Vista DRM Cracked by Security Researcher

An anonymous reader writes "Security researcher Alex Ionescu claims to have successfully bypassed the much discussed DRM protection in Windows Vista, called 'Protected Media Path' (PMP), which is designed to seriously degrade the playback quality of any video and audio running on systems with hardware components not explicitly approved by Microsoft. The bypass of the DRM protection was in turn performed by breaking the Driver Signing / PatchGuard protection in the new operating system. Alex is now quite nervous about what an army of lawyers backed by draconian copyright laws could do to him if he released the details, but he claims to be currently looking into the details of safely releasing his details about this at the moment though."

very fitting

called 'Protected Media Path' (PMP)

I can guess how that's pronounced...

Re:very fitting

"called 'Protected Media Path' (PMP)" I can guess how that's pronounced... Well, it just goes to show, that PMP'ing an operating system ain't easy.

Re:very fitting

Well, it just goes to show, that PMP'ing an operating system ain't easy.

Or 'It's hard out here for a PMP'

Re:very fitting

Or 'It's hard out here for a PMP'

I don't know what you heard about me
But you can't get your video out of me
High quality video you can't see
Because I've got uncracked PMP [azlyrics.com].

Re:very fitting

Big Data Cane.. is that you?

Re:very fitting

Come on, that jab is unfair.

As a user of the Windows Home Operating Rights Environment, I must state for the record that all of my transactions with said system are completely clean, and take place using the most effective protection available. If you truly feel that some of your Media exchanges are tainted, I'd suggest it's probably because you didn't pay the requisite PMP fees.

1st thing is to get a good lawyer

As fast as you can

Re:1st thing is to get a good lawyer

Freedom to tinker: http://www.freedom-to-tinker.com/ [freedom-to-tinker.com]

Re:1st thing is to get a good lawyer

From the about page [alex-ionescu.com] it says:

He [Alex] is currently studying at Concordia University in Montreal, Canada"

So does the DMCA apply?

Re:1st thing is to get a good lawyer

So does the DMCA apply?

that depends, does he travel to or through the US?

Re:1st thing is to get a good lawyer

No, that doesn't matter. I am sure that my govt will happily deport him if the **AA asks them to. We seem to bend over backwards for the US at this point, and for the **AA in particular, just look at the politician they bought recently up here. A Conservative government here in Canada turns us into a mere appendage of the US Government, compliant to their will most of the time. Hell, we just paid out 10 mil in damages to a Canadian Citizen we happily fingered for the US Dept of Homeland security so they could ship him to Syria to be tortured for a year or so even though there was no evidence he supported terrorism. I have no doubt that violating DRM (which is surely as Evil(tm) as terrorism in the eyes of the **AA, in fact they probably want to equate the two) will be sufficient to get this guy exported to some country for torture as well :)

"Government for the corporations, by the corporations, for the benefit of all corporations..." or something to that effect.

Thank god for the primary process!!!

*does a jig with two thumbs up*

*stabs self in eyes with thumbs*

JAZZ HANDS!

Re:1st thing is to get a good lawyer

"We seem to bend over backwards for the US at this point, and for the **AA in particular....... "

You mean bend over forward, right?

Re:1st thing is to get a good lawyer

And what's even more funny, in the last paragraph on his page:
"He is also a Microsoft Student Ambassador and is representing the company on campus as a Technical Rep."

1st is to realize credit is overrated.

Well, he's already probably a bit screwed.

Here's the problem: there's virtually no way to get in trouble, if you just release an exploit anonymously. (By definition, if it's truly anonymous, they can't catch you; there are lots of ways to basically ensure your anonymity today.) Where you start to get in trouble is when you want to release an exploit that's going to ruin somebody's day and take credit for it.

This comes up with regards to other, less-politically-sensitive bugs. When you step forward and take credit for something that you've released, you're basically holding up a big "come and get me!" sign. It's a lot easier to sling mud at a person, than it is at some anonymous entity on the Internet.

It's really taking credit that burns people, not releasing the bug/hack/exploit. It would have been trivial for this guy to release his code, anonymously or even pseudonymously, and keep it firewalled from his real-world identity. If he had done that, there might have been some attempts to uncover who he really was, but I doubt anyone would try that hard -- it's harder to go after someone that's anonymous, than an actual person. With a person, you have something to put in your mind under 'enemy,' that you just don't have with some vaporous person or persons on the Internet. Being anonymous diffuses a lot of the hatred, because it's harder to hate someone that might not exist. By standing up and taking credit, you're accepting everything.

