Several of you have written to point to a new article by Peter Gutmann, who argues that content protection (known commonly as DRM, but arguably broader than that) will exact a major cost in Microsoft’s upcoming Windows Vista. These issues should be of special interest to Windows musicians: Gutmann predicts Vista’s new content protection features will disable video output functions, eliminate open source and unified drivers, consume more resources, and cause a major loss in device compatibility and system reliability.

A Cost Analysis of Windows Vista Content Protection

Now, this is just the kind of coverage that Windows experts have begun to dub Windows FUD, after the “Fear, Uncertainty and Doubt” Microsoft themselves tried to spread about rival platforms — now, though, with Microsoft the target. Of course, there are two kinds of FUD — the propaganda kind, based on false or exaggerated information, or real fear, uncertainty, and doubt, which scary OS features might rightfully cause! The challenge is figuring out where the truth lies.

First, I think it’s worth setting aside the DRM restrictions imposed by the new HD-DVD and Blu-Ray formats, at least to the extent that those directly impact the OS. These new requirements are just downright hideous, but that’s the fault of the big studios backing the lockdown, not necessarily Microsoft, and you can (as I and many others plan to do) save your pennies and stick with DVDs for the time being.

The question really is, to what extent will changes in Vista impact music and visual work? So far, indications suggest things may not be as bad as they seem. For the time being, I don’t see any big migration to 64-bit Windows, and 32-bit Windows Vista can install unsigned drivers, meaning your existing devices should (mostly) work — or, at least, you can install them. (64-bit Vista, in contrast, is even more incompatible with software and drivers than Windows x64, suggesting 64-bit is even further off than it seemed with Windows XP x64.)

It’s also difficult to tell how much of this article is based on planning documents rather than the finished OS.

I pass this along only because I’d be glad to have someone shed more light on the situation. My personal feeling is that the best way to find out the truth is based on the actual, shipping operating system, not speculation on planning documents. Until Microsoft gets Vista into my hands (which they do say will be any day now), I can’t comment directly.

So, if you’re the kind who is easily startled, I’d take this with a grain of salt or just wait (something you’re likely to be doing for Vista drivers, anyway). But those of you who write drivers for a living (yes, that is actually a surprising number of CDM readers), feel free to debunk — or confirm — the items in this story.

  • Dieter Zasche

    I read Peter Gutmann's paper two days ago. FUD it may be, but Gutmann is not a journalist who spreads second- or third hand information, but a very well-informed IT expert. Knowing some of his previous work (on the secure deletion of data), I have no reasons to doubt his warnings.

  • http://www.createdigitalmusic.com Peter Kirn

    Well, my question isn't necessarily accuracy so much as timeliness … Microsoft has backpedaled on a number of things, so it's possible that while these points do in fact come from Microsoft documents, they may no longer be true. I certainly don't mean to suggest it's all FUD — and being scared, uncertain, and doubtful could well be a reasonable response — but I would like to test this against the OS itself rather than documents. I think the fact that Gutmann has brought these points to light should be very helpful for everyone evaluating the new OS.

  • http://www.digitallofi.com/words/ digital lofi

    Peter, thanks for posting this. As I said in a a post of my own (link to my site), what he seems to be saying has less to do with the immediate repercussions (Will it work for me?) and more to do with the long-term fallout.

    There will be ways to hack and strip out system-crippling DRM, to whittle down the bloat, for those that are inclined. But the vast majority of users that will have Vista pushed on them for the next few years aren't going to be tinkering in their OS that extensively. And since these will increasingly become the majority of users it is these users who will drive the development market. Developers will be forced to become increasingly beholden to the demands of DRM, and those development costs are going to show up both in performance and cost.

    We users of tricked out, jerry-rigged, and custom rigs (Gamers, DAWs, Video-editors) will likely be among the first casualties. Using older hardware will be potentially be a hurdle or roadblock as companies will be forced to write drivers that jump through hoops placed before them just to get their product to work. Some smaller companies just won't be able to hack these increased development costs. And parallel development of older drivers & applications will fall by the wayside. What will be offered up instead is hardware & software that built to run on an OS that is vigilantly monitoring for possible violations.

    Is the sky actually falling? That's obviously debatable and remains to be seen.

    That's my take on it anyway.

