Sysinternals Troubleshooting Utilities

Sysinternals Troubleshooting Utilities

download it here:
http://www.microsoft.com/technet/sysinternals/Utilities/SysinternalsSuite.mspx

Here is what is included:

• AccessChk

v2.0 (11/1/2006)
This tool shows you the accesses the user or group you specify has to files, Registry keys or Windows services.

• AccessEnum

v1.32 (11/1/2006)
This simple yet powerful security tool shows you who has what access to directories, files and Registry keys on your systems. Use it to find holes in your permissions.

• AdRestore

v1.1 (11/1/2006)
Undelete Server 2003 Active Directory objects

• Autologon

v2.10 (11/1/2006)
Bypass password screen during logon.

• Autoruns

v8.61 (1/22/2007)
See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings.

• BgInfo

v4.0 (11/1/2006)
This fully-configurable program automatically generates desktop backgrounds that include important information about the system including IP addresses, computer name, network adapters, and more.

• BlueScreen

v3.2 (11/1/2006)
This screen saver not only accurately simulates Blue Screens, but simulated reboots as well (complete with CHKDSK), and works on Windows NT 4, Windows 2000, Windows XP, Server 2003 and Windows 9x.

[EDIT]
BlueScreen is NOT part of the suite, you can download it here
[/EDIT]

• CacheSet

v1.0 (11/1/2006)
CacheSet is a program that allows you to control the Cache Manager’s working set size using functions provided by NT. It’s compatible with all versions of NT and full source code is provided.

• ClockRes

v1.0 (11/1/2006)
View the resolution of the system clock, which is also the maximum timer resolution

• Contig

v1.53 (11/1/2006)
Wish you could quickly defragment your frequently used files? Use Contig to optimize individual files, or to create new files that are contiguous.

• Ctrl2cap

v2.0 (11/1/2006)
This is a kernel-mode driver that demonstrates keyboard input filtering just above the keyboard class driver in order to turn caps-locks into control keys. Filtering at this level allows conversion and hiding of keys before NT even "sees" them. Full source is included. Ctrl2cap also shows how to use NtDisplayString() to print messages to the initialization blue-screen.

• DebugView

v4.64 (1/8/2007)
Another first from Sysinternals: This program intercepts calls made to DbgPrint by device drivers and OutputDebugString made by Win32 programs. It allows for viewing and recording of debug session output on your local machine or across the Internet without an active debugger.

• DiskExt

v1.0 (11/1/2006)
Display volume disk-mappings

• DiskView

v2.21 (11/1/2006)
Graphical disk sector utility

• Diskmon

v2.01 (11/1/2006)
This utility captures all hard disk activity or acts like a software disk activity light in your system tray.

• Du

v1.31 (11/1/2006)
View disk usage by directory

• EFSDump

v1.02 (11/1/2006)
View information for encrypted files

• Filemon

v7.04 (11/1/2006)
This monitoring tool lets you see all file system activity in real-time.

• Handle

v3.20 (11/1/2006)
This handy command-line utility will show you what files are open by which processes, and much more.

• Hex2dec

v1.0 (11/1/2006)
Convert hex numbers to decimal and vice versa.

• Junction

v1.04 (11/1/2006)
Create Win2K NTFS symbolic links

• LDMDump

v1.02 (11/1/2006)
Dump the contents of the Logical Disk Manager’s on-disk database, which describes the partitioning of Windows 2000 Dynamic disks.

• ListDLLs

v2.25 (11/1/2006)
List all the DLLs that are currently loaded, including where they are loaded and their version numbers. Version 2.0 prints the full path names of loaded modules.

• LiveKd

v3.0 (11/1/2006)
Use Microsoft kernel debuggers to examine a live system.

• LoadOrder

v1.0 (11/1/2006)
See the order in which devices are loaded on your WinNT/2K system

• MoveFile

v1.0 (11/1/2006)
Allows you to schedule move and delete commands for the next reboot.

• LogonSessions

v1.1 (11/1/2006)
List the active logon sessions on a system.

• NewSID

v4.10 (11/1/2006)
Learn about the computer SID problem everybody has been talking about and get a free computer SID changer, NewSID, complete with full source code.

• NTFSInfo

v1.0 (11/1/2006)
Use NTFSInfo to see detailed information about NTFS volumes, including the size and location of the Master File Table (MFT) and MFT-zone, as well as the sizes of the NTFS meta-data files.

• PageDefrag

v2.32 (11/1/2006)
Defragment your paging files and Registry hives!

• PendMoves

v1.1 (11/1/2006)
Enumerate the list of file rename and delete commands that will be executed the next boot

• Portmon

v3.02 (11/1/2006)
Monitor serial and parallel port activity with this advanced monitoring tool. It knows about all standard serial and parallel IOCTLs and even shows you a portion of the data being sent and received. Version 3.x has powerful new UI enhancements and advanced filtering capabilities.

• Process Explorer

v10.21 (11/1/2006)
Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process.

• Process Monitor

v1.01 (11/9/2006)
Monitor file system, Registry, process, thread and DLL activity in real-time.

• ProcFeatures

v1.10 (11/1/2006)
This applet reports processor and Windows support for Physical Address Extensions and No Execute buffer overflow protection.

• PsExec

v1.80 (2/12/2007)
Execute processes with limited-user rights.

• PsFile

v1.02 (12/4/2006)
See what files are opened remotely.

• PsGetSid

v1.43 (12/4/2006)
Displays the SID of a computer or a user.

• PsInfo

v1.74 (12/4/2006)
Obtain information about a system.

• PsKill

v1.12 (12/4/2006)
Terminate local or remote processes.

• PsList

v1.28 (12/4/2006)
Show information about processes and threads.

• PsLoggedOn

v1.33 (12/4/2006)
Show users logged on to a system

• PsLogList

v2.64 (12/4/2006)
Dump event log records.

• PsPasswd

v1.22 (12/4/2006)
Changes account passwords.

• PsService

v2.21 (12/4/2006)
View and control services.

• PsShutdown

v2.52 (12/4/2006)
Shuts down and optionally reboots a computer.

• PsSuspend

v1.06 (12/4/2006)
Suspend and resume processes.

• PsTools

v2.43 (2/12/2007)
The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more.

• RegDelNull

v1.10 (11/1/2006)
Scan for and delete Registry keys that contain embedded null-characters that are otherwise undeleteable by standard Registry-editing tools.

• RegHide

v1.0 (11/1/2006)
Creates a key called "HKEY_LOCAL_MACHINE\Software\Sysinternals\Can’t touch me!\0" using the Native API, and inside this key it creates a value.

• Regjump

v1.01 (11/1/2006)
Jump to the registry path you specify in Regedit.

• Regmon

v7.04 (11/1/2006)
This monitoring tool lets you see all Registry activity in real-time.

• RootkitRevealer

v1.71 (11/1/2006)
Scan your system for rootkit-based malware

• SDelete

v1.51 (11/1/2006)
Securely overwrite your sensitive files and cleanse your free space of previously deleted files using this DoD-compliant secure delete program. Complete source code is included.

• ShareEnum

v1.6 (11/1/2006)
Scan file shares on your network and view their security settings to close security holes.

• Sigcheck

v1.30 (11/1/2006)
Dump file version information and verify that images on your system are digitally signed.

• Streams

v1.53 (11/1/2006)
Reveal NTFS alternate streams

• Strings

v2.30 (11/1/2006)
Search for ANSI and UNICODE strings in binaryimages.

• Sync

v2.0 (11/1/2006)
Flush cached data to disk

• TCPView

v2.40 (11/1/2006)
Active socket command-line viewer.

• VolumeId

v2.0 (11/1/2006)
Set Volume ID of FAT or NTFS drives

• Whois

v1.01 (11/1/2006)
See who owns an Internet address.

• Winobj

v2.15 (11/1/2006)
The ultimate Object Manager namespace viewer is here.

• ZoomIt

v1.21 (1/19/2007)
Presentation utility for zooming and drawing on the screen.

A Cost Analysis of Windows Vista Content Protection

A Cost Analysis of Windows Vista Content Protection
===================================================

Peter Gutmann, pgut001@cs.auckland.ac.nz
http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt
Last updated 8 January 2007
Distributed under the Creative Commons license (see Appendix)

(A note to readers: The reaction to what started out as an obscure
technical post to a security mailing list has been rather unexpected
and overwhelming, so I’m totally buried in Vista email at the moment.
Please be patient when expecting replies, and apologies if I can’t
reply to all messages.

A second note, this was originally posted as a text file, which is
why it’s not in HTML format. For technical reasons it’s not easy
to transparently redirect accesses to this file to an HTML equivalent
because of the way this server is configured, and I don’t want to
just move it because there are about 4.2 million links to it. Once I
figure out the appropriate mod_alias hack I’ll replace it with an
HTML version).

Executive Summary
—————–

Windows Vista includes an extensive reworking of core OS elements in order to
provide content protection for so-called "premium content", typically HD data
from Blu-Ray and HD-DVD sources. Providing this protection incurs
considerable costs in terms of system performance, system stability, technical
support overhead, and hardware and software cost. These issues affect not
only users of Vista but the entire PC industry, since the effects of the
protection measures extend to cover all hardware and software that will ever
come into contact with Vista, even if it’s not used directly with Vista (for
example hardware in a Macintosh computer or on a Linux server). This document
analyses the cost involved in Vista’s content protection, and the collateral
damage that this incurs throughout the computer industry.

Executive Executive Summary
—————————

The Vista Content Protection specification could very well constitute the
longest suicide note in history [Note A].

Introduction
————

This document looks purely at the cost of the technical portions of Vista’s
content protection [Note B]. The political issues (under the heading of DRM)
have been examined in exhaustive detail elsewhere and won’t be commented on
further, unless it’s relevant to the cost analysis. However, one important
point that must be kept in mind when reading this document is that in order to
work, Vista’s content protection must be able to violate the laws of physics,
something that’s unlikely to happen no matter how much the content industry
wishes it were possible [Note C]. This conundrum is displayed over and over
again in the Windows content-protection requirements, with manufacturers being
given no hard-and-fast guidelines but instead being instructed that they need
to display as much dedication as possible to the party line. The
documentation is peppered with sentences like:

"It is recommended that a graphics manufacturer go beyond the strict letter
of the specification and provide additional content-protection features,
because this demonstrates their strong intent to protect premium content".

This is an exceedingly strange way to write technical specifications, but is
dictated by the fact that what the spec is trying to achieve is fundamentally
impossible. Readers should keep this requirement to display appropriate
levels of dedication in mind when reading the following analysis [Note D].

Disabling of Functionality
————————–

Vista’s content protection mechanism only allows protected content to be sent
over interfaces that also have content-protection facilities built in.
Currently the most common high-end audio output interface is S/PDIF
(Sony/Philips Digital Interface Format). Most newer audio cards, for example,
feature TOSlink digital optical output for high-quality sound reproduction,
and even the latest crop of motherboards with integrated audio provide at
least coax (and often optical) digital output. Since S/PDIF doesn’t provide
any content protection, Vista requires that it be disabled when playing
protected content [Note E]. In other words if you’ve sunk a pile of money
into a high-end audio setup fed from an S/PDIF digital output, you won’t be
able to use it with protected content.

Say you’ve just bought Pink Floyd’s "The Dark Side of the Moon", released as a
Super Audio CD (SACD) in its 30th anniversary edition in 2003, and you want to
play it under Vista. Since the S/PDIF link to your amplifier/speakers is
regarded as insecure for playing the SA content, Vista disables it, and you
end up hearing a performance by Marcel Marceau instead of Pink Floyd.

Similarly, component (YPbPr) video will be disabled by Vista’s content
protection, so the same applies to a high-end video setup fed from component
video. What if you’re lucky enough to have bought a video card that supports
HDMI digital video with HDCP content-protection? There’s a good chance that
you’ll have to go out and buy another video card that really *does* support
HDCP, because until quite recently no video card on the market actually
supported it even if the vendor’s advertising claimed that it did. As the
site that first broke the story put it in their article "The Great HDCP
Fiasco" (http://www.firingsquad.com/hardware/ati_nvidia_hdcp_support/) puts
it:

"None of the AGP or PCI-E graphics cards that you can buy today support HDCP
[…] If you’ve just spent $1000 on a pair of Radeon X1900 XT graphics cards
expecting to be able to playback HD-DVD or Blu-Ray movies at 1920×1080
resolution in the future, you’ve just wasted your money […] If you just
spent $1500 on a pair of 7800GTX 512MB GPUs expecting to be able to play
1920×1080 HD-DVD or Blu-Ray movies in the future, you’ve just wasted your
money".

(The two devices mentioned above are the premium supposedly-HDCP-enabled cards
made by the two major graphics chipset manufacturers ATI and nVidia). ATI was
later subject to a class-action lawsuit by its customers over this deception.
As late as August of 2006, when Sony announced its Blu-Ray drive for PCs, it
had to face the embarrassing fact that its Blu-Ray drive couldn’t actually
play Blu-Ray disks in HD format ("First Blu-ray disc drive won’t play Blu-ray
movies",
http://www.cnet.com.au/desktops/dvdburners/0,239029405,240091720,00.htm):

"Since there are currently no PCs for sale offering graphics chips that
support HDCP, this isn’t yet possible".

In order to appropriately protect content, Vista will probably have to disable
any special device features that it can’t directly control. For example many
sound cards built on C-Media chipsets (which in practice is the vast majority
of them) support Steinberg’s ASIO (Audio Stream I/O), a digital audio
interface that completely bypasses the Windows audio mixer and other audio-
related driver software to provide more flexibility and much lower latency
than the Windows ones. ASIO support is standard for newer C-Media hardware,
see for example http://www.cmedia.com.tw/?q=en/PCI/CMI8788. Since ASIO
bypasses Windows’ audio handling, it would probably have to be disabled, which
is problematic because audiophiles and professional musicians require ASIO
support specifically because of its much higher quality than the standard
Windows channels.

Indirect Disabling of Functionality
———————————–

As well as overt disabling of functionality, there’s also covert disabling of
functionality. For example PC voice communications rely on automatic echo
cancellation (AEC) in order to work. AEC requires feeding back a sample of
the audio mix into the echo cancellation subsystem, but with Vista’s content
protection this isn’t permitted any more because this might allow access to
premium content. What is permitted is a highly-degraded form of feedback that
might possibly still sort-of be enough for some sort of minimal echo
cancellation purposes.

The requirement to disable audio and video output plays havoc with standard
system operations, because the security policy used is a so-called "system
high" policy: The overall sensitivity level is that of the most sensitive data
present in the system. So the instant any audio derived from premium content
appears on your system, signal degradation and disabling of outputs will
occur. What makes this particularly entertaining is the fact that the
downgrading/disabling is dynamic, so if the premium-content signal is
intermittent or varies (for example music that fades out), various outputs and
output quality will fade in and out, or turn on and off, in sync. Normally
this behaviour would be a trigger for reinstalling device drivers or even a
warranty return of the affected hardware, but in this case it’s just a signal
that everything is functioning as intended.

Decreased Playback Quality
————————–

Alongside the all-or-nothing approach of disabling output, Vista requires that
any interface that provides high-quality output degrade the signal quality
that passes through it if premium content is present. This is done through a
"constrictor" that downgrades the signal to a much lower-quality one, then up-
scales it again back to the original spec, but with a significant loss in
quality. So if you’re using an expensive new LCD display fed from a high-
quality DVI signal on your video card and there’s protected content present,
the picture you’re going to see will be, as the spec puts it, "slightly
fuzzy", a bit like a 10-year-old CRT monitor that you picked up for $2 at a
yard sale [Note F]. In fact the specification specifically still allows for
old VGA analog outputs, but even that’s only because disallowing them would
upset too many existing owners of analog monitors. In the future even analog
VGA output will probably have to be disabled. The only thing that seems to be
explicitly allowed is the extremely low-quality TV-out, provided that
Macrovision is applied to it.

The same deliberate degrading of playback quality applies to audio, with the
audio being downgraded to sound (from the spec) "fuzzy with less detail"
[Note G].

Amusingly, the Vista content protection docs say that it’ll be left to
graphics chip manufacturers to differentiate their product based on
(deliberately degraded) video quality. This seems a bit like breaking the
legs of Olympic athletes and then rating them based on how fast they can
hobble on crutches.

The Microsoft specs say that only display devices with more than 520K pixels
will have their images degraded, but conveniently omit to mention that this
resolution, roughly 800×600, covers pretty much every output device that will
ever be used with Vista. The abolute minimum requirement for Vista Basic are
listed as 800×600 resolution (and an 800MHz Pentium III CPU with 512MB of RAM,
which seems, well, "wildly optimistic" is one term that springs to mind).
However that won’t get you the Vista Aero interface, which makes a move to
Vista from XP more or less pointless. The minimum requirements for running
Aero on a Vista Premium PC are "a DX9 GPU, 128 MB of VRAM, Pixel Shader 2.0,
and minimum resolution 1024x768x32", and for Aero Glass it’s even higher than
that. In addition the minimum resolution supported by a standard LCD panel is
1024×768 for a 15" LCD, and to get 800×600 you’d have to go back to a 10-year-
old 14" CRT monitor or something similar. So in practice the 520K pixel
requirement means that everything will fall into the degraded-image category.

