Truemors
In a programmer’s universe, cost efficiency is measured in terms of CPU cycles and overall system reliability.
The reverse however is true when it comes to the new Vista operating system which probably could trigger Microsoft’s long journey into the night as it risks adverse consumer backlash due to what would appear to be system instability and erratic performance.
Microsoft had been notorious for these incidents. Some years back its Windows NT operating system practically disabled a navy warship’s systems.
In an infamous incident on September 1997, Windows NT managed to disable the Aegis missile cruiser USS Yorktown (“NT Leaves Navy 'Smart Ship' dead in the water”, Government Computer News, 13 July 1998).
Now, according to Peter Guttmann, Windows Vista can do the same thing via a by-design feature of the OS.
He revealed: “Vista's content protection requires that devices (hardware and software drivers) set so-called “tilt bits” if they detect anything unusual.
For example if there are unusual voltage fluctuations, maybe some jitter on bus signals, a slightly funny return code from a function call, a device register that doesn't contain quite the value that was expected, or anything similar, a tilt bit gets set.
Such occurrences aren't too uncommon in a typical computer. For example starting up or plugging in a bus-powered device may cause a small glitch in power supply voltages, or drivers may not quite manage device state as precisely as they think.
Previously this was no problem — the system was designed with a bit of resilience, and things will function as normal. In other words small variances in performance is a normal part of system functioning.
Furthermore, the degree of variance can differ widely across systems, with some handling large changes in system parameters and others only small ones. One very obvious way to observe this is what happens when a bunch of PCs get hit by a momentary power outage. Effects will vary from powering down, to various types of crash, to nothing at all, all triggered by exactly the same external event.
Content-protection “features” like tilt bits also have worrying denial-of-service (DoS) implications. It's probably a good thing that modern malware is created by programmers with the commercial interests of the phishing and spam rather than just creating as much havoc as possible.
With the number of easily-accessible grenade pins that Vista's content protection provides, any piece of malware that decides to pull a few of them will cause considerable damage.
The homeland security implications of this seem quite serious, since a tiny, easily-hidden piece of malware would be enough to render a machine unusable and unstable, while the very nature of Vista's content protection would make it almost impossible to determine why the denial-of-service is occurring.”
This issue, unless it can be clearly resolved, would make the use of Vista PC’s unacceptable for any applications that have any hint of unusual environmental conditions such as high altitude, environmental variations, shock, and so on.
According to Microsoft the reset will only take a few seconds and will only affect the graphics subsystem (so it's not a complete restart of Vista), but the true impact of this mechanism remains to be seen.
In addition even if it's relatively quick, systems with high availability requirements probably won't appreciate the overhead of periodic soft-reboots of the graphics subsystem. So the effect that these tilt bits will have on system reliability should require no further explanation
An interesting potential security threat, suggested by Karl Siegemund, occurs when Vista is being used to run a security monitoring system such as a video surveillance system.
If it's possible to convince Vista that what it's communicating is premium content, the video (and/or audio) surveillance content will become unavailable, since it's unlikely that a surveillance center will be using DRM-enabled recording devices or monitors.
I can just see this as a plot element in Ocean's Fifteen or Mission Impossible Six, “It's OK, their surveillance system is running Vista, we can shut it down with spoofed premium content”.
In order to prevent active attacks, device drivers are required to poll the underlying hardware every 30ms for digital outputs and every 150 ms for analog ones to ensure that everything appears kosher.
This means that even with nothing else happening in the system, a mass of assorted drivers has to wake up thirty times a second just to ensure that… nothing continues to happen.
In addition to this polling, further device-specific polling is also done, for example Vista polls video devices on each video frame displayed in order to check that all of the grenade pins (tilt bits) are still as they should be.
(Part 5: Summary) .
Comments (0)