I'm afraid of getting sued or prosecuted, so I don't.
Speakers can be recorded, screens can be videotaped. DRM can make it more difficult to copy content, but it will NEVER make it impossible. And the sad part is, DRM frequently makes it more difficult to VIEW content legitimately.
As a good example, I just set up a Windows XP laptop for one of my sales associates. I spent an ungodly amount of time going thru "Genuine Advantage" this and "Genuine" that, along with some dozen or more reboots. It's riduculously annoying, especially when updating a new CentOS system takes a single line:
yum -y update; shutdown -r now;
Microsoft has it wrong, and it may well be their undoing to find this out.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Why would the file have to be so large? There's no need to exchange the entire VM file... just swap the key file which is produced after authentication. To explain, if two VMs are set up as identical (e.g. same HDD size, same virtual processor, same virtual RAM, same video card, etc.) they will produce the same hardware "hash". Once an authentic software ID has been used to unlock the first file, a file will be written to disk which contains an encrypted signature which authenticates the software and thus "unlocks" it. That same key, copied elsewhere to an otherwise identical environment, will also authenticate the other environment. Put another way, one key will unlock them both.
I'm sure there's a legal use for this. I just can't think of one...
I believe that there's more to Microsoft's dislike of VM than simply DRM, and I think that they're hoping to be shielded by a bit of DRM FUD.
Last year I was in Taiwan running WinXP under VirtualPC - with the appropriate upgrades after Microsoft had bought the product from its creators - and I had zero trouble.
This year, I'm in Taiwan again, but this time I'm running WinXP under Parallels. Shortly after my use of the machine here on the internet, I got this message telling me that my hardware had significantly changed since the original installation and that I needed to re-validate - I don't recall the rest of the message, but it involved Genuine Advantage and suggestions of unusability. So, even though I'm not carrying my original box around with the keycode (would you??), I decided to be brave and tapped on the warning from the tray as instructed. Took me right to an MS page at what appeared to be Microsoft-Taiwan, and it was quite persistent that I should continue to be routed to some Chinese language page. Long story short, I got some embedded wizard launched, got the MS phone number for the USA (Bangalore notwithstanding), called in, got re-validated and woot, woot, woot.
It seems - very strongly to me - that the only thing that Microsoft could have detected was my location in a way that didn't make sense to them, and I think I triggered something that decided I had a pirated copy. I really haven't had any use of my machine or anything change in any other way to cause me to suspect anything else.
So, how long before business travellers - and we fill a lot of 747s, virtually all running Windows - picking up VM for one reason or another start pitching fits when they discover that they can go into a full-screen presentation and be tagged publicly as potential software pirates?
I couldn't understand why MS had a real problem with Vista under VM, but if the cause I posited is in fact true, then the problem Microsoft is worried about goes back to the XP codebase. Say anything about Vista's new codebase, but it's all from the same company..... so, I think DRM is a specious explanation but it allows them to hide behind something where they can try to claim some innocence regarding VM - when in fact the OS may be more seriously broken w.r.t. VM than they're admitting.
Pathological kinda promises Path + Logical - but instead, you get stuck with pathetic.
These jerks think they define popular culture. They don't.
DRM doesn't work. People steal the stuff before it's encoded with the DRM. The key is always distributed with the content or recoverable.
DRM can't work. Their attempts are hilarious. In order to be perceived by a human it has to be rendered in analog format, at which point capturing and encoding it in an open format is trivial in all cases.
DRM shouldn't work. If they won't sell me the content for the device I want to play it on when I want to play it where I want to play it, I'll convert it and to hell with what they think I should be allowed to do. Fair use.
DRM is a security risk. I will not surrender control of my PC to render your content.
The more they annoy people, the more visibility worthy indie acts get. People will listen to their popmart derivative garbage less.
I am personally opposed to straight pirating the stuff but I have to admit my conviction on the subject is wavering at this point.
Help stamp out iliturcy.
I use "Microsoft Plus! Analog Recorder" to record albums from Yahoo! Unlimited with the cable from line-out to line-in trick, effectively ignoring Microsoft DRM with their own software.