Beyond the obvious playback-quality implications of deliberately degraded
output, this measure can have serious repercussions in applications where
high-quality reproduction of content is vital. For example the field of
medical imaging either bans outright or strongly frowns on any form of lossy
compression because artefacts introduced by the compression process can cause
mis-diagnoses and in extreme cases even become life-threatening. Consider a
medical IT worker who’s using a medical imaging PC while listening to
audio/video played back by the computer. This scenario is already very
common, the CDROM drives installed in workplace PCs inevitably spend most of
their working lives playing music or MP3 CDs to drown out workplace noise.

Now obviously CDs aren’t (yet) regarded as premium content and so won’t
trigger Vista’s content-protection measures, that’s merely an example to
illustrate how common it is for users to play back audio/video content while
working. Let’s say that instead of listening to music while they work, the
user may have a humorous video that a workmate sent them, or that they grabbed
from YouTube, playing in the background that, and that unbeknownst to them
this video is protected premium content. As a result, the video image will be
subtly altered by Vista’s content protection, potentially creating exactly the
life-threatening situation that the medical industry has worked so hard to
avoid. The scary thing is that there’s no easy way around this – Vista will
silently modify displayed content under certain (almost impossible-to-predict
in advance) situations discernable only to Vista’s built-in content-protection
subsystem [Note H][Note I].

Elimination of Open-source Hardware Support
——————————————-

In order to prevent the creation of hardware emulators of protected output
devices, Vista requires a Hardware Functionality Scan (HFS) that can be used
to uniquely fingerprint a hardware device to ensure that it’s (probably)
genuine. In order to do this, the driver on the host PC performs an operation
in the hardware (for example rendering 3D content in a graphics card) that
produces a result that’s unique to that device type.

In order for this to work, the spec requires that the operational details of
the device be kept confidential. Obviously anyone who knows enough about the
workings of a device to operate it and to write a third-party driver for it
(for example one for an open-source OS, or in general just any non-Windows OS)
will also know enough to fake the HFS process. The only way to protect the
HFS process therefore is to not release any technical details on the device
beyond a minimum required for web site reviews and comparison with other
products.

This potential "closing" of the PC’s historically open platform is an
extremely worrying trend. A quarter of a century ago, IBM made the momentous
decision to make their PC an open platform by publishing complete hardware
details and allowing anyone to compete on the open market. Many small
companies, the traditional garage startup, got their start through this. This
openness is what created the PC industry, and the reason why most homes
(rather than just a few offices, as had been the case until then) have one or
more PCs sitting in a corner somewhere. This seems to be a return to the bad
old days of 25 years ago when only privileged insiders were able to
participate.

Elimination of Unified Drivers
——————————

The HFS process has another cost involved with it. Most hardware vendors have
(thankfully) moved to unified driver models instead of the plethora of
individual drivers that abounded some years ago. Since HFS requires unique
identification and handling of not just each device type (for example each
graphics chip) but each variant of each device type (for example each stepping
of each graphics chip) to handle the situation where a problem is found with
one variation of a device, it’s no longer possible to create one-size-fits-all
drivers for an entire range of devices like the current
Catalyst/Detonator/ForceWare drivers. Every little variation of every device
type out there must now be individually accommodated in custom code in order
for the HFS process to be fully effective.

If a graphics chip is integrated directly into the motherboard and there’s no
easy access to the device bus then the need for bus encryption (see
"Unnecessary CPU Resource Consumption" below) is removed. Because the
encryption requirement is so onerous, it’s quite possible that this means of
providing graphics capabilities will suddenly become more popular after the
release of Vista. However, this leads to a problem: It’s no longer possible
to tell if a graphics chip is situated on a plug-in card or attached to the
motherboard, since as far as the system is concerned they’re both just devices
sitting on the AGP/PCIe bus. The solution to this problem is to make the two
deliberately incompatible, so that HFS can detect a chip on a plug-in card vs.
one on the motherboard. Again, this does nothing more than increase costs and
driver complexity.

Further problems occur with audio drivers. To the system, HDMI audio looks
like S/PDIF, a deliberate design decision to make handling of drivers easier.
In order to provide the ability to disable output, it’s necessary to make HDMI
codecs deliberately incompatible with S/PDIF codecs, despite the fact that
they were specifically designed to appear identical in order to ease driver
support and reduce development costs.

Denial-of-Service via Driver/Device Revocation
———————————————-

Once a weakness is found in a particular driver or device, that driver will
have its signature revoked by Microsoft, which means that it will cease to
function. Details on exactly what happens are a bit vague here, the specs
contain sentences like "the related driver would have to be revoked and a new
driver would have to be deployed", however presumably some minimum
functionality like generic 640×480 VGA support will still be available in
order for the system to boot.

What this means is that a report of a compromise of a particular driver or
device will cause all support for that device worldwide to be turned off until
a fix can be found [Note J]. Again, details are sketchy, but if it’s a device
problem then presumably the device turns into a paperweight once it’s revoked.
If it’s an older device for which the vendor isn’t interested in rewriting
their drivers (and in the fast-moving hardware market most devices enter
"legacy" status within a year or two of their replacement models becoming
available), all devices of that type worldwide become permanently unusable.

An example of this might be nVidia TNT2 video cards, which are still very
widely deployed in business environments where they’re all that you need to
run Word or Outlook or Excel (or, for that matter, pretty much any non-gaming
application). The drivers for these cards haven’t been updated for quite some
time for exactly that reason: You don’t need the latest drivers for them
because they’re not useful with current games any more (if you go to the
nVidia site and try and install any recent drivers, the installer will tell
you to go back and download much older drivers instead). If a TNT2 device
were found to be leaking content, it seems unlikely that nVidia would be
interested in reviving discontinued drivers that it hasn’t touched for several
years, creating instant orphanware of the installed user base.

The threat of driver revocation is the ultimate nuclear option, the crack of
the commissars’ pistols reminding the faithful of their duty [Note K]. The
exact details of the hammer that vendors will be hit with is buried in
confidential licensing agreements, but I’ve heard mention of multi-million
dollar fines and embargoes on further shipment of devices alongside the driver
revocation mentioned above.

This revocation can have unforeseen carry-on costs. Windows’ anti-piracy
component, WGA, is tied to system hardware components. Windows allows you to
make a small number of system hardware changes after which you need to renew
your Windows license (the exact details of what you can and can’t get away
with changing has been the subject of much debate). If a particular piece of
hardware is deactivated (even just temporarily while waiting for an updated
driver to work around a content leak) and you swap in a different video card
or sound card to avoid the problem, you risk triggering Windows’ anti-piracy
measures, landing you in even more hot water. If you’re forced to swap out a
major system component like a motherboard, you’ve instantly failed WGA
validation. Revocation of any kind of motherboard-integrated device
(practically every motherboard has some form of onboard audio, and all of the
cheaper ones have integrated video) would appear to have a serious negative
interaction with Windows’ anti-piracy measures.

The details of what will happen if a motherboard contains unused onboard audio
capabilities and an additional sound card alongside it, and the motherboard
drivers are revoked, is unknown. Windows can’t tell that there’s nothing
connected to the onboard audio because the user prefers to use their M-Audio
Revolution 7.1 Surround Sound card instead, so it’ll probably have to revoke
the motherboard drivers even though they’re not used for anything. Since
virtually all motherboards contain onboard audio, this could prove quite
problematic.

An entirely different DoS problem that applies more to HDMI-enabled devices in
general has already surfaced in the form of, uhh, "DVI amplifiers", which take
as input an HDMI signal and output a DVI signal, amplifying it in the process.
Oh, and as a side-effect they forget to re-apply the HDCP protection to the
output. These devices are relatively simple to design and build using off-
the-shelf HDMI chips. Beyond the commercially-available models, individual
hardware hackers have built their own protection-strippers using chip samples
obtained from chip vendors. If you have the right credentials you can even
get hardware evaluation boards designed for testing and development that do
this sort of thing. And I won’t even get into the territory of HD players
with non-HDMI digital outputs, for example ones that contain an HD-SDI (SMPTE
292M) interface. HD-SDI is an unencrypted digital link typically used in TV
studios but also available from various non-US sources as after-market
sidegrades for standard HD players, providing better-than-HDMI image quality
without the hassle of HDCP.

Now assume that the "DVI amplifier" manufacturer buys a truckload of HDMI
chips (they’ll want to get as many as they can in one go because they probably
won’t be able to go back and buy more when the chip vendor discovers what
they’re being used for). Since this is a rogue device, it can be revoked…
along with hundreds of thousands or even millions of other consumer devices
that use the same chip. If they’re feeling particularly nasty, they can
recycle the HDMI chips from junked TVs to ensure that the maximum possible
damage to the consumer base occurs. Engadget have a good overview of this
scenario at
http://www.engadget.com/2005/07/21/the-clicker-hdcps-shiny-red-button/.

(Exactly what will happen when a key is leaked depends on how the attackers
handle it. The way HD-DVD/Blu-Ray keying works is that a per-device key is
used to decrypt the title key on the disk, and the title key is then in turn
used to decrypt the content. So the chain of custody is Device key -> Title
key -> Content. This level of indirection allows an individual device to be
disabled by revoking the device key without making the disk unplayable on all
devices, since other device keys can still decrypt the title key and thus the
content (I’ve simplified this a bit to cut down the length of the explanation,
see the AACS specification for more details).

The device key is tied to a particular device/player/vendor, but the title key
is only tied to the content on disk. You can probably see where this is
going… by publishing the device key, the attacker can cause general mayhem
by forcing device revocation. On the other hand by publishing the title key
the attacker can release the content in an untraceable manner, since it’s not
known which device key was used to leak the title key. In addition since
there’s no way to un-publish the title key (encrypted content + title key =
unencrypted content), at that point it’s game over for the content).

Decreased System Reliability
—————————-

"Drivers must be extra-robust. Requires additional driver development to
isolate and protect sensitive code paths" — ATI.

Vista’s content protection requires that devices (hardware and software
drivers) set so-called "tilt bits" if they detect anything unusual. For
example if there are unusual voltage fluctuations, maybe some jitter on bus
signals, a slightly funny return code from a function call, a device register
that doesn’t contain quite the value that was expected, or anything similar, a
tilt bit gets set. Such occurrences aren’t too uncommon in a typical
computer. For example starting up or plugging in a bus-powered device may
cause a small glitch in power supply voltages, or drivers may not quite manage
device state as precisely as they think. Previously this was no problem – the
system was designed with a bit of resilience, and things will function as
normal. In other words small variances in performance are a normal part of
system functioning. Furthermore, the degree of variance can differ widely
across systems, with some handling large changes in system parameters and
others only small ones. One very obvious way to observe this is what happens
when a bunch of PCs get hit by a momentary power outage. Effects will vary
from powering down, to various types of crash, to nothing at all, all
triggered by exactly the same external event.

With the introduction of tilt bits, all of this designed-in resilience is
gone. Every little (normally unnoticeable) glitch is suddenly surfaced
because it could be a sign of a hack attack, with the required reaction being
that "Windows Vista will initiate a full reset of the graphics subsystem, so
everything will restart". The effect that these tilt bits will have on system
reliability should require no further explanation.

Content-protection "features" like tilt bits also have worrying denial-of-
service (DoS) implications. It’s probably a good thing that modern malware is
created by programmers with the commercial interests of the phishing and spam
industries in mind rather than just creating as much havoc as possible. With
the number of easily-accessible grenade pins that Vista’s content protection
provides, any piece of malware that decides to pull a few of them will cause
considerable damage. The homeland security implications of this seem quite
serious, since a tiny, easily-hidden piece of malware would be enough to
render a machine unusable, while the very nature of Vista’s content protection
would make it almost impossible to determine why the denial-of-service is
occurring. Furthermore, the malware authors, who are taking advantage of
"content-protection" features, would be protected by the DMCA against any
attempts to reverse-engineer or disable the content-protection "features" that
they’re abusing.

Even without deliberate abuse by malware, the homeland security implications
of an external agent being empowered to turn off your IT infrastructure in
response to a content leak discovered in some chipset that you coincidentally
happen to be using is a serious concern for potential Vista users. Non-US
governments are already nervous enough about using a US-supplied operating
system without having this remote DoS capability built into the operating
system. And like the medical-image-degradation issue, you won’t find out
about this until it’s too late, turning Vista PCs into ticking time bombs if
the revocation functionality is ever employed.

Like the medical-imaging degradation example given earlier, it’s possible to
imagine all sorts of scenarios in which the tilt bits end up biting users.
Consider a warship operating in a combat zone and equipped with Vista PCs for
management of the vessel’s critical functions which does nothing more wrong
that to suffer a severe jolt from a near miss, scrambling the bus just enough
to activate the tilt bits (without causing any other real damage). In one
famous incident in September 1997, Windows NT managed to disable the Aegis
missile cruiser USS Yorktown ("NT Leaves Navy "Smart Ship" dead in the water",
Government Computer News, 13 July 1998). Now Windows Vista can do the same
thing via a by-design feature of the OS [Note L]. This issue, unless it can
be clearly resolved, would make the use of Vista PCs unacceptable for any
applications that have any hint of unusual environmental conditions such as
high altitude, environmental variations, shock, and so on.

Increased Hardware Costs
————————

"Cannot go to market until it works to specification… potentially more
respins of hardware" — ATI.

"This increases motherboard design costs, increases lead times, and reduces
OEM configuration flexibility. This cost is passed on to purchasers of
multimedia PCs and may delay availability of high-performance platforms" —
ATI.

Vista includes various requirements for "robustness" in which the content
industry, through "hardware robustness rules", dictates design requirements to
hardware manufacturers. The level of control the content producers have over
technical design details is nothing short of amazing. As security researcher
Ed Felten quoted from Microsoft documents on his freedom-to-tinker web site
about a year ago (http://www.freedom-to-tinker.com/?p=882):

"The evidence [of security] must be presented to Hollywood and other content
owners, and they must agree that it provides the required level of security.
Written proof from at least three of the major Hollywood studios is
required".

So if you design a new security system, you can’t get it supported in Windows
Vista until well-known computer security experts like MGM, 20th Century-Fox,
and Disney give you the go-ahead (this gives a whole new meaning to the term
"Mickey-Mouse security"). It’s absolutely astonishing to find paragraphs like
that in what are supposed to be Windows technical documents, since it gives
Hollywood studios veto rights over Windows security mechanisms.

As an example of these "robustness rules", only certain layouts of a board are
allowed in order to make it harder for outsiders to access parts of the board.
Possibly for the first time ever, computer design is being dictated not by
electronic design rules, physical layout requirements, and thermal issues, but
by the wishes of the content industry. Apart from the massive headache that
this poses to device manufacturers, it also imposes additional increased costs
beyond the ones incurred simply by having to lay out board designs in a
suboptimal manner. Video card manufacturers typically produce a one-size-
fits-all design (often a minimally-altered copy of the chipset vendor’s
reference design, as illustrated by
http://www.trustedreviews.com/images/article/inline/2685-2.jpg, which shows
five virtually identical cards from different vendors with the only noticeable
difference being the logo on the heatsink), and then populate different
classes and price levels of cards in different ways. For example a low-end
card will have low-cost, minimal or absent TV-out encoders, DVI circuitry,
RAMDACs, and various other add-ons used to differentiate budget from premium
video cards. You can see this on the cheaper cards by observing the
unpopulated bond pads on circuit boards, and gamers and the like will be
familiar with cut-a- trace/resolder-a-resistor sidegrades of video cards.

An example of omitting components from a high-end card to create a mid-range
card is shown at
http://images.infoteldistributors.com/itemDetails/C261-3053/C261-3053-out3-hl.jpg.
Note the large red rectangular area to the far left of the card, this is where
the manufacturer has omitted a component to produce a lower-cost model. The
same thing is visible in the card at
http://techreport.com/reviews/2006q4/radeon-x1650xt/card.jpg. Conversely,
http://www.xbitlabs.com/images/video/radeon-8500/card-front.jpg shows an (at
the time it was released) top-of-the-line card with optional components
fitted, the chip to the left of the large square heatsink+fan handles video
encoding and can be added or removed (along with other optional components) to
create different levels of cards at different price points. The automotive
industry does the same thing, you have one basic model of each car type and
10,000 extras and options to suit everyone’s needs and pockets.

Vista’s content-protection requirements eliminate this one-size-fits-all
design, banning the use of separate TV-out encoders, DVI circuitry, RAMDACs,
and other discretionary add-ons because feeding unprotected video to these
optional external components would make it too easy to lift the signal off the
bus leading to the external component. So everything has to be custom-
designed and laid out so that there are no unnecessary accessible signal links
on the board. This means that a low-cost card isn’t just a high-cost card
with components omitted, and conversely a high-cost card isn’t just a low-cost
card with additional discretionary components added, each one has to be a
completely custom design created to ensure that no signal on the board is
accessible.

This extends beyond simple board design all the way down to chip design.
Instead of adding an external DVI chip, it now has to be integrated into the
graphics chip, along with any other functionality normally supplied by an
external chip. So instead of varying video card cost based on optional
components, the chipset vendor now has to integrate everything into a one-
size-fits-all premium-featured graphics chip, even if all the user wants is a
budget card for their kid’s PC.

Increased Cost due to Requirement to License Unnecessary Third-party IP
———————————————————————–

"We’ve taken on more legal costs in copyright protection in the last six to
eight months than we have in any previous engagement. Each legal contract
sets a new precedent, and each new one builds on the previous one" — ATI.