  • Richard L

    I've been using Vista for the last six months including the RTM version for the last month. I'm also very much a skeptic about Blu-ray and HD-DVD primarily because of the DRM. I was very interested when I first read about Gutmann's article about a week ago. So I read it very thoroughly as well as the Microsoft documents on the subject.

    First off the article is histrionic, and I don't think it is very well written. It's full of hyperbole, exaggerations and inaccuracies. But I think he is somewhat correct. Microsoft's content protection system is going to be Microsoft's and the movie industry's Iraq. It looks like bad engineering and planning from foresight. It's gonna' look really stupid from hindsight.

    My main criticism of the article is that the author claims there is no escape. He claims there is no way for hardware vendors or end users to avoid all this muck. I don't get that from either my experience with Vista or from reading the available information. Output Content Protection is an optional feature of Vista. Devices that support the protocol require very strict certification. But they are by no means the only devices that Vista supports.

    The copy protection requirements of Output Content Protection are the same as those for protected HD from settop boxes (PVRs, cable and satellite) and HD-DVD and Blu-ray. The implementation in a quasi-open architecture like the PC is fraught with challenges that as the article points out are expensive to solve, probably undermine the robustness and security of the system and probably won't even work. As

    such the whole Output Content Protection thing seems like just another one of Microsoft's campaigns that no one will adopt and everyone will forget about in a few years.

    There are a few disturbing elements to the plan that have implications beyond the success or failure of Microsoft's attempt to make Windows a player in the HD settop box business. The most disturbing of these is that Output Content Protection is required for systems with Vista Premium Logo certification.

    My take is that the author's assessment of the degraded case is incorrect. He gives examples of medical imaging systems malfunctioning because protected HD content was being played back on the same computer at the same time. (It seems like a simple administrative policy setting could easily prevent things like that.) The author's reaching with such examples. It's kind of like the people who whine about the copy protection on the iPod, but you only need to point out that there's only copy protection if you buy their content. I find it unlikely that protected HD content will become that integral to most people's computing that this issue will become as dominant as the author predicts. Maybe tomorrow's YouTube will consist entirely of protected HD content. But I doubt it.

    The author also doesn't make clear that, in addition to being optional (see below), the various parts of MS's Content Protection initiative are to be rolled out in phases. OS support for half of the stuff he talks about is not in Vista.

    MS's Content Protection system in Vista really is optional. Vista will run fine with devices that are not certified as having a protected video path (PVP) and with unsigned drivers. I'm doing so right now.

    The place where it gets tricky is with Windows Vista Logo certification for systems and devices like video cards. A non-server computer system that is certified as Vista Premium Ready is required to support a certain level of PVP with certified devices. After mid-2007 those systems will also be required to support HDCP. In the future additional levels of PVP certification may be required such as some of the more draconian measures outlined in the Gutmann article.

    Systems that are certified as just basic Vista Ready (not Premium) are not required to support PVP. But the exception would be if a Basic system ships with an Blu-ray or HD-DVD drive or some other device that would require AACS content protection (eg an HD cable tuner). If an OEM implements some of the system they are required to implement all of it.

    But there's nothing stopping you from putting an HD-DVD or Blu-ray drive in your own non-PVP certified Vista system. But that system may not be able to play back "protected content". What the limits are in that case is a bit vague.

    The other Vista System Logo exception that is allowed is Premium Vista systems that are sold through business channels (note: this is different from the "Business Edition" of the Vista OS). These systems can be certified as Vista Premium without PVP certification. But Blu-ray and HD-DVD can only be used as data drives (i.e. no Blu-ray video playback).

    Also keep in mind all this Output Content Protection only becomes active when you playback "protected premium content". Output content protection is part and parcel with "protected premium content" on your computer.

    As that article points out the consumer is expected the cover the costs of the Output Content Protection system presumably because they so desperately want "premium content".

    But it is possible to have premium content without the protected part.

    Broadcast HD doesn't require content protection. Plans to implement the broadcast flag were scuttled at the last minute last year.

    Microsoft recently released an HD-DVD drive option for their XBox 360 that doesn't support HDCP. The system doesn't support "protected premium content" (i.e. it won't work if any studio ships an HD-DVD which uses the Image Constraint Token – ICT). (Sony almost shipped the cheaper Playstation 3 model without HDCP, but they changed their plan at the last minute and put a HDMI connector on the box.)

