Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Vista DRM Prevents Kernel Tampering

CmdrTaco posted more than 7 years ago | from the in-theory-anyway dept.

428

mjdroner writes "A ZDNet blog reports on a new DRM feature for Vista that 'protects' the kernel from tampering. The blog quotes a Microsoft document: 'Code (CI) protects Windows Vista by verifying that system binaries haven't been tampered with by malicious code and by ensuring that there are no unsigned drivers running in kernel mode on the system.' The blog says that much of the DRM in Vista is simply a port from XP, but that this feature is new to the OS."

cancel ×

428 comments

Sorry! There are no comments related to the filter you selected.

Coercion? (5, Interesting)

P(0)(!P(k)+P(k+1)) (1012109) | more than 7 years ago | (#16394799)

From a related article [osnews.com] :
Vista driver developers must obtain a Publisher Identity Certificate (PIC) from Microsoft. [] This costs $500 [EUR 412] per year, and as the name implies, is only available to commercial entities.
Does this amount to indirect coercion? In XP, if I remember, unsigned drivers were allowed to run unhindered with loud information dialogs.

Re:Coercion? (5, Insightful)

perlchild (582235) | more than 7 years ago | (#16394971)

It does contribute to fighting open source, any way you look at it. I'm using a tap driver from the openvpn project, it isn't signed, and I don't know for sure, but I don't remember openvpn being a commercial entity. However, I'm not current enough in vista to know if they couldn't just get out of the kernel, and move to user-space for the required features.

Re:Coercion? (4, Insightful)

geekoid (135745) | more than 7 years ago | (#16395017)

Interesting.

Independant developers should sue. MS is completly locking them out of the platform.

Developers.Developers.developers. Indeed...

Re:Coercion? (1, Insightful)

rjstanford (69735) | more than 7 years ago | (#16395095)

Bullshit.

Anyone who has a need to write kernel-level drivers can almost certainly toss $500 a year at a certificate. Compared to the cost of, say, manufacturing hardware, this is noise.

Re:Coercion? (5, Insightful)

Aladrin (926209) | more than 7 years ago | (#16395181)

I totally disagree. You are assuming they have a commercial application in mind. What about someone who wants to write drivers for their new hardware they just built by hand? They shouldn't be required to go through this.

It doesn't matter, though, because if you make it too hard to write software for Windows, people will stop. They'll find another platform that is more enticing to them. It won't happen immediately, of course. But it'll happen.

Re:Coercion? (2, Insightful)

AuMatar (183847) | more than 7 years ago | (#16395251)

Bullshit and FUD. THere's plenty of reasons you'd need to write kernel level code. Just because you're writing a driver does not mean you are a hardware manufacturer- just doing a console controller conversion (like making an old NES controller hook up to a computer) requires a driver.

Re:Coercion? (1)

rjstanford (69735) | more than 7 years ago | (#16395347)

Last time I checked (which was admittedly back in the old NT days, but since that's the source codebase these days...) there were different levels of driver. Writing something to convert USB commands to keystrokes should be different than writing something running in ring 0. At least, that's the way that I remember it. But I freely admit that I could be wrong here.

Re:Coercion? (2, Insightful)

Tod DeBie (522956) | more than 7 years ago | (#16395411)

Just because you're writing a driver does not mean you are a hardware manufacturer- just doing a console controller conversion (like making an old NES controller hook up to a computer) requires a driver.
I don't think you would need a kernel level driver for that. The idea of requring kernel level drivers to be signed does not seem like that bad an idea; this would likely stop most rootkits and would improve the general security of the os.

Many classes of software are affected (5, Informative)

yeremein (678037) | more than 7 years ago | (#16395509)

This isn't just about supporting hardware. Several types of programs require kernel-mode drivers. Off the top of my head...

Installable file systems
Loopback mounts
Volume encryption
Rootkit detection
Packet sniffing
VPN software

I'm sure there are others. Vista's code signing requirement will make it difficult for any open-source program to do any of the things listed above. Large OSS projects backed by a company will probably be able to get a certificate from Microsoft and sign official builds, but third parties will be unable to modify and redistribute binaries, which is counter to the spirit of open source. I'm sure this is not an accident. Smaller OSS projects (such as installable file systems for ext3 or reiser) will most likely jsut disappear.

Re:Coercion? (1)

Amouth (879122) | more than 7 years ago | (#16395595)

Or just sign it your self.. make your own root cert and install it then sign the driver - basicly putting your stamp of approval on it your self.. i am sure someone could sit down and in a few days have a nice little windows program that would let you do this with ease (for thoughs out there that don't know how to do it)

i refuse to be extorted for the use of signing things.. other than the ssl cert for our main public website we sign everything our selves and install our own root cert..

it isn't that damn hard

Re:Coercion? (1)

fahrbot-bot (874524) | more than 7 years ago | (#16395293)

Developers.Developers.developers.

