- Related Stories
-
Microsoft releases 'critical' patches
February 8, 2005 -
Microsoft: No flaw in Media Player
January 14, 2005 -
Hacker cracks Microsoft anti-piracy software
October 19, 2001
The Redmond, Wash., giant on Tuesday introduced an update to its Windows Media Player, which included changes aimed at blocking the Japanese hackers' work, as well as a security update.
Manager, Windows Media
The copy protection changes mark the first time in nearly four years that Microsoft's digital rights management (DRM) protections have been publicly broken, even if largely in theory. As in an earlier case, the company says it was able to update its software before the flaws advanced much beyond the theoretical stage.
"No DRM is perfect," said David Caulton, group product manager in the Windows Media division. "This is another example of somebody finding a way around the technology that we didn't think about. We hear about it, and we effectively get a fix out to users before there's a widely distributed tool for removing digital rights management from files."
The update comes as renewed evidence that hackers and other independent programmers are scrutinizing Microsoft's Windows Media Player, as well as the Internet Explorer browser, for flaws or programming loopholes. Microsoft has released repeated security fixes for its Web-browsing software over the past year, as new risks for surfers continue to appear.
The Japanese hack emerged several weeks ago, when programmers on a public online bulletin board were found to be discussing ways to strip the copy protection off Windows Media files. The actual software that purportedly performed the trick was taken offline after a Japanese magazine wrote about the hack, but Microsoft said the company was able to identify the potential flaw.
The new update also addresses a problem exposed a month ago, in which the Media Player and its digital rights management software could be used to show ads--or even to lure unsuspecting Web surfers into downloading harmful software onto their hard drives, security researchers said.
The process exploited a feature of the Media Player content protection, which allows protected files to pop up a Web page with information about a video or song license. In such a case, that page could be loaded with automatic spyware download mechanisms, Spanish security company Panda Software said.
The new update to the Media Player software contains a setting that allows consumers to request that they be notified any time their computer is going onto the Internet to obtain a content license. By default, this option will be turned off, but computer users can turn it on, Caulton said.
With the associated security issues, however, once the computer does launch the online license acquisition process, a Web page could still be popped up--even with the update in place. That risk is shared by anyone surfing online, Caulton said, but it could be virtually eliminated by using the latest spyware blockers and Windows operating-system updates, which block automatic downloads of software.
The new Windows Media Player is available now on Microsoft's site and may be distributed to consumers through the company's automatic software update function in the future.
See more CNET content tagged:
David Caulton, antipiracy, digital-rights management, hack, copy protection
I think Microsoft needs to understand that the purpose of the "Trustworthy Initiative" is to create trust for the reliability and security of their products with end users (customers who PAID for their products and expect them to work) - rather than paying attention to minor nuisances.
Nobody cares if a DRM gets hacked. People however, do care if an unpatched flaw is exploited , and causes billions of dollars of damage.
You also fail to account for the fact that some flaws are relatively simple and have solutions that as easy to create and implement while other flaws go deep into the entire design of the software product and may require rewriting a significant part of the product in question, not to mention the need to test that extensive fix to make sure it doesn't introduce new flaws.
- DRM on a PC, a non-runner
- by cifs February 17, 2005 1:00 PM PST
- Because of the variety of sounds cards and MPEG-4 Video cards, Microsoft Windows provides for third party device drivers to talk to these cards. Since the cards have no encryption or rights management on them, the information sent to the drivers is raw and unencumbered. What is stopping someone, in theory, from writing a driver that makes a copy of the raw data?
- Reply to this comment
-
(4 Comments)