    This is all because of the drug-dealers' promise from the movie studios that they won't use the content protection (ICT)… at least not for the first few years of HD discs. The first few samples are free.

  • http://www.createdigitalmusic.com Peter Kirn

    Thanks, Richard; I yet again appreciate your expertise! You answered some of my own suspicions, basically that the author is assuming these problems spread further beyond protected content playback when they generally do not.

    There are still some issues that concern me, however, though they're not necessarily copy protection-related. For instance, what happens to driver development efforts if it's not possible to install unsigned drivers under the 64-bit OS? I agree with the author that this could become an issue if in fact people migrate to 64-bit. (Actually, I'd look at it the other way around: MS will have a hard time getting people to adopt 64-bit if they can't get driver support; that's been proven by x64.)

    Also, as discussed here before, copy protection concerns may have played a role in preventing modern OSes from having integrated, inter-app audio routing capabilities, as seen in JACK on Linux and even in the 90 in BeOS. When content protection trumps content creation (i.e., the actual musicians), I think we have a real problem. That's hardly specific to Windows, though, let alone Vista.

    I'm most concerned with the general question of whether software added to support playback and media features interferes with music creation. There are countless problems using pro audio apps with XP Media Center, even if you're not actively playing content. (That to me says Media Center is somewhat broken in general, not that it's DRM-crippled.) I've finally gotten a chance to test this myself on a machine here, and, well, I believe it. I've never seen XP as unstable with a common suite of audio apps (SONAR, Max/MSP, Live, etc.) as with Media Center installed. I do hope this gets better, not worse, with Vista — it sounds like that may well be the case, that Vista may have finally shed the instability of XP's Media Center version. With Microsoft pushing everyone to Home Premium and Ultimate, you can bet we'll be watching this closely. So far, so good, though, presumably because MS overhauled the audio system.

    Anyway, I sure hope HDCP is killed in the marketplace. And I'd love to see Microsoft strike back, given their clout and the fact that (unlike Sony) they don't make movies. (Come on … Microsoft, Apple, Toshiba, etc. really can't compel the studios to believe this is a terrible idea?)

    How well pro audio works under Vista may well be a separate issue. Hope to have more soon.

  • kokorozashi

    I expect it would be useful to make your concerns about driver signing during development more specific. My understanding is that the biggest barrier imposed by driver signing is that driver developers will need to understand how it works, and, after that, it should impose almost no hassle to the average engineer's daily workflow.

  • http://www.createdigitalmusic.com Peter Kirn

    Kokorozashi, I have no fundamental objections to driver signing; on the contrary, it seems like it may present some real advantages. I'd just like some additional clarification about what it means in terms of the development process, and specifically what it means for open source efforts and drivers that have been abandoned by manufacturers. (Now, of course, in the latter case it may be less of an issue, as those manufacturers may not have provided 64-bit support in the first place.)

  • kokorozashi

    Open source efforts may need to organize around some legal entity which Microsoft recognizes. That could be interesting, but it doesn't strike me as a show-stopper right now. (Are there really open source people building audio drivers for Windows? It sounds like the opposite of what would interest that culture.)

    As far as abandonware goes, well… Yeah. That could be an issue. It's a big issue irrespective of signing, of course. Audio drivers break all the time. If signing is another reason they break, that could make the problem worse. Whether it makes the problem substantially worse or not will be interesting to see.

  • Marcelo

    There are ways to configure 64-bit developer boxes that installs unsigned drivers. A good summary can be found here. So as far as development workflow, there are no major obstacles compared to 32-bit development.

    As far as I understand, the only difference in Vista 64 is that in non-development boxes the drivers need to be signed. But note that there are two types of signatures: Authenticode and WHQL. WHQL is only issued by Microsoft and basically certifies that the driver was tested by Microsoft.

    But even if you don't submit your driver for certification at Microsoft, you can still sign your driver through Authenticode, using a certificate emitted by a third party, such as Verisign. And these drivers install just fine, you just have to click a few more OK buttons. In fact, I believe the MOTU Ultralite driver that I'm using right now in Vista 32 was signed this way.

