Windows 7 DRM begins to surface

Windows 7 allows application developers to write DRM that bypasses your firewall, refuses to let you modify or disable DLLs, and to block you from mixing your audio inputs (to prevent you from recapturing DRM'ed music, presumably).
That Photoshop stopped functioning after we messed with one of its nag DLLs was not so much a surprise, but what was a surprise: Noting that Win7 allows programs like Photoshop to insert themselves stealthily into your firewall exception list. Further, that the OS allows large software vendors to penetrate your machine. Even further, that that permission is responsible for disabling of a program based on a modified DLL. And then finding that the OS even after reboot has locked you out of your own Local Settings folder; has denied you permission to move or delete the modified DLL; and refuses to allow the replacement of the Local Settings folder after it is unlocked with Unlocker to move it to the Desktop for examination (where it also denies you entry to your own folder). Setting permissions to 'allow everyone' was disabled!

Re – media: Under XP you could select 'Stereo Mix' or similar under audio recording inputs and nicely capture any program then playing. No longer

Draconian DRM Revealed In Windows 7

Update: Lots of chewy debate in the Slashdot thread, including more details -- some of these DRM issues were present in Vista, others haven't been replicated on other systems. Of course, users who worry about the lock-ins imposed by proprietary software are trapped into this kind of Kremlinology about the code, arguing about what the developers intended, what was a bug, and what was their imagination -- without the source code, we're reduced to playing blind-man-and-the-elephant when it comes to assessing our tools.



  1. Oh, I like that – so programs can decide on their own whether to sneakily avoid the firewall?

    That’s not a firewall, it’s a sieve masquerading as one, to lure the unwary. ;-/

  2. Noting that Win7 allows programs like Photoshop to insert themselves stealthily into your firewall exception list.

    Malware writers must love this feature.

  3. people still use windows?
    im telling you, open source is the way to go. at least then you know whats running on YOUR system.

  4. I really despise finding myself defending Microsoft, but I’m surprised to see this on the BB, having read the /. thread earlier and seeeing some folks call foul on this hyperbole fairly convincingly (one person even canceled their subscription!). They point out that these issues may not point to deliberate MS evilness, since

    1.)it’s one user’s (not yet duplicated, AFAIK) reported experience, with no screenshots or other supporting evidence

    2.)a pirate .dll breaking CS4 is not really surprising,

    3.) since Vista there has been no Local Settings folder (it’s apparently moved to AppData\Local),

    4.) programs have always been able to insert themselves in Windows firewall,

    5.) the sound issue could be related to soundcard and not OS, or OS issues with the soundcard, and

    6.)you CAN access any folder, you just have to know how to give yourself permission.

    Oh man… ick. I feel gross now. I’m going to go shower.

  5. Please, read the damn comments. His methodology is shaky at best and ignorant at worst, and he provides zero evidence to back up his claims (Screenshots? The DLL he decided to change?)

    In short: don’t be surprised when you mess around with executable code and it breaks, make sure you’re actually looking in the right place when you’re setting permissions, and don’t be surprised when a sound card without an updated driver doesn’t have full functionality.

  6. This article totally validates all of my assumptions. I once deleted some DLLs that a piece of software needed to function and sure enough it reported an error in Windows.

    I also tried to pirate some music from an old 8-track player by plugging it in to my audio in and mixing it to MP3 – and sure enough it sounded really bad.

    Then, with my total lack of understanding of the new folder structure of Microsoft’s new operating system got really frustrated when I tried to open a protected folder from the OS and it gave me an Access Denied of all things!

    In short, this article is troll bait and B.S. I get it ok, bashing on Microsoft’s new OS drives website hits and somehow provides some gratification by watching the hit counter go up – but posting what ultimately is just misinformation to do so just means that I can not longer give any credibility to Slashdot or Boing Boing…

    You guys now officially suck in my book. I’ve trolled Boing Boing for a long time, but this little article actually motivated me to create and account and let you know just how bad you suck.

  7. BoingBoing – please be advised that kdawson stories on slashdot are to be avoided. He is the absolute worst of their editors and thinks nothing of posting wildly inaccurate stories. I personally think he does it just to watch people freak out.

