More About Vista's Arbitrary Disabling of Features

Several months ago I linked to a paper about Vista’s draconian DRM “features”. Today I came across an article on Microsoft’s TechNet that goes further and describes some exact circumstances when Vista will arbitrarily decide to stop access to premium-content. It is more than a little shocking.

Vista will only play back premium-content — basically, any HD content like HD-DVD, blue-ray or other purchased content — if it can guarantee the path taken by the media is “clean”. A path is clean if there is no way for it to be intercepted and copied on its way to the display. So far this may be seen as reasonable (at a push).

Vista has special protection for premium-content which stops unauthorised code accessing the content by blocking access to the memory the content is in. This only works for userland programs, but poses a problem for kernel code, such as device drivers. Drivers have kernel-level privileges and so the kernel cannot stop them accessing any portion of memory they likes. This means the kernel cannot prevent a driver accessing the premium-content on its way through the system.

The way Vista gets around this limitation is by Microsoft vetting drivers and marking those it deems safe as “clean”. Then Vista can check whether a given driver is clean when it loads it. As part of the marking clean, the driver is signed by Microsoft.

The problems come from drivers which haven’t been authorised by Microsoft, as the article describes:

Because kernel-mode code can gain full access to any process, including protected processes, and 32-bit Windows allows unsigned kernel-mode code to load, the kernel provides an API for protected processes to query the “cleanliness” of the kernel-mode environment and use the result to unlock premium content only if no unsigned code is loaded.

Essentially, this means if you have a driver — or other kernel code — loaded which Microsoft has not blessed, your system will be rendered unable to play premium-content.

The whole process is predicated on a guilty-until-proven-innocent philosophy. Whether this is a reasonable basis for disabling functionality is a matter for debate. In addition, if Microsoft are willing to block access to premium-content when uncertified drivers are loaded, what other hooks have they inserted to disable features of the operating system for arbitrary reasons?

The reason this is so bad is because it’s incredibly invasive and heavy-handed. If you have one apple Microsoft decides is bad, a major function of your computer is crippled; even if the supposed rogue element is nothing to do with media playback. It’s a little like making your DVD player stop working if you have a microphone in the same room. Or a kettle.

The ability to impose a major reduction in functionality “just in case” for the benefit of an over-powerful minority is one example of how closed-source code can be abused for the detriment of society; it puts too much power in the hands of the few.

.:.