Personally, if I were to discover something like this, there's no way I'd publicly admit it. I live a happy enough life without becoming some sort of hacker/security icon; the downsides of becoming the next Dimitry Sklyarov seem far greater than the possible benefits. Release the code somewhere in public, maybe signed with a private key that you have stashed away (so, decades down the line, you'd be able to claim it, if you wanted to and if the statute of limitations had run out), and only communicate via Usenet dead-drops and anonymous remailers. The tools to remain completely hidden are all there -- heck, you could probably do interviews in Wired under a psuedonym, the only absolute would be keeping the Clark-Kent-esque secret of your true identity hidden, and I'm not sure if some people would be able to swallow their pride enough to do that.

Pro Bono Security Attorneys

How about a team of pro bono attorneys who are willing to defend (fight?) cases like this in which a researcher simply wants to share his/her findings? Sort of like a non-profit organization.

Re:Pro Bono Security Attorneys

If only there was some EFFin' organization that provided such a service. I don't know what the EFF we'll do now. I guess we are all pretty EFF'd.

Re:Pro Bono Security Attorneys

You really think you can find that many Pro-Bono Attorneys?

I mean sure, The Joshua Tree was great, but they've been going downhill for awhile....

Moving to Redmond?

Sounds like somebody will soon get a juicy job offer from Microsoft to tighten up the system...

Re:Moving to Redmond?

From Alex's website -

"He is currently studying at Concordia University in Montreal, Canada, and is in his first year of obtaining a bachelor's degree in Software Engineering. He is also a Microsoft Student Ambassador and is representing the company on campus as a Technical Rep."

Uh oh.

Re:Moving to Redmond?

Yup. There is a word for this in the industry. It used to be called a BUGTRAQ gadfly though nowdays it should be called a "Full Disclosure Gadfly".

You make enough stink on a non-moderated list like FD with the sole purpose to get hired and you get hired. There are pimps that follow FD, BUGTRAQ and the like for "fresh talent".

It's all in the details.

...could do to him if he released the details, but he claims to be currently looking into the details of safely releasing his details...

Grammar tip: don't use the same word three times in one sentence.

Re:It's all in the details.

What is the problem? That is a perfectly cromulent sentence.

Re:It's all in the details.

Grammar tip: don't use the same word three times in one sentence.

How about 9 times, is that okay?
Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo. [wikipedia.org]

/me watches the skies over Montreal...

...darken as thousands of crack Microsoft lawyers parachute down into the city in search of the terrorist, erm, defendant...

I have a brilliant crack of the Vista DRM too...

... but there is no space in the margin of this comment to write it.

In future news...

"Vista DRM cracked by anybody with the desire to do so".

Too bad this didn't come out 3-6 months from now

It's really too bad that this is coming out now, rather than in 3-6 months when it would make more of an impact. While the article raises some issues that won't be easy to solve, right now this seems to give M$ a head start on tightening the DRM noose even more or insisting on TPM.

Post the details on MySpace

and then ask Network Solutions to suspend their domain. It works on GoDaddy domains.

What a revelation!

Hopefully, other players in the media industry see this and realize that DRM is a pointless encumbrance!

Yeah, right. They'll just keep up with their usual approach, one akin to installing a governor on your car to deter theft.

just release it

Just release it, the deluge of bad PR will suck the moneyline away from the lawyers long enough for you to jet to Aruba or somewhere.

He won't need to ...

Now that people know it is possible, I am sure it is only a matter of time before others across the globe attempt to find the weakness. Some of these people won't even be affected by USA law, unless they decide to visit or transit through the country.

Re:He won't need to ...

Some of these people won't even be affected by USA law, unless they decide to visit or transit through the country.

One wonders if the harassment of people who are not breaking US law in their own jurisdiction when they come to the US will have a chilling effect on technology in the USA. Certainly, some very smart people would be very stupid to visit here...

Seems that the cat is already out of the bag...

Mark says that it's possible. He also says enough that someone else as "skilled in the art" as he is can probably figure out what he did.

And what he did, if I understand correctly, is have some of his own code run as kernel without it being in a "test signed" driver. That seems to be the essense of his approach. Once you figure out how to do that, you can basically do anything, and Microsoft can't stop you.

