A small utility called FairUse4WM has been making the rounds
for the past month and it has been giving the people at Microsoft quite a
headache. The utility is able to strip Windows PlaysForSure media files of
their digital rights management (DRM) allowing for unlimited playback and distribution.
Microsoft patched the first
exploit a few days after its initial release only to see the author of
FairUse4WM adapt to
the new changes. Now we see that Microsoft is in full-blown attack mode and
the Redmond-based company claims
that it has developed a patch to render FairUse4WM 1.2 useless. But for
every patch that Microsoft releases, there will likely be another update for
FairUse4WM to get the ball rolling again.
In light of all of the news surrounding FairUse4WM and
Microsoft's efforts to shut it down, Engadget
was able to get an exclusive
interview with the author the utility and get his thoughts on why he
created the utility, how easy it was to code and how Microsoft dropped the ball
Without revealing the secret sauce, what were the fundamental flaws
with PlaysForSure that allowed you to break it? Did Microsoft know about these
Once code is released,
there's really nothing secret anymore -- Microsoft didn't follow standard
security practices, and left sensitive data unencrypted on the stack while
calling routines out of kernel32.dll. Even when they fix this by changing
malloc() to alloca(), it'll still be a big task to audit other sensitive
routines for DLL calls. On a theoretical level, they have to send the
decryption keys outside of their control, and their only defense is through
The creator of FairUse4WM states that Microsoft can patch
and patch all they want to, but he will keep coming back with newer versions of
his utility. The author goes on to mention that neither he nor Microsoft has a “nuclear
option” so the two will just be tossing 2,000 lb "dumb" bombs back and forth for
quite some time.
quote: agreed, hopefully MS isn't developing the proverbial "nuclear bomb" while throwing these dumb bombs.
quote: Section 1201. Circumvention of copyright protection systems
(a) Violations Regarding Circumvention of Technological Measures.
- (1)(A) No person shall circumvent a technological measure that
effectively controls access to a work protected under this title.
quote: Just out of curiosity, how does owning / manufacturing firearms relate to DRM in any way? What is illegal and wrong about manufacturing firearms?