2006-09-11

(malware,DRM) Schneier on Security: Microsoft and FairUse4WM

http://www.schneier.com/blog/archives/2006/09/microsoft_and_f.html

Microsoft's priorities vis-a-vis security...! As you read this, remember that since 2003, MS's strategy for issuing patches for security holes has been that, regardless of how critical the hole is or how many computers are affected, patches come out only the second Tuesday of the following month.

Except, it seems, when someone hacks their DRM. Then the patch comes out in 3 days :-)

Quotes:

If you really want to see Microsoft scramble to patch a hole in its software, don't look to vulnerabilities that impact countless Internet Explorer users or give intruders control of thousands of Windows machines. Just crack Redmond's DRM.

[...]

Now, this isn't a "vulnerability" in the normal sense of the word: digital rights management is not a feature that users want. Being able to remove copy protection is a good thing for some users, and completely irrelevant for everyone else. No user is ever going to say: "Oh no. I can now play the music I bought for my computer in my car. I must install a patch so I can't do that anymore."

[...]

It should surprise no one that the system didn't stay patched for long. FairUse4WM 1.2 gets around Microsoft's patch, and also circumvents the copy protection in Windows Media DRM 9 and 11beta2 files.

That was Saturday. Any guess on how long it will take Microsoft to patch Media Player once again? And then how long before the FairUse4WM people update their own software?

Certainly much less time than it will take Microsoft and the recording industry to realize they're playing a losing game, and that trying to make digital files uncopyable is like trying to make water not wet.

No comments: