A security researcher has released a proof-of-concept program that hackers could use to exploit Windows Vista digital rights management processes to hide malware. Alex Ionescu claims to have developed the program – D-Pin Purr v1.0 – that will arbitrarily enable and disable protected processes in Vista, Microsoft’s latest operating system.
What are “digital rights management processes”? There’s DRM, and then there’s “protected processes”. Protected processes are used to protect processes which do DRM processing, but nothing else.
BTW, D-Pin Purr uses a kernel-mode driver – so it doesn’t break the protection, it just bypasses it, and it doesn’t work in vista-64
Edited 2007-04-12 19:06
Does this mean 64-bit Vista doesn’t use kernel-mode drivers?
I thought it just wasn’t an option to run uncertified drivers on 64-bit.
There will come a time when Vista’s own ‘features’ are so good at protecting the wrong doers and so bad at protecting the actual user, (such as is DRM) that getting a piece of malware will be a re-install job instead of just running a scan. That’s when the en-mass migrations will begin.
To a lesser or greater degree, it’s already been like that for a few years.
On a side note, last weekend I was out laptop shopping with the girlfriend (for the girlfriend) and she had a budget of just £400. For that price you can get a reasonable system (and one that’s more than capable for her needs) but every system had Vista pre-installed. I kept asking the shop-keepers if there was any way I can ditch Vista (as even the pricer systems in her budget only just met Vista minimum requirements) and install XP or Linux and they simply said it would be breaking the warrenty to install anything other than what was supplied. Very frustraiting (given that the laptop barely runs the OS even with Aero turned off)
The thing I have found is that it is easier to recover or reset Windows running in VMware using automatic snapshots than using built-in Windows functionality.
No need to bother with anti-malware software that doesn’t even work 🙂
There will come a time … that getting a piece of malware will be a re-install job instead of just running a scan.
I’m pretty sure things are that way already, at least if you want to be sure ( http://www.cs.cmu.edu/~help/security/windows_breakins.html for example), and not just with Windows.
Malware that manages to hind behind DRM certainly wouldn’t help though. Reminds me of how Microsoft blocked Wine from Windows Update a while back. It did it by looking for a registry key. The block didn’t last too long IIRC, as I bet someone realized some Malware could set the Wine reg key to make Windows Update think the infected OS was Wine Or maybe Wine removed that reg key..
Anyway, at least to run the binary to add and remove protection, users need to be running the code with elevated privileges.. Of course, with UAC popping up everywhere users are being trained to click OK all the time. Still, I guess it’s better than running as admin by default and having no warning at all..
I thought Vista’s DRM was malware.
Some OEMs are quite happy to ship it though. A brand new Packard Bell machine I configured for a customer popped up a bubble on first boot from Windows Defender that two items were blocked as malware – Macrovision’s DRM controller and updater app.
I thought Vista was Malware.
Windows users have been running malware for over a decade now, yet no one died because of it. They’ve learned to live with it and they will continue living with it. Please stop trying to use that and an excuse to stop the progress.
DRM, on the other hand, is an integral part of any modern operating system because, clearly, users simply can not be trusted with, well, pretty much anything.
Windows users have been running malware for over a decade now, yet no one died because of it.
Is that really your response? That is almost as arrogant as when Sony BMG said they didn’t think people knew what rootkits were so why should they care. What malware have all us Windows users been running for over a decade by the way? Care to elaborate on that?
DRM, on the other hand, is an integral part of any modern operating system because, clearly, users simply can not be trusted with, well, pretty much anything.
Did I say almost as arrogant as Sony? I think you have them beat actually. Everyone is a thief is basically what you are saying? No one can be trusted. That’s a really nice attitude.
/* Did I say almost as arrogant as Sony? I think you have them beat actually. Everyone is a thief is basically what you are saying? No one can be trusted. That’s a really nice attitude.*/
Well, if users would stop ripping those poor hollywood actors living in mansions, by downloading pirated movies for a start, then, i guess there would not be any DRM in commercial OS.
If people could actually exercise their fair-use rights correctly (without DRM in the way, including CSS) there would probably be less piracy all along.
/*If people could actually exercise their fair-use rights correctly (without DRM in the way, including CSS) there would probably be less piracy all along.*/
people were given the chance to use a free DRM OS ,but what did the users do, they started downloading pirated: movies,music,video games, because they taught they were being smart, well, they only harm themselves, now, they have to use an OS that is in police state.
people were given the chance to use a free DRM OS ,but what did the users do, they started downloading pirated: movies,music,video games, because they taught they were being smart, well, they only harm themselves, now, they have to use an OS that is in police state.
