Denial-of-Service via Driver/Device Revocation

Once a weakness is found in a particular driver or device, that driver will have its signature revoked by Microsoft, which means that it will no longer be fed anything considered to be premium content. What this means is that a report of a compromise of a particular driver or device will cause all premium content-handling ability for that device worldwide to be turned off until a fix can be found. To quote the content-protection specs, "Vista will [...] revoke any driver that is found to be leaking premium content [...] if the same driver is used for all the manufacturer's chip designs, then a revocation would cause all that company's products to need a new driver ". If it's an older device for which the vendor isn't interested in rewriting their drivers (and in the fast-moving hardware market most devices enter "legacy" status within a year or two of their replacement models becoming available), all devices of that type worldwide become permanently unable to handle premium content.

An example of this might be nVidia TNT2 video cards, which are still very widely deployed in business environments where they're all that you need to run Word or Outlook or Excel (or, for that matter, pretty much any non-gaming application). The drivers for these cards haven't been updated for quite some time for exactly that reason: You don't need the latest drivers for them because they're not useful with current games any more (if you go to the nVidia site and try and install any recent drivers, the installer will tell you to go back and download much older drivers instead as soon as it detects that you're using a TNT2). If a such a device were found to be leaking content, it seems unlikely that nVidia would be interested in reviving discontinued drivers that it hasn't touched for several years, creating instant orphanware of the installed user base.

What does this have to do with Vista? Any IT Manager contemplating rolling out a Vista install in a facility with machines old enough to have TNT2 video cards would need to have his head examined if he hadn't planned on doing a serious hardware inventory in the first place. And what business environment is going to care that its workers can't watch BlueRay movies in full HD resolution?!?!??!??!?!?!? Well, if they work for Google perhaps, maybe they'll get ATI x1600's or Nvidia 7600GS's with HDMI and sexy 24" widescreen BenQ FP241W's (these sport HDMI interfaces btw) to watch HD movies during their lunch break. The assumption is that an NVIDIA TNT2 would be an example of potentially non supported hardware under Vista, because it's ancient and hasn't had a NEED to be updated for quite some time under XP. Whether or not a manufacturer decides to devote time and effort to develop new drivers for ancient hardware is one that has occurred historically throughout the history of the PC. The author correctly relates that TNT2 video cards are indeed a widely deployed example of legacy hardware, but the fact that TNT2's are supported in Vista 32bit and 64bit relegates this to a non argument to us. This is market forces and obvious need at work here, not gloom and doom.

It appears overwhelmingly that Vista's adoption in the corporate world will mirror how things went with XP. Most large organizations aren't even considering Vista deployment until there is at least 1 Service Pack revision. Us lucky consumer's get to be the corporate world's beta testers, just as has been the case with other Windows releases.

The threat of driver revocation is the ultimate nuclear option, the crack of the commissars' pistols reminding the faithful of their duty. The exact details of the hammer that vendors will be hit with is buried in confidential licensing agreements, but I've heard mention of multi-million dollar fines and embargoes on further shipment of devices alongside the driver revocation mentioned above.

This revocation can have unforeseen carry-on costs. Windows' anti-piracy component, WGA (or in Vista's case its successor Software Protection Platform, SPP), is tied to system hardware components. Windows allows you to make a small number of system hardware changes after which you need to renew your Windows license (the exact details of what you can and can't get away with changing has been the subject of much debate). If a particular piece of hardware is affected by a driver revocation (even just temporarily while waiting for an updated driver to work around a content leak) and you swap in a different video card or sound card to avoid the problem, you risk triggering Windows' anti-piracy measures, landing you in even more hot water. If you're forced to swap out a major system component like a motherboard, you've instantly failed WGA validation. Revocation of any kind of motherboard-integrated device (practically every motherboard has some form of onboard audio, and all of the cheaper ones have integrated video) would appear to have a serious negative interaction with Windows' anti-piracy measures.

Any new systems shipping with Vista will have new hardware, new chip sets, and new drivers. Anyone planning on upgrading an old box had better do their homework, just like you had to do with 2000 and XP (and Millenium, and 98se, ect..etc..). The stakes are potentially higher, but so are the tasks we're asking of our PC's. We haven't been brave enough or had a particular need to try this yet under Vista, but we've successfully swapped different brand main boards in XP without WGA screaming bloody murder. (UPDATE: Guess what boys and girls?? We just swapped motherboards in a Vista x64 Ultimate install. Even changed graphics cards (oh, and ethernet controllers were different too. So was audio hardware come to think of it). Vista didnt complain or miss a beat, just prompted for proper drivers. OOOH).Potential consumer and market backlash will dictate how far SPP goes, as it did with WGA. It's hard to quantify how potentially better or worse SPP will be without real world examples of it failing miserably and leaving consumer's disaffected as a result. The impetus is on Microsoft and its hardware partners to address these issues, should they even arise. Theoretically assuming they could materialize, and actually materializing are two different things.