I believe what Balmer meant was "Corporate Developers", or "Developers with $$$"... People w/o money need not apply.

Re:Coercion? (1)

nizo (81281) | more than 7 years ago | (#16395379)

Yeah thanks for bringing this catchy video [youtube.com] back into my brain. Even now my skin is crawling remembering his sweaty armpits (*Shudder*)

Re:Coercion? (1)

Homology (639438) | more than 7 years ago | (#16395049)

By allowing only signed drivers it will make it harder for root kit crackers. I don't think there are many voluntaires that write device drivers for Windows in the first place, so the requirement that only companies can get a Publisher Identity Certificate is not that big a loss. The cost of $500 a year is not much for a company, anyway.

Now, there are several open source OS you may use if you care to write your own device drivers, or see how they are made.

Re:Coercion? (5, Interesting)

Tackhead (54550) | more than 7 years ago | (#16395127)

> By allowing only signed drivers it will make it harder for root kit crackers. I don't think there are many voluntaires that write device drivers for Windows in the first place, so the requirement that only companies can get a Publisher Identity Certificate is not that big a loss. The cost of $500 a year is not much for a company, anyway.

The cost of $500 a year is also not much for the Russian mob, or any other bunch of fuckweasels that want to sponsor the creation of a rootkit.

Re:Coercion? (2, Interesting)

RingDev (879105) | more than 7 years ago | (#16395371)

Except for the fact that MS can revoke that certificate at any time. If any malicious code hits the web with your cert, they pull the cert and the malicious code is rendered worthless. Of course, so is any non-malicious code under that cert. I wonder what kind of protections go into that cert to prevent spoofing.

-Rick

Re:Coercion? (1)

CastrTroy (595695) | more than 7 years ago | (#16395221)

It's not that much for a determined hacker either. And as we have seen with signed ActiveX controls, signing code doesn't really mean anything either. The cost of buying a license to sign something doesn't hasn't stopped hackers in the past from breaking through security holes, and it's not going to stop them in the future.

Re:Coercion? (2, Insightful)

Aladrin (926209) | more than 7 years ago | (#16395285)

It sounds to me like they've given hackers a reason to fake signing drivers, instead. They've never really had a reason to bother before.

Re:Coercion? (4, Insightful)

mrchaotica (681592) | more than 7 years ago | (#16395303)

By allowing only signed drivers it will make it harder for root kit crackers.

Yeah, but it will also make it harder for people making tools to preserve Fair Use (DVD and HD-disc ripping programs, no-CD cracks for games, etc.). This is a Bad Thing.

I'll keep my Fair Use and take my chances with the rootkits, thankyouverymuch!

Re:Coercion? (1)

s31523 (926314) | more than 7 years ago | (#16395073)

Coercion, perhaps. Pain in the arse, definitely. I remember installing drivers from not-so-know hardware manufactures and getting the scary dialog box about the driver not being signed and that it could be a virus or make my system "unstable". Now, all those drivers are null and void? That sucks. I wonder if MS charges a fee to get drivers approved and signed, if so I would imagine lawsuits brewing over this.

Re:Coercion? (4, Interesting)

Keith Russell (4440) | more than 7 years ago | (#16395173)

Nothing has changed for user-mode drivers. You'll still get the same old nagging wave-through dialog for unsigned drivers, now with added UAC screen flickering.

Signatures are only required for kernel-mode drivers. In 64-bit Vista, it's a hard limit: No signature, no load, period. In 32-bit, you'll get the same UAC/nag dialog as user-mode drivers. The only time you'll be affected by the lack of signatures in 32-bit Vista is when you try to play back all those awesome Blu-Ray and HD-DVD movies you've been clamoring for on your shiny new HDCP-compliant flat panel monitor. </sarcasm>

Reminder: Video drivers are user-mode in Vista.

Re:Coercion? (2, Funny)

mrchaotica (681592) | more than 7 years ago | (#16395367)

Reminder: Video drivers are user-mode in Vista.

Ah, but what about "Trusted[sic]" Platform Module drivers?

Re:Coercion? (0)

Anonymous Coward | more than 7 years ago | (#16395391)

YOu forgot to mention that it is ONLY if you use windows media player, other media players will let you play blu-ray and other HD content fine.

Re:Coercion? (0)

Anonymous Coward | more than 7 years ago | (#16395439)

Wait.. what screen flicker? So now as well as having fucking annoying winblows dialog boxes (I've said a million times, this is authorized - BY ME!!!) we get a screen flicker. Thanks for making the user-made drivers even FUCKING HARDER!

Goddamn toady.

Re:Coercion? (1)

LiquidCoooled (634315) | more than 7 years ago | (#16395541)

But I thought there had to be a completely secure path:

Data -> Codec -> TCPM -> Graphics Card -> Secure Monitor.

