Linked by Flatline on Thu 12th Apr 2007 17:55 UTC
Windows A security researcher has released a proof-of-concept program that hackers could use to exploit Windows Vista digital rights management processes to hide malware. Alex Ionescu claims to have developed the program - D-Pin Purr v1.0 - that will arbitrarily enable and disable protected processes in Vista, Microsoft's latest operating system.
Order by: Score:
what?
by diegocg on Thu 12th Apr 2007 19:03 UTC
diegocg
Member since:
2005-07-08

What are "digital rights management processes"? There's DRM, and then there's "protected processes". Protected processes are used to protect processes which do DRM processing, but nothing else.


BTW, D-Pin Purr uses a kernel-mode driver - so it doesn't break the protection, it just bypasses it, and it doesn't work in vista-64

Edited 2007-04-12 19:06

Reply Score: 4

RE: what?
by Almafeta on Thu 12th Apr 2007 19:18 UTC in reply to "what?"
Almafeta Member since:
2007-02-22

Does this mean 64-bit Vista doesn't use kernel-mode drivers?

Reply Score: 1

RE[2]: what?
by codehead78 on Thu 12th Apr 2007 20:54 UTC in reply to "RE: what?"
codehead78 Member since:
2006-08-04

I thought it just wasn't an option to run uncertified drivers on 64-bit.

Reply Score: 1

RE
by Kroc on Thu 12th Apr 2007 19:07 UTC
Kroc
Member since:
2005-11-10

There will come a time when Vista's own 'features' are so good at protecting the wrong doers and so bad at protecting the actual user, (such as is DRM) that getting a piece of malware will be a re-install job instead of just running a scan. That's when the en-mass migrations will begin.

Reply Score: 5

RE
by Laurence on Thu 12th Apr 2007 19:38 UTC in reply to "RE"
Laurence Member since:
2007-03-26

There will come a time when Vista's own 'features' are so good at protecting the wrong doers and so bad at protecting the actual user, (such as is DRM) that getting a piece of malware will be a re-install job instead of just running a scan. That's when the en-mass migrations will begin.


To a lesser or greater degree, it's already been like that for a few years.

On a side note, last weekend I was out laptop shopping with the girlfriend (for the girlfriend) and she had a budget of just 400. For that price you can get a reasonable system (and one that's more than capable for her needs) but every system had Vista pre-installed. I kept asking the shop-keepers if there was any way I can ditch Vista (as even the pricer systems in her budget only just met Vista minimum requirements) and install XP or Linux and they simply said it would be breaking the warrenty to install anything other than what was supplied. Very frustraiting (given that the laptop barely runs the OS even with Aero turned off)

Reply Score: 3

RE
by psychicist on Thu 12th Apr 2007 19:53 UTC in reply to "RE"
psychicist Member since:
2007-01-27

The thing I have found is that it is easier to recover or reset Windows running in VMware using automatic snapshots than using built-in Windows functionality.

No need to bother with anti-malware software that doesn't even work :-)

Reply Score: 2

RE
by MamiyaOtaru on Thu 12th Apr 2007 20:55 UTC in reply to "RE"
MamiyaOtaru Member since:
2005-11-11

There will come a time ... that getting a piece of malware will be a re-install job instead of just running a scan.

I'm pretty sure things are that way already, at least if you want to be sure ( http://www.cs.cmu.edu/~help/security/windows_breakins.html for example), and not just with Windows.

Malware that manages to hind behind DRM certainly wouldn't help though. Reminds me of how Microsoft blocked Wine from Windows Update a while back. It did it by looking for a registry key. The block didn't last too long IIRC, as I bet someone realized some Malware could set the Wine reg key to make Windows Update think the infected OS was Wine ;) Or maybe Wine removed that reg key..

Anyway, at least to run the binary to add and remove protection, users need to be running the code with elevated privileges.. Of course, with UAC popping up everywhere users are being trained to click OK all the time. Still, I guess it's better than running as admin by default and having no warning at all..

Reply Score: 2

Lame joke
by shykid on Thu 12th Apr 2007 19:15 UTC
shykid
Member since:
2007-02-22

I thought Vista's DRM was malware. ;)

Reply Score: 5

RE: Lame joke
by Kroc on Thu 12th Apr 2007 19:18 UTC in reply to "Lame joke"
Kroc Member since:
2005-11-10

Some OEMs are quite happy to ship it though. A brand new Packard Bell machine I configured for a customer popped up a bubble on first boot from Windows Defender that two items were blocked as malware - Macrovision's DRM controller and updater app.

Reply Score: 3

RE: Lame joke
by yakirz on Thu 12th Apr 2007 22:24 UTC in reply to "Lame joke"
yakirz Member since:
2006-05-11

I thought Vista was Malware.

Reply Score: 2

Doesn't matter
by A.H. on Thu 12th Apr 2007 19:33 UTC
A.H.
Member since:
2005-11-11

Windows users have been running malware for over a decade now, yet no one died because of it. They've learned to live with it and they will continue living with it. Please stop trying to use that and an excuse to stop the progress.

DRM, on the other hand, is an integral part of any modern operating system because, clearly, users simply can not be trusted with, well, pretty much anything.