Alex is also re-implementing the win32 kernel

Alex Ionescu is the main kernel/HAL developer for the GPL'ed ReactOS project (www.reactos.org), which is aiming for an OS that is fully binary AND driver-compatible with Windows XP/Vista. If you look through the work he's done in the ReactOS SVN (developer name 'ion'), I have no doubts that he's fully capable of analyzing and defeating any kernel-level protections in Vista.

Although ReactOS can share a lot of work with the WINE project for the win32 userland, it could still use any developers that are familiar with win32 development and would like to see a truly free operating system capable of using windows drivers/software.

Why bother even having DRM?

After all, it's only going to get cracked sooner or later. So there is no point is there?

Re:Why bother even having DRM?

Not for the pirates, no... It's generally beleived that DRM is to screw those who actually pay for things into paying for them more than once.

Re:Why bother even having DRM?

The goal is not to make a secure system. The idea of securing a system from its owner (who has physical access) while maintaining usability is absurd and approaches impossiblity. They just want to make a system which 99.9% of users cannot crack, make it so that the crack cannot be generalized across different systems, and prosecute the remaining 0.1%.

Really, the only way to defeat DRM is to prove to companies that they will make more money without DRM than with, or, failing that, make the preceding true via strikes and public awareness.

What with

Excellent news.
What with HD-DVD and Blu-Ray being cracked already, and now this, combined with all the hate and general unity by consumers against the big movie and music industry, how much more signal do they need that DRM is pointless and unwanted and to finally stop trying to force it on us?

Its a shame

that he put his name to it, rather than just release his findings anoymously from a public internet terminal.

Re: It's a shame

It's a shame that things have come to a point where developers/security researchers have to worry about releasing findings like this, perhaps *even* when they are not under US law.

Is it illegal for me to have someone check safety?

If I drive a car, or heck use a toaster. Isn't it legal for me to give the product to a mechanic or someone versed in the art to check whether it's safe or not?

So if I use windows .. I need to know if the DRM or digital signing is crap. I don't want spyware to be fakely "digitally signed" and run on my system. If the DRM is crap why would anyone release anything with it? Why are software companies able to prevent or hinder research into the security of their products and announcements to the public w.r.t their safety?

I'll do it...

I'll gladly do it. I live an arm's length away from the furthest reach of the DMCA.

Re:I'll do it...

The DMCA doesn't have arms, it has tentacles. Horrible, oozing, pus-filled tentacles.

And...

And just in time, too.

Crushing of Freedom of Speech

Yes, I know it's been said very many times before, but I'm moved to say it again. It's simply obscene that runaway copyright law provisions should be used to casually stomp on this kind of freedom of speech, especially in the U.S.A., where allegedly there is a First Amendment guaranteeing freedom of speech. I would very much like to see a full-out legal confrontation between these terroristic laws as they stand, and the Constitution. The alleged and artificial "right" of the smirking lawyers at commercial companies to keep their nasty little secrets does not in any sense abrogate the innate, natural right of the people to talk to each other about any damn thing they want, particularly complex subjects, and in any way they wish, including via carrier pigeons and Morse code, let alone in plain English (or whatever language) on the Web.

It's really a shame that other countries such as Sweden actually surpass the U.S.A. in this area.

Frankly, this pisses me off enough that I'm very strongly tempted once my finances improve enough for the expensive legalities, to spit in the eyes of these jerkoffs with a direct, blunt and extremely widespread explanation (possibly on a Russian server to further annoy and frustrate them) of whatever it is that they absolutely are frantic to not have explained, along with the text of the Constitution with the First Amendment highlighted in red. I think a well-crafted attack on this crap would gather quite a lot of support, moral and otherwise.

Honest question

Since the DRM in Vista is so inextricably tied in to the OS, then ANY hack which allows you to run stuff at kernel level will, by definition, be able to break the DRM. Which begs the question: could Sony's next rootkit be a violation of the DMCA, instead of just a huge pain in the ass?

"*Any* video and audio"?

...which is designed to seriously degrade the playback quality of any video and audio running on systems with hardware components not explicitly approved by Microsoft.

Woah! "anyvideo and audio"? I thought it was just Blu-ray and HD-DVD movies which have the Image Constraint Token (ICT) flag set. TFA quotes it as "some premium content", which doesn't make it much clearer. Anyone want to clarify?

Norwegians, I'm ashamed of you

Someone in America cracked this first.

Re:Norwegians, I'm ashamed of you

Canada isn't in America?

-Eric

Sorry 'bout that

Didn't read TFA, but when I saw this in the blurb:

draconian copyright laws

...I just assumed it was us.