Protecting all of this precious premium content requires a lot of additional
technology. Unfortunately much of this is owned by third parties and requires
additional licensing. For example HDCP for HDMI is owned by Intel, so in
order to send a signal over HDMI you have to pay royalties to Intel, even
though you could do exactly the same thing for free over DVI. Similarly,
since even AES-128 on a modern CPU isn’t fast enough to encrypt high-bandwidth
content, companies are required to license the Intel-owned Cascaded Cipher, an
AES-128-based transform that’s designed to offer a generally similar level of
security but with less processing overhead.

The need to obtain unnecessary technology licenses extends beyond basic
hardware IP. In order to demonstrate their commitment to the cause, Microsoft
have recommended as part of their "robustness rules" that vendors license
third-party code obfuscation tools to provide virus-like stealth capabilities
for their device drivers in order to make it difficult to interfere with their
operations or reverse-engineer them. Vendors like Cloakware and Arxan have
actually added "robustness solutions" web pages to their sites in anticipation
of this lucrative market. This must be a nightmare for device vendors, for
whom it’s already enough of a task getting fully functional drivers deployed
without having to deal with adding stealth-virus-like technology on top of the
basic driver functionality.

The robustness rules further complicate driver support by disallowing features
such as driver debugging facilities in shipping drivers. Most Windows XP
users will at one time or another have encountered a Windows crash message
indicating that some application that they were using has terminated
unexpectedly, and would they like to send debugging information to Microsoft
to help fix the problem. Some device vendors even implement their own custom
versions of this debugging support in their drivers, an example being ATI’s
VPU Recover, which captures graphics diagnostic and debugging information to
send to ATI when a graphics device problem occurs. Since this debugging
functionality could leak content or content-related security information, it
can no longer be used with audio or video components, considerably
complicating vendors’ driver support and software enhancement processes (the
ATI product manager referenced in the "Sources" section lists these additional
testing and support costs as "potentially the highest cost of all").

Unnecessary CPU Resource Consumption
————————————

"Since [encryption] uses CPU cycles, an OEM may have to bump the speed grade
on the CPU to maintain equivalent multimedia performance. This cost is
passed on to purchasers of multimedia PCs" — ATI.

In order to prevent tampering with in-system communications, all communication
flows have to be encrypted and/or authenticated. For example content sent to
video devices has to be encrypted with AES-128. This requirement for
cryptography extends beyond basic content encryption to encompass not just
data flowing over various buses but also command and control data flowing
between software components. For example communications between user-mode and
kernel-mode components are authenticated with OMAC message authentication-code
tags, at considerable cost to both ends of the connection. Needless to say,
this extremely CPU-intensive mechanism is a very painful way to provide
protection for content, and this fact has been known for many years. Twenty
years ago, in their work on the ABYSS security module, IBM researchers
concluded that the use of encrypted buses as a protection mechanism was
impractical (see their paper from the 1987 IEEE Symposium on Security and
Privacy).

In order to prevent active attacks, device drivers are required to poll the
underlying hardware every 30ms to ensure that everything appears kosher. This
means that even with nothing else happening in the system, a mass of assorted
drivers has to wake up thirty times a second just to ensure that… nothing
continues to happen. In addition to this polling, further device-specific
polling is also done, for example Vista polls video devices on each video
frame displayed in order to check that all of the grenade pins (tilt bits) are
still as they should be. We already have multiple reports from Vista
reviewers of playback problems with video and audio content, with video frames
dropped and audio stuttering even on high-end systems [Note M]. Time will
tell whether this problem is due to immature drivers or has been caused by the
overhead imposed by Vista’s content protection mechanisms interfering with
playback. An indication of the level of complexity added to the software can
be seen by looking at a block diagram of Vista’s Media Interoperability
Gateway (MIG). Of the eleven components that make up the MIG, only two (the
audio and video decoders) are actually used to render content. The remaining
nine are used to apply content-protection measures.

On-board graphics create an additional problem in that blocks of precious
content will end up stored in system memory, from where they could be paged to
disk. In order to avoid this, Vista tags such pages with a special protection
bit indicating that they need to be encrypted before being paged out and
decrypted again after being paged in. Vista doesn’t provide any other
pagefile encryption, and will quite happily page banking PINs, credit card
details, private, personal data, and other sensitive information, in
plaintext. The content-protection requirements make it fairly clear that in
Microsoft’s eyes a frame of premium content is worth more than (say) a user’s
medical records or their banking PIN [Note N].

In addition to the CPU costs, the desire to render data inaccessible at any
level means that video decompression can’t be done in the CPU any more, since
there isn’t sufficient CPU power available to both decompress the video and
encrypt the resulting uncompressed data stream to the video card. As a
result, much of the decompression has to be integrated into the graphics chip.
At a minimum this includes IDCT, MPEG motion compensation, and the Windows
Media VC-1 codec (which is also DCT-based, so support via an IDCT core is
fairly easy). As a corollary to the "Increased Hardware Costs" problem above,
this means that you can’t ship a low-end graphics chip without video codec
support any more.

The inability to perform decoding in software also means that any premium-
content compression scheme not supported by the graphics hardware can’t be
implemented. If things like the Ogg video codec ever eventuate and get used
for premium content, they had better be done using something like Windows
Media VC-1 or they’ll be a non-starter under Vista or Vista-approved hardware.
This is particularly troubling for the high-quality digital cinema (D-Cinema)
specification, which uses Motion JPEG2000 (MJ2K) because standard MPEG and
equivalents don’t provide sufficient image quality. Since JPEG2000 uses
wavelet-based compression rather than MPEG’s DCT-based compression, and
wavelet-based compression isn’t on the hardware codec list, it’s not possible
to play back D-Cinema premium content (the moribund Ogg Tarkin codec also used
wavelet-based compression). Because *all* D-Cinema content will (presumably)
be premium content, the result is no playback at all until the hardware
support appears in PCs at some indeterminate point in the future. Compare
this to the situation with MPEG video, where early software codecs like the
XingMPEG en/decoder practically created the market for PC video. Today,
thanks to Vista’s content protection, the opening up of new markets in this
manner would be impossible.

The high-end graphics and audio market are dominated entirely by gamers, who
will do anything to gain the tiniest bit of extra performance, like buying
Bigfoot Networks’ $250 "Killer NIC" ethernet card in the hope that it’ll help
reduce their network latency by a few milliseconds. These are people buying
$500-$1000 graphics and sound cards for which one single sale brings the
device vendors more than the few cents they get from the video/audio portion
of an entire roomful of integrated-graphics-and-sound PCs. I wonder how this
market segment will react to knowing that their top-of-the-line hardware is
being hamstrung by all of the content-protection "features" that Vista hogties
it with?

Unnecessary Device Resource Consumption
—————————————

"Compliance rules require [content] to be encrypted. This requires
additional encryption/decryption logic thus adding to VPU costs. This cost
is passed on to all consumers" — ATI.

As part of the bus-protection scheme, devices are required to implement
AES-128 encryption in order to receive content from Vista. This has to be
done via a hardware decryption engine on the graphics chip, which would
typically be implemented by throwing away a GPU rendering pipeline or two to
make room for the AES engine.

Establishing the AES key with the device hardware requires further
cryptographic overhead, in this case a 2048-bit Diffie-Hellman key exchange
whose 2K-bit output is converted to a 128-bit AES key via a Davies-Meyer hash
with AES as its block transformation component. In programmable devices this
can be done (with considerable effort) in the device (for example in
programmable shader hardware), or more simply by throwing out a few more
rendering pipelines and implementing a public-key-cryptography engine in the
freed-up space.

Needless to say, the need to develop, test, and integrate encryption engines
into audio/video devices will only add to their cost, as covered in "Increased
Hardware Costs" above, and the fact that they’re losing precious performance
in order to accommodate Vista’s content protection will make gamers less than
happy.

Final Thoughts
————–

"No amount of coordination will be successful unless it’s designed with the
needs of the customer in mind. Microsoft believes that a good user
experience is a requirement for adoption" — Microsoft.

"The PC industry is committed to providing content protection on the PC, but
nothing comes for free. These costs are passed on to the consumer" — ATI.

At the end of all this, the question remains: Why is Microsoft going to this
much trouble? Ask most people what they picture when you use the term
"premium-content media player" and they’ll respond with "A PVR" or "A DVD
player" and not "A Windows PC". So why go to this much effort to try and turn
the PC into something that it’s not?

In July 2006, Cory Doctorow published an analysis of the anti-competitive
nature of Apple’s iTunes copy-restriction system ("Apple’s Copy Protection
Isn’t Just Bad For Consumers, It’s Bad For Business", Cory Doctorow,
Information Week, 31 July 2006). The only reason I can imagine why Microsoft
would put its programmers, device vendors, third-party developers, and
ultimately its customers, through this much pain is because once this copy
protection is entrenched, Microsoft will completely own the distribution
channel. In the same way that Apple has managed to acquire a monopolistic
lock-in on their music distribution channel (an example being the Motorola
ROKR fiasco, which was so crippled by Apple-imposed restrictions that it was
dead the moment it appeared), so Microsoft will totally control the premium-
content distribution channel. Not only will they be able to lock out any
competitors, but because they will then represent the only available
distribution channel they’ll be able to dictate terms back to the content
providers whose needs they are nominally serving in the same way that Apple
has already dictated terms back to the music industry: Play by Apple’s rules,
or we won’t carry your content. The result will be a technologically enforced
monopoly that makes their current de-facto Windows monopoly seem like a velvet
glove in comparison.

The onerous nature of Vista’s content protection also provides a perverse
incentive to remove the protection measures from the content, since for many
consumers that’ll be the only way that they can enjoy their legally-acquired
content without Vista’s DRM getting in the way. This is already illustrated
in the "Quotes" and "Footnotes" sections, where the people bypassing HD-DVD
protection measures aren’t hardcore video pirates but ordinary consumers who
can’t even play their own legitimately-acquired content. The sheer
obnoxiousness of Vista’s content protection may end up being the biggest
incentive to piracy yet created. Even without overt "piracy" (meaning
bypassing restrictions in order to play legally-purchased media), it makes
very sound business sense for companies to produce hardware that bypasses the
problem, just as they have already with region-free play-anything DVD players.
Perhaps Hollywood should heed the advice given in one of their most famous
productions: "The more you tighten your grip, the more systems will slip
through your fingers".

Overall, Vista’s content-protection functionality seems like an astonishingly
short-sighted piece of engineering, concentrating entirely on content
protection with no consideration given to the enormous repercussions of the
measures employed. It’s something like the PC equivalent of the (hastily
dropped) proposal mooted in Europe to put RFID tags into high-value banknotes
as an anti-counterfeiting measure, completely ignoring the fact that the major
users of this technology would end up being criminals who would use it to
remotely identify the most lucrative robbery targets.

To add insult to injury, consider what this enormous but ultimately wasted
effort could have been put towards. Microsoft is saying that Vista will be
the most secure version of Windows yet, but they’ve been saying that for every
new Windows release since OS security became a selling point. I don’t think
anyone’s under any illusions that Vista PCs won’t be crawling with malware
shortly after the bad guys get their hands on them. But what if the Vista
content-protection technology had instead been applied towards malware
protection? Instead of a separate protection domain for video playback, we
might have a separate protection domain for banking and credit card details.
Instead of specialised anti-debugging technigues to stop users getting at even
one frame of protected content, we could have those same techniques combatting
malware hooking itself into the OS. The list goes on and on, with all of the
effort being misapplied to DRM when it could have been used to combat malware
instead. What a waste. What a waste.

The worst thing about all of this is that there’s no escape. Hardware
manufacturers will have to drink the kool-aid (and the reference to mass
suicide here is deliberate [Note O]) in order to work with Vista: "There is no
requirement to sign the [content-protection] license; but without a
certificate, no premium content will be passed to the driver". Of course as a
device manufacturer you can choose to opt out, if you don’t mind your device
only ever being able to display low-quality, fuzzy, blurry video and audio
when premium content is present, while your competitors don’t have this
(artificially-created) problem.

As a user, there is simply no escape. Whether you use Windows Vista, Windows
XP, Windows 95, Linux, FreeBSD, OS X, Solaris (on x86), or almost any other
OS, Windows content protection will make your hardware more expensive, less
reliable, more difficult to program for, more difficult to support, more
vulnerable to hostile code, and with more compatibility problems. Because
Windows dominates the market and device vendors are unlikely to design and
manufacture two different versions of their products, non-Windows users will
be paying for Windows Vista content-protection measures in products even if
they never run Windows on them.

Here’s an offer to Microsoft: If we, the consumers, promise to never, ever,
ever buy a single HD-DVD or Blu-Ray disc containing any precious premium
content [Note P], will you in exchange withhold this poison from the computer
industry? Please?

Acknowledgements
—————-

This document was put together with input from various sources, including a
number that requested that I keep their contributions anonymous (in some cases
I’ve simplified or rewritten some details to ensure that the original,
potentially traceable wording of non-public requirements docs isn’t used).
Because it wasn’t always possible to go back to the sources and verify exact
details, it’s possible that there may be some inaccuracies present, which I’m
sure I’ll hear about fairly quickly. No doubt Microsoft (who won’t want a
view of Vista as being broken by design to take root) will also provide their
spin on the details.

In addition to the material present here, I’d be interested in getting further
input both from people at Microsoft involved in implementing the content
protection measures and from device vendors who are required to implement the
hardware and driver software measures. I know from the Microsoft sources that
contributed that many of them care deeply about providing the best possible
audio/video user experience for Vista users and are quite distressed about
having to spend time implementing large amounts of anti-functionality when
it’s already hard enough to get things running smoothly without the
intentional crippling. I’m always open to further input, and will keep all
contributions confidential unless you give me permission to repeat something.
If you’re concerned about traceability, grab a disposable account at Yahoo,
Gmail, or some similar provider and contact me through that. If you’re
worried about being identified via the machine you connect to the email
provider with, use an Internet cafe to send the message – just use standard
common-sense precautions. If you want to encrypt things, my PGP key is linked
from my home page, http://www.cs.auckland.ac.nz/~pgut001.

(In case the above hints aren’t obvious enough, if you work for nVidia, ATI,
VIA, SiS, Intel, …, I’d *really* like to get your comments on how all of
this is affecting you).

Sources
——-

Because this writeup started out as a private discussion in email, a number of
the sources used were non-public. The best public sources that I know of are:

"Output Content Protection and Windows Vista",
http://www.microsoft.com/whdc/device/stream/output_protect.mspx, from WHDC.

"Windows Longhorn Output Content Protection",
http://download.microsoft.com/download/9/8/f/98f3fe47-dfc3-4e74-92a3-088782200fe7/TWEN05006_WinHEC05.ppt,
from WinHEC.

"How to Implement Windows Vista Content Output Protection",
http://download.microsoft.com/download/5/b/9/5b97017b-e28a-4bae-ba48-174cf47d23cd/MED038_WH06.ppt,
from WinHEC.

"Protected Media Path and Driver Interoperability Requirements",
http://download.microsoft.com/download/9/8/f/98f3fe47-dfc3-4e74-92a3-088782200fe7/TWEN05005_WinHEC05.ppt,
from WinHEC.

(Note that the cryptography requirements have changed since some of the
information above was published. SHA-1 has been deprecated in favour of
SHA-256 and SHA-512, and public keys seem to be uniformly set at 2048 bits in
place of the mixture of 1024 bits and 2048 bits mentioned in the
presentations).

An excellent analysis from one of the hardware vendors involved in this comes
from ATI, in the form of "Digital Media Content Protection",
http://download.microsoft.com/download/9/8/f/98f3fe47-dfc3-4e74-92a3-088782200fe7/TWEN05002_WinHEC05.ppt,
from WinHEC. This points out (in the form of PowerPoint bullet-points) the
manifold problems associated with Vista’s content-protection measures, with
repeated mention of increased development costs, degraded performance and the
phrase "increased costs passed on to consumers" pervading the entire
presentation like a mantra.

In addition there have been quite a few writeups on this (although not going
into quite as much detail as this document) in magazines both online and in
print, one example being PC World’s feature article "Will your PC run Windows
Vista?", http://www.pcw.co.uk/articles/print/2154785, which covers this in the
appropriately-titled section "Multimedia in chains". Audience reactions to
these proposals at WinHEC are covered in "Longhorn: tough trail to PC digital
media" published in EE Times
(http://www.eetimes.com/issue/fp/showArticle.jhtml?articleID=162100180),
unfortunately you need to be a subscriber to read this but you may be able to
find accessible cached copies using your favourite search engine. The EFF has
an overview of the effects of Vista’s revocation mechanisms in "Protected
Media Path, Component Revocation, Windows Driver Lockdown",
http://www.eff.org/deeplinks/archives/003806.php.

Use, Modification, and Redistribution
————————————-

This document is licensed under the Creative Commons Attribution 2.5 License,
http://creativecommons.org/licenses/by/2.5/. This means that you can copy,
distribute, display, and perform the work, and make derivative works, provided
that you credit the original author and provide a link back to the original
work (at the URL given in the title). To quote the Creative Commons site,
"This license lets others distribute, remix, tweak, and build upon your work,
even commercially, as long as they credit you for the original creation. This
is the most accommodating of licenses offered, in terms of what others can do
with your works".

