Truemors
The sheer genius of the Microsoft business model as exemplified by its behemoth operating system Windows Vista guarantees billions of revenues not only from the common consumer but from manufacturers as well who are now lining up to get Vista capable licenses from the Redmond-based company.
But before I continue with the detail of how it will do it, let me side track a bit from my story.
On April 25, 2006, Microsoft came out with a small program that a user had to load to check if the OS he or she is using is "genuine." The program is called "Windows Genuine Advantage." The problem with this program is that it will boot up whenever your computer boots up and reports to a Microsoft server. Most of my friends in the Internet underground aptly calls this program a spyware.
In reality, this is the program used by the so-called Business Software Alliance (BSA), an anti-software piracy group supported mainly by Microsoft, to ferret out businesses who uses, either by design or accident, cracked Windows OS commonly available in Asia for no more that US$10 per program.
In the West, BSA is not a feared entity. But in Asia, they have actually organized a crack team of law enforcement and police officials who led raids on suspected outlets of bootleg software.
Now back to Peter Gutmann's report:
In order to appropriately protect content, Vista will probably have to disable any special device features that it can't directly control.
For example many sound cards built on C-Media chipsets (which in practice is the vast majority of them) support Steinberg's ASIO (Audio Stream I/O), a digital audio interface that completely bypasses the Windows audio mixer and other audio-related driver software to provide more flexibility and much lower latency than the Windows ones.
ASIO support is standard for newer C-Media hardware like the CMI 8788. Since ASIO bypasses Windows' audio handling, it would probably have to be disabled, which is problematic because audiophiles and professional musicians require ASIO support specifically because of its much higher quality than the standard Windows channels (you can get more information on Vista's audio architecture and the changes from XP in this post from Creative Labs).
Indirect Disabling of Functionality
As well as overt disabling of functionality, there's also covert disabling of functionality. For example PC voice communications rely on automatic echo cancellation (AEC) in order to work.
Echo cancellation is used to prevent sound from a loudspeaker or headphones interfering with a microphone in the vicinity. This is rather tricky because the sound will be modified by the speaker and the surroundings that it's operating in, so it requires fairly sophisticated signal processing to remove, as well as a high-quality copy of the signal (if you get a degraded copy the signal, it becomes much harder to use it to cancel out the echo with it).
Although it's not visible, echo cancellation is very widely used in applications like hands-free car phones, standard phones used in hands-free mode, and conference calling systems.
AEC in a PC requires feeding back a sample of the audio mix into the echo cancellation subsystem, but with Vista's content protection this isn't permitted any more because this might allow access to premium content.
What is permitted is a highly-degraded form of feedback that might possibly still be enough for some sort of minimal echo cancellation purposes.
The requirement to disable audio and video output plays havoc with standard system operations, because the security policy used is a so-called “system high” policy.
The overall sensitivity level is that of the most sensitive data present in the system.
So the instant that any audio derived from premium content appears on your system, signal degradation and disabling of outputs will occur. What makes this particularly entertaining is the fact that the downgrading/disabling is dynamic, so if the premium-content signal is intermittent or varies (for example music that fades out), various outputs and output quality will fade in and out, or turn on and off, in sync.
Normally this behavior would be a trigger for reinstalling device drivers or even a warranty return of the affected hardware, but in this case it's just a signal that everything is functioning as intended.
Decreased Playback Quality
Alongside the all-or-nothing approach of disabling output, Vista requires that any interface that provides high-quality output degrade the signal quality that passes through it if premium content is present.
This is done through a “constrictor” that downgrades the signal to a much lower-quality one, then up-scales it again back to the original spec, but with a significant loss in quality.
So if you're using an expensive new LCD display fed from a high-quality DVI signal on your video card and there's protected content present, the picture you're going to see will be, as the spec puts it, “slightly fuzzy”, a bit like a 10-year-old CRT monitor that you picked up for $2 at a yard sale (see the Quotes for real-world examples of this).
In fact the specification specifically still allows for old VGA analog outputs, but even that's only because disallowing them would upset too many existing owners of analog monitors. In the future even analog VGA output will probably have to be disabled.
The only thing that seems to be explicitly allowed is the extremely low-quality TV-out, provided that Macrovision is applied to it (see the Decreased System Reliability section for further discussion of Macrovision problems with Windows).
The same deliberate degrading of playback quality applies to audio, with the audio being downgraded to sound (from the spec) “fuzzy with less detail”.
Amusingly, the Vista content protection docs say that it'll be left to graphics chip manufacturers to differentiate their product based on (deliberately degraded) video quality.
This seems a bit like breaking the legs of Olympic athletes and then rating them based on how fast they can hobble on crutches.
The Microsoft specs say that only display devices with more than 520K pixels will have their images degraded (there's even a special status code for this, STATUS_GRAPHICS_OPM_RESOLUTION_TOO_HIGH), but conveniently omit to mention that this resolution, roughly 800×600, covers pretty much every output device that will ever be used with Vista.