Yay!

There needs to be an installer to bypass the PMP and DRM functionality in Vista so that every user can have the right to CHOOSE!

Thats the problem with 3rd party drivers

With having to mix in support for the old legacy drivers, along with the newer trust system, its not too supprising that a loop hole was found. This is area where Apple has the advantage. Microsoft would probably have been in much bigger trouble if they decided to require all driver makers to rewrite their drivers (and manifests) with the newer spefication.

Although I wouldn't be supprised if in the future Microsoft does in fact lock down its operating system and write all drivers for third party itself, requiring the hardware maker pay them to do so.

Details?

he claims to be currently looking into the details of safely releasing his details

Can anyone explain more in detail?

DRM is overcome as a community, not individually

Even if Vista were perfect and beyond any cracks/hacks, the DRM on the media will be defeated on other platforms. The content will then spread without DRM. Somebody in Hong Kong or Vietnam will make a standalone Blu-Ray/HD-DVD player that rips directly to open formats, and that will be that.

All the effort MS is putting into this will not make the studios happy, and will not make the customers happy. I think they made a bad choice.

Temporary At Best

1. Anyone with half a brain new this was coming.
2. No doubt there are *lots* of exploits waiting to be found. This is a Microsoft OS after all. Microsoft's core strength is Marketing and general amoral anything-goes business practices certainly not operating systems.
3. This is all very temporary. As Tivo's smart card/signed OS has shown Microsoft the way to maintaining their artificially high price for an operating system and subsequent inflated hardware prices.

It makes me so sad to see stories like this tagged with "haha." There is such a small number of people that understand the implications of DRM and the ultimate harm to all that they are simply marginalized as "nut jobs/OSS holy warriors."

The last laugh absolutely, positively, is Microsoft's and the broader special interests they serve.

Since this is the slashdot echo chamber, go about your business being morally outraged and doing nothing.

Misleading story

This is a Blog entry, not an Article or News story. From the Blog...

1). It doesn't work out of the Box.
That being said, it turns out the code I've written does not work out of the box on a Vista RTM system.

2). It uses a method provided by Microsoft.
As part of the Protected Media Path, (PMP), Windows Vista sets up a number of requirements for A/V software and drivers in order to ensure it complies with the demandes of the media companies.

3). It hasn't been tested.
Although used on its own, this POC doesn't do anything or go anywhere near the PMP (I don't even have Protected Media, HDMI, HD-DVD, nor do I know where PMP lives or how someone can intercept decrypted steams),

4). Author is more afraid of the DMCA than of violating Microsofts EULA terms.
a particularly nasty group of lawyers could still somehow associate the DMCA to it, so I'm not going to take any chances.

This isn't a story. Its pre-mature speculation.
Enjoy,

Re:Misleading story

1). It doesn't work out of the Box.

Yes, it requires a reboot, which is why it's only useful for bypassing DRM, not for open source apps (which will have to bother the user to reboot).

2). It uses a method provided by Microsoft.

Erm, no, PMP is provided by Microsoft. This method bypasses it.

3). It hasn't been tested.

It works fine, the actual PMP-disabling code hasn't been tested because I don't want to touch that. But my code ran in kernel-mode, which means it's possible. Read up a bit on computer architecture and you'll see that as long as you have access to the kernel, you're God on the machine (Apart from hypervisor machines and/or additional hardware -- which PMP doesn't currently employ).

4). Author is more afraid of the DMCA than of violating Microsofts EULA terms.

Author is a student and doesn't want to be sued out of existence because this method could be used to "circumvent a technological measure primarly destined for copyright protection".

Re:Misleading story

I have an NDA with Microsoft already. But this was done through independent research which isn't covered.

Re:Misleading story

You havent tested this. I could care less if your driver is loaded.

Not using a driver, RTFM.

Microsoft knows that 3rd party driver certificates are going to be stolen/compromised. Microsoft hasn't even provided a method to reject unsigned drivers yet (per MSDN it will be in Vista SP1).

Which is why this isn't using a stolen/3rd party driver or unsigned driver, nor actually loading a driver.

Did you happen to hook one of the kernel functions PatchGuard is monitoring? Try to patch CI.DLL and see what happens. You can disable driver signing. You cannot disable PatchGuard.

There's about a dozen ways to disable PatchGuard, and I was able to patch CI.DLL, disable PatchGuard, as well as turn off code signing. I don't want to sound condescending, but you don't seem to know what you're talking about, or you're being deliberately misleading with your PatchGuard comment.