Appendices and Footnotes
========================

The more formal section of the document ends here. The following sections
contain various informal comments, thoughts, and other odds and ends. For
people doing translations of this document, it’s probably not worth trying to
translate these sections.

Mini-FAQ
——–

This document seems to produce various reactions that come up repeatedly. To
respond to the more frequently-expressed views, I’ve added this mini-FAQ.

1. This is just Microsoft-bashing.

It’s bad-technology bashing. If this had been done by Linus Torvalds, Steve
Jobs, Alan Cox, or Theo de Raadt, I’d have said the same thing about it. As
far as I’m concerned computers are tools to get a job done and not a platform
for religious wars, and if something’s bad I’ll say so regardless of who’s
doing it. Just for the record I run various versions of Windows on …
[counting] … seven of my machines (the rest are a mixture of Linux, FreeBSD,
and occasionally Solaris), so I’d be a rather unlikely Microsoft detractor if
I have their software all over my machines.

2. This is a biased writeup.

Perhaps, but then I challenge anyone to read the specifications given in the
"Sources" section above and write a positive analysis of Vista’s content
protection. Someone has to point out these problems, and it happened to be me
in this case, but I think anyone with technical skills who reads the relevant
documents would come to a similar conclusion.

3. This is all a pile of FUD.

The process that leads to comments like this tends to be (1) Quickly skim
through this document, (2) Decide that it sounds a bit implausible (possibly
even before performing step 1), (3) Post a rant saying it’s FUD. To pick one
particular example, a Digg reader’s reaction to the section of text that
states there isn’t sufficient CPU power available for both decompression and
encryption was:

I’m sorry, where does this come from? You do realize that this is completely
uncited, and very likely wrong? Entire paragraphs that follow are based on
this magical detail pulled out of thin air. […] I’m no fan of this
asinine DRM bullshit, but the scenarios and postulates put forth in this
article are complete rubbish.

Referring to the very first source listed in the "Sources" section shows that
this is picked not from thin air but from Microsoft’s own documentation:

The problem with regular AES is that it takes about 20 CPU clocks to encrypt
each byte. This is OK for compressed or semi-compressed video, but for the
multiple HD uncompressed case, it is too much even for a 2006 processor.

and then again:

In the case of premium content, whether video can play back smoothly when
using regular AES with uncompressed video will be a function of the
resolution of the uncompressed video and the power of the processor. It is
unlikely to work well in 2006 for uncompressed HD premium content

If you don’t believe what you’ve read here, go back to Microsoft’s own
documentation and read that (in fact read the Microsoft documents no matter
what you believe, because they’re quite scary). If you still think it’s FUD
then you can at least post informed comments about it.

4. Microsoft is only doing this because Hollywood/the music industry is
forcing them to.

"We were only following orders" has historically worked rather poorly as an
excuse, and it doesn’t work too well here either. While it’s convenient to
paint an industry that sues 12-year-old kids and 80-year-old grandmothers as
the scapegoat, no-one’s holding a gun to Microsoft’s head to force them do
this. The content industry is desperate to get its content onto PCs, and it
would have quite easy for Microsoft to say "Here’s what we’ll do with Vista,
take it or leave it. We won’t seriously cripple our own and our business
partners’ products just to suit your whims". In other words they could make
it clear to Hollywood who’s the tail and who’s the dog.

Here’s an illustrative story about what can happen when the content-industry
tail tries to wag the dog. About 10-15 years ago, music companies told a
bunch of NZ TV stations that they had to pay fees in order to screen music
videos. The TV stations disagreed, saying that they were providing free
advertising for the music companies, and if they didn’t like that then they’d
simply stop playing music videos. So they stopped playing all music videos.

After a few weeks, cracks stated to appear as the music companies realised
just how badly they needed the TV channels. One of the music companies bought
an entire prime-time advertising block (at phenomenal cost, this wasn’t a
single 30-second slot but every slot in an entire prime-time ad break) just to
play one single new music video.

Shortly afterwards, music videos reappeared on TV. The details of the
settlement were never made public, but I imagine it consisted of a bunch of
music company execs on their knees begging the TV stations to start playing
music videos again and let’s please never bring this matter up again.

It’s the same with Microsoft, the content industry needs them as badly (or
more badly) than Microsoft needs the content industry. Claiming that they’re
only following orders from Hollywood is a red herring – if Microsoft declined
to implement this stuff, Hollywood would have to give in because they can’t
afford to lock themselves out of 95% of the market, in the same way that the
music companies couldn’t afford to cut out their primary advertising channel.

5. You’re just upset because you can no longer steal content under Vista.

Yes, someone really did send me email with this claim in it. It’s silly
enough that I just had to include it for the amusement value :-).

Open Questions
————–

There are a number of open questions about Vista’s content protection that
probably won’t be able to be answered until some months after its wide
deployment when user can report on real-life experiences, because no-one seems
to know how certain things will work.

Question 1.

How easy is it to get HD content around the outside of Vista’s content-
protection? Looking at the block diagrams in the sources, the layering
appears to be:

User-space application
——–
Vista content-protection interface
——–
Vista content playback subsystem
——–
Vista device drivers
——–
Device hardware

Reading the specs, user-space applications are expected to call down into the
Vista content-protection interface to play back content (one document actually
uses the metaphor of the user-space application simply acting as a remote
control for the Vista content-protection and playback subsystem). The
question is, can a user-space application that chooses to opt out perform and
end-run around the higher-level Vista interface and go directly to the low-
level interface to get its content out without Vista’s content-protection
getting in the way? User feedback on Microsoft’s own forums,
http://windowshelp.microsoft.com/communities/newsgroups/en-us/default.mspx?dg=microsoft.public.windows.mediacenter&tid=8a5ff7ac-c446-4f54-8d77-7cf533b7ff53,
indicate that even using third-party playback software like the nVidia or
Cyberlink decoders instead of the Vista one will result in playback being
disabled when (in this case) the Vista Media Centre trial license expired.

Question 2.

How will all of this affect users who want to prepare HD content, protected or
not? Given that the intent of Vista’s content-protection is to ensure that no
HD content ever leaves the system in usable form, how do you prepare the HD
content? More importantly, since Vista happens to be a multitasking OS, how
do you guarantee that as your HD content is being prepared, the presence of
some other protected content somewhere in the system doesn’t cause it to be
silently degraded for "protection" purposes? Just how deep does the
protection extend? If it’s on a per-task or even per-thread level then any
cross-task or cross-thread mechanism (e.g. p

Repair Tool : Driver Collector

Driver Collector is a tool designed to find and collect installed windows drivers for the hardware you select on your PC. Once you tell it which type of drivers you want to collect, it will copy them to a specific folder. This can be very handy when preparing for a format and reinstall of Windows, especially when you or a client have since lost the computers driver disks.

Available:
www.dracko.com download area
http://www.majorgeeks.com/download.php?det=3982
http://www.softpedia.com/get/System/OS-Enhancements/Driver-Collector.shtml

Windows XP Pro Stuff to turn off:

Windows XP Pro Stuff to turn off:

Each service is listed as it is in Microsoft’s WIndows XP Professional. These should be similar in Microsoft’s XP Home as well. Under each is the definition given in the Services Manager.

* Alerter
Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: I don’t want my personal computer telling me anything, ever. Shut up and work! There’s few things I find more annoying than a computer constantly wanting to interact with me while I’m using it to do work or entertain myself. A computer is a tool, not a friend or work companion. No Hal, I don’t want to talk to you. Perhaps there’s a software vendor that can give you a compelling reason why you need this service, but for most home and SOHO PC use it’s just an unnecessary service taking up resources and providing risk. Unless you are running a product that requires this service, disable it.

* Application Layer Gateway Service
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall

Comment: Do you want to share your internet connection? That’s an article waiting to be written. Let me be clear. Since you can buy a router for $50 or less, and Windows does an awful job routing, using a computer to gateway your other computers to the internet is just stupid. "What about firewalling and admission control?" Well, that’s not going to be done through the built-in internet sharing tools. So, we”re not talking about that. If you use a personal computer to gateway your other computers to the internet (and calling it a server doesn’t change the reality), you are wasting resources. Buy a $50 router, or a $1000 router for that matter. But, buy a discrete device that is designed to do the job. Use hardware based firewalling (OK, it’s all based on software – but I mean a boxed solution, not software installed on a PC that’s prone to lose autonomy). And, what about all those cute third-party firewalling tools that plug in to this thing? Man, give me a break. If it runs on top of your Windows installation, it’s not a real firewall. Unless this is required by a product you think is necessary, disable it.

* Automatic Updates
Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated.

Comment: There’s only two options that may make sense with this service. You should either set it to disable or manual. I’d disable it. Automatic Updates is designed as a tool to aid Microsoft in controlling their product. Props to Microsoft for trying to protect their product from piracy. But, some updates have been known to cause problems. Use it when you need it, and disable it when you don’t, unless you’re too lazy to do updates on your own. Don’t you wonder why all the computers in big, well managed networks don’t run Automatic Updates? It’s mostly because managers of big networks create their own update policies. If you more completely understand the thinking that goes into deciding whether or not to distribute an update, you could better administer your own PC. Either turn it on and assume the risk, or turn it off and regularly visit Mircosoft’s update and news page (discussed more below).

* Background Intelligent Transfer Service
Uses idle network bandwidth to transfer data.

Comment: This is one of those tools they require you turn on to enable Automatic Updates. Think about it. It connects your PC to the internet or network and works behind your back to do stuff you didn’t explicitly tell it to do. It sounds like a great tool to help hackers collect data from your PC and slowly seep it back to their lair. Unless it’s immediately required, disable it. It you use it and then go for some time with no need to use it, disable it. If you can’t remember to keep your PC updated with the latest security fixes, you’ll need it.

* ClipBook
Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: So, you want to copy stuff to your clipbook and allow remote computers to access it? I don’t. There may be a software vendor that requires this service to run. I’ve yet to find it useful. I suggest you disable it.

* Computer Browser
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: If you are on a network with other computers, and need to see them, this may be a useful tool. Otherwise, disable it.

* Cryptographic Services
Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: It is very necessary if you are passing certificates for networking. Unless you are in a large corporate network where connections are managed through authentication, this is unnecessary; disable it.

* Distributed Transaction Coordinator
Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: Extremely few personal computers will require this service. If you use it, you may want to review the reasons it is being used. Unless you are accessing network filesystems and databases, disable it.

* DNS Client
Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: It’s typically good to leave this on.

* Error Reporting Service
Allows error reporting for services and applications running in non-standard environments.

Comment: Erorr reporting is very useful, if you know what to do with the errors or you are running software that adjusts based on error reporting. This is that annoying "feature" in Windows that constantly pops up wanting to ship information about your software failures to Redmond. People promise me it helps find problems and solutions. I’ve mostly seen problem reports that you could as easily search out yourself. If you’re advanced enough to use this, you’ll likely use a search engine just as well. Chances are, the best thing for you to do is disable it.

* Help and Support
Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: I don’t find this service useful, other than sucking up resources. If you know how to use Google, I’d disable it.

* Human Interface Device Access
Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: Whether or not you should disable this service, depends on other services you need. If you don’t know, turn it off and see if it breaks anything. It says that it deals with hotkeys, however all the system hotkeys that most of us enjoy aren’t controlled by this service, they are built into the core OS. Control C, for example, to copy and Control V to past, do not stop working when you turn this service off. It seems this has more to do with specific hotkeys that a software vendor may want to insert into their installed program or internet product. Until you see a reason for it, I’d turn this one off. Personally, I consider relying on such services to be lazy programming. But, there may be good reason for using it if it’s more efficient.

* Indexing Service
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.

Comment: To date, nobody has shown me real system performance improvements with this technology. Keep in mind, I’m limited in this conversation to Windows. Indexing is very useful. Indexing databases is very useful. Indexing your computer isn’t very useful at all. Typically, if you are on a network, you know where on a network to find your chosen data. If you are not on a network, there’s no real performance enhancement to this service that justifies the complexity and resource use. Chances are good you should disable it.

* IMAPI CD-Burning COM Service
Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: Obviously, there may be some usefulness leaving this service as manual, if you have a CD burner installed. If you don’t, disable it.

* Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.

Comment: This tool does a great job of complicating my internet connection and slowing down transactions. It’s not likely this tool is sophisticated enough to make a major impact in your system’s performance. You should disable it.

* Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: Turn this thing off! It’s a simple kit for anybody that can connect via any network to your computer to access your system and do things you don’t want them to. Disable it.

* Net Logon
Supports pass-through authentication of account logon events for computers in a domain.

Comment: Unless you need this to operate inside a domain, it’s likely not necessary or useful. If you are using a home or SOHO PC and don’t have a local domain based network, disable it.

* NetMeeting Remote Desktop Sharing
Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: Do you really want a built in tool to share control of your desktop over your network connection? There are better tools for doing this kind of work, if needed. If someone you buy software from insists you let them use this tool to help you install it one time, then enable it and disable it immediately afterward. For typical use, you should disable it.

* Remote Desktop Help Session Manager
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.

Comment: Refer to NetMeeting. If you don’t want to share control of your computer through your network, disable it.

* Remote Procedure Call (RPC) Locator
Manages the RPC name service database.

Comment: There are some network programs and protocols that require this to be turned on. Chances are you could just turn it off and see if you break anything. If you are using a single PC in your home or SOHO, it’s likely just a security risk. If you don’t know you need it, disable it.

* Remote Registry
Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: Seems self-explanatory. You can enable this service to help remote people or programs change your registry. Great hacker tool if you can’t secure it. Disable it.

* System Restore Service
Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties

Comment: This is almost useless if you ever have a problem with damaged drives, corrupted data, or malware. It uses a lot of resources and isn’t useful for most people. You can turn it on before you install a big piece of software. This service allows you to backup to a previous system should you mess your’s up with an installation of software or a modification to your system settings, usually registry damage. To improve system performance and take the minor risk of not being able to make your computer work like it did yesterday, disable it.

* TCP/IP NetBIOS Helper
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.

Comment: Very few people use NetBIOS at home. This is the Windows built-in protocol for simple networking. You may need it. Otherwise, disable it.

* Telephony
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.

Comment: If you use telephony, you probably use discrete devices or proprietary services that don’t rely on this service. However, you do need this servive if you use a modem to connect to the ineternet. If you don’t specifically need the Microsoft Telephony service, disable it. If you use a modem to connect to the internet, leave it enabled.

* Telnet
Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: There’s just not a circumstance where I can imagine that turning this service on is a good idea. Unless you need to let people telnet into your computer and have a really good reason for doing so, disable it.

* Terminal Services
Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.

Comment: As I’ve said above, there’s better tools for remote desktop administration. The idea of Terminal Services is to allow remote desktop administration of a system, like the user was on the actual console. In almost all circumstances you should disable it.

* Themes
Provides user experience theme management.

Comment: Themes are cute and bloated. Enabling themes is not a good way to increase performance, but you may think it’s neat. If you aren’t addicted to cute desktop eye candy, disable it.

* Uninterruptible Power Supply
Manages an uninterruptible power supply (UPS) connected to the computer.

Comment: Unless you are using a UPS on your computer and it has the capability of managing the system, disable it.

* Upload Manager
Manages synchronous and asynchronous file transfers between clients and servers on the network. If this service is stopped, synchronous and asynchronous file transfers between clients and servers on the network will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: If you are not in a local network sharing data (files and/or services), disable it.

* Windows Time
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: Sometimes it works. Unless you are really needing your time to sync to something running a Windows time server, disable it.

* Wireless Zero Configuration
Provides automatic configuration for the 802.11 adapters

Comment: Unless you use 802.11 devices, disable it.

* Workstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: If you are not in a local network sharing data (files and/or services), disable it.

If you turn off all the services suggested above and try to use Automatic Updates via WindowsUpdate.Microsoft.com, you will likely see a message something like this:

Windows Update cannot continue because a required service application is disabled. Windows Update requires the following services:

"Automatic Updates enables detection, downloading, and installation of critical updates for your computer.

Background Intelligent Transfer Service (BITS) enables faster, restartable downloading of updates.

Event Log logs Windows Update events for troubleshooting. To ensure that these services are enabled:"

It’s easy to just go back to Services, and turn these services on as you need them. An operating system shouldn’t need daily updates to run. And, the more services you run, the more likely you are to need updates. See a circle here? Occasionally, a little laziness won’t kill you. Though you could just go to Technet (Microsoft’s only support for IT professionals) and get all your news and update files with descriptions of their efficacy and safety, you may occasionally just want to veg out and let Microsoft do the work for you. You should still read each update and decide for yourself whether it makes sense. Some of them are flat out bad news. But, turning up these services for a few minutes to run Automatic Updates may be a shortcut to periodic updates.

So, let’s look at the services they want you to turn on.

Automatic Updates
Background Intelligent Transfer Service
Event Log

I haven’t a clue why you need Background Intelligent Transfer Services to run so you can go to a website, download, and install service packs. But, you can turn it, and the others, on and then turn it back off when you are done. It’s just three services.

