Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Microsoft Media

From DRM to Rights Management Services 230

miladus writes "Microsoft has formed an academic Think Tank on Trustworthy Computing. The Academic Board is to advise Microsoft on 'security, privacy and reliability enhancements in[...] products and technologies so that Microsoft can obtain critical feedback on product and policy issues related to its Trustworthy Computing.' An interview with two members of the board is an interesting read, especially concerning the global implications of privacy. Of note, is the absence of DRM discussion. But DRM shows up as 'Rights Management Services' in the promised Widows Rights Management Services to be released later this year. it will deliver a 'platform-based approach to persistent policy rights for Web content and sensitive corporate documents of all types'"
This discussion has been archived. No new comments can be posted.

From DRM to Rights Management Services

Comments Filter:
  • by Hydrogenoid ( 410979 ) on Saturday February 22, 2003 @10:40AM (#5360334)
    Is Microsoft expanding to life insurance?
  • The question is... (Score:3, Insightful)

    by alhobbel ( 619402 ) on Saturday February 22, 2003 @10:42AM (#5360348)
    how much will those brainiacs get paid? I've never trusted "scientific" opinions from researchers paid by commercial companies. (What's more, I don't even trust most scientific opinions:)
    • by kfg ( 145172 ) on Saturday February 22, 2003 @12:22PM (#5360740)
      Indeed, it is the first duty of every scientist to show the other guy where he's full of crap. That is the essence of science. Finding the flaws.

      Lord knows I've been shown to be full of crap often enough.

      Richard Feynman was *famous* for being full of crap nearly all the time. It's that *nearly* that gets you. One of the great things about Richard is that he never, ever, self censored. He was willing be full of crap most of the time. It's an essential part of the process, but most people don't like to look "silly" so they hold back.

      "Here's my idea."

      "Here's where it's wrong."

      "Oh, *THANK* you!"

      That's the way it's supposed to work.

      Commercial "science" almost always turns into a political issue of some sort. They're there to promote a concept. Not to find the truth.

      It stinks.

      KFG
      • Commercial "science" almost always turns into a political issue of some sort. They're there to promote a concept. Not to find the truth. It stinks.

        Exactly. It seriously stinks:

        If we at Microsoft work with academia to make sure they have the resources, time and information to infuse Trustworthy Computing concepts into education

        we'd like to see academia work with the industry to inculcate more security concepts
        [Trustworthy Computing] into a technical education

        Our board becomes a set of real people that Microsoft is willing to take seriously -- rather than a disembodied din -- advocating for trustworthiness

        ensure that trust in a system becomes a foundational premise

        Helping Microsoft increase the trustworthiness

        Educating the public about risks and consequences [of not having trustworthiness] is a job
        [they share with industry].

        And to top it off, their position is:

        Trust in the e-world is not an option any more.

        You will be assimilated. Resistance is futile.

        -
    • If Microsoft is not just trying to force sales of MS-Windows Server 2003, then it looks like it's choosing MS-Office instead of MS-Windows to lay the groundwork for Palladium. If they tried to put it into MS-Windows first, people would finish migrating to another OS.

      Right now many are less aware or concerned about the issue of proprietary data formats than they are over OSes. Another key is that MS-Office (for the time being) has even a higher market penetration than MS-Windows.

      It extends Microsoft's MS-Windows monopoly by requiring at least one Serer 2003 at each site. It also has the potential to lock out non-Windows or End-of-Life'd MS-Windows distros:

      A user's computer must be able to access the Windows Server 2003 running RMS on first opening a document to authenticate the rights and decrypt the document. Otherwise, the document cannot be opened.
      If that wasn't clear enough, it has the potential to lock out competitors and End-of-Life'd MS-Windows distros:
      the operating systems must use XrML (Extensible Rights Markup Language) in the same way Microsoft does...Otherwise, the document could not be opened on the non-Windows operating system.
      Palladium can be used to determine which hardware is allowed access:
      In the future, Microsoft plans to replace the underlying "platform" with the forthcoming security technology formerly known as Palladium," Nash said. RMS is solely a software technology, whereas Palladium will add hardware security chips as an additional protection and rights management mechanism.