The monitor drivers you speak of are just frequency settings, the trusted function will be an operation of the graphics card ie

NV.isMonitorHDCPCompliant(mykey)

They wouldn't leave such a big glaring hole as user mode drivers for such an "important" part of the HDCP verification process.

innovative (1, Informative)

Anonymous Coward | more than 7 years ago | (#16394805)

It's about time they put something like this in. I hope it will have a effect on the rootkits that are increasingly common these days, both the legitimate ones (e.g. Sony's) and those from hackers (e.g. rootkit.com).

Re:innovative (5, Insightful)

EvanED (569694) | more than 7 years ago | (#16394859)

What makes Sony's legitimate but the ones from Rootkit.com not?

If anything I would argue that rootkit.com is a more legit distribution mechanism than Sony.

Re:innovative (0)

Anonymous Coward | more than 7 years ago | (#16394965)

The difference is purpose.

Sony were just trying to protect their business assets from piracy - albeit is a rather misguided manner. Whereas most of the users of sites like rootkit.com are black hat hackers looking for something to put in their next spambot trojan.

Re:innovative (4, Insightful)

ultranova (717540) | more than 7 years ago | (#16395135)

Sony were just trying to protect their business assets from piracy - albeit is a rather misguided manner. Whereas most of the users of sites like rootkit.com are black hat hackers looking for something to put in their next spambot trojan.

But aren't most spambot trojans business assets ? After all, spam makes money - that's why spammers bother - so rootkits are business assets for blackhat hackers, even more so than they are for Sony.

No, these poor hackers are simply trying to protect their right to profit - just like Sony. And if that means taking the control of the computer away from its owner, well, surely you agree that that's a small price to pay to ensure that those damn users aren't depriving them of those profits, right ? Sony certainly seems to...

Re:innovative (1)

EvanED (569694) | more than 7 years ago | (#16395151)

But Rootkit.com doesn't exist for that purpose, it exists for security researchers.

As someone who is currently studying detection mechanisms for them, I've got the Rootkits book on my shelf a few feet behind my back.

Or do some of its users make it illegitimate, like, say, Napster?

Re:innovative (1)

russ1337 (938915) | more than 7 years ago | (#16395421)

>> Sony were just trying to protect their business assets from piracy - albeit is a rather misguided manner. Whereas most of the users of sites like rootkit.com are black hat hackers looking for something to put in their next spambot trojan.

.... who are just trying to protect their business assets: the spam....

Re:innovative (1)

throx (42621) | more than 7 years ago | (#16395171)

Typically the difference is a code-signing certificate that is signed by Microsoft. If rootkit.com forks out the $300 or so required to get one then there's no difference at all.

Of course, the first bug in a signed driver that allows unsigned code to be loaded into the kernel is a class break for the entire system. It sounds like in typical corporate fashion that Microsoft has been working hard to inconvenience lawful customers while doing little to stop the people who are deliberately unlawful.

Re:innovative (2, Funny)

smitty_one_each (243267) | more than 7 years ago | (#16394865)

Yes. The sooner enough people get bent over and used by proprietary technology, the faster we can move on to something that doesn't suck like this.

Re:innovative (1)

nizo (81281) | more than 7 years ago | (#16395545)

A funnier and more insightful comment I have not seen here today. Seriously, will this keep out determined black hats for long? How many more shackles will Microsoft add to their software before people finally throw up their hands and say, "screw this; what alternatives are out there?" It almost seems like Microsoft is squeezing everyone while they can, realizing that many people will just keep ponying up the cash until they have been drained completely.

Quis custodiet ipsos custodes (5, Insightful)

megaditto (982598) | more than 7 years ago | (#16394975)

Cracking such a thing is trivial once you answer the question who watches the watchman?

As Apple just learned with their TPM kernel extension, all that hackers need to do is replace the binary that verifies all other binaries, and the "goodies" are up for grabs.

Re:Quis custodiet ipsos custodes (1)

mrchaotica (681592) | more than 7 years ago | (#16395443)

As Apple just learned with their TPM kernel extension, all that hackers need to do is replace the binary that verifies all other binaries, and the "goodies" are up for grabs.

Interesting... where can I read more about this?

Re:Quis custodiet ipsos custodes (2, Informative)

ZachPruckowski (918562) | more than 7 years ago | (#16395599)

As Apple just learned with their TPM kernel extension, all that hackers need to do is replace the binary that verifies all other binaries, and the "goodies" are up for grabs.

Apple however, had distributed unprotected versions of 10.4.1 prior to that. And a large amount of the kernel is open-source. There's no assurance you can do that with Windows.

Oh yes (-1)

Anonymous Coward | more than 7 years ago | (#16394817)

I for one welcome our new DRM overlords!