Well the problem is that with virtualization. A guest OS is only as secure as its host OS. Which is why I presume that they don't want any WinXP or other machines that are lacking in the DRM department to be running Windows Vista virtual machines.
Another potentially real problem would be that vista as an actual OS in a computer runs slow as hell. People using virtual machines to 'test' Vista would end up with an even slower crummier machine and thus taint their perceptions for the negative. Nothing kills a product faster than the good old 'Word of Mouth' and there has been plenty badmouthing of Vista by all levels of tech support (not sales people though they gotta sell those Vista pieces of crap any way they can.
In short, the only 'acceptable' virtual environment for Vista would probably be Vista itself. They want to lock you into this crappy and crazy DRM scheme that they probably cooked up with Hollywood and hardware vendors to keep people on the upgrade treadmill indefinitely. (since if you cant watch the latest movies you need to upgrade to a computer that can run Vista, which means probably buying a whole new computer which means whole new hardware...)
09F911029D74E35BD84156C5635688C0
+2 Troll is Slashdot's way of saying groupthink is confused
> So is every future advance in computer security and/or usability going to be held hostage to the gods of Hollywood
> and Digital Restrictions Management?
Microsoft has nothing to do with Hollywood. There are waiters in Hollywood who have forgotten more about movies than anyone at Microsoft will ever know. Even the accountants use Macs here in California.
Microsoft does not even make a movie player that plays the standard format. Calling Windows Media Player or Zune a movie player is like saying Microsoft Word is a Web browser because it can also display text and images. That is a very unsophisticated view that you can't sell to someone who actually knows how the Web works. Well, in Hollywood, they know how movies work. MPEG-4 was coming for many years, then it was standardized, then it became the format in iTunes+iPod, then the iPod took off. MPEG-4 is also HD DVD and Blu-Ray and AppleTV and iPhone and PSP. MPEG-4 is also the standardization of the QuickTime format which all the content creation tools are built around, even those like Avid that compete with Apple, so it arrived already having mature development tools. One day there was a QuickTime update and all of my tools could now generate MPEG-4 H.264 as if they had always known what it was. Further there is a free open source MPEG-4 streaming server that runs on every Unix and also Windows, it also has no streaming tax. Finally, most of all, MPEG-4 has no "content tax" while Microsoft's Windows Media business model depends on a content tax and everybody in both music and movie industry already knows better than that. All this happened already with sheet music and player pianos 100 years ago. Nobody is going to use an encoder that spits out a file which you can't copy or share without paying a tax to Microsoft, because everybody wants their movie or album to sell 100 million copies (even if it actually has no chance) so when Microsoft says aw it's only a penny per copy, people do the math and say no you are raping me with that, I can buy an MPEG-4 encoder for $20 and use it to make all the copies I want and not owe anybody anything why don't I just do that? And MPEG-4 just happens to already be integrated into all my tools and integrated into the hardware of consumer video playback so there was never any there there with Microsoft and movies. Even if they built a technically sound system or one that had a cost advantage, they would have to overcome the fact that nobody wants to work with the evil typewriter company.
All you are seeing here is another way that Windows sucks. Core computing functionality that customers use and want and even need to stabilize their Windows software on a real operating system is falling victim to Microsoft's lack of focus and hopeless star fucking. Why isn't Windows ready to be a good typewriter today? Because of its magic DRM.
JVC hdtv, name and shame.
If you mod me down, I will become more powerful than you can imagine....
Clearly, all these problems would be solved if the RIAA and MPAA sued Microsoft over their use of zip compression and its aiding in the piracy of audio... :D
Damn that's hard to say with a straight face.
I wouldn't consider the mad hatter mad. Just reality impaired. He sure can make a mean cup of tea.
Being a generous IT worker, when an employee's machine goes bad I'll sometimes give them my own machine if they need something fast. Last time I did this, a copy of Vista which I purchased directly from Microsoft's website suddenly became "not genuine". Not wanting to fuss with it, hoping I'd be able to get my machine back and make my copy of Vista genuine again, I ended up passing the time frame (30 days?) allotted for using the OS, then was locked out with a red screen saying "this copy of Microsoft Windows Vista Business is not genuine". This statement was clearly a lie if taken literally, but discussing vocabulary destruction through marketing would be quite a digression.