      In short it's about control -- this would give the last bit of control of data away, out of the hands of users / businesses. This is not just a U.S. problem. It is also an issue for non-US companies, governments and agencies. Once 100% control over the data is given away, then both hardware and software budgets are effectively determined by outsiders. Access to data would be controlled by outsiders as well -- who is to say that there isn't a backdoor [techweb.com] or that product activation wouldn't be used to "blockade" the data of an agency or competing company.

  • by rickthewizkid ( 536429 ) on Saturday February 22, 2003 @10:44AM (#5360355)
    So, Everyone that goes to the new version of Office will be locked into a forced upgrade stream? What happens when MS comes out with Office 12? Will everyone that uses 11 find that their documents suddenly "expire" because the new version of office is out?

    I don't like it. MS wants to control every 0 and 1 that flows through your computer.

    Looks like its time to dig out the 'ole Commodore 64. :)

    Just my 64k-is-enough-for-me's worth
    -RickTheWizKid
    • by Billly Gates ( 198444 ) on Saturday February 22, 2003 @10:49AM (#5360389) Journal
      Or as another way to look at it will companies like Enron use drm to make sure to obstruct justice or have their documents timebomb after each quarter so there is no evidence?

      Will Microsoft use drm to make sure the DOJ can not investigate them for illegal practices. If Bill Gates unfamouns email about choking netscapes air supply timebombs then the doj would have no evidence. Case closed!

    • A better question would be

      What happens when all media (from DVDs to web sites) is delivered with MS RMS?

      Or easier... What happens when all mail from Outlook users come with this?

      At least with this technology MS will not suffer so much with email leaks.

      Maybe rights management is a needed solution to actual problem, but a real solution all should be based in open, free, and universally available standards.
    • by kfg ( 145172 ) on Saturday February 22, 2003 @12:30PM (#5360769)
      Here's how it works. The new version of Office comes out, and it's perfectly backward compatable.

      But it isn't *forward* compatible.

      So all you have to do is get one company that a lot of other companies need to do business with in on the plot and get them to make the switch.

      Your Office documents are perfectly readable by them, but everything they send YOU your older version can't read. So if you want to continue to do business with them you have to switch too.

      It's a very effective way to force upgrades without giving any overt appearance that that's what you're doing.

      They don't lock you out of your documents. They lock you out of everybody else's.

      KFG
      • Your Office documents are perfectly readable by them, but everything they send YOU your older version can't read. So if you want to continue to do business with them you have to switch too.

        For this reason, I always insist on RTF. If they send it in RTF, then all versions of most WP software can read it.

        BTM
      • Goddamn this is why we have RTF. And PDF! For heaven's sake, MS builds interoperability into Word and 97% of the people in the corporate world are completely incapable of going to File, Save As..., Type: .rtf! It really is ultimately the fault of people who are never trined to take the one extra step that would make everything interpoerate! Gah! It hurts me in my brain to think about this.
    • Part of the agreement is you upgrade to the new version, before the 'grace period', as your license to use the previous version is revoked.
  • Good stuff (Score:5, Insightful)

    by t0ny ( 590331 ) on Saturday February 22, 2003 @10:46AM (#5360366)
    things like this are really essential, especially for companies and organizations that have concerns about confidential information.

    For example, where I work, we are required by law to have a level of security on certain information; this info should never be reaching people who do not fall under the same laws.

    With a technology in place to protect that data, our jobs as the IT staff becomes much easier.

    MS is, in my view, breaking new ground with this; some people may not like what they are doing, but you have to admit that nobody else is putting this stuff into their OS (when there is clearly a need for it).

    • Re:Good stuff (Score:2, Insightful)

      by Anonymous Coward
      DRM is not information security.
    • by GammaTau ( 636807 ) <jni@iki.fi> on Saturday February 22, 2003 @11:17AM (#5360497) Homepage Journal

      MS is, in my view, breaking new ground with this; some people may not like what they are doing, but you have to admit that nobody else is putting this stuff into their OS (when there is clearly a need for it).

      The problem with MS software is that after all these years it still has elemental flaws in its software. Before talking about things like confidential e-mail, they should consider supporting plaintext ASCII messages in their e-mail software. MS Outlook and MS Outlook Express choked (maybe they still do?) on messages that start with the word "begin" followed by two spaces. Their fix? You should use the word "commence" instead.