If you turn off all the services suggested above and try to use Automatic Updates via WindowsUpdate.Microsoft.com, you will likely see a message something like this:

Windows Update cannot continue because a required service application is disabled. Windows Update requires the following services:
Automatic Updates enables detection, downloading, and installation of critical updates for your computer.
Background Intelligent Transfer Service (BITS) enables faster, restartable downloading of updates.
Event Log logs Windows Update events for troubleshooting. To ensure that these services are enabled:

It’s easy to just go back to Services, and turn these services on as you need them. An operating system shouldn’t need daily updates to run. And, the more services you run, the more likely you are to need updates. See a circle here? Occasionally, a little laziness won’t kill you. Though you could just go to Technet (Microsoft’s only support for IT professionals) and get all your news and update files with descriptions of their efficacy and safety, you may occasionally just want to veg out and let Microsoft do the work for you. You should still read each update and decide for yourself whether it makes sense. Some of them are flat out bad news. But, turning up these services for a few minutes to run Automatic Updates may be a shortcut to periodic updates.

So, let’s look at the services they want you to turn on.

1. Automatic Updates
2. Background Intelligent Transfer Service
3. Event Log

I haven’t a clue why you need Background Intelligent Transfer Services to run so you can go to a website, download, and install service packs. But, you can turn it, and the others, on and then turn it back off when you are done. After all, it’s just three services.

If you take a minimalist’s point of view to running both software and services on your computer, it will perform faster and more safely than it will if you just randomly load anything anyone tells you to. To better secure your PC, stick to a mindset that if you don’t absolutely need a service running right now, you should just turn it off.

The dangers of using MS Office

The dangers of using MS Office

MS Office (Word, Excel, PowerPoint) is a breading ground for viruses and information theft. Consider switching to a safe substitute like OpenOffice.

*

94% of all computer viruses come in the form of auto-executing macros in MS Word, Excel and PowerPoint files. Opening any one of these three files from an email can infect your computer. Once infected, every new document created will have the infection. This happens because the default "blank" document that is used to create any new file is infected. This file is called normal.dot. At a minimum you should disable auto-executing macros or at least set the option to prompt you before running them. You can get more information about viruses at www.sarc.com
*

MS Office stores hidden data in your files that you don’t see when viewing or editing the document. This includes the change history, the people that edited the file and the dates that they made the changes, etc. This can be very damaging from many perspectives and can include unexpected meta data from portions of the disk that weren’t written over when the file was created. For more information see this article on the BBC News site:

http://news.bbc.co.uk/1/hi/technology/3154479.stm
*

From the document: "Computer researcher Simon Byers has conducted a survey of Word documents available on the net and found that many of them contain sensitive information. He gathered about 100,000 Word documents from sites on the web and every single one of them had hidden information. In a research paper about the work Mr Byers wrote that about half the documents gathered had up to 50 hidden words, a third up to 500 words hidden and 10% had more than 500 words concealed within them. The hidden text revealed the names of document authors, their relationship to each other and earlier versents. Occasionally it revealed very personal information such as social security numbers that are beloved of criminals who specialize in identity theft. Also available was useful information about the internal network the document traveled through, which could be useful to anyone looking for a route into a network. Mr Byers wrote that the problem of leaky Word documents is pervasive and wrote that anyone worried about losing personal information might want to consider using a different word processing program. "
*

When sending out a document, consider a safe file format like PDF. This is a read-only format that is cross platform so the recipient doesn’t have to have the same software that you used to create it to view or print it. They cannot edit it either as this is a read-only format. Someone with a Macintosh for example, would be able to open, view and print your document in the same formatting that you created it in regardless of the software that they use. You don’t have to worry about sending out unintentional information which is why the IRS publishes it’s tax forms in this format. Alternatively, you can cut/paste the document directly into your email and avoid attaching a file altogether.
*

Fortunately, there is a good alternative to running MS Office. You can download a free substitute called OpenOffice at www.openoffice.org. This is an open source project that is cross platform and runs on Windows, Macintosh, Linux and others. This software provides work alike equivalents to MS Word, Excel and PowerPoint. They also through in a Drawing program for good measure. They have created an open document file format that is used by default. You can set the default file save format to MS Word, Excel and PowerPoint so that any new documents that you create will automatically save to these formats. This is safe with OpenOffice because although the auto-execute macros are preserved when the document is edited-they aren’t executed. Saving the document back will save the embedded macros but you can open these with confidence knowing that OpenOffice won’t run this potentially dangerous code. You can set OpenOffice to be the default application for *.doc, *.xls, *.ppt files by right clicking on a file with this extension and selecting the "Open With" and then "Choose Program". Scroll down the list of programs and select OpenOffice. Click the check box for "Always use this program to open these files". This will allow you to leave MS Office installed in case you run into a need for it but will set OpenOffice as the default program for these types of data files. This program has a button on the tool bar to export the document to a PDF file. This is a good option to send out a resume or other legal documents to someone via email.
*

Vendor lock-in. Because Microsoft doesn’t document their file formats for Word, Excel, PowerPoint, etc., they hold the keys to your data. You have to use their software to open, view, edit or print any document created. This is partially why the discovery of meta data is somewhat new and the potential exists for other security related issues. Microsoft is going toward an annual subscription software licensing model which will require you to activate your software annually every year to continue using it. This threatens the data that you’ve spent the last 15 years creating and foreign governments in particular have become very nervous about being so beholden to a foreign company for their public documents. China recently declared that all public documentation was to be stored in public documented file formats and they are using a derivative of OpenOffice and it’s native file formats for their document storage. I expect other governments to follow suit. Also keep in mind that MS Office isn’t cross platform meaning that not only do you have to use their software but you also have to be running it on their OS, namely MS Windows. This lock-in allows them to hold a gun to your head and demand what they will and has served to cement their position on the desktop. There are good alternatives such as the Apple Macintosh that are threatened by Microsoft’s continued threats to drop MS Office support for that platform. So to a large extent, OpenOffice helps restore competition in the computer industry far beyond just Office software. It comes down to who owns your data. Are you handing the keys to your data vault to someone else?

Determine the Version of DirectX

To use the DirectX Diagnostic Tool to determine the version of DirectX that is installed on your computer, follow these steps:

1. Click Start, and then click Run.
2. Type dxdiag, and then click OK.
3. On the System tab, note the version of DirectX displayed on the DirectX Version line.
4. On the DirectX Files tab, check the version information for each DirectX file.
5. When you are finished checking file versions, click Exit.
If Windows cannot find the dxdiag program, DirectX version 5.0 or earlier is installed on your computer. If this is the case, download and install the current version of DirectX.

To download the latest version fo DirectX, visit the following Microsoft Web site:
http://www.microsoft.com/windows/directx/default.mspx

Hard drive file permisssion problem

To FIX:

Use Subinacl.exe from the Windows Resource Kit:

Download it here:
http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en

Place in \WINNT\system32

Start, Run, CMD
subinacl /subdirectories D:\ /setowner=administrator
subinacl /subdirectories D:\ /grant=everyone=f

This will take some time to run.

A Cost Analysis of Windows Vista Content Protection

A Cost Analysis of Windows Vista Content Protection
===================================================

Peter Gutmann, pgut001@cs.auckland.ac.nz
http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt
Last updated 8 January 2007
Distributed under the Creative Commons license (see Appendix)

(A note to readers: The reaction to what started out as an obscure
technical post to a security mailing list has been rather unexpected
and overwhelming, so I’m totally buried in Vista email at the moment.
Please be patient when expecting replies, and apologies if I can’t
reply to all messages.

A second note, this was originally posted as a text file, which is
why it’s not in HTML format. For technical reasons it’s not easy
to transparently redirect accesses to this file to an HTML equivalent
because of the way this server is configured, and I don’t want to
just move it because there are about 4.2 million links to it. Once I
figure out the appropriate mod_alias hack I’ll replace it with an
HTML version).

Executive Summary
—————–

Windows Vista includes an extensive reworking of core OS elements in order to
provide content protection for so-called "premium content", typically HD data
from Blu-Ray and HD-DVD sources. Providing this protection incurs
considerable costs in terms of system performance, system stability, technical
support overhead, and hardware and software cost. These issues affect not
only users of Vista but the entire PC industry, since the effects of the
protection measures extend to cover all hardware and software that will ever
come into contact with Vista, even if it’s not used directly with Vista (for
example hardware in a Macintosh computer or on a Linux server). This document
analyses the cost involved in Vista’s content protection, and the collateral
damage that this incurs throughout the computer industry.

Executive Executive Summary
—————————

The Vista Content Protection specification could very well constitute the
longest suicide note in history [Note A].

Introduction
————

This document looks purely at the cost of the technical portions of Vista’s
content protection [Note B]. The political issues (under the heading of DRM)
have been examined in exhaustive detail elsewhere and won’t be commented on
further, unless it’s relevant to the cost analysis. However, one important
point that must be kept in mind when reading this document is that in order to
work, Vista’s content protection must be able to violate the laws of physics,
something that’s unlikely to happen no matter how much the content industry
wishes it were possible [Note C]. This conundrum is displayed over and over
again in the Windows content-protection requirements, with manufacturers being
given no hard-and-fast guidelines but instead being instructed that they need
to display as much dedication as possible to the party line. The
documentation is peppered with sentences like:

"It is recommended that a graphics manufacturer go beyond the strict letter
of the specification and provide additional content-protection features,
because this demonstrates their strong intent to protect premium content".

This is an exceedingly strange way to write technical specifications, but is
dictated by the fact that what the spec is trying to achieve is fundamentally
impossible. Readers should keep this requirement to display appropriate
levels of dedication in mind when reading the following analysis [Note D].

Disabling of Functionality
————————–

Vista’s content protection mechanism only allows protected content to be sent
over interfaces that also have content-protection facilities built in.
Currently the most common high-end audio output interface is S/PDIF
(Sony/Philips Digital Interface Format). Most newer audio cards, for example,
feature TOSlink digital optical output for high-quality sound reproduction,
and even the latest crop of motherboards with integrated audio provide at
least coax (and often optical) digital output. Since S/PDIF doesn’t provide
any content protection, Vista requires that it be disabled when playing
protected content [Note E]. In other words if you’ve sunk a pile of money
into a high-end audio setup fed from an S/PDIF digital output, you won’t be
able to use it with protected content.

Say you’ve just bought Pink Floyd’s "The Dark Side of the Moon", released as a
Super Audio CD (SACD) in its 30th anniversary edition in 2003, and you want to
play it under Vista. Since the S/PDIF link to your amplifier/speakers is
regarded as insecure for playing the SA content, Vista disables it, and you
end up hearing a performance by Marcel Marceau instead of Pink Floyd.

Similarly, component (YPbPr) video will be disabled by Vista’s content
protection, so the same applies to a high-end video setup fed from component
video. What if you’re lucky enough to have bought a video card that supports
HDMI digital video with HDCP content-protection? There’s a good chance that
you’ll have to go out and buy another video card that really *does* support
HDCP, because until quite recently no video card on the market actually
supported it even if the vendor’s advertising claimed that it did. As the
site that first broke the story put it in their article "The Great HDCP
Fiasco" (http://www.firingsquad.com/hardware/ati_nvidia_hdcp_support/) puts
it:

"None of the AGP or PCI-E graphics cards that you can buy today support HDCP
[…] If you’ve just spent $1000 on a pair of Radeon X1900 XT graphics cards
expecting to be able to playback HD-DVD or Blu-Ray movies at 1920×1080
resolution in the future, you’ve just wasted your money […] If you just
spent $1500 on a pair of 7800GTX 512MB GPUs expecting to be able to play
1920×1080 HD-DVD or Blu-Ray movies in the future, you’ve just wasted your
money".

(The two devices mentioned above are the premium supposedly-HDCP-enabled cards
made by the two major graphics chipset manufacturers ATI and nVidia). ATI was
later subject to a class-action lawsuit by its customers over this deception.
As late as August of 2006, when Sony announced its Blu-Ray drive for PCs, it
had to face the embarrassing fact that its Blu-Ray drive couldn’t actually
play Blu-Ray disks in HD format ("First Blu-ray disc drive won’t play Blu-ray
movies",
http://www.cnet.com.au/desktops/dvdburners/0,239029405,240091720,00.htm):

"Since there are currently no PCs for sale offering graphics chips that
support HDCP, this isn’t yet possible".

In order to appropriately protect content, Vista will probably have to disable
any special device features that it can’t directly control. For example many
sound cards built on C-Media chipsets (which in practice is the vast majority
of them) support Steinberg’s ASIO (Audio Stream I/O), a digital audio
interface that completely bypasses the Windows audio mixer and other audio-
related driver software to provide more flexibility and much lower latency
than the Windows ones. ASIO support is standard for newer C-Media hardware,
see for example http://www.cmedia.com.tw/?q=en/PCI/CMI8788. Since ASIO
bypasses Windows’ audio handling, it would probably have to be disabled, which
is problematic because audiophiles and professional musicians require ASIO
support specifically because of its much higher quality than the standard
Windows channels.

Indirect Disabling of Functionality
———————————–

As well as overt disabling of functionality, there’s also covert disabling of
functionality. For example PC voice communications rely on automatic echo
cancellation (AEC) in order to work. AEC requires feeding back a sample of
the audio mix into the echo cancellation subsystem, but with Vista’s content
protection this isn’t permitted any more because this might allow access to
premium content. What is permitted is a highly-degraded form of feedback that
might possibly still sort-of be enough for some sort of minimal echo
cancellation purposes.

The requirement to disable audio and video output plays havoc with standard
system operations, because the security policy used is a so-called "system
high" policy: The overall sensitivity level is that of the most sensitive data
present in the system. So the instant any audio derived from premium content
appears on your system, signal degradation and disabling of outputs will
occur. What makes this particularly entertaining is the fact that the
downgrading/disabling is dynamic, so if the premium-content signal is
intermittent or varies (for example music that fades out), various outputs and
output quality will fade in and out, or turn on and off, in sync. Normally
this behaviour would be a trigger for reinstalling device drivers or even a
warranty return of the affected hardware, but in this case it’s just a signal
that everything is functioning as intended.

Decreased Playback Quality
————————–

Alongside the all-or-nothing approach of disabling output, Vista requires that
any interface that provides high-quality output degrade the signal quality
that passes through it if premium content is present. This is done through a
"constrictor" that downgrades the signal to a much lower-quality one, then up-
scales it again back to the original spec, but with a significant loss in
quality. So if you’re using an expensive new LCD display fed from a high-
quality DVI signal on your video card and there’s protected content present,
the picture you’re going to see will be, as the spec puts it, "slightly
fuzzy", a bit like a 10-year-old CRT monitor that you picked up for $2 at a
yard sale [Note F]. In fact the specification specifically still allows for
old VGA analog outputs, but even that’s only because disallowing them would
upset too many existing owners of analog monitors. In the future even analog
VGA output will probably have to be disabled. The only thing that seems to be
explicitly allowed is the extremely low-quality TV-out, provided that
Macrovision is applied to it.

The same deliberate degrading of playback quality applies to audio, with the
audio being downgraded to sound (from the spec) "fuzzy with less detail"
[Note G].

Amusingly, the Vista content protection docs say that it’ll be left to
graphics chip manufacturers to differentiate their product based on
(deliberately degraded) video quality. This seems a bit like breaking the
legs of Olympic athletes and then rating them based on how fast they can
hobble on crutches.

The Microsoft specs say that only display devices with more than 520K pixels
will have their images degraded, but conveniently omit to mention that this
resolution, roughly 800×600, covers pretty much every output device that will
ever be used with Vista. The abolute minimum requirement for Vista Basic are
listed as 800×600 resolution (and an 800MHz Pentium III CPU with 512MB of RAM,
which seems, well, "wildly optimistic" is one term that springs to mind).
However that won’t get you the Vista Aero interface, which makes a move to
Vista from XP more or less pointless. The minimum requirements for running
Aero on a Vista Premium PC are "a DX9 GPU, 128 MB of VRAM, Pixel Shader 2.0,
and minimum resolution 1024x768x32", and for Aero Glass it’s even higher than
that. In addition the minimum resolution supported by a standard LCD panel is
1024×768 for a 15" LCD, and to get 800×600 you’d have to go back to a 10-year-
old 14" CRT monitor or something similar. So in practice the 520K pixel
requirement means that everything will fall into the degraded-image category.

Beyond the obvious playback-quality implications of deliberately degraded
output, this measure can have serious repercussions in applications where
high-quality reproduction of content is vital. For example the field of
medical imaging either bans outright or strongly frowns on any form of lossy
compression because artefacts introduced by the compression process can cause
mis-diagnoses and in extreme cases even become life-threatening. Consider a
medical IT worker who’s using a medical imaging PC while listening to
audio/video played back by the computer. This scenario is already very
common, the CDROM drives installed in workplace PCs inevitably spend most of
their working lives playing music or MP3 CDs to drown out workplace noise.

Now obviously CDs aren’t (yet) regarded as premium content and so won’t
trigger Vista’s content-protection measures, that’s merely an example to
illustrate how common it is for users to play back audio/video content while
working. Let’s say that instead of listening to music while they work, the
user may have a humorous video that a workmate sent them, or that they grabbed
from YouTube, playing in the background that, and that unbeknownst to them
this video is protected premium content. As a result, the video image will be
subtly altered by Vista’s content protection, potentially creating exactly the
life-threatening situation that the medical industry has worked so hard to
avoid. The scary thing is that there’s no easy way around this – Vista will
silently modify displayed content under certain (almost impossible-to-predict
in advance) situations discernable only to Vista’s built-in content-protection
subsystem [Note H][Note I].

