Bruno Kerouanton

I was looking around some forums and went into a really interesting topic about Microsoft Vista’s licensing scheme.

As some may already know, Microsoft plans to sell its new operating system Vista at least as three different versions : Home Basic, Home Premium and Ultimate. One of the problems is that it seems even if you pay full price for a Vista License, Microsoft won’t allow you to transfer it from one computer to another one more than once, even after an uninstallation on the former computer.

As far as I am concerned, that doesn’t hurt me too much except if I have frequent hardware reconfigurations or failures that could invalidate the license on my PCs… But there is a point that worries me much more : Virtualization…

For Windows Vista Home Basic and Home Premium, the language contained in the license is as follows:

You may not use the software installed on the licensed device within a virtual (or otherwise emulated) hardware system.

While for Windows Vista Ultimate is reads as:

You may use the software installed on the licensed device within a virtual (or otherwise emulated) hardware system on the licensed device. If you do so, you may not play or access content or use applications protected by any Microsoft digital, information or enterprise rights management technology or other Microsoft rights management services or use BitLocker. We advise against playing or accessing content or using applications protected by other digital, information or enterprise rights management technology or other rights management services or using full volume disk drive encryption.

Yes, you have read correctly. Microsoft only allows Vista Premium users to run it on VirtualPC, VMware, Parallels or any other virtualization software, but at the sole condition encryption and DRM mechanisms aren’t used. How strange !

The full articles I found about this are here, here and here.

I guess that they fear people trying to make use of such virtualized environments in order to reverse-engineer those encryption and DRM parts… In the future, however, I’m quite sure that some kind of viruses and malware will be developed by malicious users especially to take advantage of this situation… We’ll see.

There has been some interesting discussion about this on the IDA Forum. Let me quote an author :

”From reading between the lines of the Vista ULA I think they changed the verbiage to appease the RIAA because the underlying VM host drivers would be akin to the HDTV analog hole that the MPAA has been trying to do something about. MS would not be able to say that their DRM is effective against this kind of recording mechanism if they may not even be able to detect that it is happening, and if they could detect it, the malicious software removal tool simply could not remove it. They don’t want anything on your machine that they can not control. If they can’t beat ‘the technology’ into submission then they just pass a law or write a ULA to make it illegal. Maybe I’ just dense, but wasn’t sharing copyrighted media already illegal?

When will they learn that DRM as a technology is generally infeasible, and it only takes one disgruntled hacker somewhere in Siberia (no offense implied to that locality) to publish their extracted media file to the entire world? I just hope MS will learn that excluding VM’s is going to severely affect their own OS’s security by disallowing an important tool set often used for security research! Now it seems that only the dishonest people will have the use of VM’s for rootkitting Vista hosts rather than the researchers that are trying to protect those very same systems. And I was just beginning to believe that a built in ROM VM monitor would be possible alternative for preventing the installation of such VM rootkits, but now this scheme would be all but impossible under the current Vista ULA unless you are running the Vista Ultimate release and don’t mind not being able to listen to the music you legally own.

”

We’ll see what happens when more and more people will start to use Vista…

RESUME

Microsoft a une nouvelle politique de licence avec son système Vista. En gros, il est interdit de faire tourner Vista en environnement virtuel sauf dans le cas de Vista Ultimate. Dans ce dernier cas, il est alors interdit d’utiliser le mécanisme de chiffrement BitLocker ou les fonctions DRM… Intéressant, non ?