    • Re:Good stuff (Score:3, Interesting)

      by Anonymous Coward
      "Things like this are really essential, especially for companies and organizations that have concerns about confidential information."

      No. Good security is essential for people handling confidential information. Would you want your bank records littered around insecure networks, protected by unbreakable MS-Word encryption? I'd rather trust my information to people I knew had no Microsoft software anywhere.

      You need to keep information separated at work? For things like that, most people would consider PGPDisk and BSD firewalls not enough protection. At one place I work, any computer connected to certain network has to have its disk removed daily and locked in a safe. At another place I visited, there were no network connections leaving the site at all. Anyone who uses Microsoft security solutions has no business being given access to confidential information.
    • by Idou ( 572394 ) on Saturday February 22, 2003 @12:11PM (#5360689) Journal
      but I think you must trust MS 100% before this can be considered a "good thing."

      "With a technology in place to protect that data, our jobs as the IT staff becomes much easier."

      It's very simple, if, say, my medical information gets out 'cause some MSCE stopped thinking about security 'cause MS told them to, you better believe I am going to do everything in my power to destroy that incompetent individual's career.

      I see people stupidly pick MS all the time for no other reason than it is "MS." Well guess what, most of the time things are NOT working as a result. That's fine, but when we are talking about security required by laws, you better make damn sure YOU actually understand the system you are implementing, and I have yet seen an MS product implemented by someone who actually had an understanding of the innerworkings of the product (though they did read the marketing brochure . . .).
    • If you are using [goldmark.org] a Microsoft document format to transfer confidential information, you have problems DRM cannot solve.

      MS is, in my view, breaking new ground with this;

      I'm sure attempting to use an umbrella as a submarine would be equally revolutionary. That doesn't make it a good idea.

    • RMS != security (Score:4, Insightful)

      by argoff ( 142580 ) on Saturday February 22, 2003 @12:25PM (#5360754)

      You could have rights managment systems out the yinyang, but if the software running it is full of bugs, buffer overflows, back doors, code that auto preruns unauthorized stuff, or sends private info to MS headquarters (Yeah I know MS would never have eny of these problems) Then it will not matter a bit, even if every damn piece of data and code is digitally signed, registered, and pre-authed - it won't matter. In fact it could make things worse as people actually leave their systems less secure - assuming that they are less hackable or that they will know when people copy stuff. BZZZT. God help them, they'll need it.
      • Comment removed based on user account deletion
        • I'm not aware of any plans to make Palladium check signatures of binaries in memory. That would be a huge drain on computational resources. I'm not aware of anyone seriously suggesting this at any time in the future. Signatures are checked by the PE loader as the application is started. Don't tell MS, but I stronly suspect implementation problems in the first few versions. (There are still about 40 of the 240 Win2K system calls that don't properly check inputs and will result in BSOD with proper inputs from any user. This is due to be fixed in SP4.)
    • by Col. Klink (retired) ( 11632 ) on Saturday February 22, 2003 @12:30PM (#5360771)
      And the MPAA can sit back and relax because all DVD's are encrypted with CSS.
    • Re:Good stuff (Score:2, Insightful)

      by fermion ( 181285 )
      While I certainly see how access control to certain documents is beneficial to many entities, I do not understand how this product would be beneficial to companies with real security concerns.

      For example, if all one wishes to do is help insure that internal memos are not leaked to f*ckedcompany [fuckedcompany.com], this technology will provide a useful barrier. However, if you are trying to protect patient transcripts, one would hope that a suitable technology is already implemented. After all, MS Office, and MS Office, has many insecurities because it tries to be a business and consumer level jack of all trades. To me, security is enhanced by having only the necessary features integrated into a packaged built for the type of security mandated by the regulations

      Even for stopping leaks, success is probably dependent upon enforcement of DCMA. Anyone who copies and pastes will be guilt of circumvention.

    • I hope you would agree that the procedures and rules that apply at your workplace are highly unusual, and that it would be a bad idea to try and apply them to the general public.

      This is not some one-off facility, targeted toward a very narrow market segment. This is something Micros~1 is going to cram in to every copy of Windows. It will appear in every new computer shipped, whether it is appropriate for it to be there or not.