Elimination of Open-source Hardware Support
——————————————-

In order to prevent the creation of hardware emulators of protected output
devices, Vista requires a Hardware Functionality Scan (HFS) that can be used
to uniquely fingerprint a hardware device to ensure that it’s (probably)
genuine. In order to do this, the driver on the host PC performs an operation
in the hardware (for example rendering 3D content in a graphics card) that
produces a result that’s unique to that device type.

In order for this to work, the spec requires that the operational details of
the device be kept confidential. Obviously anyone who knows enough about the
workings of a device to operate it and to write a third-party driver for it
(for example one for an open-source OS, or in general just any non-Windows OS)
will also know enough to fake the HFS process. The only way to protect the
HFS process therefore is to not release any technical details on the device
beyond a minimum required for web site reviews and comparison with other
products.

This potential "closing" of the PC’s historically open platform is an
extremely worrying trend. A quarter of a century ago, IBM made the momentous
decision to make their PC an open platform by publishing complete hardware
details and allowing anyone to compete on the open market. Many small
companies, the traditional garage startup, got their start through this. This
openness is what created the PC industry, and the reason why most homes
(rather than just a few offices, as had been the case until then) have one or
more PCs sitting in a corner somewhere. This seems to be a return to the bad
old days of 25 years ago when only privileged insiders were able to
participate.

Elimination of Unified Drivers
——————————

The HFS process has another cost involved with it. Most hardware vendors have
(thankfully) moved to unified driver models instead of the plethora of
individual drivers that abounded some years ago. Since HFS requires unique
identification and handling of not just each device type (for example each
graphics chip) but each variant of each device type (for example each stepping
of each graphics chip) to handle the situation where a problem is found with
one variation of a device, it’s no longer possible to create one-size-fits-all
drivers for an entire range of devices like the current
Catalyst/Detonator/ForceWare drivers. Every little variation of every device
type out there must now be individually accommodated in custom code in order
for the HFS process to be fully effective.

If a graphics chip is integrated directly into the motherboard and there’s no
easy access to the device bus then the need for bus encryption (see
"Unnecessary CPU Resource Consumption" below) is removed. Because the
encryption requirement is so onerous, it’s quite possible that this means of
providing graphics capabilities will suddenly become more popular after the
release of Vista. However, this leads to a problem: It’s no longer possible
to tell if a graphics chip is situated on a plug-in card or attached to the
motherboard, since as far as the system is concerned they’re both just devices
sitting on the AGP/PCIe bus. The solution to this problem is to make the two
deliberately incompatible, so that HFS can detect a chip on a plug-in card vs.
one on the motherboard. Again, this does nothing more than increase costs and
driver complexity.

Further problems occur with audio drivers. To the system, HDMI audio looks
like S/PDIF, a deliberate design decision to make handling of drivers easier.
In order to provide the ability to disable output, it’s necessary to make HDMI
codecs deliberately incompatible with S/PDIF codecs, despite the fact that
they were specifically designed to appear identical in order to ease driver
support and reduce development costs.

Denial-of-Service via Driver/Device Revocation
———————————————-

Once a weakness is found in a particular driver or device, that driver will
have its signature revoked by Microsoft, which means that it will cease to
function. Details on exactly what happens are a bit vague here, the specs
contain sentences like "the related driver would have to be revoked and a new
driver would have to be deployed", however presumably some minimum
functionality like generic 640×480 VGA support will still be available in
order for the system to boot.

What this means is that a report of a compromise of a particular driver or
device will cause all support for that device worldwide to be turned off until
a fix can be found [Note J]. Again, details are sketchy, but if it’s a device
problem then presumably the device turns into a paperweight once it’s revoked.
If it’s an older device for which the vendor isn’t interested in rewriting
their drivers (and in the fast-moving hardware market most devices enter
"legacy" status within a year or two of their replacement models becoming
available), all devices of that type worldwide become permanently unusable.

An example of this might be nVidia TNT2 video cards, which are still very
widely deployed in business environments where they’re all that you need to
run Word or Outlook or Excel (or, for that matter, pretty much any non-gaming
application). The drivers for these cards haven’t been updated for quite some
time for exactly that reason: You don’t need the latest drivers for them
because they’re not useful with current games any more (if you go to the
nVidia site and try and install any recent drivers, the installer will tell
you to go back and download much older drivers instead). If a TNT2 device
were found to be leaking content, it seems unlikely that nVidia would be
interested in reviving discontinued drivers that it hasn’t touched for several
years, creating instant orphanware of the installed user base.

The threat of driver revocation is the ultimate nuclear option, the crack of
the commissars’ pistols reminding the faithful of their duty [Note K]. The
exact details of the hammer that vendors will be hit with is buried in
confidential licensing agreements, but I’ve heard mention of multi-million
dollar fines and embargoes on further shipment of devices alongside the driver
revocation mentioned above.

This revocation can have unforeseen carry-on costs. Windows’ anti-piracy
component, WGA, is tied to system hardware components. Windows allows you to
make a small number of system hardware changes after which you need to renew
your Windows license (the exact details of what you can and can’t get away
with changing has been the subject of much debate). If a particular piece of
hardware is deactivated (even just temporarily while waiting for an updated
driver to work around a content leak) and you swap in a different video card
or sound card to avoid the problem, you risk triggering Windows’ anti-piracy
measures, landing you in even more hot water. If you’re forced to swap out a
major system component like a motherboard, you’ve instantly failed WGA
validation. Revocation of any kind of motherboard-integrated device
(practically every motherboard has some form of onboard audio, and all of the
cheaper ones have integrated video) would appear to have a serious negative
interaction with Windows’ anti-piracy measures.

The details of what will happen if a motherboard contains unused onboard audio
capabilities and an additional sound card alongside it, and the motherboard
drivers are revoked, is unknown. Windows can’t tell that there’s nothing
connected to the onboard audio because the user prefers to use their M-Audio
Revolution 7.1 Surround Sound card instead, so it’ll probably have to revoke
the motherboard drivers even though they’re not used for anything. Since
virtually all motherboards contain onboard audio, this could prove quite
problematic.

An entirely different DoS problem that applies more to HDMI-enabled devices in
general has already surfaced in the form of, uhh, "DVI amplifiers", which take
as input an HDMI signal and output a DVI signal, amplifying it in the process.
Oh, and as a side-effect they forget to re-apply the HDCP protection to the
output. These devices are relatively simple to design and build using off-
the-shelf HDMI chips. Beyond the commercially-available models, individual
hardware hackers have built their own protection-strippers using chip samples
obtained from chip vendors. If you have the right credentials you can even
get hardware evaluation boards designed for testing and development that do
this sort of thing. And I won’t even get into the territory of HD players
with non-HDMI digital outputs, for example ones that contain an HD-SDI (SMPTE
292M) interface. HD-SDI is an unencrypted digital link typically used in TV
studios but also available from various non-US sources as after-market
sidegrades for standard HD players, providing better-than-HDMI image quality
without the hassle of HDCP.

Now assume that the "DVI amplifier" manufacturer buys a truckload of HDMI
chips (they’ll want to get as many as they can in one go because they probably
won’t be able to go back and buy more when the chip vendor discovers what
they’re being used for). Since this is a rogue device, it can be revoked…
along with hundreds of thousands or even millions of other consumer devices
that use the same chip. If they’re feeling particularly nasty, they can
recycle the HDMI chips from junked TVs to ensure that the maximum possible
damage to the consumer base occurs. Engadget have a good overview of this
scenario at
http://www.engadget.com/2005/07/21/the-clicker-hdcps-shiny-red-button/.

(Exactly what will happen when a key is leaked depends on how the attackers
handle it. The way HD-DVD/Blu-Ray keying works is that a per-device key is
used to decrypt the title key on the disk, and the title key is then in turn
used to decrypt the content. So the chain of custody is Device key -> Title
key -> Content. This level of indirection allows an individual device to be
disabled by revoking the device key without making the disk unplayable on all
devices, since other device keys can still decrypt the title key and thus the
content (I’ve simplified this a bit to cut down the length of the explanation,
see the AACS specification for more details).

The device key is tied to a particular device/player/vendor, but the title key
is only tied to the content on disk. You can probably see where this is
going… by publishing the device key, the attacker can cause general mayhem
by forcing device revocation. On the other hand by publishing the title key
the attacker can release the content in an untraceable manner, since it’s not
known which device key was used to leak the title key. In addition since
there’s no way to un-publish the title key (encrypted content + title key =
unencrypted content), at that point it’s game over for the content).

Decreased System Reliability
—————————-

"Drivers must be extra-robust. Requires additional driver development to
isolate and protect sensitive code paths" — ATI.

Vista’s content protection requires that devices (hardware and software
drivers) set so-called "tilt bits" if they detect anything unusual. For
example if there are unusual voltage fluctuations, maybe some jitter on bus
signals, a slightly funny return code from a function call, a device register
that doesn’t contain quite the value that was expected, or anything similar, a
tilt bit gets set. Such occurrences aren’t too uncommon in a typical
computer. For example starting up or plugging in a bus-powered device may
cause a small glitch in power supply voltages, or drivers may not quite manage
device state as precisely as they think. Previously this was no problem – the
system was designed with a bit of resilience, and things will function as
normal. In other words small variances in performance are a normal part of
system functioning. Furthermore, the degree of variance can differ widely
across systems, with some handling large changes in system parameters and
others only small ones. One very obvious way to observe this is what happens
when a bunch of PCs get hit by a momentary power outage. Effects will vary
from powering down, to various types of crash, to nothing at all, all
triggered by exactly the same external event.

With the introduction of tilt bits, all of this designed-in resilience is
gone. Every little (normally unnoticeable) glitch is suddenly surfaced
because it could be a sign of a hack attack, with the required reaction being
that "Windows Vista will initiate a full reset of the graphics subsystem, so
everything will restart". The effect that these tilt bits will have on system
reliability should require no further explanation.

Content-protection "features" like tilt bits also have worrying denial-of-
service (DoS) implications. It’s probably a good thing that modern malware is
created by programmers with the commercial interests of the phishing and spam
industries in mind rather than just creating as much havoc as possible. With
the number of easily-accessible grenade pins that Vista’s content protection
provides, any piece of malware that decides to pull a few of them will cause
considerable damage. The homeland security implications of this seem quite
serious, since a tiny, easily-hidden piece of malware would be enough to
render a machine unusable, while the very nature of Vista’s content protection
would make it almost impossible to determine why the denial-of-service is
occurring. Furthermore, the malware authors, who are taking advantage of
"content-protection" features, would be protected by the DMCA against any
attempts to reverse-engineer or disable the content-protection "features" that
they’re abusing.

Even without deliberate abuse by malware, the homeland security implications
of an external agent being empowered to turn off your IT infrastructure in
response to a content leak discovered in some chipset that you coincidentally
happen to be using is a serious concern for potential Vista users. Non-US
governments are already nervous enough about using a US-supplied operating
system without having this remote DoS capability built into the operating
system. And like the medical-image-degradation issue, you won’t find out
about this until it’s too late, turning Vista PCs into ticking time bombs if
the revocation functionality is ever employed.

Like the medical-imaging degradation example given earlier, it’s possible to
imagine all sorts of scenarios in which the tilt bits end up biting users.
Consider a warship operating in a combat zone and equipped with Vista PCs for
management of the vessel’s critical functions which does nothing more wrong
that to suffer a severe jolt from a near miss, scrambling the bus just enough
to activate the tilt bits (without causing any other real damage). In one
famous incident in September 1997, Windows NT managed to disable the Aegis
missile cruiser USS Yorktown ("NT Leaves Navy "Smart Ship" dead in the water",
Government Computer News, 13 July 1998). Now Windows Vista can do the same
thing via a by-design feature of the OS [Note L]. This issue, unless it can
be clearly resolved, would make the use of Vista PCs unacceptable for any
applications that have any hint of unusual environmental conditions such as
high altitude, environmental variations, shock, and so on.

Increased Hardware Costs
————————

"Cannot go to market until it works to specification… potentially more
respins of hardware" — ATI.

"This increases motherboard design costs, increases lead times, and reduces
OEM configuration flexibility. This cost is passed on to purchasers of
multimedia PCs and may delay availability of high-performance platforms" —
ATI.

Vista includes various requirements for "robustness" in which the content
industry, through "hardware robustness rules", dictates design requirements to
hardware manufacturers. The level of control the content producers have over
technical design details is nothing short of amazing. As security researcher
Ed Felten quoted from Microsoft documents on his freedom-to-tinker web site
about a year ago (http://www.freedom-to-tinker.com/?p=882):

"The evidence [of security] must be presented to Hollywood and other content
owners, and they must agree that it provides the required level of security.
Written proof from at least three of the major Hollywood studios is
required".

So if you design a new security system, you can’t get it supported in Windows
Vista until well-known computer security experts like MGM, 20th Century-Fox,
and Disney give you the go-ahead (this gives a whole new meaning to the term
"Mickey-Mouse security"). It’s absolutely astonishing to find paragraphs like
that in what are supposed to be Windows technical documents, since it gives
Hollywood studios veto rights over Windows security mechanisms.

As an example of these "robustness rules", only certain layouts of a board are
allowed in order to make it harder for outsiders to access parts of the board.
Possibly for the first time ever, computer design is being dictated not by
electronic design rules, physical layout requirements, and thermal issues, but
by the wishes of the content industry. Apart from the massive headache that
this poses to device manufacturers, it also imposes additional increased costs
beyond the ones incurred simply by having to lay out board designs in a
suboptimal manner. Video card manufacturers typically produce a one-size-
fits-all design (often a minimally-altered copy of the chipset vendor’s
reference design, as illustrated by
http://www.trustedreviews.com/images/article/inline/2685-2.jpg, which shows
five virtually identical cards from different vendors with the only noticeable
difference being the logo on the heatsink), and then populate different
classes and price levels of cards in different ways. For example a low-end
card will have low-cost, minimal or absent TV-out encoders, DVI circuitry,
RAMDACs, and various other add-ons used to differentiate budget from premium
video cards. You can see this on the cheaper cards by observing the
unpopulated bond pads on circuit boards, and gamers and the like will be
familiar with cut-a- trace/resolder-a-resistor sidegrades of video cards.

An example of omitting components from a high-end card to create a mid-range
card is shown at
http://images.infoteldistributors.com/itemDetails/C261-3053/C261-3053-out3-hl.jpg.
Note the large red rectangular area to the far left of the card, this is where
the manufacturer has omitted a component to produce a lower-cost model. The
same thing is visible in the card at
http://techreport.com/reviews/2006q4/radeon-x1650xt/card.jpg. Conversely,
http://www.xbitlabs.com/images/video/radeon-8500/card-front.jpg shows an (at
the time it was released) top-of-the-line card with optional components
fitted, the chip to the left of the large square heatsink+fan handles video
encoding and can be added or removed (along with other optional components) to
create different levels of cards at different price points. The automotive
industry does the same thing, you have one basic model of each car type and
10,000 extras and options to suit everyone’s needs and pockets.

Vista’s content-protection requirements eliminate this one-size-fits-all
design, banning the use of separate TV-out encoders, DVI circuitry, RAMDACs,
and other discretionary add-ons because feeding unprotected video to these
optional external components would make it too easy to lift the signal off the
bus leading to the external component. So everything has to be custom-
designed and laid out so that there are no unnecessary accessible signal links
on the board. This means that a low-cost card isn’t just a high-cost card
with components omitted, and conversely a high-cost card isn’t just a low-cost
card with additional discretionary components added, each one has to be a
completely custom design created to ensure that no signal on the board is
accessible.

This extends beyond simple board design all the way down to chip design.
Instead of adding an external DVI chip, it now has to be integrated into the
graphics chip, along with any other functionality normally supplied by an
external chip. So instead of varying video card cost based on optional
components, the chipset vendor now has to integrate everything into a one-
size-fits-all premium-featured graphics chip, even if all the user wants is a
budget card for their kid’s PC.

Increased Cost due to Requirement to License Unnecessary Third-party IP
———————————————————————–

"We’ve taken on more legal costs in copyright protection in the last six to
eight months than we have in any previous engagement. Each legal contract
sets a new precedent, and each new one builds on the previous one" — ATI.

Protecting all of this precious premium content requires a lot of additional
technology. Unfortunately much of this is owned by third parties and requires
additional licensing. For example HDCP for HDMI is owned by Intel, so in
order to send a signal over HDMI you have to pay royalties to Intel, even
though you could do exactly the same thing for free over DVI. Similarly,
since even AES-128 on a modern CPU isn’t fast enough to encrypt high-bandwidth
content, companies are required to license the Intel-owned Cascaded Cipher, an
AES-128-based transform that’s designed to offer a generally similar level of
security but with less processing overhead.

The need to obtain unnecessary technology licenses extends beyond basic
hardware IP. In order to demonstrate their commitment to the cause, Microsoft
have recommended as part of their "robustness rules" that vendors license
third-party code obfuscation tools to provide virus-like stealth capabilities
for their device drivers in order to make it difficult to interfere with their
operations or reverse-engineer them. Vendors like Cloakware and Arxan have
actually added "robustness solutions" web pages to their sites in anticipation
of this lucrative market. This must be a nightmare for device vendors, for
whom it’s already enough of a task getting fully functional drivers deployed
without having to deal with adding stealth-virus-like technology on top of the
basic driver functionality.