Not all drivers (4, Interesting)

Tony Hoyle (11698) | more than 7 years ago | (#16394831)

Minifilter drivers don't have to be signed (at least in RC1 which is the last version I tried). That of course means you can get into ring 0 with a loadable driver - all that's needed is admin rights.

Modfying the kernel after that is just a matter of working out which bits (kill the code that checksums the binaries first, etc.)

Re:Not all drivers (3, Interesting)

Viraptor (898832) | more than 7 years ago | (#16395029)

*COUGH*pagefile attack [blogspot.com] *COUGH*
No info about rc2 yet, but if they didn't want to correct it in rc1, then... who knows...

Re:Not all drivers (3, Funny)

hotdiggitydawg (881316) | more than 7 years ago | (#16395673)

That's a nasty cough you have there. I think you might've picked up a bug...

Installing lockout under the guise of security. (2, Interesting)

rs232 (849320) | more than 7 years ago | (#16394835)

"if unsigned code is allowed to load you won't be able to play protected high-definition multimedia content"

Who cares? (0)

Anonymous Coward | more than 7 years ago | (#16394853)

Don't channel 9 do a good job of news for Microsoft victims?

How Wonderful (1, Interesting)

the linux geek (799780) | more than 7 years ago | (#16394855)

This unsigned driver "feature" is causing hell for those using the x64 version of Vista, which has abysmal driver compatibility. Nobody can now install 32-bit drivers.

Re:How Wonderful (2, Informative)

alienfluid (677872) | more than 7 years ago | (#16394943)

Hmm, so you were hoping to use 32-bit drivers on a 64-bit OS? You shouldn't even be here. Go home.

Re:How Wonderful (1)

caldaan (583572) | more than 7 years ago | (#16395243)

Yeah clearly he should be making his own instead...

The workaround for many missing 64 bit drivers is to use the 32 bit drivers for when the manufacturer *cough* creative *cough* doesn't make one or refuses to make one that works is to install the 32 bit driver in compatability mode.

Sometimes it works, sometimes it doesn't, but its better than nothing when it does...

Re:How Wonderful (1)

Tony Hoyle (11698) | more than 7 years ago | (#16395413)

It wouldn't work. At the driver level there *is* no 32bit compatibility mode.

If you think you managed to get a 32bit driver working you weren't loading a driver - just a 32bit applicaton.

Re:How Wonderful (1)

JLennox (942693) | more than 7 years ago | (#16395177)

32bit user mode software gets run through the wow64 abstraction layer inorder to operate properly, there isn't a heck of a lot of things that could be done for 32bit drivers.

It's not a DRM/lockout situation, it's a round hole square peg problem.

Re:How Wonderful (1)

baadger (764884) | more than 7 years ago | (#16395399)

Vista x64 detects every last bit of hardware in the box I built in February. As did Windows XP x64 Edition (which I run now as my secondary OS). Right now, It's just a matter of choosing hardware wisely, when I built this box I deliberately chose components that had manufacturer provided Windows XP x64 Edition drivers (and of course, good Linux drivers as I run Linux as my primary OS).

Obviously for hardware over a year to 18 months old it's difficult... but it's no use whinging to Microsoft. Nag the manufacturers, Microsoft only bundle, and yes, the RC1 builds did include alot of drivers that didn't come with XP x64.

[For the record, XP x64 with a full house of drivers is noticeably better than XP SP2 (32 bit) and has this kernel Patchguard junk in there already. Of course, Windows is waaay behind on the 64 bit shift when compared to Linux ]

Re:How Wonderful (1)

rcamera (517595) | more than 7 years ago | (#16395505)

mr. linux geek speaks about windows vista. interesting. as a rc1 x64 guinea pig, i can tell you the situation is not as bad as you seem to think. i have yet to see hardware which is not supported by x64 out of the box. my only complaint so far is that there's no vista ready version of nero. but there's no x86 support for it either.

is Vista that fabled 8th generation OS? (5, Funny)

192939495969798999 (58312) | more than 7 years ago | (#16394873)

"From: (Blair P. Houghton)

I predict that Eighth Generation computers
will compile no programs, run no applications,
and access no data. Instead they will be
designed and tuned to give a continuously
variable spectrum of elegant and precise
error messages describing your failure to
induce them to do so."

Yay Vista!

Re:is Vista that fabled 8th generation OS? (3, Funny)

ggalvao (1000487) | more than 7 years ago | (#16394913)

Yay! One more barrier for open source free non-propietary drivers to jump over!

Updates? (3, Insightful)

phorm (591458) | more than 7 years ago | (#16394907)

How exactly would it accomplish this properly though? Call home periodically to get a kernel hash? Have a built-in hash check? If you want to allow the kernel to be updatable (which at times, is necessary), then you are going to have to allow the kernel to be "tampered with" somehow. A crack, virus, or other program might just masquerade as a patch to allow the on-disk kernel to be modified.