So, I went back to using my dual-boot linux partition and another spare PC for my day-to-day work.
Fast forward a few weeks...
Last Friday I got my laptop back, put the hard disk back in, and what's this? Vista still said it was not genuine. I tried to re-activate online but it said I couldn't do that because that key had already been activated. (Gee, you think? Maybe when I bought it?) So, taking the only course left, I called Microsoft on the phone and entered a series of numbers about 30 digits long. When the computer couldn't validate my install it forwarded me to some Indian call center, a place I'm familiar with because I've had to do this process more than a few times.
But this time was different... (Don't get your hopes up, it wasn't different in a good way. I was on the phone with a Microsoft offshore call center, remember?) Not only was my personal system down, but apparently their whole call center system was down. They were unable to validate my install and told me I'd need to call back later after they got their system back up and running. Apparently there was no other backup call center online, I simply had to hang up and call back another time when their system was back up.
Back to my trusty dual-boot Linux partition with its `sudo bash -c 'apt-get update && apt-get upgrade && reboot'`, or my Mac with its `sudo bash -c 'softwareupdate -i -a && reboot'`
Oh, and Jim Allchin can kiss my ass. "It's rock solid and we're ready to ship." Rock solid as in paper weight. What good is a stable OS that won't let you use it?
Ok, you've got many PCs most of which run Windows XP. They've been crashing every Exploit Wednesday since October. Every one has a license that was paid for three times (six times under Software Assurance). You have seventeen core apps. Some of them are paid for several times. Some have a licensing server so that some people can use them when other people aren't, and come with a utility so that priority users can kick off nonpriority users. A couple of them are free. Four of them are nagware that came with your PCs or that you thought were a good idea at the time. One is an in-house app that only runs in a DOS box and accesses dBase files stored on your server. Every month a couple get pwned for no detectable reason.
Even if they don't run Windows you've paid over and over. You have to because they've made it happen what "enforcement" will happen if you don't.
Every software vendor you buy from makes it clear the software you bought is being split into "basic" versions that include most of the features you use, and an "Enterprise" version that includes must have features you can't live without. Both new versions will be annual subscriptions instead of purchases. Naturally, the Premium version you require will cost many times what you already paid and the cost will be annual rather than once each. Of course they're entitled to this conversion of your purchase into a "revenue stream" because they've upgraded their product from an application to a "platform framework" that "optimizes" your "TCO".
You're thinking about investigating this multicore thing that people are talking about, but it seems impossible to reconcile the software licenses with multiple "cores" on one or more CPUs. You want to do server consolidation, but every server app has to be evaluated both by a professional enginner and by a hideously expensive team of lawyers who also want to audit every piece of software you've purchased since 1974. Your CPA wants to know why you licensed the same software 3-6 times for each PC, and why you're buying licenses for software that won't run on the PCs they're purchased for. And what's this entry for "SCO Linux licenses"? You live in dread of being audited by jack-booted thugs, not because you're pirating but because the danger of a paperwork snafu that destroys your budget is nearly certain and the slightest discrepancy is going to get you canned.
I have one question: What the hell are you thinking? Get off the train to crazy town. The free stuff isn't just good, it's better. So much better that you're not going to believe you put up with this crap. If it's truly free you don't have to account for each copy/user/use/year/processor/incidence. It's not free because it's less worthy: it's free because you're not the first person to be disgusted by the experience you're having. Pay for support. Nobody ever got sued for terminating their support contract. Figure it out. The world has changed. The future is open.
Help stamp out iliturcy.
http://imgs.xkcd.com/comics/alice_and_bob.png
455fe10422ca29c4933f95052b792ab2
I have as much reason to hate MS's operating systems as the next guy. No, scratch that, I have vastly more reason to hate MS's OS's than the next guy, having watched them attempt to undermine and destroy OS/2 back in the early 90's, back before it become fashionable to hate MS OS's. I remember having to put up with the constantly shifting Win32s extensions for Windows 3.1, which were modified for the sole purpose of breaking OS/2 compatibility. Or their (then new) "per-processor license agreements". I haven't run a Windows machine as my desktop since 1992, having run OS/2, Linux, and Mac OS X (in that order) since that time.