    Not journalism. Garbage.

  8. Once again, another shining example of why web journalism will never be taken seriously.

    Stick to stories about how shiny and neat Tokyo is, or the sensual allure of steampunk…

  9. Dammit, I wanted to like this one, too. It was going to have a home on my bootcamp partition. Shit, I might even have paid for it.

    That’s disgraceful though…that’s ceding ownership of your computer to someone else. Doesn’t look like I’ll be leaving OSX in the next while then. Such a pity.

  10. Sigh. It was bad enough seeing this execrable article on /., but now BoingBoing has picked up on it as well?

    @without the source code, we’re reduced to playing blind-man-and-the-elephant when it comes to assessing our tools.

    More importantly, without a decent steps-to-repro we’re left guessing about the intentions of the /. story poster. What, not even screenshots?

    If this was a bug report it would be on the REJECT WONTFIX list before you could say bugtriage. As it stands it might be the worst story on /., evar.

  11. I find that a bit ridiculous. Several major music companies out there are doing away with DRM, while at the same time Microsoft is making it Stronger?

  12. The whole ‘Stereo Mix’ thing on Vista (x64) – I ran into that last night. Tried to use audacity to record some Flash audio, and despite going to the speaker in the system tray, right-clicking, choosing Recording Devices, and right-clicking in the middle of that box to choose ‘Show disabled’, nothing showed up.

    Solution: Replace the Microsoft driver for my Realtek card with the Realtek Azalia drivers. No reboot required, went to recording devices, ‘Stereo Mix’ was available, enabled the device. Presto, recording worked.

  13. As I posted on Slashdot, the bit about not being able to access the Local Settings folder (or AppData/Local in this case) is wrong. Many sensitive folders by default are owned by Trusted Installer to prevent you from breaking things, but you can change them by giving yourself ownership:

    Open a Windows Explorer window, navigate to the directory, right click on the it, select Properties, go to the Security tab, and click the Advanced button.

    Click Edit, select “Administrators” from the list of potential owners, click the Replace owner on subcontainer and objects checkbox, then click the OK button.

    After a couple minutes you’ll be presented with a window informing you that you need to close all property dialogs for the ownership changes to be visible. Follow this advice by clicking the OK button in the File Properties window and you should now be back at the Windows Explorer window you originally opened.

    Right Click on the directory and select Properties again. Go to the Security tab, and click the Advanced button again.

    Click the Add.. button in the Permissions tab, type in Administrators as the name (ensure your Local Computer domain is selected), and select Full control from the list of available permissions. Click OK out of the Permission Entry dialog, select Replace all existing inheritable permissions on all descendants… then click OK from the Advanced dialog.

    After a couple minutes you should once again be back at the File Properties dialog. Feel free to click OK and close Windows Explorer.

  14. ^I will add that there may be a “LocalSettings” folder, but it is actually a hard link to AppData/Local, not a real folder, which is why you can’t take control of it (since it doesn’t really exist). You can take control of the target folder, however, which actually contains your files.

  15. A lot of apps already own your firewall thanks to the magic of uPnP.

    “Come on, open up the door, I’m already inside, so I must be trustworthy, right?”

  16. Whether the /. story and its conclusions about W7 are right or not, the many comments basically saying “No, that’s not broken, you just perform this arcane series of clicks through 5 menus, then click the “advanced” button to find a way to turn that off” is kinda ridiculous. It shouldn’t be that hard. Basic things are made obscure (or “advanced”), and the system is not optimized for your use.

    Plain truth: Windows has been bloated for a long time, and it just gets more so with every release.

    Unfortunately, many of us have to use it as a result of jobs and narrow thinking elsewhere. I’m one of those people. I’m thinking of buying a couple newish laptops now with XP on them to use when my current unit fails, as I don’t want to continue the cycle forward.

    Were I using open source OS, a) I wouldn’t assume my current unit has a short life expectancy, and b) I wouldn’t need to read articles about this. Sigh….

