[Info-vax] OT: Arun Kishan

Fri Jan 29 15:19:28 EST 2010

In article <dec96c96-1ba6-4f28-af8f-099e46fa695b at m26g2000yqb.googlegroups.com>, John Wallace <johnwallace4 at yahoo.co.uk> writes:
> More recently, Vista had a whole load of redesign work done to bring
> back some of the isolation which had been abandoned so long ago. This
> time the goal wasn't system reliability, the goal was Hollywood-
> mandated content protection. Vista (especially Vista64) was supposed
> to provide secure tamper-proof end-to-end copy protection of DRM-
> protected commercial content such as Blu-Ray. But obviously content
> protection is trivially bypassed if any arbitrary kernel mode code can
> see other arbitrary bits of data passing through the kernel; what
> good's your DRM then? So the "protected media path" was introduced,
> along with a whole load of other features that allow media rights
> owners to determine what your computer can do with their content.

I hate to tell you this, but a little razzle dazzle does not keep a
true kernel mode hacker from finding where your data is and stealing
it.  Find the magic bullet - where in the kernel to insert your code -
and you collect any information you want from the running processes.

And if that's too difficult, you find the simplest architecture
that Vista can possibly run on, run the code within an emulator for
that architecture, and insert your hooks into the emulator itself.
Not to mention that if you can find a processor in which you can
disable the processor data cache, you can grab the bits from the
bus on their way to and from external storage. Where there's a
will there's a way.  And I haven't started talking about popping
the covers off the chips yet.

As far as I know, the only way to come close to truly implementing
end-to-end secure transfer is to put the decryption - and the
decryption keys - in the graphics card itself.  That may explain,
of course, why my ATI HDTV card won't work with just any graphics
processor - they want one where enough of the crucial operations are
inside that processor, preferably an ATI branded one, where I can't
hack into them.

Where you find implementations that are convoluted beyond belief,
look around a bit.  There's an entire flock of attorneys who had
a major influence on the final outcome.  And that applies to a lot
more than just computer systems.

George Cornelius

> "System reliability" isn't the driving force behind these changes
> though; being a Hollywood-compatible general purpose media-centric OS
> is.