Reply Score: 3

RE: Doesn't matter
by Zoidberg on Thu 12th Apr 2007 19:40 UTC in reply to "Doesn't matter"
Zoidberg Member since:
2006-02-11

Windows users have been running malware for over a decade now, yet no one died because of it.

Is that really your response? That is almost as arrogant as when Sony BMG said they didn't think people knew what rootkits were so why should they care. What malware have all us Windows users been running for over a decade by the way? Care to elaborate on that?

DRM, on the other hand, is an integral part of any modern operating system because, clearly, users simply can not be trusted with, well, pretty much anything.

Did I say almost as arrogant as Sony? I think you have them beat actually. Everyone is a thief is basically what you are saying? No one can be trusted. That's a really nice attitude.

Reply Score: 5

RE[2]: Doesn't matter
by happycamper on Thu 12th Apr 2007 21:28 UTC in reply to "RE: Doesn't matter"
happycamper Member since:
2006-01-01

/* Did I say almost as arrogant as Sony? I think you have them beat actually. Everyone is a thief is basically what you are saying? No one can be trusted. That's a really nice attitude.*/

Well, if users would stop ripping those poor hollywood actors living in mansions, by downloading pirated movies for a start, then, i guess there would not be any DRM in commercial OS.

Reply Score: 3

RE[3]: Doesn't matter
by mmu_man on Thu 12th Apr 2007 21:34 UTC in reply to "RE[2]: Doesn't matter"
mmu_man Member since:
2006-09-30

If people could actually exercise their fair-use rights correctly (without DRM in the way, including CSS) there would probably be less piracy all along.

Reply Score: 4

RE[4]: Doesn't matter
by happycamper on Thu 12th Apr 2007 21:48 UTC in reply to "RE[3]: Doesn't matter"
happycamper Member since:
2006-01-01

/*If people could actually exercise their fair-use rights correctly (without DRM in the way, including CSS) there would probably be less piracy all along.*/

people were given the chance to use a free DRM OS ,but what did the users do, they started downloading pirated: movies,music,video games, because they taught they were being smart, well, they only harm themselves, now, they have to use an OS that is in police state.

Reply Score: 0

RE[5]: Doesn't matter
by twenex on Thu 12th Apr 2007 22:13 UTC in reply to "RE[4]: Doesn't matter"
twenex Member since:
2006-04-21

people were given the chance to use a free DRM OS ,but what did the users do, they started downloading pirated: movies,music,video games, because they taught they were being smart, well, they only harm themselves, now, they have to use an OS that is in police state.

So by your thinking, to draw an analogy, because despite never having used illegal drugs I now need to serve a term in prison because I also failed to club drug-dealers over the head?

I hope you never get to run that "police state", because I have an idea that living in Mao's China might be preferable.

Reply Score: 5

RE[6]: Doesn't matter
by happycamper on Thu 12th Apr 2007 23:07 UTC in reply to "RE[5]: Doesn't matter"
happycamper Member since:
2006-01-01

/* I hope you never get to run that "police state", because I have an idea that living in Mao's China might be preferable.*/

oh,no, I'm not evil like the corporations; if the users would realize the corporations are in control,alot of this nonsense like DRM would not exist.
more dumb things the users keep doing like download pirated contents the more nonsense like drm
are brought upon the users by the corporations to protect there beloved shareholders and profits.

Reply Score: 1

RE[5]: Doesn't matter
by atsureki on Fri 13th Apr 2007 03:03 UTC in reply to "RE[4]: Doesn't matter"
atsureki Member since:
2006-03-12

people were given the chance to use a free DRM OS ,but what did the users do, they started downloading pirated: movies,music,video games, because they taught they were being smart, well, they only harm themselves, now, they have to use an OS that is in police state.


DRM does nothing to hinder downloads. It limits the usefulness only of legitimate purchases, now including hardware (HDCP). The industry is lashing out at their customers, propping up their non-customers as the excuse, when in reality, it's all about the system of If Value, Then Right.

People were given the chance just to pirate the movie and have complete freedom with it, but what did they do? They started buying DVDs, WMAs, and video games, thinking they were being smart; well, they'll only harm themselves, because now they have to buy another copy for their iPod, another copy for their PSP, another copy for the car, another copy for dad's house, another copy that plays in Europe, and another copy for a higher resolution.

Piracy sucks ethically and economically, but the MPAA is working very hard to make it the practical choice. At least with maritime law, you own what you have.

Reply Score: 5

RE[6]: Doesn't matter
by happycamper on Fri 13th Apr 2007 04:50 UTC in reply to "RE[5]: Doesn't matter"
happycamper Member since:
2006-01-01

/* People were given the chance just to pirate the movie and have complete freedom with it, but what did they do? They started buying DVDs, WMAs, and video games, thinking they were being smart; well, they'll only harm themselves, because now they have to buy another copy for their iPod, another copy for their PSP, another copy for the car, another copy for dad's house, another copy that plays in Europe, and another copy for a higher resolution. */

well, study harder, get a better higher paying job to be able afford all of that
because with the corporations running the show, it's going to get worse.look around you everything is own by an corporation, they can do what ever they want.