Re:Updates? (4, Informative)

EvanED (569694) | more than 7 years ago | (#16395021)

Cryptographically secure signatures?

You take a hash, and sign it with a private key. This is your signature. The loader then takes a hash of the file again. It also decrypts the signature with the public key. Compare the two. If they match, then the file hasn't been tampered with.

Tampering with this requires:
1. Tampering with the loader
2. Tampering with the public key stored in the loader (really part of #1)
3. Breaking MS's private key
4. Producing another executable with the same hash

1 and 2 are possible, but 3 and 4 are computationally hard. (The sun will have turned into a red giant long before the best-known alogrithms have found a solution, even if the hash is the relatively "weak" MD5.)

Re:Updates? (1)

s31523 (926314) | more than 7 years ago | (#16395027)

Maybe Vista will use some sort of private key encryption so that when good ol' Windows Update runs it is the only program with the keys to the castle, so to speak. That way only Windows Update can perform mods and reprogram the kernel with a new hash code/CRC, or something.

Re:Updates? (2, Interesting)

qbwiz (87077) | more than 7 years ago | (#16395091)

Microsoft could sign patches with their private key, then include the public key in Windows to let them check that. AFAIK, they do that with the Xbox 360 and some other stuff already. The hard part will be making sure that the part that does the validation hasn't been cracked already - Apple is having problems doing that, and they even have a combined hardware/software solution.

/. has been anticipating this (1)

RLiegh (247921) | more than 7 years ago | (#16394919)

For years, people on this site have acknowledged that the driver signing feature -while valid at first blush- would inevitably be used to shut out non-microsoft drivers. Now our prediction has finally come true.

On a personal level, if I cannot uses the EXT2IFS drivers on an Vista system to access my linux drives, I will keep my XP cds and simply use XP and not bother about new games (since the games I use are from 2002, I pretty much already have abandoned new games anyway) or new versions of office.

Re:/. has been anticipating this (1)

jb.hl.com (782137) | more than 7 years ago | (#16395013)

Try explore2fs. It's a little clunky, but it works quite well and doesn't require installing drivers (I never did have much luck with EXT2IFS, it tended to screw up folder names and such quite a lot).

Re:/. has been anticipating this (1)

CastrTroy (595695) | more than 7 years ago | (#16395339)

I've always wondered why there was little/no support for other file systems under windows. Linux supports tons of file systems. Windows only supports 2, and is phasing out 1, so they pretty much only support NTFS. I hate that when I boot into windows, I can't access my ReiserFS files. I hate having to keep my music and picture files in a separate partition, just so I can access them under windows the few times a month that I bother booting into windows.

Re:/. has been anticipating this (1)

Tony Hoyle (11698) | more than 7 years ago | (#16395487)

Up until fairly recently the IFS kit cost about $1000 and the only book describing NT filesystems cost about $250 (and was out of print anyway).

If you have the new DDK (labeled longhorn beta DDK on my MSDN but just don't use the longhorn bits) that has the IFS kit rolled in now.

That said, writing a filesystem driver is *hard* and I would set aside 6-12 months development time for it.

Re:/. has been anticipating this (1)

EvanED (569694) | more than 7 years ago | (#16395515)

Because MS has very little incentive to support other drivers. They've got more to lose by possibly convincing other people to give Linux a shot than they do by annoying the few (percentagewise) who use Linux already.

BTW, there's a program called RFStools I think that lets you access Reiser partitions from Windows. I've only tried it once or twice, and I think just to read, but it worked for that. I don't know how complete they are.

(Besides, what are you doing using a filesystem from an alleged murder? )

Built for security or srtonger DRM (1)

MECC (8478) | more than 7 years ago | (#16394929)


I wonder whether or not its engineered to make vista more secure or to strengthen windows DRM (Dark ages Replayed for the Modern era). I've got a feeling its one or the other, but not necessarily both.

Re:Built for security or srtonger DRM (1)

Alchemar (720449) | more than 7 years ago | (#16395059)

Lets just make the wild assumption that this is a security measure. Now you don't have to modify the kernel to destroy a computer, just change the hash code so that Vista thinks Vista is unsigned. I haven't looked at the code, so they might have figured some way around it, but I have faith that the black hats will find away around their way around.

Simple solution (1)

Travoltus (110240) | more than 7 years ago | (#16394935)

Alter the boot-up code. Then modify CI. Work your way up to the kernel and off you go.

The operating system loader and the kernel now perform code signature checks. On 64-bit x64 platforms, all kernel mode code must be signed and the identify of all kernel mode binaries is verified. The system also audits vents for integrity check failures.


All your base... for great justice!!!

