The wonderful and talented cartoonist and filmmaker Nina Paley has a gorgeous new cartoon on DRM.
Nina said about this cartoon ‘Actually, these bugs aren’t all DRM – they’re generally about privacy, “spying.” That’s why there’s a Facebook bug too.’
Nina isn’t a programmer though, and she didn’t realize that one of the issues with DRM is that it opens a computer system to added exploits. I am a programmer, so that’s what I saw. I totally missed the Facebook bug, until she pointed it out (my wife will tell you that this is because I am a man – I prefer to say that I notice what I’m interested in – and these days all too often its DRM).
An exploit may not be a bug, though it often is, and a bug may not enable an exploit – consider a bug which causes the operating system to crash. Such a bug may not allow for an exploit. Sometimes features allow for exploits, a good example being Microsoft’s ActiveX Controls. Microsoft designed the Active X system so that it was capable of accessing many internal operating system features, and so that they executed automatically. Active X controls could be used for legitimate reasons, but they could also be used to install malicious software without the user’s knowledge, and this is why later versions of Internet Explorer shipped with added security features which limited the actions that an Active X control could take.
Why does DRM open a system to added exploits? Because there are more lines of code, and more possibility of error. If you do a search on Google for the term ‘bugs per line of code‘ you’ll find 10,800,000 results! Programmers know that this is a serious issue. For every extra thousand lines of code, there will be more errors. Programmers aim for zero bugs, however it is impossible in a large, complex program like an operating system to achieve this, as there may be interrelationships that do not show up until after the product is shipped. The increasing complexity caused by Graphical User Interfaces, Networking, Web Browsers, Email Clients, etc. while useful from a user viewpoint, adds further points of attack. In cases where the various programs are tightly interrelated the problems will be worse, as an exploit in the email client may also allow the attack to work in the web browser (the Microsoft Outlook email client uses the Microsoft Internet Explorer web browser to render HTML, which means an attack on your web browser could be sent to you as an email message). Other operating systems do not have this problem, in Mac OSX the Mail application has its own internal HTML rendering engine. While it uses the same Webkit engine used in Safari, it does not call Safari. The same is true of the Firefox web browser and Thunderbird email client. Both use the Gecko rendering engine, but they do not call each other, which limits the effects of any exploit.
In my earlier article, Digital Right Management and/or Technical Protection Measures Cause Climate Change, from May 11/2010, I covered how added lines of code could use more CPU cycles, and especially how in Windows Vista and Windows 7 the DRM sub-system is running all the time. In addition to costing extra electrical power to run, the constantly operating DRM sub-system is constantly open to attack (for a good explanation from Microsoft on how parts of the DRM system work click here). A good example is the Macrovision bug that Microsoft built into the Windows XP kernel. A computer user might never play the games that the DRM system was designed for, but the driver ran from start-up with administrator privileges. Even worse, Microsoft somehow included this driver in Windows 2003 server – remember this is a video game DRM driver. Servers aren’t used to play games!
Academics have become very interested in DRM Systems and their exploits, the University of Kentucky has published articles, the Eindhoven University of Technology has published articles, the Helsinki University of Technology has published articles, as have many more.
Note that this is a Microsoft Windows problem. Apple’s Mac OSX has many of the same features that Windows Vista and Windows 7 have, but very few of the problems. Mac OS X uses a Unix based system architecture, and a different design criteria (Apple does not design for tight integration of operating system software components, which is one of the biggest weaknesses of Microsoft Windows). Linux, BSD, and Solaris kernel based operating systems such as Ubuntu, Moon OS, Mandriva, Fedora, et al are even more secure than Mac OSX.
The problem is that between 80 and 90% of the worlds computers run Microsoft operating systems, despite the well-known faults of Windows. Combine a weak DRM system with ubiquity and you have a computing disaster. I’m surprised that someone hasn’t filed a class action lawsuit against Microsoft in the United States to attempt to force the company to fix Windows.
Thursday May 20, 2010
PS: I highly recommend Nina’s movie ‘Sita Sings the Blues‘, if you haven’t seen it, download it and watch it. It’s a fantastic work of art, which Nina released using the Creative Commons Attribution Share Alike License.