Reply Score: 1

RE: Doesn't matter
by Doc Pain on Thu 12th Apr 2007 20:09 UTC in reply to "Doesn't matter"
Doc Pain Member since:
2006-10-08

"Windows users have been running malware for over a decade now, yet no one died because of it."

That's why more than 90% of the worldwide email transfer amount (that is what the mailservers handle) is SPAM...

"They've learned to live with it and they will continue living with it."

No, they've learned to ignore it.

"DRM, on the other hand, is an integral part of any modern operating system because, clearly, users simply can not be trusted with, well, pretty much anything."

Ah, the user as the main problem... :-) I would not try to say anything else because in many cases it's true. But what about system administrators or software engineers? Shouldn't they be more intelligent individuals (sorry), with moral imaginations and educated judging?

Maybe DRM may be useful for something, but actually, it is abused for crippling file content and making media unuseable.

Reply Score: 5

RE[2]: Doesn't matter
by Spellcheck on Fri 13th Apr 2007 05:46 UTC in reply to "RE: Doesn't matter"
Spellcheck Member since:
2007-01-20

No, it's "spam," not "SPAM."

Reply Score: 1

RE[3]: Doesn't matter
by dylansmrjones on Fri 13th Apr 2007 16:24 UTC in reply to "RE[2]: Doesn't matter"
dylansmrjones Member since:
2005-10-02

And it doesn't taste so well. Spam spam spam spam... it does work with scrambled eggs though.

Reply Score: 3

RE[3]: Doesn't matter
by Doc Pain on Fri 13th Apr 2007 17:32 UTC in reply to "RE[2]: Doesn't matter"
Doc Pain Member since:
2006-10-08

No, it's "spam," not "SPAM."

Thank you for your correction. As you might know, english is not my native language.

Reply Score: 2

RE: Doesn't matter
by twenex on Thu 12th Apr 2007 20:35 UTC in reply to "Doesn't matter"
twenex Member since:
2006-04-21

Windows users have been running malware for over a decade now, yet no one died because of it. They've learned to live with it and they will continue living with it. Please stop trying to use that and an excuse to stop the progress.

DRM, on the other hand, is an integral part of any modern operating system because, clearly, users simply can not be trusted with, well, pretty much anything.


I sure hope that's sarcasm, because clearly, the only reason anyone arrogant enough to say that seriously doesn't deserve to have his (or her) brain curdled to custard is because anyone who says that must have already had that done to them.

Reply Score: 5

RE: Doesn't matter
by g2devi on Thu 12th Apr 2007 21:26 UTC in reply to "Doesn't matter"
g2devi Member since:
2005-07-09

> Windows users have been running malware for over a
> decade now, yet no one died because of it.

Identity theft and computer hijacking are serious problems. Maybe you feel comfortable letting anonymous strangers access your private information, your financial information, and being able to use your computer as a hub for kiddie porn and having the police confiscate your computer or worse, but the average person (if they knew and understood the risks) wouldn't.

Malware may not cause someone to die, but it can certainly ruin a life. As you mention, this diminish the bad aspects of DRM. It does, however highlight how DRM can be used by malware to lock you out of your own computer.

Reply Score: 5

RE: Doesn't matter
by vimh on Thu 12th Apr 2007 21:46 UTC in reply to "Doesn't matter"
vimh Member since:
2006-02-04

"DRM, on the other hand, is an integral part of any modern operating system because, clearly, users simply can not be trusted with, well, pretty much anything."

I'm not sure if you realize it but that's a horrible thing to say. Quite honestly, I find such a statement more than a little insulting.

Please stop trying to use that and an excuse to stop the progress.

I conduct all of my music listening and movie viewing within the limits of the law. The RIAA and MPAA have repeatedly operated outside the boundry of what I consider ethical behavior. They sue children, dead people, serve notices to colleges for alleged downloading from IP blocks that never existed. Several RIAA afiliated companies have been found guilty of illegal price fixing.

Explain to me why I should TRUST these companies.

Explain why the RIAA/MPAA telling me that I am not to be trusted suggests progress.

Reply Score: 4

RE: Doesn't matter
by Matt Giacomini on Thu 12th Apr 2007 21:55 UTC in reply to "Doesn't matter"
Matt Giacomini Member since:
2005-07-06

I can't decide who is dumber.

You or the people who hit the "+" next to your comment.

Reply Score: 3

RE[2]: Doesn't matter
by twenex on Thu 12th Apr 2007 22:14 UTC in reply to "RE: Doesn't matter"
twenex Member since:
2006-04-21

Hard question, isn't it?

Reply Score: 3

RE: Doesn't matter
by Anon on Fri 13th Apr 2007 00:05 UTC in reply to "Doesn't matter"
Anon Member since:
2006-01-02

Troll.

Reply Score: 2

Alex from ReactOS
by MadRat on Sun 15th Apr 2007 05:39 UTC
MadRat
Member since:
2006-02-17

I thought Alex was joining the Redmond team? Posting vulnerabilities like this would normally jeopardize a new job offer.

Reply Score: 1