  • Marcelo

    Kokorozashi: driver signing does not break drivers in any way. Driver problems happens when software makes calls to the driver layer in ways that were not foreseen by the driver developer. Driver signing only marks the driver in a way that Windows can show who developed the driver or in the case of WHQL-signed drivers that the driver was actually tested by Microsoft. I believe the main reason a lot of manufacturers do not submit their drivers for Microsoft certification is that the process cost money and takes time.

  • John

    A couple days ago I bought my first Mac. I love it so far. My PC runs XP and my old stuff fine. Looking towards the future, I'm done with Microsoft products, and that's my take on the approach of Vista… I'm sick of worrying about all this DRM nonsense, and I don't think there's any indication at this point that I would suffer the same fate on OS X.

  • richardl

    > I don’t think there’s any indication at this point that I would suffer the same fate on OS X.

    There are plenty of indications. The movie studios are demanding it.

    But it will be interesting to see how Apple intends to deal with protected premium content (downloadable HD video, Blu-ray and HD-DVD discs) on the Mac, future iPods and the forthcoming iTV. Apple still has to keep all the studios happy (well all except one).

    I heard from someone who works for the EFF that Apple does not intend to use Intel's trusted computing architecture for DRM. Although they may use the Intel CPU's encryption system for copy protection for the OS.

    We should see some indications soon as more details of Leopard and the new media products like iTV are released, hopefully, next week.

  • http://www.createdigitalmusic.com Peter Kirn

    Well, and I don't care how much DRM is in the OS, so long as I don't run into it while I'm actually doing work — that for me is the big question. So if there's DRM protection for HD-DVD but I don't fire up my HD-DVD player, will I run into some problem with my music app? That's my main question. This article for me doesn't entirely resolve that.

  • John

    > Well, and I don’t care how much DRM is in the OS, so long as I don’t

    > run into it while I’m actually doing work — that for me is the big

    > question.

    Precisely. The rumors for Vista are ominous. I decided not to wait and find out. I don't think Apple, in whatever approach they take, plan on crippling pro-audio stuff out of their fear and paranoia. What do you do if if the artists are the collateral damage on both O/Ses in this DRM war against user. Downgrade? Switch to linux? I doubt Apple will cripple their O/S. I know several people who are seriously considering Macs now… I'll admit I have still very little experience on the Mac, but my perception so far is that it is computers and O/Ses done right (as opposed to MS where something never feels quite right to me). If the studios make it impossible to watch movies on your computer without breaking them, then maybe it's a good thing? Maybe we'll be inclined to go play with our synths and be more creative. All this multi-tasking, IM, and web enabledness makes for great distractions.

  • kokorozashi

    Marcelo, I understand that garden-variety signing cannot break a driver. But Vista has (at least) two new kinds of signature; the other is PMP, which allows the system to pass a driver so-called “premium” content. (I’m using the word “driver” as a short-hand for “all the software which drives a particular device” even if that’s actually multiple programs.) A PMP signature can be revoked by Microsoft at any time, and Microsoft has yet to specify limits on the reasons it might do that. Because we don’t yet have existence proofs, we don’t really know how this is going to work, but if it happens to abandonware, the prospects are definitely less rosy than if it happens to a product whose original developer is still alive and cares about its customers who have not made a recent purchase.

    But the story may simpler than all this concern about possibilities. My reading of the relevant technical documents suggests to me that one possibility that manufacturers of audio gear for musicians will consider is to ignore PMP signatures altogether, as the infrastructure may well have too damned many implicit complications to be tolerated by or worth developing for a target market which has little or no need to play back “premium” content through their studio gear. This would mean there is no signature to revoke and thus no way for Microsoft to decide your studio will suddenly stop working in the middle of a project because some dork on the other side of the world might copy Talladega Nights. Musicians may be generating content which will later be DRM’d up the wazoo, but during the creative process they have no need to accept the same restrictions as pirates… oops, I mean legitimate MPAA customers.

    Where this might get hairy is when a musician’s brain needs premium content for reference. A typical starving artist with just one high-quality pro audio interface might need to resort to Vista-vetted motherboard audio. But as long as a brain, and not a recording, is the final target for that output, she should be OK.

