IP: interesting assertions.... "Microsoft's Digital Rights Management--A Little Deeper"

[Dave Farber <dave@farber.net>]

Microsoft's Digital Rights Management--A Little Deeper
Contributed by DittoHead on Friday, June 28 @ 10:36:24 EDT

I read this article about Microsoft's Palladium Digital Rights Management
last week, linked from the Drudge Report. The story was reported in many
other places, so I didn't submit it here.

Last night I got security bulletin MS02-032 from Microsoft concerning
Windows Media Player; there is a patch that fixes all previous
vulnerabilities and three new vulnerabilities. As I started the installation
of the patch, the End User License Agreement box popped up. Normally I don't
even read these things, but this time I did. There was a fairly standard
preamble followed by some bullet points; here is the text of the second
point: 

" * Digital Rights Management (Security). You agree that in order to protect
the integrity of content and software protected by digital rights management
("Secure Content"), Microsoft may provide security related updates to the OS
Components that will be automatically downloaded onto your computer. These
security related updates may disable your ability to copy and/or play Secure
Content and use other software on your computer. If we provide such a
security update, we will use reasonable efforts to post notices on a web
site explaining the update. "

These security related updates sound more like version upgrades to the OS,
since new functionality is added, and Windows Media Player will be used as
an agent to download and install the new software "automatically." Normally
security updates are announced by email containing a link to the website
where the patch can be downloaded. There was no mention of which website
Microsoft will use to post notices of new or upgraded software that was
automatically downloaded to your computer while you were listening to a
webcast using Windows Media Player, or how a user will know when to check
the website to find out what has been added to the OS.

I have never been a Microsoft basher and have been using MS software since I
bought my first computer in 1988, but this is really disappointing. Clearly
the Media Player is going to be used for a purpose for which a service pack
would be more appropriate. Even if the purpose is to install an automatic
update utility, the owner of the computer should be in control and not be
subject to "Things That Happen Behind Your Back." I don't think a firewall
will help either--you must allow Media Player content to pass through in
order to use it. 

A funny/ironic/sad point is that the security bulletin reads in part:

" - An information disclosure vulnerability that could provide the means to
enable an attacker to run code on the user's system and is rated as critical
severity ". 

It looks to me like that's exactly what the patch does.

FYI my patch is for Media Player 6.4 on Windows NT 4.0.

         
Related Links 
*    More about Microsoft
*    News by Diesel
------------------------------------------------------------------------
Most read story about Microsoft:
Microsoft's Digital Rights Management--A Little Deeper
Last news about Microsoft:
  
"Microsoft's Digital Rights Management--A Little Deeper" | Login/Create
Account | 0 comments
Threshold    Refresh
Comments are owned by the respective poster. BSDvault is not responsible for
their content.

All logos and trademarks in this site are property of their respective
owner(s). Posts and comments are property of their posters, all the rest ©
2000-2002 by BSDvault.





http://bsdvault.net/article.php?sid=527&mode=&order=0


------ End of Forwarded Message

For archives see:
http://www.interesting-people.org/archives/interesting-people/