Would be anti-DRM in the case of the Sony Rootkit (3, Insightful)

Anonymous Coward | more than 7 years ago | (#16394959)

MS can't win for losing. Clearly the subversion of the kernel through rootkitting is a growing problem. If MS doesn't fix it, they get knocked for having no security. If they fix it, it is called DRM. Myself, I find Vista less than compelling. 2003 works just fine, but it seems some of the haters in the Slashdot crowd will see anything MS does as bad. They are finally getting their act together on not running everything as root and they even get knocked for that.

Re:Would be anti-DRM in the case of the Sony Rootk (1)

BSOD DOC (1008507) | more than 7 years ago | (#16395289)

I somewhat agree. MS is blasted because they don't secure their product very well, and they are blasted if they DO try to secure their product. MS is blasted here usually because it has "so many holes", yet there is usually no comparision with how many "holes" or "patches" have been put out by linux, SCO, Apple, SUN, etc. But they are damned if they do and damned if they don't. While many would like to see them go under, or disappear altogether, how long before the next "MS" would step up to the plate and become the "bad guy"?

Re:Would be anti-DRM in the case of the Sony Rootk (0)

Anonymous Coward | more than 7 years ago | (#16395455)

But 2003 is a server OS while Vista is a user OS. You'll want to compare against Longhorn server which is due out in mid 2007 which will likely be released as Windows Server 2007.

Forbidden or simply sandboxed? (1)

Overzeetop (214511) | more than 7 years ago | (#16394973)

Okay, I didn't rtfa, but it probably wouldn't have mattered (and it's not the /. way, after all). Will this mean there will be no unsigned drivers, or that unsigned drivers will have to work through the kernel like WinNT 3.5? Aside from all the DRM lock-down, bend-the-consumer-over-a-rail implications, this would also prevent home hacking and diy projects, and could have all sorts of implications for hobbiests.

So, is this a way to prevent crashes (a la 3.5, no Ring 0 access) or is it a way to tighten the noose for the content industry?

What about.. (1)

Hangin10 (704729) | more than 7 years ago | (#16394981)

So this means if one does any development that requires writing any kind of driver for Windows, they have to pay Microsoft? I don't think this is going to go over well (if the previous comments are any hint, it isn't). This kills any small company that sells software that needs, say, a network driver for VPN (Hamachi and others). Or even video game developers, although I wouldn't think SN Systems, Nintendo, or Sony would care much if they had to play $500 to Microsoft to get their development setups to run on Vista. This is... just.. just... crazy, sure we might end up with malicious software, but... Ok, this just goes too far, it's not even DRM, it's just R, for Ridiculous.

Re:What about.. (1)

Hangin10 (704729) | more than 7 years ago | (#16395043)

That was supposed to be a reply to the first post, not a thread on it own. I seriously need to eat lunch before posting on Slashdot...

Ah... (1)

RyanFenton (230700) | more than 7 years ago | (#16394995)

Ah, but what prevents something from tampering with Code (CI)?

An incomplete DRM system can be ignored if there's still enough of a real computer (tm) left that doesn't have to jump through the DRM hoops. If you can run code in a way that doesn't HAVE to check the DRM for permission to run, then all the DRM becomes is a necissary bootstrap you need before your real software starts running.

And from what I've seen so far, a completely protected system simply isn't worth the inconvenience for a general computer. Game consoles, sure - I'll play in a sandbox, but no way would I allow Microsoft to have veto power over what I run on a real computer (tm) - it just isn't worth the costs, in all respects. And I don't think most people would want to play in a truly fully protected sandbox, once the cat-and-mouse game of patches and hacks plays out fully - it won't be a pretty sandbox.

Ryan Fenton

Re:Ah... (1)

Silver Sloth (770927) | more than 7 years ago | (#16395231)

And I don't think most people would want to play in a truly fully protected sandbox
Change that to
And I don't think most /.ers would want to play in a truly fully protected sandbox
and I'll totally agree with you. However, mom and pop will be sold on the 'added security', and whomever makes the decisions about what OS to use on the thousends of PCs throughout the organisation I work for will love it to bits.

Re:Ah... (1)

mrchaotica (681592) | more than 7 years ago | (#16395587)

And I don't think most people would want to play in a truly fully protected sandbox, once the cat-and-mouse game of patches and hacks plays out fully - it won't be a pretty sandbox.

But they have to realize it first, and do so before they get locked in. That's the hard part about fighting DRM.

Optimism (2, Funny)

regular_gonzalez (926606) | more than 7 years ago | (#16395011)

I'm an optimist by nature, so I'll say it'll take hackers 3 months to crack the kernel DRM.

Re:Optimism (1)

SithLordOfLanc (683305) | more than 7 years ago | (#16395115)

Not a chance. I'd expect that if RC2 has this, it's already broken. The gold code will be cracked within a day or two.

