September 08, 2006 | Michael Holloway

Spam all you want, but don't crack DRM!

As revealed in detail by Bruce Schneier, Microsoft this week rushed a patch out the door, well ahead of their usual once-a-month Patch Tuesday.

Included in this 'security patch' is code designed to break a utility called FaireUse4WM a program designed to remove the DRM from Windows Media Files.

More disturbing of course is that it's being called a security patch in the first place. While technically it is making *someone* more secure, but that someone is not you. Of course, you still need to spare the bandwidth, system downtime for restart, and far more importantly, the inherent risk of system-damaging errors that come from installing a patch to give those other people their security.

Given that system-threatening security holes are regularly made to wait for a fix until said Patch Tuesday by Microsoft, but this minuscule threat to their DRM is addressed almost immediately, it's not hard to see what priorities are at work here. Breaking DRM will bring immediate action, but turning your computer into a spam-spewing component of a bot net? Well, those kind of holes in your system will just have to wait.

(My sentiments exactly, but not my words, they came courtesy of Ryan Alexander)

Comments (5)

  1. Joe Bange:
    Sep 12, 2006 at 09:51 PM

    I didn't mean it would allow you to download without paying, I meant it would allow you to remove the DRM from the files you got from your subscription service, like yahoo's.

  2. Ryan Alexander:
    Sep 12, 2006 at 11:05 AM

    If it's a subscription-based service than the downloads are already unlimited in amount and the program has nothing to do with that. However if it is the kind of subscription service that will break or remove all the music you've already downloaded once you stop subscribing than yes, that perhaps it could be perceived as a threat, but that is a very different situation than presenting the context of 'once this program is on your computer you can steal unlimited music'

    No, you can't. Are far more appropriate statement would be 'Once this program is on your computer you can choose to re-enable the music you've already downloaded from your subscription service after ceasing your subscription.'

  3. Ryan Alexander:
    Sep 11, 2006 at 11:24 AM

    Also included in the original Schneier article is the fact that days after the patch was rushed out by microsoft, a new version of the program that not only was *not* stopped by the patch but worked *better* at removing the DRM (by expanding the versions of the DRM that it worked on) was out.

    The end result being that all of the end users paid the risk, downtime, and bandwidth for about 3 days of someone else's 'security'.

    Glyn was kind enough to point at two links relating to this:

    One from BoingBoing:
    and one from the BBC:

    The boingboing entry is spot on.

    The BBC however is woefully inaccurate, and all the worse it's inaccuracy leans heavily in the direction of the standard propaganda that is pushed by the music industry;

    from the BBC article:
    "It could spell problems for internet music shops, potentially
    enabling users to download unlimited files."

    No, it doesn't do that, for either interpretation of the word 'unlimited'.

    This horrible threat is nothing more than a program that removes the DRM from songs you have *already* downloaded. It can't go out to the music industry's sites and remove the DRM from them *before* you download them.

    1. It has *no* effect on the amount of music you can download, that
    remains exactly the same, so for the 'as much as we want'
    interpretation of 'unlimited' it's completely incorrect.

    2. It is only useable on files on your own computer, so while it
    *does* remove the limitations on the files imposed by DRM, thereby
    making them 'unlimited' by a different interpretation of the word, but this process happens post-download the original files that are downloaded are still just as limited.

    And perhaps even more importantly each individual end user has to CHOOSE to put this program on their computer, and then it will only affect files that each person directs it to run on. Very much *unlike* the microsoft patch.

  4. Joe Bange:
    Sep 12, 2006 at 02:01 AM

    The BBC's article is not nessercery wrong, if they were referring to the subscription based services, where you pay monthly for access to all their music, though of course its only unlimited for a short while.

  5. Mark Beveridge » Blog Archive » FairPlay DRM cracked:
    Sep 11, 2006 at 12:01 PM

    [...] Update: Microsoft has released a ’security patch’ for FairUse4WM [...]