So by your thinking, to draw an analogy, because despite never having used illegal drugs I now need to serve a term in prison because I also failed to club drug-dealers over the head?
I hope you never get to run that “police state”, because I have an idea that living in Mao’s China might be preferable.
/* I hope you never get to run that “police state”, because I have an idea that living in Mao’s China might be preferable.*/
oh,no, I’m not evil like the corporations; if the users would realize the corporations are in control,alot of this nonsense like DRM would not exist.
more dumb things the users keep doing like download pirated contents the more nonsense like drm
are brought upon the users by the corporations to protect there beloved shareholders and profits.
DRM does nothing to hinder downloads. It limits the usefulness only of legitimate purchases, now including hardware (HDCP). The industry is lashing out at their customers, propping up their non-customers as the excuse, when in reality, it’s all about the system of If Value, Then Right.
People were given the chance just to pirate the movie and have complete freedom with it, but what did they do? They started buying DVDs, WMAs, and video games, thinking they were being smart; well, they’ll only harm themselves, because now they have to buy another copy for their iPod, another copy for their PSP, another copy for the car, another copy for dad’s house, another copy that plays in Europe, and another copy for a higher resolution.
Piracy sucks ethically and economically, but the MPAA is working very hard to make it the practical choice. At least with maritime law, you own what you have.
/* People were given the chance just to pirate the movie and have complete freedom with it, but what did they do? They started buying DVDs, WMAs, and video games, thinking they were being smart; well, they’ll only harm themselves, because now they have to buy another copy for their iPod, another copy for their PSP, another copy for the car, another copy for dad’s house, another copy that plays in Europe, and another copy for a higher resolution. */
well, study harder, get a better higher paying job to be able afford all of that
because with the corporations running the show, it’s going to get worse.look around you everything is own by an corporation, they can do what ever they want.
“Windows users have been running malware for over a decade now, yet no one died because of it.”
That’s why more than 90% of the worldwide email transfer amount (that is what the mailservers handle) is SPAM…
“They’ve learned to live with it and they will continue living with it.”
No, they’ve learned to ignore it.
“DRM, on the other hand, is an integral part of any modern operating system because, clearly, users simply can not be trusted with, well, pretty much anything.”
Ah, the user as the main problem… 🙂 I would not try to say anything else because in many cases it’s true. But what about system administrators or software engineers? Shouldn’t they be more intelligent individuals (sorry), with moral imaginations and educated judging?
Maybe DRM may be useful for something, but actually, it is abused for crippling file content and making media unuseable.
No, it’s “spam,” not “SPAM.”
And it doesn’t taste so well. Spam spam spam spam… it does work with scrambled eggs though.
No, it’s “spam,” not “SPAM.”
Thank you for your correction. As you might know, english is not my native language.
Windows users have been running malware for over a decade now, yet no one died because of it. They’ve learned to live with it and they will continue living with it. Please stop trying to use that and an excuse to stop the progress.
DRM, on the other hand, is an integral part of any modern operating system because, clearly, users simply can not be trusted with, well, pretty much anything.
I sure hope that’s sarcasm, because clearly, the only reason anyone arrogant enough to say that seriously doesn’t deserve to have his (or her) brain curdled to custard is because anyone who says that must have already had that done to them.
> Windows users have been running malware for over a
> decade now, yet no one died because of it.
Identity theft and computer hijacking are serious problems. Maybe you feel comfortable letting anonymous strangers access your private information, your financial information, and being able to use your computer as a hub for kiddie porn and having the police confiscate your computer or worse, but the average person (if they knew and understood the risks) wouldn’t.
Malware may not cause someone to die, but it can certainly ruin a life. As you mention, this diminish the bad aspects of DRM. It does, however highlight how DRM can be used by malware to lock you out of your own computer.
“DRM, on the other hand, is an integral part of any modern operating system because, clearly, users simply can not be trusted with, well, pretty much anything.”
I’m not sure if you realize it but that’s a horrible thing to say. Quite honestly, I find such a statement more than a little insulting.
Please stop trying to use that and an excuse to stop the progress.
I conduct all of my music listening and movie viewing within the limits of the law. The RIAA and MPAA have repeatedly operated outside the boundry of what I consider ethical behavior. They sue children, dead people, serve notices to colleges for alleged downloading from IP blocks that never existed. Several RIAA afiliated companies have been found guilty of illegal price fixing.
Explain to me why I should TRUST these companies.
Explain why the RIAA/MPAA telling me that I am not to be trusted suggests progress.
I can’t decide who is dumber.
You or the people who hit the “+” next to your comment.
Hard question, isn’t it?
Troll.
I thought Alex was joining the Redmond team? Posting vulnerabilities like this would normally jeopardize a new job offer.