The robustness rules further complicate driver support by disallowing features
such as driver debugging facilities in shipping drivers. Most Windows XP
users will at one time or another have encountered a Windows crash message
indicating that some application that they were using has terminated
unexpectedly, and would they like to send debugging information to Microsoft
to help fix the problem. Some device vendors even implement their own custom
versions of this debugging support in their drivers, an example being ATI’s
VPU Recover, which captures graphics diagnostic and debugging information to
send to ATI when a graphics device problem occurs. Since this debugging
functionality could leak content or content-related security information, it
can no longer be used with audio or video components, considerably
complicating vendors’ driver support and software enhancement processes (the
ATI product manager referenced in the "Sources" section lists these additional
testing and support costs as "potentially the highest cost of all").

Unnecessary CPU Resource Consumption
————————————

"Since [encryption] uses CPU cycles, an OEM may have to bump the speed grade
on the CPU to maintain equivalent multimedia performance. This cost is
passed on to purchasers of multimedia PCs" — ATI.

In order to prevent tampering with in-system communications, all communication
flows have to be encrypted and/or authenticated. For example content sent to
video devices has to be encrypted with AES-128. This requirement for
cryptography extends beyond basic content encryption to encompass not just
data flowing over various buses but also command and control data flowing
between software components. For example communications between user-mode and
kernel-mode components are authenticated with OMAC message authentication-code
tags, at considerable cost to both ends of the connection. Needless to say,
this extremely CPU-intensive mechanism is a very painful way to provide
protection for content, and this fact has been known for many years. Twenty
years ago, in their work on the ABYSS security module, IBM researchers
concluded that the use of encrypted buses as a protection mechanism was
impractical (see their paper from the 1987 IEEE Symposium on Security and
Privacy).

In order to prevent active attacks, device drivers are required to poll the
underlying hardware every 30ms to ensure that everything appears kosher. This
means that even with nothing else happening in the system, a mass of assorted
drivers has to wake up thirty times a second just to ensure that… nothing
continues to happen. In addition to this polling, further device-specific
polling is also done, for example Vista polls video devices on each video
frame displayed in order to check that all of the grenade pins (tilt bits) are
still as they should be. We already have multiple reports from Vista
reviewers of playback problems with video and audio content, with video frames
dropped and audio stuttering even on high-end systems [Note M]. Time will
tell whether this problem is due to immature drivers or has been caused by the
overhead imposed by Vista’s content protection mechanisms interfering with
playback. An indication of the level of complexity added to the software can
be seen by looking at a block diagram of Vista’s Media Interoperability
Gateway (MIG). Of the eleven components that make up the MIG, only two (the
audio and video decoders) are actually used to render content. The remaining
nine are used to apply content-protection measures.

On-board graphics create an additional problem in that blocks of precious
content will end up stored in system memory, from where they could be paged to
disk. In order to avoid this, Vista tags such pages with a special protection
bit indicating that they need to be encrypted before being paged out and
decrypted again after being paged in. Vista doesn’t provide any other
pagefile encryption, and will quite happily page banking PINs, credit card
details, private, personal data, and other sensitive information, in
plaintext. The content-protection requirements make it fairly clear that in
Microsoft’s eyes a frame of premium content is worth more than (say) a user’s
medical records or their banking PIN [Note N].

In addition to the CPU costs, the desire to render data inaccessible at any
level means that video decompression can’t be done in the CPU any more, since
there isn’t sufficient CPU power available to both decompress the video and
encrypt the resulting uncompressed data stream to the video card. As a
result, much of the decompression has to be integrated into the graphics chip.
At a minimum this includes IDCT, MPEG motion compensation, and the Windows
Media VC-1 codec (which is also DCT-based, so support via an IDCT core is
fairly easy). As a corollary to the "Increased Hardware Costs" problem above,
this means that you can’t ship a low-end graphics chip without video codec
support any more.

The inability to perform decoding in software also means that any premium-
content compression scheme not supported by the graphics hardware can’t be
implemented. If things like the Ogg video codec ever eventuate and get used
for premium content, they had better be done using something like Windows
Media VC-1 or they’ll be a non-starter under Vista or Vista-approved hardware.
This is particularly troubling for the high-quality digital cinema (D-Cinema)
specification, which uses Motion JPEG2000 (MJ2K) because standard MPEG and
equivalents don’t provide sufficient image quality. Since JPEG2000 uses
wavelet-based compression rather than MPEG’s DCT-based compression, and
wavelet-based compression isn’t on the hardware codec list, it’s not possible
to play back D-Cinema premium content (the moribund Ogg Tarkin codec also used
wavelet-based compression). Because *all* D-Cinema content will (presumably)
be premium content, the result is no playback at all until the hardware
support appears in PCs at some indeterminate point in the future. Compare
this to the situation with MPEG video, where early software codecs like the
XingMPEG en/decoder practically created the market for PC video. Today,
thanks to Vista’s content protection, the opening up of new markets in this
manner would be impossible.

The high-end graphics and audio market are dominated entirely by gamers, who
will do anything to gain the tiniest bit of extra performance, like buying
Bigfoot Networks’ $250 "Killer NIC" ethernet card in the hope that it’ll help
reduce their network latency by a few milliseconds. These are people buying
$500-$1000 graphics and sound cards for which one single sale brings the
device vendors more than the few cents they get from the video/audio portion
of an entire roomful of integrated-graphics-and-sound PCs. I wonder how this
market segment will react to knowing that their top-of-the-line hardware is
being hamstrung by all of the content-protection "features" that Vista hogties
it with?

Unnecessary Device Resource Consumption
—————————————

"Compliance rules require [content] to be encrypted. This requires
additional encryption/decryption logic thus adding to VPU costs. This cost
is passed on to all consumers" — ATI.

As part of the bus-protection scheme, devices are required to implement
AES-128 encryption in order to receive content from Vista. This has to be
done via a hardware decryption engine on the graphics chip, which would
typically be implemented by throwing away a GPU rendering pipeline or two to
make room for the AES engine.

Establishing the AES key with the device hardware requires further
cryptographic overhead, in this case a 2048-bit Diffie-Hellman key exchange
whose 2K-bit output is converted to a 128-bit AES key via a Davies-Meyer hash
with AES as its block transformation component. In programmable devices this
can be done (with considerable effort) in the device (for example in
programmable shader hardware), or more simply by throwing out a few more
rendering pipelines and implementing a public-key-cryptography engine in the
freed-up space.

Needless to say, the need to develop, test, and integrate encryption engines
into audio/video devices will only add to their cost, as covered in "Increased
Hardware Costs" above, and the fact that they’re losing precious performance
in order to accommodate Vista’s content protection will make gamers less than
happy.

Final Thoughts
————–

"No amount of coordination will be successful unless it’s designed with the
needs of the customer in mind. Microsoft believes that a good user
experience is a requirement for adoption" — Microsoft.

"The PC industry is committed to providing content protection on the PC, but
nothing comes for free. These costs are passed on to the consumer" — ATI.

At the end of all this, the question remains: Why is Microsoft going to this
much trouble? Ask most people what they picture when you use the term
"premium-content media player" and they’ll respond with "A PVR" or "A DVD
player" and not "A Windows PC". So why go to this much effort to try and turn
the PC into something that it’s not?

In July 2006, Cory Doctorow published an analysis of the anti-competitive
nature of Apple’s iTunes copy-restriction system ("Apple’s Copy Protection
Isn’t Just Bad For Consumers, It’s Bad For Business", Cory Doctorow,
Information Week, 31 July 2006). The only reason I can imagine why Microsoft
would put its programmers, device vendors, third-party developers, and
ultimately its customers, through this much pain is because once this copy
protection is entrenched, Microsoft will completely own the distribution
channel. In the same way that Apple has managed to acquire a monopolistic
lock-in on their music distribution channel (an example being the Motorola
ROKR fiasco, which was so crippled by Apple-imposed restrictions that it was
dead the moment it appeared), so Microsoft will totally control the premium-
content distribution channel. Not only will they be able to lock out any
competitors, but because they will then represent the only available
distribution channel they’ll be able to dictate terms back to the content
providers whose needs they are nominally serving in the same way that Apple
has already dictated terms back to the music industry: Play by Apple’s rules,
or we won’t carry your content. The result will be a technologically enforced
monopoly that makes their current de-facto Windows monopoly seem like a velvet
glove in comparison.

The onerous nature of Vista’s content protection also provides a perverse
incentive to remove the protection measures from the content, since for many
consumers that’ll be the only way that they can enjoy their legally-acquired
content without Vista’s DRM getting in the way. This is already illustrated
in the "Quotes" and "Footnotes" sections, where the people bypassing HD-DVD
protection measures aren’t hardcore video pirates but ordinary consumers who
can’t even play their own legitimately-acquired content. The sheer
obnoxiousness of Vista’s content protection may end up being the biggest
incentive to piracy yet created. Even without overt "piracy" (meaning
bypassing restrictions in order to play legally-purchased media), it makes
very sound business sense for companies to produce hardware that bypasses the
problem, just as they have already with region-free play-anything DVD players.
Perhaps Hollywood should heed the advice given in one of their most famous
productions: "The more you tighten your grip, the more systems will slip
through your fingers".

Overall, Vista’s content-protection functionality seems like an astonishingly
short-sighted piece of engineering, concentrating entirely on content
protection with no consideration given to the enormous repercussions of the
measures employed. It’s something like the PC equivalent of the (hastily
dropped) proposal mooted in Europe to put RFID tags into high-value banknotes
as an anti-counterfeiting measure, completely ignoring the fact that the major
users of this technology would end up being criminals who would use it to
remotely identify the most lucrative robbery targets.

To add insult to injury, consider what this enormous but ultimately wasted
effort could have been put towards. Microsoft is saying that Vista will be
the most secure version of Windows yet, but they’ve been saying that for every
new Windows release since OS security became a selling point. I don’t think
anyone’s under any illusions that Vista PCs won’t be crawling with malware
shortly after the bad guys get their hands on them. But what if the Vista
content-protection technology had instead been applied towards malware
protection? Instead of a separate protection domain for video playback, we
might have a separate protection domain for banking and credit card details.
Instead of specialised anti-debugging technigues to stop users getting at even
one frame of protected content, we could have those same techniques combatting
malware hooking itself into the OS. The list goes on and on, with all of the
effort being misapplied to DRM when it could have been used to combat malware
instead. What a waste. What a waste.

The worst thing about all of this is that there’s no escape. Hardware
manufacturers will have to drink the kool-aid (and the reference to mass
suicide here is deliberate [Note O]) in order to work with Vista: "There is no
requirement to sign the [content-protection] license; but without a
certificate, no premium content will be passed to the driver". Of course as a
device manufacturer you can choose to opt out, if you don’t mind your device
only ever being able to display low-quality, fuzzy, blurry video and audio
when premium content is present, while your competitors don’t have this
(artificially-created) problem.

As a user, there is simply no escape. Whether you use Windows Vista, Windows
XP, Windows 95, Linux, FreeBSD, OS X, Solaris (on x86), or almost any other
OS, Windows content protection will make your hardware more expensive, less
reliable, more difficult to program for, more difficult to support, more
vulnerable to hostile code, and with more compatibility problems. Because
Windows dominates the market and device vendors are unlikely to design and
manufacture two different versions of their products, non-Windows users will
be paying for Windows Vista content-protection measures in products even if
they never run Windows on them.

Here’s an offer to Microsoft: If we, the consumers, promise to never, ever,
ever buy a single HD-DVD or Blu-Ray disc containing any precious premium
content [Note P], will you in exchange withhold this poison from the computer
industry? Please?

Acknowledgements
—————-

This document was put together with input from various sources, including a
number that requested that I keep their contributions anonymous (in some cases
I’ve simplified or rewritten some details to ensure that the original,
potentially traceable wording of non-public requirements docs isn’t used).
Because it wasn’t always possible to go back to the sources and verify exact
details, it’s possible that there may be some inaccuracies present, which I’m
sure I’ll hear about fairly quickly. No doubt Microsoft (who won’t want a
view of Vista as being broken by design to take root) will also provide their
spin on the details.

In addition to the material present here, I’d be interested in getting further
input both from people at Microsoft involved in implementing the content
protection measures and from device vendors who are required to implement the
hardware and driver software measures. I know from the Microsoft sources that
contributed that many of them care deeply about providing the best possible
audio/video user experience for Vista users and are quite distressed about
having to spend time implementing large amounts of anti-functionality when
it’s already hard enough to get things running smoothly without the
intentional crippling. I’m always open to further input, and will keep all
contributions confidential unless you give me permission to repeat something.
If you’re concerned about traceability, grab a disposable account at Yahoo,
Gmail, or some similar provider and contact me through that. If you’re
worried about being identified via the machine you connect to the email
provider with, use an Internet cafe to send the message – just use standard
common-sense precautions. If you want to encrypt things, my PGP key is linked
from my home page, http://www.cs.auckland.ac.nz/~pgut001.

(In case the above hints aren’t obvious enough, if you work for nVidia, ATI,
VIA, SiS, Intel, …, I’d *really* like to get your comments on how all of
this is affecting you).

Sources
——-

Because this writeup started out as a private discussion in email, a number of
the sources used were non-public. The best public sources that I know of are:

"Output Content Protection and Windows Vista",
http://www.microsoft.com/whdc/device/stream/output_protect.mspx, from WHDC.

"Windows Longhorn Output Content Protection",
http://download.microsoft.com/download/9/8/f/98f3fe47-dfc3-4e74-92a3-088782200fe7/TWEN05006_WinHEC05.ppt,
from WinHEC.

"How to Implement Windows Vista Content Output Protection",
http://download.microsoft.com/download/5/b/9/5b97017b-e28a-4bae-ba48-174cf47d23cd/MED038_WH06.ppt,
from WinHEC.

"Protected Media Path and Driver Interoperability Requirements",
http://download.microsoft.com/download/9/8/f/98f3fe47-dfc3-4e74-92a3-088782200fe7/TWEN05005_WinHEC05.ppt,
from WinHEC.

(Note that the cryptography requirements have changed since some of the
information above was published. SHA-1 has been deprecated in favour of
SHA-256 and SHA-512, and public keys seem to be uniformly set at 2048 bits in
place of the mixture of 1024 bits and 2048 bits mentioned in the
presentations).

An excellent analysis from one of the hardware vendors involved in this comes
from ATI, in the form of "Digital Media Content Protection",
http://download.microsoft.com/download/9/8/f/98f3fe47-dfc3-4e74-92a3-088782200fe7/TWEN05002_WinHEC05.ppt,
from WinHEC. This points out (in the form of PowerPoint bullet-points) the
manifold problems associated with Vista’s content-protection measures, with
repeated mention of increased development costs, degraded performance and the
phrase "increased costs passed on to consumers" pervading the entire
presentation like a mantra.

In addition there have been quite a few writeups on this (although not going
into quite as much detail as this document) in magazines both online and in
print, one example being PC World’s feature article "Will your PC run Windows
Vista?", http://www.pcw.co.uk/articles/print/2154785, which covers this in the
appropriately-titled section "Multimedia in chains". Audience reactions to
these proposals at WinHEC are covered in "Longhorn: tough trail to PC digital
media" published in EE Times
(http://www.eetimes.com/issue/fp/showArticle.jhtml?articleID=162100180),
unfortunately you need to be a subscriber to read this but you may be able to
find accessible cached copies using your favourite search engine. The EFF has
an overview of the effects of Vista’s revocation mechanisms in "Protected
Media Path, Component Revocation, Windows Driver Lockdown",
http://www.eff.org/deeplinks/archives/003806.php.

Use, Modification, and Redistribution
————————————-

This document is licensed under the Creative Commons Attribution 2.5 License,
http://creativecommons.org/licenses/by/2.5/. This means that you can copy,
distribute, display, and perform the work, and make derivative works, provided
that you credit the original author and provide a link back to the original
work (at the URL given in the title). To quote the Creative Commons site,
"This license lets others distribute, remix, tweak, and build upon your work,
even commercially, as long as they credit you for the original creation. This
is the most accommodating of licenses offered, in terms of what others can do
with your works".

Appendices and Footnotes
========================

The more formal section of the document ends here. The following sections
contain various informal comments, thoughts, and other odds and ends. For
people doing translations of this document, it’s probably not worth trying to
translate these sections.

Mini-FAQ
——–

This document seems to produce various reactions that come up repeatedly. To
respond to the more frequently-expressed views, I’ve added this mini-FAQ.

1. This is just Microsoft-bashing.

It’s bad-technology bashing. If this had been done by Linus Torvalds, Steve
Jobs, Alan Cox, or Theo de Raadt, I’d have said the same thing about it. As
far as I’m concerned computers are tools to get a job done and not a platform
for religious wars, and if something’s bad I’ll say so regardless of who’s
doing it. Just for the record I run various versions of Windows on …
[counting] … seven of my machines (the rest are a mixture of Linux, FreeBSD,
and occasionally Solaris), so I’d be a rather unlikely Microsoft detractor if
I have their software all over my machines.

2. This is a biased writeup.

Perhaps, but then I challenge anyone to read the specifications given in the
"Sources" section above and write a positive analysis of Vista’s content
protection. Someone has to point out these problems, and it happened to be me
in this case, but I think anyone with technical skills who reads the relevant
documents would come to a similar conclusion.