I'm not saying that you can't bypass Microsofts DRM restrictions. I just don't think you have and the burden of proof is on you.

I'm not going to commit legal suicide by proving it. The point of my blog entry was never to say I broke DRM, but that I've found a way which can break it, which people are free to explore on their own.

Sometimes . . .

. . . the only incentive one needs to complete a task is the knowledge that it has been, and can be done. It doesn't much matter if he releases his code. TFA has enough info for anyone savvy enough to duplicate his work. Once it's out of the bottle, it'll be like WGA all over again. Another cat . . . another mouse . . . another cat . . . But perhaps the knowledge that Windows ultimate "security" DRM is, indeed, insecure will turn out to be the mouse that roared.

Obligatory attempt at poor humor...

"It's time to un-PMP ze audio"

Wouldn't Be A Slashdot Article

If it didn't have some FUD right in the summary.

'Protected Media Path' (PMP), which is designed to seriously degrade the playback quality of any video and audio running on systems with hardware components not explicitly approved by Microsoft..

No. It doesn't. It does it for specific DRM content.

These restrictions only apply to DRM content, such as HD DVD or Blu-ray. User's standard unprotected content will not be faced with these restrictions.

http://en.wikipedia.org/wiki/Protected_Video_Path [wikipedia.org]

He didn't "Break" PatchGuard

Administrators can turn PatchGuard off at boot time. He didn't break it.

He turned it off then installed an unsigned driver.

Re:He didn't "Break" PatchGuard

Administrators can turn PatchGuard off at boot time. He didn't break it.

There's no way to turn off PatchGuard off, only Driver Signing, which watermarks your desktop and disables PMP. Ways to break Patchguard 2.0 were published recently by "Skywing" on uninformed.org

"... bypassed ... Vista ..."

Security researcher Alex Ionescu claims to have successfully bypassed the much discussed DRM protection in Windows Vista ...

I figured that out too. Seems there are plenty of products on the market already that help with the problem. OS X, Ubuntu, Amiga, Solaris, Zeta, ... hell, even XP.

No one ever said we have to upgrade to Vista.

Thank You!!!!

That guy is my new hero. I just hope he doesn't get sued for his work.

No, the cat does not "got my tongue."

Alex is now quite nervous about what an army of lawyers backed by draconian copyright laws could do to him if he released the details

Don't worry about it. The US Constitution protects freedom of speech.

This includes, and especially applies to things the government does not want you to say.

Might not be a DMCA violation

Is there any content actually on the market right now, that uses Vista's DRM?

If not, then this is perfectly legal. There's nobody to sue you. If there aren't any works that use Vista's "technological measure that limits access," then 1201 wasn't violated. Maybe later there will be, but a violation can't be retroactive. That's like firing a bullet into the ground, and an hour later someone comes over to your bullet sitting on the ground, kneels down, bangs their head on the bullet, and then claims you shot them.

Dissecting Windows

Find a way to tie an onscreen display to a process.

Start up a few MS-Word docs and begin recursively copying and pasting text, start with an initial block at least 512 bytes long. Try to fill up at least one MS-Word document to the point where the error message indicates that one has reached the maximum number of pages for an MS-Word document. At this point the contents of the buffer should be sufficiently large to keep all future processes well occupied.

Open a few more MS-Word documents and keep pasting.

Open a few PP presentations and keep pasting the contents of the (eventually enormous) buffer anywhere possible.

Make liberal use of the Windows and alt-tab to switch between processes and check to see which ones are alive. Try to single out a Word or PP presentation which are locked and give them an alt-f4 while switching to a (technically) still good process and issuing a few ctrl+n strikes.

Eventually you'll be able to get an onscreen benchmark of how much memory a process currently has protected because, under heavy buffer (copy/paste) load, Windows doesn't draw onscreen all that well anymore.

Alex Ionescu to speak at SCALE 5x

Alex will be speaking on the first day of the 5th annual Southern California Linux Expo [socallinuxexpo.org] which will be taking place February 9th and 10th. Alex will be speaking about how to bridge the gap between Windows and Open Source using ReactOS. [reactos.org] If you use the promotional code SLASH, you will receive a 40% discount off a full priced ticket.

second class

just shows you how Microsoft feels about software vendors, and the consumer. By giving them second class software, or no means to run their own software business high class to the consumers.