As such, it really pains me greatly to say -- Vista under virtualization is surprisingly decent and well behaved. I've been running the 64-bit Business Edition of Vista inside VMware Fusion on a new 2.16Ghz Core 2 Duo MacBook with 2GB of RAM, and it's surprisingly quick and agile. Sure, I don't get Aero (which just looks bad to me anyhow -- honestly, how is an alpha-blended window title a good thing?), and I'm not using it to play games, and I don't use it to browse the web or do e-mail or digital media, but overall it has been very well behaved, and has been surprisingly quick to boot and run. I've even experimented with it running digital video, and the performance has been very good.
Now of course, I can see why they'd be worried about their DRM stance. As the VMware audio and video go through a virtualized driver/device to the Mac's hardware, it would be easy to use readily available tools to hijack the stream (like Rogue Amoeba's excellent Audio Hijack Pro.
Now there is no way in hell I'd ever run Windows as my primary OS -- still think their UI scheme is garbage, and don't like the fact they have both systematically loaded their systems with crap to appease other corporations while punishing their own end-users (DRM), and that they've frequently promised features they've never delivered (anyone else remember when they promised a stand-alone MS-DOS v7? Or when they promised an OODBMS-based filesystem for Cairo starting back in 1996? That same filesystem they didn't deliver with Vista? Or how about when they finally decided it was time to introduce a new filesystem for the 9X line that instead of using a well-designed FS they owned all the rights to, like HPFS or NTFS, they instead exacerbated the problem with a band-aid solution and invented FAT32?). It's still not what I look for in a desktop OS, but as much as it pains me to say it, on a modern machine (and the latest MacBook is hardly top-of-the-line, although it's certainly quite a capable system), under virtualization, Vista actually runs pretty acceptably. If I had to use it as my day-to-day system (and I don't use it much at all -- it's there to support a development toolset for some embedded programming I'm peripherally involved in), it certainly wouldn't be slow or painful to use -- it's instantly responsive, and has so far behaved very well (i.e.: it hasn't crashed yet).
Strange but true.
Yaz.
DRM is really one of the core components of Vista. It makes virtualization easier to defeat than you may realize. Go look up Palladium, renamed "Trusted Computing". It's hardware level authentication and software access control, and it's specifically designed to weld host authentication to file access. Those keys are hardware stored, on the motherboard, not software stored. And the encryption chips or CPU based encryption is not directly accessible to emulation, not without paying a genuinely unacceptable performance penalty in use.
The advantage of digital for piracy is not that you can get a perfect copy. Perfection is not the goal in piracy. In many cases a camcorder shooting a screen is fine. Instead, the advantage of digital is that the quality is not degraded further as an infinite number of generations are made. Traditional pirates were limited to making 2 to 5 generations of VHS tapes because after that, almost nothing was left of the original movie. But an analog ripped (not cracked) MPEG file can be traded all over the world without any further single bit errors (although some of that will happen at times). The internet scares the content industry because of the speed (the latest release can be in the hands of millions before the big opening). Digital scares them because it enables the multi generational sharing as we already see in P2P. The problem is, they are fixated on encryption, which is at best going to prevent the average Joe from making a perfect copy and sharing with his neighbor across the street. When Joe finally figures out how to make an analog rip or just shoots it off his screen with a camcorder, his neighbor might reject it because it's not perfect, but you can bet the world will eat it up via the internet.
now we need to go OSS in diesel cars
You are mistaken. DRM cannot be secure.
The task is "allow A to send a message to B such that B can read it, but C cannot."
Under DRM, B and C are the same person.
Q.E.D.
The claim that a process will allow a customer to manage digital rights are akin to claims that a chemical process will allow a customer to change lead to gold. They are the claims of a fool, a charlatan, a newborn, or someone desperate. Or a devil's advocate.