      Schwab

    • If you're willing to depend on MS being bug free in order to meet a legal requirement to protect data, you're likely in for some serious problems down the line. The one and only way to protect sensitive information is to not put it where unauthorized people can see it.

      I'm not opposed to information security at all. The problem I have is that MS has (by their own press releases) shown that they want to apply it to all the wrong things for all the wrong reasons. That implies (to me) that their engineering is unlikely to be appropriate to security of the right things for the right reasons.

    • You know VERY well that this "move" is only about destroying mozilla and openoffice's compatibility with ms's webservers.

      Also, I would certainly hope no-one in you office ever heard of ... let's take a random example ... a camera ...

      let's all thank Microsoft, tomorrow you need a camera to archive your email.
  • MS Dogfood (Score:5, Funny)

    by Flamesplash ( 469287 ) on Saturday February 22, 2003 @10:47AM (#5360376) Homepage Journal
    Hopefully MS will eat their own dogfood on this so their memo's stop leaking out, or maybe that's the whole driving force behind this.
  • by locknloll ( 638243 ) on Saturday February 22, 2003 @10:48AM (#5360381) Homepage
    ...the word "Trustworthy" in a direct connection with "Microsoft"? Wohooo... and I thought that only the Slashdot geeks had a sense of irony...
  • Sheesh (Score:3, Funny)

    by Cappy Red ( 576737 ) <miketoon@@@yahoo...com> on Saturday February 22, 2003 @10:49AM (#5360384)
    Can someone get the little Mozilla beast icon to eat the little Bill Gates beast icon and put us out of our grief?

    *consoles self in reality distortion field*

    *honk*
  • Heh... (Score:4, Funny)

    by Junta ( 36770 ) on Saturday February 22, 2003 @10:49AM (#5360387)
    The acronym of that would be RMS.... RMS is evil.. No wait... that *other* RMS.......

    On a sidenote, I hadn't heard about MS changing their product line to 'Widows'..... Another interesting name change...
  • by ubiquitin ( 28396 ) on Saturday February 22, 2003 @10:55AM (#5360404) Homepage Journal
    What do you call computer users whose digital rights have all died because of their choice of platform/license agreement? Microsoft Widows.
  • missing? (Score:2, Troll)

    by t0ny ( 590331 )
    Of note, is the absence of DRM discussion.

    Since the article only went over why the group was formed and touched *very* breifly on specifically what they would be doing, it seems like only your expectation to see it there made the absence notable. Remember, these people probably dont read Slashdot- they have to do things that matter.

  • by 1010011010 ( 53039 ) on Saturday February 22, 2003 @10:58AM (#5360425) Homepage
    The problem with "Trustworthy Computing" is that Microsoft is not a trustworthy company. They have demonstrated that over and over again, for years.

    And now, they are engineering their software to require you to seek authorization from them (via Passport) to access your own documents. Why should I, or anyone else, want to log my computer activity with Microsoft HQ?
    • by Reziac ( 43301 ) on Saturday February 22, 2003 @11:21AM (#5360511) Homepage Journal
      And before anyone tries to hand you a tinfoil hat, I'll add that this is exactly what M$ has talked about at their own seminars (starting back when Win2K was in late beta) -- where documents and all management thereof would all reside on a M$ server.

      Just think: No more wondering what server your document is on! No more having to back up the server at 3am! No more wondering where the office grunts saved their files to THIS time! No more worrying about "leaking memos" since only M$ will have access to them! No more worrying about whether your Office software has been updated in a timely manner, and properly licensed! M$ will take care of all of this FOR you, right here on M$'s own centralised server farm! Isn't that nice of them??

      Well, the guy presenting this back in 1999 sure thought so. The audience was markedly less enthusiastic.

      • "All on their own server farm."

        The internet was designed to be disaster proof. Anytime you have a point of 'convergence', you have a weakness. One determined script kiddie with a 0-day exploit could take down that farm and leave thousands of businesses hosed for the day, week or month it would take (MS) to fix.

        Distributed computing is far more robust with its multiple points of failure. I'd rather have a encrypted piece of my file on many computers, than a huge chunk of my precious data on a MS server, especially when the MS server is a easy, well-known and attractive target.