And... So sweet of someone to crack DRM open for the so called second class citizens everywhere.

*Weebit moons Microsoft*

Weebit curtsies Alex Ionescu

You did crack it right? (insert grin here)

Alex should release it anonymosly.

The guy should just do what muslix64 did. He should release this stuff a anonymosly on some forums and post his code on megaupload or some place like that. So screw the {MP|RI}AA and the messed up US legal system.

DRM is difficult.

Standard encryption is easy. Keep your keys safe from the bad guys and as long as you use a reasonable encryption, things are fine.

DRM is difficult: You have to give the end user the keys, and then trust that only the uses that you've prescribed are allowed. Giving the keys to the end user is stupid, so the keys are given ONLY to a trusted module inside the end users machine. That trusted module is supposed to A) keep the keys secret, and B) enforce the rules that accompany the key. (e.g. you rented this for a week and a week has gone by).

If you have a general purpose computer, it's very difficult to have a trusted software module that can't be cracked somewhere inside.

In the backup-hddvd case, examining the core of the userspace program revealed volume and title keys. But the "master keys" are still somewhere inside.

In this case the operating systems trusted platform that should prevent that kind of tricks has been broken. Now you can insert your own debugger into the trusted core, and examine other stuff inside the trusted platform. Or you can claim to be a trusted driver, who has to have access to the unencrypted HD content.

In any case, as long as there is no hardware trusted module, it is always possible to run a good enough simulation, and run the DRM software under the simulation in a virtual machine.

And even if you DO have a hardare DRM module, I don't think it's possible to get right if you have a passive element on one side. For example a HDDVD is passive. So it can't verify the other side, and only give up the keys if it has confirmed the other side to be a trusted DRM module.

The BIG Question?!?!?!?!!?

Does anyone know, what, if any, implications does this have on CableCard functionality with Vista MCE? This question is on the forefront for myself; desperately want to build my own Vista HD CableCard ready machine!!!!!

Re:Let's learn English

Could not be more redundant.

Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo. [wikipedia.org]

(Also, that "sentence" I quoted is a fragment. And you didn't capitalize "i" in the previous sentence, which is actually a run-on.)

Re:Manna from heaven.

Vista would appear to be going nowhere in the market with the DRM mill-stone around its neck.

I don't think so. Businesses don't care; this will not affect them. Home users don't care; they don't want Vista. It's the lack of a compelling reason to purchase Vista that's stopping people from purchasing Vista. Windows 95 was a major upgrade. Windows XP was a major upgrade. They both got major attention. Windows Vista is a minor upgrade. It adds eye candy and some features that only business users typically need (like whole-disk encryption, which is a recipe for disaster in the hands of home users.)

The bottom line is that home users will be the major adopters of Vista because they will get the machine with Vista and they will run it with Vista. Corporate users who get new machines in with Vista will probably, if they have a volume license, run Windows XP on them instead, for the foreseeable future, not least because Vista has a brand-spanking-new TCP/IP stack which at least in the beta was known to be vulnerable to a whole laundry-list of otherwise-outdated attacks, things Windows hasn't been vulnerable to since the late nineties. Personally my biggest concern about vista on the corporate desktop (luckily not a decision I have to make) is that the network stack will be a vector of attack into the network, one that our firewall has no power to stop since users are continually opening outgoing connections.

Re:Fight the power!

Suppose I *did* pay for Vista.
Suppose my current hardware is fast enough and has enough resources to run even the most demanding of applications.
Suppose my current monitor can handle the resolutions required.
Suppose I did have a hd-dvd drive and some movies.

Imagine how pissed I would be if I couldn't watch them at native resolution because according to Microsoft I had the wrong connector.

I want an Operating system, not a restricted system.

"Draconian"

Alex is now quite nervous about what an army of lawyers backed by draconian copyright laws could do to him if he released the details

Enough with the word "draconian." Without copyright law, the GPL wouldn't have a leg to stand on. The copyright system is just fine--you should be attacking Microsoft and Microsoft alone, for they have the right to do this, but we have the right as consumers to reject it. That's how it works.

Re:He can crack DRM...

And posting anonymous makes you what?

Re:Manna from heaven.

It seems to me that Microsoft needs someone to publish this sort of exploit. Vista would appear to be going nowhere in the market with the DRM mill-stone around its neck.

What makes you say that ? Outside of hysterical, mostly ill-informed posters on Slashdot (and their ilk), the knowledge of - let alone concern about - DRM in Vista is vanishingly small.