The absolute minimum requirements for Vista Basic are listed as 800×600 resolution (and an 800MHz Pentium III CPU with 512MB of RAM, which seems, well, “wildly optimistic” is one term that springs to mind). However that won't get you the Vista Aero interface, which makes a move to Vista from XP more or less pointless.
The minimum requirements for running Aero on a Vista Premium PC are “a DX9 GPU, 128 MB of VRAM, Pixel Shader 2.0, and minimum resolution 1024×768×32”, and for Aero Glass it's even higher than that.
In addition the minimum resolution supported by a standard LCD panel is 1024×768 for a 15″ LCD, and to get 800×600 you'd have to go back to a 10-year-old 14″ CRT monitor or something similar. So in practice the 520K pixel requirement means that everything will fall into the degraded-image category.
(A lot of this OPM stuff seems to come straight from the twilight zone. It's normal to have error codes indicating that there was a disk error or that a network packet got garbled, but I'm sure Windows Vista must be the first OS in history to have error codes for things like “display quality too high”).
Beyond the obvious playback-quality implications of deliberately degraded output, this measure can have serious repercussions in applications where high-quality reproduction of content is vital.
Vista's content-protection means that video images of premium content can be subtly altered, and there's no safe way around this — Vista will silently modify displayed content under certain (almost impossible-to-predict in advance) situations discernible only to Vista's built-in content-protection subsystem.
Microsoft claim that this hidden image manipulation will only affect the portions of the display that contain the protected content, but since no known devices currently implement this “feature” it's hard to say how it'll work out in practice (what happens currently is that Vista just refuses to play premium content rather than downgrading it).
Elimination of Open-source Hardware Support
In order to prevent the creation of hardware emulators of protected output devices, Vista requires a Hardware Functionality Scan (HFS) that can be used to uniquely fingerprint a hardware device to ensure that it's (probably) genuine.
In order to do this, the driver on the host PC performs an operation in the hardware (for example rendering 3D content in a graphics card) that produces a result that's unique to that device type.
In order for this to work, the spec requires that the operational details of the device be kept confidential.
Obviously anyone who knows enough about the workings of a device to operate it and to write a third-party driver for it (for example one for an open-source OS, or in general just any non-Windows OS) will also know enough to fake the HFS process.
The only way to protect the HFS process therefore is to not release any technical details on the device beyond a minimum required for web site reviews and comparison with other products.
This potential “closing” of the PC's historically open platform is an extremely worrying trend.
A quarter of a century ago, IBM made the momentous decision to make their PC an open platform by publishing complete hardware details and allowing anyone to compete on the open market.
Many small companies, the traditional garage startup, got their start through this. This openness is what created the PC industry, and the reason why most homes (rather than just a few offices, as had been the case until then) have one or more PCs sitting in a corner somewhere.
This seems to be a return to the bad old days of 25 years ago when only privileged insiders were able to participate.
Elimination of Unified Drivers
The HFS process has another cost involved with it. Most hardware vendors have (thankfully) moved to unified driver models instead of the plethora of individual drivers that abounded some years ago (in the bad old days it used to be necessary to identify individual device types and download specific drivers for them, something that was more or less impossible for non-geek users).
Since HFS requires unique identification and handling of not just each device type (for example each graphics chip) but each variant of each device type (for example each stepping of each graphics chip) to handle the situation where a problem is found with one variation of a device, it's no longer possible to create one-size-fits-all drivers for an entire range of devices like the current Catalyst/Detonator/ForceWare drivers.
Every little variation of every device type out there must now be individually accommodated in custom code in order for the HFS process to be fully effective, resulting in a re-balkanisation of drivers that have only just become available in a clean, unified form in the last few years.
This is more a concern for device vendors and driver developers than users, since they don't see any of this artificially-created extra complexity. As far as the user is aware it's still a “unified” driver since the internal re-balkanisation isn't visible in the driver bundle (although the “unified” driver suddenly becomes a lot larger). The indirect cost to the user (longer driver development cycles and higher cost) is mostly hidden from them.
If a graphics chip is integrated directly into the motherboard and there's no easy access to the device bus then the need for bus encryption (see Unnecessary CPU Resource Consumption below) is removed.
Because the encryption requirement is so onerous, it's quite possible that this means of providing graphics capabilities will suddenly become more popular after the release of Vista. However, this leads to a problem: It's no longer possible to tell if a graphics chip is situated on a plug-in card or attached to the motherboard, since as far as the system is concerned they're both just devices sitting on the AGP/PCI bus.
The solution to this problem is to make the two deliberately incompatible, so that HFS can detect a chip on a plug-in card vs. one on the motherboard. Again, this does nothing more than increase costs and driver complexity.
An even more complex situation occurs with DVI paddle boards, in which the graphics device is on the motherboard but the DVI output is provided through a card that goes into the AGP slot. This means that the graphics device meets the requirements for a non user-accessible bus device (see the section Increased Hardware Costs) but the DVI output portion doesn't.
Does this mean that your graphics output gets disabled or not? Either option is unpalatable, because Vista's content-protection design never anticipated such situations.
(Part 3 Coming)
Comments (0)