Another MS DRM balls-up

[nihil]

M$ Windoze XP, Vista and Server 2003 ship with a nice little file called "secdrv.sys"

What is it for?.......... to provide DRM to certain games providers.

What does it do? ............ exposes your system to being owned, what else did you think given M$'s track record At that is even if you don't play the particular games it is intended to protect.

More here:

http://www.computerworld.com/action/...ce=rss_topic85

There isn't a patch for it yet.

[Nokia]

Dodgy thing to patch...balls that up and billions of folks won't be able to play safedisc protected games..imagine the headlines then....

Sounds like it's not directly MS's fault though.....more indirectly for not properly assessing the file before they included it.

[nihil]

Sounds like it's not directly MS's fault though.....more indirectly for not properly assessing the file before they included it.

I agree, it is a "sin of omission" rather than "commission" They bought in the technology.

I have to admit that when you do that, there is a very great temptation to rely on the QA and development methodologies of your supplier.

Another mitigating argument is that it has been out for 6 years (?) and has only just been discovered, so it can't have been that obvious.

[ildjarn]

I agree, it is a "sin of omission" rather than "commission" They bought in the technology.

I have to admit that when you do that, there is a very great temptation to rely on the QA and development methodologies of your supplier.

Another mitigating argument is that it has been out for 6 years (?) and has only just been discovered, so it can't have been that obvious.

Had it not been included, you would have hundreds of gamers complaning they couldnt play their games, in the end game publishers would ship the game with the driver, then we would be having this post just s/microsoft/EA.

The exploit takes advantage of the IOCTL, METHOD_NEITHER its a good place to start looking for exploits in device drivers, as there is no check on the validity of the address or buffer, the ddk, strongely recommends against using this method, and explains that there is no error checking, and also suggests the functions to help you with this, so macrovision ignored all this and did it anyway, the question still remains did windows have access to the macrovision code(as im sure safedisk technology is something they want to remain as secret as possible), im pretty sure the blame lies with macrovision here.

[oofki]

I noticed that a long time ago. I dont think it came with the original xp but with sp2, i THINK... Im not sure why they decided to incorporate it into the OS and include the safedisk driver since there are many games that deploy their protections as they install. Safe disk used to be the same...

[Ouroboros]

I couldn't be a next-gen gamer if I wanted to, considering my hardware...but hey...try a little http://www.gametap.com love, and be happy.

I will whip your ass in Street Fighter Alpha 3.

O

[nihil]

the question still remains did windows have access to the macrovision code(as im sure safedisk technology is something they want to remain as secret as possible), im pretty sure the blame lies with macrovision here.

The whole thing strikes me as rather strange. I would expect a game to ship with all the software necessary to play it.

Also, I don't see the benefit to Microsoft. By including this code they have accepted responsibility for something they did not own and did not develop.

[oofki]

Also, I don't see the benefit to Microsoft. By including this code they have accepted responsibility for something they did not own and did not develop.

My guess would be money, money, and money. They probably have a deal with them and get paid to include it..