        I'll stick to my ultra-secure Apple II and prodos volumes.

        • Exactly. I can think of few things more scary for a business than to have absolutely NO control over their own documents, and worse, for those documents to be located on the biggest target in sight. *shudder*

          Never mind that M$ wants it to be a subscription model (and yes, they've said this too), so if you don't pay, you lose access to your documents and applications entirely.

          This was the same seminar where M$ unveiled the first of their new licensing schemes... so it's no wonder that the audience (mostly IT types) wore a uniform set of scowls.

  • by kubla2000 ( 218039 ) on Saturday February 22, 2003 @11:00AM (#5360440) Homepage
    From http://www.microsoft.com/windowsserver2003/evaluat ion/news/bulletins/wrm.mspx

    Microsoft has heard from customers that they need new ways to control how their digital information is used and distributed. RMS has been developed in response to that need, and combines Windows Server 2003 features, developer tools, and tested and proven security technologies, including encryption, certificates, and authentication.

    Have they no shame? Now they'll claim copyright infringements whenever RMS speaks.

  • by bushboy ( 112290 ) <lttc@lefthandedmonkeys.org> on Saturday February 22, 2003 @11:04AM (#5360451) Homepage
    Perhaps they should form a "Think Tank on Trustworthy Business Practices" instead..
  • by Demidog ( 111495 ) <rfisk@drivebuytech . c om> on Saturday February 22, 2003 @11:05AM (#5360454) Homepage Journal

    "Achieving trustworthy computing will take many years and require thoughtful and sustained collaboration between the industry and academic communities," said Scott Charney, chief security strategist at Microsoft. "By formalizing the process of engaging with these distinguished experts, we are better able to benefit from their collective wisdom."

    One gets the impression that Microsoft is doing whatever it can to deflect future criticisms regarding security.

    Most software companies would go out of business if they waited "many years" to offer any substantial solutions in the area of security. Microsoft is so big it can tell the world that it is creating a panel to discuss the matter and won't be offering any solutions for years and in fact advertises the fact as if it is beneficial and gets away with it.

    It's good to be king. The federal government (almost as large as Microsoft) gets away with the same sorts of things. George W. Bush and the CIA didn't know about possible airliner attacks prior to 9/11 and has formed a committee (Homeland Security) which is giving us cute little color codes to tell us security could be breeched at any moment.

    Maybe Microsoft's "academic panel" will offer microsoft customers the same sort of threat alert, a color-coded chart which shows up on the start bar and you can watch in horror as it flashes red (or burnt orange) and the hackers walk off with or destory your data...

    They could even license the sounds of "Lost in Space" ("Danger! Will Robinson") to lift your spirits and keep you from being upset that in most cases it is Microsoft itself which poses the biggest threat to your security and privacy.
    • The federal government (almost as large as Microsoft) gets away with the same sorts of things. George W. Bush and the CIA didn't know about possible airliner attacks prior to 9/11

      Tell that to former senators Rudman and Hart. Their commission might not have predicted the specific form of the attack (but others have been critical of airport security for years), but they were sounding the alarm long before 9/11.

      Congress failed to act. The administration failed to act.

      After 9/11, Congress paid attention to the Hart/Rudman commission. Yet Bush continued to resist the creation of a cabinet level post for many months.

      From here [emergency.com]:

      A bipartisan panel led by former US senators Warren B. Rudman and Gary Hart on Wednesday called for the creation of a Cabinet-level agency to assume responsibility for defending the United States against the increasing likelihood of terrorist attacks in the country. The commission making the recommendation included high-ranking military and former Cabinet secretaries. Their report warned bluntly that terrorists probably will attack the US with nuclear, chemical or biological weapons at some point within the next 25 years.

      The commission proposed a complete redesign of the National Guard to provide the proposed new "Homeland Security Agency" with U.S.-based troops to combat those who threaten a nation that for more than two centuries was isolated from attack by two oceans. The panel outlined a far-reaching reorganization of the Pentagon, State Department, National Security Council and other agencies, saying that they have become bloated and unfocused. The report even urged Congress to streamline its own committee structure to keep interference in national security matters at a minimum.

      ...