Re:Optimism (1)

regular_gonzalez (926606) | more than 7 years ago | (#16395245)

The only reason I'm so optimistic is that if memory serves, it took a good six months or so to get unsigned code to run on an XBox. If MS decides to take security seriously, cracking their DRM might not be quite as trivial as you imply. Then again, I could be wrong :)

Re:Optimism (0)

Anonymous Coward | more than 7 years ago | (#16395315)

I think the main hurdle there was the hardware, not the software. They don't get to encrypt things in hardware this time.

Re:Optimism (2, Interesting)

Tony Hoyle (11698) | more than 7 years ago | (#16395571)

In the case of the xbox it was a fairly closed system with harcoded BIOS support for the DRM and custom hardware.

There are PCs with TPM chips that are at that level now but they're still fairly rare - in general a PC is still an open architecture.

Re:Optimism (1)

ultranova (717540) | more than 7 years ago | (#16395269)

I'm an optimist by nature, so I'll say it'll take hackers 3 months to crack the kernel DRM.

I'm hoping for a year. That gives Vista enough time to spread to make it impossible to make large-scale re-engineering, and will also give people enough time to learn what DRM actually means for them. Let the people suffer enough that they'll hate DRM and view the DRM-breaking hackers as heroes.

Uhh (1)

daeg (828071) | more than 7 years ago | (#16395015)

What happens to third party, open source disk drivers like TrueCrypt?

Re:Uhh (1)

CastrTroy (595695) | more than 7 years ago | (#16395417)

What happens to the developers of the drivers. How are keys managed in that situation. Does every developer have a copy of the private key for signing? Does every developer have to submit their file to some other server so it can be signed before they are able to test it? I don't develop drivers myself, so I'm not completely familiar with the testing/development/debugging process, but it seems like requiring to have these drivers signed would create a lot of extra hassle for the people developing them.

DRM? (0)

Anonymous Coward | more than 7 years ago | (#16395023)

last time I checked, DRM stood for Digital Rights Management. Security measures that protect kernel tampering aren't DRM. fucking morons

So it's DRM, but... (0)

Anonymous Coward | more than 7 years ago | (#16395035)

...What am I supposed to hate about this? It sounds like a good feature.

It's Windows. ; ) (1)

Veetox (931340) | more than 7 years ago | (#16395075)

ie. It'll have three back doors and an easter-egg that, when accessed, flashes "Bill Gates sucks" in bright letters. SOP.

Already broken by Blue Pill (5, Informative)

TRS-80 (15569) | more than 7 years ago | (#16395087)

The kernel mode signed driver restriction has already been broken by Blue Pill [wikipedia.org] . Full details are in the black hat presentation [blackhat.com] , but the basic gist is you force a driver (eg null.sys) to be swapped out to disk, overwrite a function in the copy in swap with your own code, then call that function. And now you're executing unsigned code in kernel space.

Re:Already broken by Blue Pill (1)

Sebastopol (189276) | more than 7 years ago | (#16395281)

According to the URL you provided, there is no proof this even works.

Since you don't have to page everything (it is a function of the OS after all), it is possible to not page out critical CI drivers, thus preventing re-writing of critical DRM signature code.

Re:Already broken by Blue Pill (0)

Anonymous Coward | more than 7 years ago | (#16395425)

Debunked!

Or, if you were doing anything other then Karma Whoring you would have done a bit mroe research and realized that blu epillis still a theory, no code has ever been releaded to review. Kinda like the Apple wifi flaw....

Shit, that link is formthe wikipedia page you liked to.

Go who somewhere else or at least put some effort into your whoring.

nobody likes a sloppy whore

Freedom is Slavery (3, Insightful)

orospakr (715849) | more than 7 years ago | (#16395131)

The very idea of running software on my own equipment that considers me an enemy just doesn't sit at all well.

That, and I really like the Free Software TUN/TAP driver for Windows.

Government Access (1)

cyriustek (851451) | more than 7 years ago | (#16395229)

I wonder if the Governments will have to pay the fee to allow their rootkits to work. This can be an interesting twist on spying.

HMmmmm (1)

kongit (758125) | more than 7 years ago | (#16395305)

Now while $500 isn't too much to ask to have your driver officially supported by microsoft and allowed to run on vista, it raises an interesting issue. If a company makes drivers for vista, and microsoft, or whoever verifies that the binary blobs are allowed to impede in vista's kernel, decide that they don't like something that that company is doing, say supporting linux heavily. What is too keep microsoft or whoever from just saying nope your driver isn't good enough?

Conflation (1)

digitalderbs (718388) | more than 7 years ago | (#16395321)

This new feature sounds like a useful security measure. However, is this really a part of the Digital Rights Management system? I'm not sure that this is not a conflation of issues.

From wikipedia drm article [wikipedia.org] :
Digital Rights Management (generally abbreviated to DRM) is any of several technologies used by publishers (or copyright owners) to control access to and usage of digital data ... and hardware, handling usage restrictions associated with a specific instance of a digital work.

