Microsoft patches security vulnerability in three days

Who cares about tens and hundreds of security holes that make the computers dangerous to the users - just as long as the DRM keeps running.

Bruce Schneier writes:

If you really want to see Microsoft scramble to patch a hole in its software, don't look to vulnerabilities that impact countless Internet Explorer users or give intruders control of thousands of Windows machines. Just crack Redmond's DRM.

...

Last week, a hacker developed an application called FairUse4WM that strips the copy protection from Windows Media DRM 10 and 11 files. Now, this isn't a "vulnerability" in the normal sense of the word: digital rights management is not a feature that users want. Being able to remove copy protection is a good thing for some users, and completely irrelevant for everyone else. No user is ever going to say: "Oh no. I can now play the music I bought for my computer in my car. I must install a patch so I can't do that anymore."

But to Microsoft, this vulnerability is a big deal. It affects the company's relationship with major record labels. It affects the company's product offerings. It affects the company's bottom line. Fixing this "vulnerability" is in the company's best interest; never mind the customer.

So Microsoft wasted no time; it issued a patch three days after learning about the hack. There's no month-long wait for copyright holders who rely on Microsoft's DRM. This clearly demonstrates that economics is a much more powerful motivator than security.




Comments

No comments yet.
Add comment.
More info...     Comments?   Back to weblog
"Main_blogentry_070906_1" last changed on 07-Sep-2006 19:59:21 EEST by JanneJalkanen.

My latest photos

www.flickr.com