  • by ln -sf head ass ( 585724 ) on Saturday February 22, 2003 @11:06AM (#5360458)
    allows Microsoft to use secret file formats, with the added bonus of making anyone who dares to write an open source viewer prosecutable as a terrorist.
  • Think tank? (Score:5, Funny)

    by RylandDotNet ( 81067 ) on Saturday February 22, 2003 @11:08AM (#5360465) Homepage
    Microsoft has formed an academic Think Tank on Trustworthy Computing.

    In other words, Microsoft is paying a bunch of smart people to recommend doing whatever it is they were going to do anyway.

    Too bad their recommendations will never be something like "fix huge security holes in IE and Outlook."
    • The interview does read rather like canned marketing hype.. I think more on the order of "these smart people all recommend it, so you should buy whatever M$ comes up with as the solution."

  • by Trailer Trash ( 60756 ) on Saturday February 22, 2003 @11:10AM (#5360475) Homepage

    ...it will deliver a 'platform-based approach to persistent policy rights for Web content...

    I've been using the web since the first version of Mosaic and NCSA httpd years ago. The great thing about it has always been that anyone could examine the source of a web page to see how it was put together and learn from it. That may well be coming to an end.

    Apache still has huge market share, but I'm afraid that the ability to "control your content" may push people in Microsoft's direction unless we respond in kind.

    Michael

    • must be a terrorist! ... I find that humor helps me deal with such ironies.
  • RMS? (Score:2, Funny)

    Does anyone else think that Microsofts use of the expression RMS ["Rights Management Software"] is a none to subtle dig at Stallman?
  • W-RMS (Score:4, Funny)

    by Smallest ( 26153 ) on Saturday February 22, 2003 @11:43AM (#5360585)
    Now Windows has it's own version of RMS, too? What's next, W-ESR ?

    -c
  • Is it just me or is it great that WRMS, when pronounced, comes out "worms"
  • Sword with two edges (Score:5, Informative)

    by lildogie ( 54998 ) on Saturday February 22, 2003 @12:02PM (#5360656)
    The ability to give and take an individual's access to a document can be made to work against an entity like Monster Software, Inc.

    Companies like Monster Software deal in information. Presently, to have information is to control it. With "rights management," to have the key is to control the information. Companies like Monster Software are notorious for taking other peoples information (software, designs, protocols) as part of their "embrace/extend" and "embrace/destroy" strategy for world domination.

    While U.S. courts are able to force citizens to divulge secret keys (or face contempt of court), there's always situations where the key just gets lost. Say an OS crashes and trashes a disk. A backup program fails to restore files. Or backups weren't made to begin with. Or the chain of key-for-the-key-for-the-key-for-the-key breaks down, due to a failed business venture.

    All variations on a theme. The idea being that, with "rights management," information can be taken away. Bright minds should be thinking up ways to make the Sorcerer's Apprentice wish he hadn't written the spell in the first place.
    • Agreed, I'm really intrigued by the idea that even the creator of a document would be disallowed from viewing/modifying it....

      Perhaps there's a monkey wrench that could be thrown here....something like a "deny all" trojan which would cause all documents to be locked from all view....think of one month's work from a company being locked up....what would happen if this occured at MS?.....

      Of course, this wouldn't be data destruction or cracking in the old school sense, as it's all still there, just un-readable to all....
  • by Rojo^ ( 78973 ) on Saturday February 22, 2003 @12:06PM (#5360674) Homepage Journal
    How exactly is Digital Rights Management expected to work? Is the idea sort of a "this message will self destruct in five seconds" kind of deal? From DRM story to DRM story posted on Slashdot, I see the discussions range from privacy and data integrity to piracy or rights. The ability to cause sensitive data to disappear seems more like a technological tool that can be added to other tools for specific types of communication, not some imposition of our rights to download w4r3z on KaZaA or whatever. In fact, if I get sent an email that will self-destruct, what's keeping me from forwarding that message to a sendmail server with no such mechanism for message self-destruction, copying / pasting the message into a text document, or even screenshotting the contents? This comment isn't meant to flame or troll -- I simply want to know what I don't.
    • In this case, Digital Restrictions Management means that documents won't be available to other systems. If you get an email (or Word document), it'll either be encrypted and only usable on the computer it was sent to, or the software won't allow it to be transferred to an unverified system.