Another unforeseen consequence of the potential for a downgrade disguised as an upgrade (that is, a driver being revoked by Windows Update) is that the whole process of updating your machine is supposed to provide benefits to the user in the form of enhanced functionality or, more pragmatically, bug fixes and security patches. Since malware attacks are invisible but a loss of playback capability isn't, if the only visible effect of an update is to reduce system functionality it  incentivises users to disable updates in order to avoid this issue. The unfortunate hidden side-effect of this is that in the interests of protecting themselves from having their content-playback capabilities turned off, they're now vulnerable to all manner of malware, viruses, spyware, and so on.

Again this assumes that the driver revocation process is going to happen in this manner in the "wild", and we don't see this as a likely occurrence simply due to the amount of potential negative consumer backlash it would create, apart from the fact that Microsoft has publicly stated it has no intention of letting this happen.

The overwhelming majority of malware attacks have nothing to do with the operating system apart from the fact that Windows OS's in general are the preferred targets because they make up the bulk of systems in use. Malware gets on end users PC's primarily because people are ill informed, gullible, and fall for all sorts of social engineering games, confidence tricks and obscure Terms Of Use. Comparing the two as if they have some cause/effect relationship is on the verge of obfuscation. And this assumes that it is Microsoft's mandate to baby sit people. We think this assertion does end users no favors in the long run, and tries to hold Microsoft responsible for every single aspect of the end user experience which is a veritable impossibility.

The details of what will happen if a motherboard contains unused onboard audio capabilities and an additional sound card alongside it, and the motherboard drivers are revoked, is unknown. Windows can't tell that there's nothing connected to the cheap onboard audio because the user prefers to use their M-Audio Revolution 7.1 Surround Sound card instead, so it'll probably have to revoke the motherboard drivers even though they're not used for anything. Since virtually all motherboards contain onboard audio in some form, this could prove quite problematic.

This is such a ridiculous assertion as to be laughable. Someone needs to read up on how hardware is enabled and disabled on motherboards, as well as how WGA and SPP work in regards to hardware enumeration. The theoretical assertion that motherboard drivers could potentially be revoked because of un-enumerated hardware is just that, a theory. Windows *can* tell there's something connected to the cheap onboard audio in this theoretical scenario  through inference (based on the fact the hardware is enabled and either has drivers installed, or by the fact the device is "enumerated" in the Device Manager), or directly in the case of newer audio device implementations that are newer than the now ancient AC97 specification, as we've seen in the case of newer HD audio systems and their ability to auto-sense connections. This and other assertions seem to focus on the theoretical potential for problems, rather than an objective analysis of whether or not such theoretical situations could and would actually play out.  Assuming an upgrader (because this obscure scenario would never occur in the case of a retail branded Vista machine obviously) were to leave onboard audio enabled alongside a PCI audio device, the end user may merely end up confusing themselves at worst as to how to control which hardware gets to play audio in a given application. A suprising number of media playing applications allow you to specify audio devices when you have more than one device present, because XP and Vista are quite capable of handling this admittedly odd scenario.

An entirely different DoS problem that applies more to HDMI-enabled devices in general has already surfaced in the form of, uhh, "DVI amplifiers", which take as input an HDMI signal and output a DVI signal, amplifying it in the process. Oh, and as a side-effect they forget to re-apply the HDCP protection to the output. Amusingly enough, precisely this approach has been recommended by a Westinghouse (large US TV manufacturer) VP of Marketing to resolve problems with Sony's interpretation of HDCP in the Playstation 3 and Westinghouse's interpretation in their 1080p televisions, who told consumers to "purchase an HDMI to DVI adapter to bypass HDCP". The hardware vendors seem to have come to the same conclusion about content protection as the computer in Wargames did about global thermonuclear war: "A strange game. The only winning move is not to play".

Westinghouse.....Sony............These are issues with the dodgy and screwball implementation of HDMI by manufacturers in the first place. The fact that Westinghouse suggests a DRM defeating strategy to bypass this specific problem merely points out the obvious flaws that exist within the industry as a whole. This is Vista's problem specifically how exactly?