Getting screwed again by DRM

I’m definitely no fan of Digital Rights Management (DRM) in it’s current form.  It’s intrusive, prevents me form taking advantage of something I purchased, and is generally an all around nuisance.

Take, for instance, DRM “enhanced” music.  Most DRM licenses only allow you to listen to the music on authorized devices, and limits the number of devices you can put the music on.  Some even go as far as to limit the number of times you can listen to a specific track.  For some users this is ok, but what about those of us who change music players on a regular basis?  Now we have to be concerned about the type of DRM being used and whether or not it’s compatible with our new player.  It’s truly a nightmare.

There are even more issues with DRM, though.  Let’s take a look at modern games.  For consoles, DRM isn’t much of an issue yet.  Every console is the same, so there are no compatibility problems if you have to get a new console, or if you want to take your game to a friend’s house to play.  Downloaded content is a little trickier as it is often tied to the console it was downloaded on.  Unfortunately, in many situations, if the console fails and you get a replacement, you must re-purchase the downloaded content.  This isn’t always the case, but it does happen.

For PCs, however, the landscape is a little different.  DRM is used to prevent piracy of games.  Unfortunately, with the wide number of PC configurations, this can cause incompatibility problems.  But even beyond the compatibility issues, there are sometimes worse problems.

Take, for instance, SafeDisc DRM by Macrovision.  SafeDisc has been around for years and is often the cause of incompatibility problems with games.  SafeDisc requires a special driver to be loaded into Windows that allows the operating system to validate the authenticity of games that use the SafeDisc DRM scheme.  Apparently, Microsoft thought it would be useful to bundle a copy of the SafeDisc driver with Windows and has done so since Windows XP shipped about 6 years ago.

Recently, Elia Florio, from Symantec, discovered a vulnerability in the SafeDisc driver.  This vulnerability allows an attacker to escalate their privileges, ultimately allowing them full control of the operating system.  Thanks to Microsoft bundling this driver with Windows, even non-gamers are susceptible to this attack.

This highlights a major problem with DRM.  Ensuring security is a pretty tough, complex job.  The more complex the programming is, the harder it is to keep secure.  DRM is intentionally complex, intending to prevent theft.  As a result, it becomes very difficult to ensure that the code is secure.  This is a perfect example of that problem.  Unfortunately, it seems that this will only grow to be a larger problem as time goes on, unless we stamp out DRM.

Macromedia apparently has a fix for this problem on their website, and Microsoft is working on a solution as well.  Microsoft has refused to commit to a delivery date, though.  I would encourage you to update this driver as soon as possible, or, if you are a non-gamer, remove it completely.

Reaping what you sow…

Remember the stealth update story from a few days ago?  Well, it seems that not all is pleasant in paradise…  According to Windows Secrets, the transparent update can cause problems for users that use the “repair” feature in the operating system.  ZDNet has also confirmed this.

In theory, the repair function tries to restore the operating system to a usable state.  Basically, it removes some updates by overwriting files and adjusting the registry.  But apparently the repair feature will download and install the new Windows Update binaries.  When you attempt to install new updates, the updates fail to install.  Windows Update will download them, but is unable to install them.

Luckily, there is a workaround of sorts.  It does require some manual labor, though.  You’ll have to manually register the Windows Update files:

  • Open a command prompt windows (Start->Run->cmd.exe)
  • Next, run the following list of commands

regsvr32 /s wuapi.dll
regsvr32 /s wuaueng1.dll
regsvr32 /s wuaueng.dll
regsvr32 /s wucltui.dll
regsvr32 /s wups.dll
regsvr32 /s wups2.dll
regsvr32 /s wuweb.dll

  • Windows Update should now magically work!

 

My own personal recommendation is to not use the repair feature.  Look at it this way, if you’ve broken your system to the point where you need to use the repair function, then you’ve likely broken more than just the operating system.  Repairing it will remove updates, adjust the registry, etc., breaking some of the programs you’ve installed.  If you need to repair at all, then do so merely to back up your data.  Get a solid backup of the data and then wipe the drives and re-install the system.  Believe me, a little extra work to re-build the system now will save you tons of headaches later.

Busted…

Imagine this. You turn on your computer and, unbeknownst to you, someone starts changing your files. Ok, so maybe it’s not so tough to imagine these days with all of the viruses, trojans, and hackers out there. But what if the files were being changed by someone you trusted? Well, maybe not someone you trust, but someone that should know better.

