Truemors
IT had been said -- and I agree -- that Microsoft is no longer interested in prolonging the life of the personal computer as we know it.
A quarter of a century ago, IBM made the momentous decision to make their PC an open platform by publishing complete hardware details and allowing anyone to compete on the open market.
Many small companies, the traditional garage startup, got their start through this. This openness is what created the PC industry, and the reason why most homes have one or more PCs sitting in a corner somewhere.
But Microsoft, as function of its software monopoly, was able to dictate hardware specs to suit its needs and drive manufacturing development to strange new directions it wanted without incurring any of the overhead cost.
It was simply a stroke of genius.
Again to site Peter Guttmann’s report: “ In order to prevent the creation of hardware emulators of protected output devices, Vista requires a Hardware Functionality Scan (HFS) that can be used to uniquely fingerprint a hardware device to ensure that it's (probably) genuine.
In order to do this, the driver on the host PC performs an operation in the hardware (for example rendering 3D content in a graphics card) that produces a result that's unique to that device type.
In order for this to work, the spec requires that the operational details of the device be kept confidential.
Obviously anyone who knows enough about the workings of a device to operate it and to write a third-party driver for it (for example one for an open-source OS, or in general just any non-Windows OS) will also know enough to fake the HFS process.
The only way to protect the HFS process therefore is to not release any technical details on the device beyond a minimum required for web site reviews and comparison with other products.
This potential “closing” of the PC's historically open platform is an extremely worrying trend.
Vista includes various requirements for “robustness” in which the content industry, through “hardware robustness rules”, dictates design requirements to hardware manufacturers.
The level of control that the content producers have over technical design details is nothing short of amazing.
A security researcher Ed Felten quoted from Microsoft documents on his freedom-to-tinker web site about a year ago:
“The evidence [of security] must be presented to Hollywood and other content owners, and they must agree that it provides the required level of security.
Written proof from at least three of the major Hollywood studios is required”.
So if you design a new security system, you can't get it supported in Windows Vista until well-known computer security experts like MGM, 20th Century-Fox, and Disney give you the go-ahead (this gives a whole new meaning to the term “Mickey-Mouse security”).
It's absolutely astonishing to find paragraphs like this in what are supposed to be Windows technical documents, since it gives Hollywood studios veto rights over Windows security mechanisms.
As an example of these “robustness rules”, only certain layouts of a board are allowed in order to make it harder for outsiders to access parts of the board.
Possibly for the first time ever, computer design is being dictated not by electronic design rules, physical layout requirements, and thermal issues, but by the wishes of the content industry.
Apart from the massive headache that this poses to device manufacturers, it also imposes additional increased costs beyond the ones incurred simply by having to lay out board designs in a suboptimal manner.
Video card manufacturers typically produce a one-size-fits-all design (often a minimally-altered copy of the chipset vendor's reference design, as illustrated by one product review that shows five virtually identical cards from different vendors with the only noticeable difference being the logo on the heat sink), and then populate different classes and price levels of cards in different ways.
A further example of external meddling in hardware vendors' product development and distribution can be found in the document that specifies what happens when a product is compromised in some way even though it's previously been found to be fully compliant with the robustness requirements:
“The company shall promptly redesign the affected product […] if such redesign is not possible or practical; cease manufacturing and selling such product”.
(To continue)
Comments (0)