      Cut and paste can be disable for "secure" documents/emails. The window showing "secure" documents could just be excluded from screenshots. Considering that Microsoft controls the OS, office software, and has influence on hardware manufacturers, they can implement any level of "features".

      Without cracking open a secured computer, probably the only ways to bypass the security would be sniffing network packets (easily defeated) or using a camera to photograph the screen.
      • Cut and paste can be disable for "secure" documents/emails. The window showing "secure" documents could just be excluded from screenshots. Considering that Microsoft controls the OS, office software, and has influence on hardware manufacturers, they can implement any level of "features".

        Not if the OS is being run in a VM, on VMware, Plex86, or Bochs.

        Security by obscurity will always lose. (It'll put up a lot of battles on the way though!)

  • The entire industry needs to place a higher priority on building trustworthy systems, even though this means building systems that have fewer features and that take longer to deploy because of increased development times.

    So now we're supposed to waste our time fiddling our thumbs about broken trust and rights "management" crap? This is the same stunt MS pulled by claiming Windows met "Orange Book" (from the NSA Rainbow Series of books [dynamoo.com]) "security" standards. Of course, Access Control Lists don't do much if your OS is full of buffer overflows and similar exploits, and this is ignoring the issue that ACLs don't do much at all and don't do it very well anyway. This seems like an overly expensive way of distracting customers from the real security issues (ha! like that one-month code review jerk-off session really accomplished anything).

    I can see only two benefits coming from this. Likely the grants those professors are receiving from MS will trickle down to some poor, hungry grad students who actually deserve it. Also, if the quote above has any relevance to MS's own development plans (but I'm not holding my breath), maybe people forced to use MS software will have to suffer through less feature bloat and mandatory-upgrade new versions.

  • I thought I'd present angry Linux users with some new acronyms - gotta stay ahead of the MS marketing department...

    Reinstall Most Software
    Rape My Self
    Repeal Most Sense
    Rights Missing Soon
    Really Most Stupid
    Retarded Man Steve
    Rights My asS
    Repeat My Sales
    Relicense More Stuff
    Rent My Software

    All of these are freely useable, but only on one computer at a time.

  • by nurb432 ( 527695 ) on Saturday February 22, 2003 @12:55PM (#5360866) Homepage Journal
    As an evasion of the law, its not much different then paper shredding of documents that shows one guilt.. "paperless office"
  • Ulterior motive (Score:3, Insightful)

    by Hellkitten ( 574820 ) on Saturday February 22, 2003 @01:23PM (#5360990)

    Seeing how DRM has become a negative abbreviation they are trying to move away from it, but realizing that this could happen to whatever acronym they choose the have chosen one that hurts their opponents too

    If RMS became the tree letters people associate with taking control away from users and into the hands of the bic corportaions houw would that affect the credibility of free software champion RMS?

    • If RMS became the tree letters people associate with taking control away from users and into the hands of the bic corportaions houw would that affect the credibility of free software champion RMS?

      If Microsoft can sue Lindows for being one letter off, I'm sure RMS can sue Microsoft for being exactly the same.

      Of course, MS has $40 billion to keep appealing so RMS won't ever win.

  • Though I find it amusing that MS is pushing it as a sort of security option instead of as a privacy invading option. "Protect sensitive corporate documents?"

    From what? Have I been missing the "sensitive corporate document" section in Kazaa? Can I, without the aid of several illegal tools which I would never never never even THINK about using simply go and download sensitive corporate documents without their permission?

    Besides the way corporations have been going I'm not sure that anything that increases their document security is automatically a good idea. I know they're going to screw me, but I'd rather see it coming.
  • To switch to Linux
  • easy to do (Score:4, Interesting)

    by infonography ( 566403 ) on Saturday February 22, 2003 @02:17PM (#5361233) Homepage

    Here's a good one check out this about CORDS [loc.gov] [loc.gov]

    " The U.S. Copyright Office Electronic Registration Recordation and Deposit System is the Copyright Office's system for registering claims over the Internet. Through the Internet, copyrighted works become available throughout the world instantaneously. As copying these digital works becomes easier, copyright protection is imperative."