On August 24th, this exact scenario played out. All across the globe, files in Windows XP and Vista installations were modified with no notice, and no permission. But, this can easily be explained by the Windows Automatic Update mechanism, right? Wrong. The problem here, is that these updates were installed, regardless of the Automatic Update setting. Yep, you heard that right. These files were updated, even if you did not have automatic updates set to download or install updates.

This story was first broken by Windows Secrets on September 13th. The update seems to center around the Automatic Update feature itself. Nate Clinton, Program Manager for Microsoft’s Windows Update group wrote a blog entry about how and why Windows Update updates itself. Basically, the claim is that these updates are installed automatically because without them, Automatic Updates would cease to work, leaving the user with a false sense of security. He goes on to say that this type of stealth updating has been occurring since Automatic Updates was introduced. Finally, he mentions that these files are not updated if Automatic Updates are disabled.

This type of stealth updating is very disconcerting as it means that Microsoft is willing to update files without notifying the user. And while they state that Windows Update is the only thing being updated in this fashion, how can we believe them? What’s to prevent them from updating other files? Are we going to find in the future that our computers are automatically updated with new forms of DRM?

While I applaud Microsoft for wanting to keep our computers safe, and trying to ensure that the user doesn’t have a false sense of security, I disagree strongly with the way they are going about it. This is a very slippery slope, and can lead quickly into questionably legal territory. Should Microsoft have the right to change files on my computer without permission? Have they received permission already because I am using the update software? Unfortunately, there are no clear cut answers to these questions.

It’ll be interesting to see what happens from here as this has become somewhat of a public issue. Will Microsoft become more forthcoming with these updates, or will they proceed with stealth installations? Regardless, I don’t expect to see much of a reprisal because of this issue. It’s unfortunate, but for the most part, I don’t think most users actually care about issues such as this. In fact, most of them probably aren’t aware. Thankfully for those of us that do care, there are people out there keeping an eye out for issues like this.

ISO Recorder Power Toy

I recently had the need to create an .ISO image of a CD. The CD burning software on my computer, however, only created proprietary images. Being my laptop for work, I didn’t want to purchase better software, so I googled around on the net a little bit.

I came across a little utility created by Alex Feinman called ISO Recorder. It runs on Windows XP, Windows Server 2003, and the dreaded Windows Vista. After installation, it adds two options to your right-click menu, “Create ISO Image File” and “Copy CD to CD”.

The Create ISO option appears whenever you right click a folder and allows you to create an image of everything in that folder. This includes folders on your hard drive, so creating an ISO is as simple as moving the relevant files into a single folder. Very convenient.

Alex also has a command-line CD burning utility called CreateCD. I have not had occasion to use this particular piece of software, but it does look interesting. Using this utility, you can automate the creation of ISO images, great for automated backups.

Both of these utilities are free for personal use. Alex does provide a PayPal link for donations, so if you find this software useful, send him a few bucks to show your appreciation!

Windows .ANI Vulnerability – The plot thickens

The Internet Storm Center is reporting that the newly released Microsoft patch is causing some problems. There one known problem and a bunch of reports about other problems.

The first problem is with the Realtek HD Audio Control Panel. Apparently, the control panel won’t start after the patch is installed, complaining about a DLL being illegally relocated. Microsoft has released another patch to resolve this.

The other problems are currently undefined. Microsoft is asking that users experiencing problems contact their support line so they can investigate the issues.

Because of these problems, it may be worth it to take a second look at the ZERT patch. If you’re experiencing problems with the Microsoft patch, try uninstalling it and install the ZERT patch instead. It’s possible that you’ll experience similar problems with the ZERT patch, but it’s worth giving it a shot.

Good luck!

Microsoft XNA Game Studio Express Released

Ok, so I’m a little late, but XNA Express was released on Monday. For those that don’t know, XNA is Microsoft’s newest foray into the world of hobbyist programmers. In a nutshell, XNA gives you everything you need to write and publish games for both the PC and XBox 360.

You can read all about XNA at the Microsoft Game Technologies Center. To download XNA you’ll need XNA Game Studio Express, the XNA Framework Redistributable, and Visual C# 2005 Express Edition.