3. This is all a pile of FUD.

The process that leads to comments like this tends to be (1) Quickly skim
through this document, (2) Decide that it sounds a bit implausible (possibly
even before performing step 1), (3) Post a rant saying it’s FUD. To pick one
particular example, a Digg reader’s reaction to the section of text that
states there isn’t sufficient CPU power available for both decompression and
encryption was:

I’m sorry, where does this come from? You do realize that this is completely
uncited, and very likely wrong? Entire paragraphs that follow are based on
this magical detail pulled out of thin air. […] I’m no fan of this
asinine DRM bullshit, but the scenarios and postulates put forth in this
article are complete rubbish.

Referring to the very first source listed in the "Sources" section shows that
this is picked not from thin air but from Microsoft’s own documentation:

The problem with regular AES is that it takes about 20 CPU clocks to encrypt
each byte. This is OK for compressed or semi-compressed video, but for the
multiple HD uncompressed case, it is too much even for a 2006 processor.

and then again:

In the case of premium content, whether video can play back smoothly when
using regular AES with uncompressed video will be a function of the
resolution of the uncompressed video and the power of the processor. It is
unlikely to work well in 2006 for uncompressed HD premium content

If you don’t believe what you’ve read here, go back to Microsoft’s own
documentation and read that (in fact read the Microsoft documents no matter
what you believe, because they’re quite scary). If you still think it’s FUD
then you can at least post informed comments about it.

4. Microsoft is only doing this because Hollywood/the music industry is
forcing them to.

"We were only following orders" has historically worked rather poorly as an
excuse, and it doesn’t work too well here either. While it’s convenient to
paint an industry that sues 12-year-old kids and 80-year-old grandmothers as
the scapegoat, no-one’s holding a gun to Microsoft’s head to force them do
this. The content industry is desperate to get its content onto PCs, and it
would have quite easy for Microsoft to say "Here’s what we’ll do with Vista,
take it or leave it. We won’t seriously cripple our own and our business
partners’ products just to suit your whims". In other words they could make
it clear to Hollywood who’s the tail and who’s the dog.

Here’s an illustrative story about what can happen when the content-industry
tail tries to wag the dog. About 10-15 years ago, music companies told a
bunch of NZ TV stations that they had to pay fees in order to screen music
videos. The TV stations disagreed, saying that they were providing free
advertising for the music companies, and if they didn’t like that then they’d
simply stop playing music videos. So they stopped playing all music videos.

After a few weeks, cracks stated to appear as the music companies realised
just how badly they needed the TV channels. One of the music companies bought
an entire prime-time advertising block (at phenomenal cost, this wasn’t a
single 30-second slot but every slot in an entire prime-time ad break) just to
play one single new music video.

Shortly afterwards, music videos reappeared on TV. The details of the
settlement were never made public, but I imagine it consisted of a bunch of
music company execs on their knees begging the TV stations to start playing
music videos again and let’s please never bring this matter up again.

It’s the same with Microsoft, the content industry needs them as badly (or
more badly) than Microsoft needs the content industry. Claiming that they’re
only following orders from Hollywood is a red herring – if Microsoft declined
to implement this stuff, Hollywood would have to give in because they can’t
afford to lock themselves out of 95% of the market, in the same way that the
music companies couldn’t afford to cut out their primary advertising channel.

5. You’re just upset because you can no longer steal content under Vista.

Yes, someone really did send me email with this claim in it. It’s silly
enough that I just had to include it for the amusement value :-).

Open Questions
————–

There are a number of open questions about Vista’s content protection that
probably won’t be able to be answered until some months after its wide
deployment when user can report on real-life experiences, because no-one seems
to know how certain things will work.

Question 1.

How easy is it to get HD content around the outside of Vista’s content-
protection? Looking at the block diagrams in the sources, the layering
appears to be:

User-space application
——–
Vista content-protection interface
——–
Vista content playback subsystem
——–
Vista device drivers
——–
Device hardware

Reading the specs, user-space applications are expected to call down into the
Vista content-protection interface to play back content (one document actually
uses the metaphor of the user-space application simply acting as a remote
control for the Vista content-protection and playback subsystem). The
question is, can a user-space application that chooses to opt out perform and
end-run around the higher-level Vista interface and go directly to the low-
level interface to get its content out without Vista’s content-protection
getting in the way? User feedback on Microsoft’s own forums,
http://windowshelp.microsoft.com/communities/newsgroups/en-us/default.mspx?dg=microsoft.public.windows.mediacenter&tid=8a5ff7ac-c446-4f54-8d77-7cf533b7ff53,
indicate that even using third-party playback software like the nVidia or
Cyberlink decoders instead of the Vista one will result in playback being
disabled when (in this case) the Vista Media Centre trial license expired.

Question 2.

How will all of this affect users who want to prepare HD content, protected or
not? Given that the intent of Vista’s content-protection is to ensure that no
HD content ever leaves the system in usable form, how do you prepare the HD
content? More importantly, since Vista happens to be a multitasking OS, how
do you guarantee that as your HD content is being prepared, the presence of
some other protected content somewhere in the system doesn’t cause it to be
silently degraded for "protection" purposes? Just how deep does the
protection extend? If it’s on a per-task or even per-thread level then any
cross-task or cross-thread mechanism (e.g. p

Repair Tool : Driver Collector

Driver Collector is a tool designed to find and collect installed windows drivers for the hardware you select on your PC. Once you tell it which type of drivers you want to collect, it will copy them to a specific folder. This can be very handy when preparing for a format and reinstall of Windows, especially when you or a client have since lost the computers driver disks.

Available:
www.dracko.com download area
http://www.majorgeeks.com/download.php?det=3982
http://www.softpedia.com/get/System/OS-Enhancements/Driver-Collector.shtml

Windows XP Pro Stuff to turn off:

Windows XP Pro Stuff to turn off:

Each service is listed as it is in Microsoft’s WIndows XP Professional. These should be similar in Microsoft’s XP Home as well. Under each is the definition given in the Services Manager.

* Alerter
Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: I don’t want my personal computer telling me anything, ever. Shut up and work! There’s few things I find more annoying than a computer constantly wanting to interact with me while I’m using it to do work or entertain myself. A computer is a tool, not a friend or work companion. No Hal, I don’t want to talk to you. Perhaps there’s a software vendor that can give you a compelling reason why you need this service, but for most home and SOHO PC use it’s just an unnecessary service taking up resources and providing risk. Unless you are running a product that requires this service, disable it.

* Application Layer Gateway Service
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall

Comment: Do you want to share your internet connection? That’s an article waiting to be written. Let me be clear. Since you can buy a router for $50 or less, and Windows does an awful job routing, using a computer to gateway your other computers to the internet is just stupid. "What about firewalling and admission control?" Well, that’s not going to be done through the built-in internet sharing tools. So, we”re not talking about that. If you use a personal computer to gateway your other computers to the internet (and calling it a server doesn’t change the reality), you are wasting resources. Buy a $50 router, or a $1000 router for that matter. But, buy a discrete device that is designed to do the job. Use hardware based firewalling (OK, it’s all based on software – but I mean a boxed solution, not software installed on a PC that’s prone to lose autonomy). And, what about all those cute third-party firewalling tools that plug in to this thing? Man, give me a break. If it runs on top of your Windows installation, it’s not a real firewall. Unless this is required by a product you think is necessary, disable it.

* Automatic Updates
Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated.

Comment: There’s only two options that may make sense with this service. You should either set it to disable or manual. I’d disable it. Automatic Updates is designed as a tool to aid Microsoft in controlling their product. Props to Microsoft for trying to protect their product from piracy. But, some updates have been known to cause problems. Use it when you need it, and disable it when you don’t, unless you’re too lazy to do updates on your own. Don’t you wonder why all the computers in big, well managed networks don’t run Automatic Updates? It’s mostly because managers of big networks create their own update policies. If you more completely understand the thinking that goes into deciding whether or not to distribute an update, you could better administer your own PC. Either turn it on and assume the risk, or turn it off and regularly visit Mircosoft’s update and news page (discussed more below).

* Background Intelligent Transfer Service
Uses idle network bandwidth to transfer data.

Comment: This is one of those tools they require you turn on to enable Automatic Updates. Think about it. It connects your PC to the internet or network and works behind your back to do stuff you didn’t explicitly tell it to do. It sounds like a great tool to help hackers collect data from your PC and slowly seep it back to their lair. Unless it’s immediately required, disable it. It you use it and then go for some time with no need to use it, disable it. If you can’t remember to keep your PC updated with the latest security fixes, you’ll need it.

* ClipBook
Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: So, you want to copy stuff to your clipbook and allow remote computers to access it? I don’t. There may be a software vendor that requires this service to run. I’ve yet to find it useful. I suggest you disable it.

* Computer Browser
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: If you are on a network with other computers, and need to see them, this may be a useful tool. Otherwise, disable it.

* Cryptographic Services
Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: It is very necessary if you are passing certificates for networking. Unless you are in a large corporate network where connections are managed through authentication, this is unnecessary; disable it.

* Distributed Transaction Coordinator
Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: Extremely few personal computers will require this service. If you use it, you may want to review the reasons it is being used. Unless you are accessing network filesystems and databases, disable it.

* DNS Client
Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: It’s typically good to leave this on.

* Error Reporting Service
Allows error reporting for services and applications running in non-standard environments.

Comment: Erorr reporting is very useful, if you know what to do with the errors or you are running software that adjusts based on error reporting. This is that annoying "feature" in Windows that constantly pops up wanting to ship information about your software failures to Redmond. People promise me it helps find problems and solutions. I’ve mostly seen problem reports that you could as easily search out yourself. If you’re advanced enough to use this, you’ll likely use a search engine just as well. Chances are, the best thing for you to do is disable it.

* Help and Support
Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: I don’t find this service useful, other than sucking up resources. If you know how to use Google, I’d disable it.

* Human Interface Device Access
Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: Whether or not you should disable this service, depends on other services you need. If you don’t know, turn it off and see if it breaks anything. It says that it deals with hotkeys, however all the system hotkeys that most of us enjoy aren’t controlled by this service, they are built into the core OS. Control C, for example, to copy and Control V to past, do not stop working when you turn this service off. It seems this has more to do with specific hotkeys that a software vendor may want to insert into their installed program or internet product. Until you see a reason for it, I’d turn this one off. Personally, I consider relying on such services to be lazy programming. But, there may be good reason for using it if it’s more efficient.

* Indexing Service
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.

Comment: To date, nobody has shown me real system performance improvements with this technology. Keep in mind, I’m limited in this conversation to Windows. Indexing is very useful. Indexing databases is very useful. Indexing your computer isn’t very useful at all. Typically, if you are on a network, you know where on a network to find your chosen data. If you are not on a network, there’s no real performance enhancement to this service that justifies the complexity and resource use. Chances are good you should disable it.

* IMAPI CD-Burning COM Service
Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: Obviously, there may be some usefulness leaving this service as manual, if you have a CD burner installed. If you don’t, disable it.

* Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.

Comment: This tool does a great job of complicating my internet connection and slowing down transactions. It’s not likely this tool is sophisticated enough to make a major impact in your system’s performance. You should disable it.

* Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: Turn this thing off! It’s a simple kit for anybody that can connect via any network to your computer to access your system and do things you don’t want them to. Disable it.

* Net Logon
Supports pass-through authentication of account logon events for computers in a domain.

Comment: Unless you need this to operate inside a domain, it’s likely not necessary or useful. If you are using a home or SOHO PC and don’t have a local domain based network, disable it.

* NetMeeting Remote Desktop Sharing
Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: Do you really want a built in tool to share control of your desktop over your network connection? There are better tools for doing this kind of work, if needed. If someone you buy software from insists you let them use this tool to help you install it one time, then enable it and disable it immediately afterward. For typical use, you should disable it.

* Remote Desktop Help Session Manager
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.

Comment: Refer to NetMeeting. If you don’t want to share control of your computer through your network, disable it.

* Remote Procedure Call (RPC) Locator
Manages the RPC name service database.

Comment: There are some network programs and protocols that require this to be turned on. Chances are you could just turn it off and see if you break anything. If you are using a single PC in your home or SOHO, it’s likely just a security risk. If you don’t know you need it, disable it.

* Remote Registry
Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: Seems self-explanatory. You can enable this service to help remote people or programs change your registry. Great hacker tool if you can’t secure it. Disable it.

* System Restore Service
Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties

Comment: This is almost useless if you ever have a problem with damaged drives, corrupted data, or malware. It uses a lot of resources and isn’t useful for most people. You can turn it on before you install a big piece of software. This service allows you to backup to a previous system should you mess your’s up with an installation of software or a modification to your system settings, usually registry damage. To improve system performance and take the minor risk of not being able to make your computer work like it did yesterday, disable it.

* TCP/IP NetBIOS Helper
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.

Comment: Very few people use NetBIOS at home. This is the Windows built-in protocol for simple networking. You may need it. Otherwise, disable it.

* Telephony
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.

Comment: If you use telephony, you probably use discrete devices or proprietary services that don’t rely on this service. However, you do need this servive if you use a modem to connect to the ineternet. If you don’t specifically need the Microsoft Telephony service, disable it. If you use a modem to connect to the internet, leave it enabled.

* Telnet
Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: There’s just not a circumstance where I can imagine that turning this service on is a good idea. Unless you need to let people telnet into your computer and have a really good reason for doing so, disable it.

* Terminal Services
Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.

Comment: As I’ve said above, there’s better tools for remote desktop administration. The idea of Terminal Services is to allow remote desktop administration of a system, like the user was on the actual console. In almost all circumstances you should disable it.

* Themes
Provides user experience theme management.

Comment: Themes are cute and bloated. Enabling themes is not a good way to increase performance, but you may think it’s neat. If you aren’t addicted to cute desktop eye candy, disable it.

* Uninterruptible Power Supply
Manages an uninterruptible power supply (UPS) connected to the computer.

Comment: Unless you are using a UPS on your computer and it has the capability of managing the system, disable it.

* Upload Manager
Manages synchronous and asynchronous file transfers between clients and servers on the network. If this service is stopped, synchronous and asynchronous file transfers between clients and servers on the network will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: If you are not in a local network sharing data (files and/or services), disable it.

* Windows Time
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: Sometimes it works. Unless you are really needing your time to sync to something running a Windows time server, disable it.

* Wireless Zero Configuration
Provides automatic configuration for the 802.11 adapters

Comment: Unless you use 802.11 devices, disable it.

* Workstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: If you are not in a local network sharing data (files and/or services), disable it.

If you turn off all the services suggested above and try to use Automatic Updates via WindowsUpdate.Microsoft.com, you will likely see a message something like this:

Windows Update cannot continue because a required service application is disabled. Windows Update requires the following services:

"Automatic Updates enables detection, downloading, and installation of critical updates for your computer.

Background Intelligent Transfer Service (BITS) enables faster, restartable downloading of updates.

Event Log logs Windows Update events for troubleshooting. To ensure that these services are enabled:"

It’s easy to just go back to Services, and turn these services on as you need them. An operating system shouldn’t need daily updates to run. And, the more services you run, the more likely you are to need updates. See a circle here? Occasionally, a little laziness won’t kill you. Though you could just go to Technet (Microsoft’s only support for IT professionals) and get all your news and update files with descriptions of their efficacy and safety, you may occasionally just want to veg out and let Microsoft do the work for you. You should still read each update and decide for yourself whether it makes sense. Some of them are flat out bad news. But, turning up these services for a few minutes to run Automatic Updates may be a shortcut to periodic updates.

So, let’s look at the services they want you to turn on.

Automatic Updates
Background Intelligent Transfer Service
Event Log

I haven’t a clue why you need Background Intelligent Transfer Services to run so you can go to a website, download, and install service packs. But, you can turn it, and the others, on and then turn it back off when you are done. It’s just three services.

If you turn off all the services suggested above and try to use Automatic Updates via WindowsUpdate.Microsoft.com, you will likely see a message something like this:

Windows Update cannot continue because a required service application is disabled. Windows Update requires the following services:
Automatic Updates enables detection, downloading, and installation of critical updates for your computer.
Background Intelligent Transfer Service (BITS) enables faster, restartable downloading of updates.
Event Log logs Windows Update events for troubleshooting. To ensure that these services are enabled:

It’s easy to just go back to Services, and turn these services on as you need them. An operating system shouldn’t need daily updates to run. And, the more services you run, the more likely you are to need updates. See a circle here? Occasionally, a little laziness won’t kill you. Though you could just go to Technet (Microsoft’s only support for IT professionals) and get all your news and update files with descriptions of their efficacy and safety, you may occasionally just want to veg out and let Microsoft do the work for you. You should still read each update and decide for yourself whether it makes sense. Some of them are flat out bad news. But, turning up these services for a few minutes to run Automatic Updates may be a shortcut to periodic updates.

So, let’s look at the services they want you to turn on.

1. Automatic Updates
2. Background Intelligent Transfer Service
3. Event Log

I haven’t a clue why you need Background Intelligent Transfer Services to run so you can go to a website, download, and install service packs. But, you can turn it, and the others, on and then turn it back off when you are done. After all, it’s just three services.

If you take a minimalist’s point of view to running both software and services on your computer, it will perform faster and more safely than it will if you just randomly load anything anyone tells you to. To better secure your PC, stick to a mindset that if you don’t absolutely need a service running right now, you should just turn it off.