    Actually this could be cool, however following it to a illogical conclusion there are loopholes for massive abuse. A media file would have a locatable Digital signature that a filtering router could read. Check against a database for known bootlegs and you got your filter. (hmmm, run it on a linux box and finally get some RIAA/Evil use out of those longhaired geeks)

    If no Digital sig is found then implant one and forward the file and new sig so the RIAA can add it to the registry for later review. Cause it could be a new burn of the latest N'Sync song or that one about Fred Durst telling Britney Spears to drop dead. you could plot the movement of files from user/site to user/site and show who gave what to who and when. You end up with a nifty tracking scheme.

    This is a classic 'Man in the Middle' attack, one of those things the RIAA/MPAA wanted to do not so long ago.

    Opps, You would have a way to hit them back. Say your ISP, the UofWhereEver goes and alters a music file with a fingerprint then they are subverting your property. If the file is legally obtained say self-produced then the original artist (you) will have a very clear case for copyright infringement. They will have created and distributed a reproduction of your recording for 'Commercial Gain' (acting as an agent for a speculative RIAA lawsuit), which is 99.94%, exactly the same as your copyrighted material.

    So they have just violated Federal Copyright law by clandestinely adding a digital fingerprint. You can extract this new tag by doing a diff of the file against the orginal. Even a certain lackwitted judge in say Pennsylvania would be able to understand it then.

    yes this is a rerun

  • Operating systems perform basic tasks, such as recognizing input from the keyboard, sending output to the display screen, keeping track of files and directories on the disk, and controlling peripheral devices such as disk drives and printers.[webopedia.com]
    Nowhere in does this mention anything about deciding what programs/documents the user can and cannot open. An OS is desined to give functionality to a computer, not a tool to implement bureaucratic policies and legal restrictions (e.g. the Palladium and other DRM nightmares).

    Now, getting back to WRMS (for Stallman's sake I'll call it WRMS from now on). The difference between this and paper shredding is that you now get to keep the documents you're trying to hide. Think of how many Enrons and Arther Andersens still out there now have digital protection! Once again, Microsoft caters to big corporations that invest lots of money into the computer industry and want to see things their way. This does not help the rest of us, and if the Enron scam happens again because of this (and it will), then it will hurt our economy again.
    Enter Palladium, just another part of Microsoft's new restrictive practices. I think we should petition Intel against killing its own platform. We've gone very far from the 80's now, and I think if this does not stop it will only get worse. I'm no legal expert, but I see Palladium as a violation of the 4th amendment in the US constitution. Your PC is as much private to you as your house is. Criminals can break into computer just as well as a burglar can crawl through that open window in your back yard when you're not home. However, the police still can't get in without your permission or a warrant. DRM is, by design, used to find illegal material and warezed software then delete it or report it. How is this any different from search and seizure?

    Now for those of you who are worried are going to lose your freedoms, just remember who's really at fault here. It is the people who swap thousands of MP3's every day, download warez and illegal keys.. basically those too cheap to actually pay for your software and music. Granted, I don't think it's right for Microsoft to charge 200 bucks for an OS, but that's one of the reasons I'm using Linux. I still don't believe it's right what they're doing, but the blame should really be placed on most of the /. h4x0r w4nn4b3's who are adding fuel to the fire. If you're a corporation and you're really paranoid about your sensitive documents getting into the wrong hands, then maybe you should be more concerned about keeping your networks secure (one way would be by not using Microsoft products) and choosing your employees wisely.
  • ...about this naming scheme, aka "Rights Management Services".

    Regardless of all the digs at Richard M. Stallman, I must ask: since when does another person (or a virtual person in the form of a corporate body) have the right to dictate the framework that my own rights will operate within?

    Last time I checked, the only way to abrogate one's rights was to do so voluntarily, and with complete knowledge. Of courrse, this may apply within certain sub-contexts of the overall culture. (ie, work NDA's, etc.)

    FWIW, this is not new stuff, it's very reminiscient of the POSIX ACL's and the military's experiments with Multics (also did it in hardware and syscalls) during the '70's. Problem is, at least they started with systems that had some clue to begin with.

"The only way for a reporter to look at a politician is down." -- H.L. Mencken

Working...