In addition to the XNA release, GarageGames has released their TorqueX game engine, based on XNA. TorqueX is free to download and try out for 30 days and is a mere $100 for indie developers. The engine looks pretty nice and it will be neat to see what developers come up with in the coming months.

Also on the XNA front, Dave Weller from Microsoft mentioned in his blog that you can code XNA games in F# now. F# is apparently a programming language designed by the Microsoft Research team. It marries together a large host of features from a variety of programming languages such as Python, C#, Scheme, and more. It looks interesting, but does the world really need a new language at this point?

At any rate, get out there, get XNA, and get coding!

Internet Explorer 7.0 Released

Well, it looks like Microsoft has finally released Internet Explorer 7.0 to the public. Initially you have to download and install it manually, but they plan on releasing this on Windows Update in the near future.

I’m a huge fan of Firefox, so why am I bringing this to your attention? Well, there are a couple of reasons. It’s more secure than IE 6.0, much closer to being standards compliant, and if you have to use IE at all then this should make life a little safer and easier.

If you use Firefox exclusively, then please, continue doing so! And maybe even take a glance at version 2.0! But if you need IE at all, even for the IE Tab extension for Firefox, then please update IE to this latest version.

Interactive Searching

Saw this over at LetsKillDave.. I guess the Windows Live team has been playing around with the idea of interactive searching. They’ve come up with something they call Ms. Dewey. It’s pretty neat to play with. Just ask her a question and just before she returns the results, she converses with you. Some of the responses are quite funny. Check it out.

Some ideas for questions :

r u hot? (Thanks Ozy)

These are from one of the comments at LetsKillDave :

Where can I get a date?
Where can I get tested for STDs?
How do I tell my mother she’s a grandmother?
Are you gaining weight?
Where do republicans come from?

Or ask her about Bill Gates or George Bush. I think I’ve seen about 20-30 different responses so far. I’m not sure how many there are total.

Other ideas.. Ask about suicide, the weather, or just simply curse at her. All unique responses.. This is quite the time waster.. Highly recommended!

Update : Try telling her to take her clothes off… No, really, try it..

powered by performancing firefox (yeah, I’m checking it out)

Windows Live Writer Beta

I’m writing this post using the new Windows Live Writer Beta. It’s a blogging tool that allows you to write your blog entries offline and upload them later. Useful, I guess, if you’re not connected all the time. For me, it’s just something to play with. Time will tell whether I like it or not.

To use Writer with a Serendipity blog you’ll need to install the XML-RPC plugin. Once that’s up and working you need to tell Writer what kind of blog you’re using. After it fails the auto-detect you’ll need to choose the API to use. I’m using the Metaweblog API and it seems to be working fine. It also asks for the URL for publishing. For the XML-RPC plugin, the URL will be something like this : http://www.example.com/blog/serendipity_xmlrpc.php

So, for now, I’m just messing around with the system to see what it’s capable of. It seems to be a fairly nice system, pretty at least. Just a document editor with the standard font options on the surface. Hyperlinks are available (as they should be), and it seems to handle media as well such as pictures, movies, audio, etc. I’ve haven’t dealt with media yet on this blog, so I’m not that interested in those capabilities.

Writer won’t download the categories I have set up on my blog, so I’ll have to hand-edit that after I publish. No big deal I guess, but kinda defeats the purpose of this utility. I also don’t see a way to add serendipity tags, so that’s another hand-edit. You can add third party tags such as those from Technorati, LiveJournal, and others, but I have no interest in that.

The web preview is pretty nice. It shows you exactly what the web page will look like when you publish it. It’s pretty cool and seems to work well.

Well, I guess it’s a little nicer than the JavaScript WYSIWYG editor that’s built into serendipity, but between the need for XML-RPC and the lack of serendipity features, I don’t think I’ll be continuing to use Live Writer. While trying to get Writer to work, I also ran across two other tools, w.bloggar and Performancing. The first is a program similar to Writer that seems to allow offline editing. The second is a Firefox plugin that seems to have a ton of features. I’ll be checking both out in the near future.

ZERT Patch for IE Vulnerability

ZERT is back at it again. They’ve released a patch for the latest Microsoft Internet Explorer vulnerability. Actually, it’s more of an automated script that disables the ActiveX controls that are vulnerable. Much easier than hand-editing the registry. Check it out if you use IE.