This new feature doesn't sound like it falls under this description to me -- although it might to others. The reason a conflation concerns me on this issue is because Microsoft could justifiably say that DRM is improving Windows security, and lay people might find DRM desirable. So why exactly is this DRM?

great for my mom (1)

grapeape (137008) | more than 7 years ago | (#16395361)

The new security hurdles will be great for the average home user anything that makes it more protected and stable helps. The big hurdle is going to be convincing businesses that do active in-house development that this is a good idea. Its going to be hard enough to convince companies that most of their desktop systems have to be completely upgraded and they really have to push the upgrade since runing in reduced functionality mode appears to offer no real benefit over XP. MS has really created an uphill battle for themeselves, none of my friends are planning to upgrade and the businesses I have talked to are just worried about loosing support for XP and 2003 to the point of asking about alternatives. Unless my group of friends and aquaintences are not typical of the majority the only upgrades to vista I see in their future are forced ones due to buying new desktops and laptops.

Thank god, I am done with Windows (1)

SnapperHead (178050) | more than 7 years ago | (#16395407)

Everytime I see articles like this I am so happy I switched away from Windows. I switched to a lesser of 2 evils, Apple. But, I tell you what I have spent far less time trying to maintain the system, then using it. Defrags, virus scans, spyware scans, updates, upgrades, reboots, etc.

OS X is NOT perfect, nor is Linux. But, OS X is a lot closer then Windows AND Linux. Don't get me wrong, Linux has its place. As a server. I will use nothing but it for a server, but for a workstation it still has a long way to go.

Ummm, hello? (4, Insightful)

finkployd (12902) | more than 7 years ago | (#16395463)

This is not new (at least the concept) at all. We have been talking about this for years now. What do you think trusted computing (palladium) is? This has always been the "good" side of the TCPA coin, media DRM being the "bad" side.

Finkployd

Re:Ummm, hello? (0)

Anonymous Coward | more than 7 years ago | (#16395521)

In fact, the news itself isn't new either. MS announced this back in January, almost 9 months ago.

Take your time, Slashdot, don't need to rush the news out .

DRM? (1)

RAMMS+EIN (578166) | more than 7 years ago | (#16395485)

Is everything DRM, piracy, and terrorists, these days?

Protecting the core parts of the system against tampering is a perfectly good security measure, and it has been done by anti-virus software for years. It's also being done on Linux; at least one rootkit detector does it.

to protect revenue (1)

fermion (181285) | more than 7 years ago | (#16395501)

This seems primarily to protect revenue, both from software sales and from content sales. As an side benefit, there is some level of assurance that the drivers are in a known state.

There has been some discussion of money changing hand to be licensed by MS as a kernel driver. This is not necessarily a bad thing, because not everything needs be in the kernel. One can imagine, however, that this would be a cheap way for sponsored applications to gain validity, sort of a membership to the BBB.

Ultimately this may be another case of false security, and another inroad into the PC as property of MS.

Tampering by malicious code (1)

Sloppy (14984) | more than 7 years ago | (#16395597)

It's a relief that this change merely prohibits tampering by "malicious code." (If it were to prevent modification by the owner or administrator (or whoever they choose to delegate authority to) then it would be a usability defect and security vulnerability, rather than a security feature.) What I'm really interested in, is how Microsoft developed the AI that determines whether a modification is malicious or not. This is a landmark development in computer technology, putting Microsoft decades ahead of all other competitors.

Oops, I just read the article, and it says it works by using code signing, not AI. Ok, scratch my earlier comment about it putting them decades ahead. Still, I suppose it could be a useful feature.

Oops, I read the article further, and didn't see anything about the user having the ability control what keys are accepted as trusted signers for their own machine. Scratch what I said about it not being a security vulnerability and usability defect. I think I want to take back what I said about "useful feature" also.

fr0st pist (-1, Troll)

Anonymous Coward | more than 7 years ago | (#16395611)

Why don't they get it? (2, Insightful)

BlueCoder (223005) | more than 7 years ago | (#16395631)

DRM is impossiable without chip level hardware security. There is going to be a whole new product field of new software that disables and replaces windows code security. Programs which actually give control of your computer back to you. But while it's won't stop computer infection (where there is a bug hole there is a way) it certainly raises the security bar for the basic default windows setup I install on (non nerd) family and friends computers.

Even with chip level security I'd be drilling into chips and hot wiring them if needed or purchase pre hot wired hardware if the modification equipment was beyond my means. I will never stop striving for control of my own property even if control is an illusion.

No Colinux on Vista (2, Informative)

Laur (673497) | more than 7 years ago | (#16395675)

I beleive CoLinux is another FOSS program (and a very useful one at that) that is affected by this.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>