  • Richard L

    This is a rebuttal of sorts to Gutmann's article and FAQ from Microsoft's Dave Marsh who is the Lead Program Manager dealing with Vista's Output Content Protection.

    I haven't sorted through the whole thing yet, but it looks interesting.

    http://windowsvistablog.com/blogs/windowsvista/ar

  • Pingback: Create Digital Music » Vista “Content Protection” DRM Won’t Impact Music Production, Says Microsoft and You

  • http://jackit.sf.net/ Paul Davis

    Richard L: Gutman has already responded to Dave Marsh's comments. He merged some of his responses into the main text, and then added a section at the end in which the stuff that just doesn't add up (as in: "Is it true that X?" "No, X is not true except under conditions that every will encounter" type of stuff).

    I'm intrigued about why you see MS's content protection being staggered and escapable and Gutman does not, other than perhaps his comment that its his role to warn about the worse consequences of MS' designs in this area.

  • http://jackit.sf.net/ Paul Davis

    Peter K: it seems slightly egregious that developers of software that is essentially in competition with Microsoft's own should be required to form any kind of organization that needs recognition y MS.

    Open source operating systems are designed to run on hardware, not MS Windows. The certification and collaboration should be coming from h/w manufacturers, not a software company.

    For myself, I like this little story from Gutman's own article:

    ———-

    Here's an illustrative story about what can happen when the content- industry tail tries to wag the dog. About 10-15 years ago, music companies told a bunch of NZ TV stations that they had to pay fees in order to screen music videos. The TV stations disagreed, saying that they were providing free advertising for the music companies, and if they didn't like that then they'd simply stop playing music videos. So they stopped playing all music videos.

    After a few weeks, cracks stated to appear as the music companies realised just how badly they needed the TV channels. One of the music companies bought an entire prime-time advertising block (at phenomenal cost, this wasn't a single 30-second slot but every slot in an entire prime-time ad break) just to play one single new music video.

    Shortly afterwards, music videos reappeared on TV. The details of the settlement were never made public, but I imagine it consisted of a bunch of music company execs on their knees begging the TV stations to start playing music videos again and let's please never bring this matter up again.

    It's the same with Microsoft, the content industry needs them as badly (or more badly) than Microsoft needs the content industry. Claiming that they're only following orders from Hollywood is a red herring — if Microsoft declined to implement this stuff, Hollywood would have to give in because they can't afford to lock themselves out of 95% of the market, in the same way that the music companies couldn't afford to cut out their primary advertising channel.

    ——–

  • http://www.createdigitalmusic.com Peter Kirn

    "certification and collaboration should be coming from h/w manufacturers" — well, actually, it is, thanks to corporate consolidation. Certainly on the Sony side, you can't separate hardware manufacturers from content producers.

    That said, I agree — Microsoft should have fought these new restrictions. As with Zune, MS seems to be going out of their way to bend over backwards for the content companies, which is ironic, because they're the one company that has the best chance of getting the content companies to backpedal. At the same time, one of the biggest content companies is also one of their biggest competitors (Sony).

    But given how dumb HD content protection is, why not just attack that? The article above makes some misleading and sometimes blatantly wrong assertions about the implications of the technology. (You'll go blind! Your house will burn down! Your children will become impotent!) Now, granted, Microsoft's own early documentation was so sweeping and poorly written, some of these implications could be inferred by the early specs. But at this point, it's better to look at the reality of Vista as it's shipping. I still think there's plenty worth criticizing or debating — unless you think that $400 box with however many millions of lines of code is, line for line, perfect, that would be the case. But there's the reality of the OS, and as long as you're not playing HD-DVDs or Blu-Ray, none of this stuff may matter. (Then we can get back into the debate about which OS' audio driver implementation, etc., is better.)

  • http://jackit.sf.net/ Paul Davis

    Peter, just a footnote. AFAIK, Sony do not make any of the components that make up any of the computers that carry their brand. Not only that, they don't even define the specs for the parts. This is beauty (and horror) of the phrase "off the shelf parts". In terms of computers, for the most part, companies like Sony are more like OEM's than hardware manufacturers. The only exception I can think of for Sony are monitors, and I am not actually sure if they make them or just brand them.

    When I talk about certification by h/w makers, I am referring to companies like AMD, Intel, Seagate, Samsung, Nvidia, ATI and so forth.