  17. @20, my experience with Fedora, Ubuntu and OSX are comparable – they shouldn’t be that hard. Basic things are made obscure (or “advanced”), and the system is not optimized for your use. I guess it depends on what you mean by ‘basic’ :)

    The basic point here is that, yes, DRM and other OS Evils are bad, mm’kay, but you need to be precise in your reporting of their evils. I could download a broken mp3 of my favorite song, have it not play or sound wonky in some media player, and scream OMG DRM IS RUINING MY LIFE and probably get 100 people to believe me, but that does no service whatsoever to the people who are actively trying to defeat the DRM scourge with truthful reporting of it’s effects.

    Again, I look forward to the day slashdot shows kdawson the door. That guy is a real piece of work.

  18. @BIFFPOW: “No, that’s not broken, you just perform this arcane series of clicks through 5 menus, then click the “advanced” button to find a way to turn that off” is kinda ridiculous. It shouldn’t be that hard. Basic things are made obscure (or “advanced”), and the system is not optimized for your use.

    Replacing critical system DLLs and modifying permissions on folders that can break windows SHOULD be hard — those are not “basic things”. Furthermore, taking control of a folder that contains hard links can cause you to majorly mess up your system. These things SHOULD be hard.

    One example of these issues is the WinSXS directory. An advanced-casual user might notice that this directory is taking up several gigabytes on his hard drive and attempt to more or delete it. However, this folder isn’t actually several gigabytes in size — its subfolders contain hard links to other directories and Windows Explorer counts those directories in the file size. If a user does go to all the trouble of modifying this directory or moving it to another disk, they will find that their installed programs don’t work and they didn’t actually save any space on their hard drive. Making it obscure to take control is probably the right move here.

  19. It’s not surprising that Boingboing is crying wolf over DRM and/or Microsoft again. I’m glad that over on /. people are holding each others’ feet to the fire over their claims.

  20. #22: Zan

    I could not agree more. I’d like to see what biffpow is doing that makes taking manual control of his entire operating system seem simple in comparison.

    With respect, if you’re that jaded about the importance and seriousness of protecting critical files from novice users then perhaps is too mainstream for you.

  21. Coming up next:

    -Redefinition of netbooks to have minimum of 4 gigs of ram and at least two cores running at 2 GHz.

    – Dock is dropped. Long live the Taskbar.

    – Windows 7 Crippled Depression Edition for newly poor countries.

    – PC is Windows 7 capable if the installation dvd fits into the dvd drive (alternatively, if the PC has no drive, PC is Windows 7 capable if can support the weight if the installation dvd).

    – Drivers? You better buy new stuff.

  22. I don’t know if anyone else pointed this out or not as I’m too lazy to read through the comments but software companies been able to add rules to the windows firewall since Windows XP SP2 because Microsoft released the API to those big software companies such Adobe, McAfee, and Norton. And I’m running Windows 7 beta at home and have not ran into any of the issues that the original slashdoter said, maybe his system just isn’t up to par or he just fails big time.

  23. As a big open-source fan, comments like Ultan’s piss me off. Is debunking false claims “fanatical” now? How can we credibly complain of Microsoft’s genuine lies if we’re just as willing to lie about them?

  24. Neko-san, yes! And now that commercial router/firewall boxes from companies like linksys, netgear, etc. have upnp turned on by default, the end result is inevitable… zero-day delivered via email, and instead of one machine being compromised the entire subnet is opened up by upnp.

    The combination router/AP my ISP provided had upnp turned on out of the box. I turned it off.

  25. I feel compelled to point out that no matter what the content of the post is, or what “proof” for and against said content may be…


    It is not a released OS yet, so there is plenty of time for bugs like this to be fixed. Anyone who bases an opinion on whether or not to purchase the new system is making their decision on data that is not based on the final product. Beta versions are supposed to have errors, THAT’S WHY THEY’RE IN BETA.

  26. Despise Micro$oft? Why bother they’re just doing anything they can to make money. They do it well. and it will continue to be this way until people standup. If we want change, “despising” Micro$oft does nothing. Even the lawsuits against M$ are a joke. What needs to happen? Copyright needs to return to 7 years PERIOD. this is what it originally was. Back when books were printed and took years to propagate.. now its what 100 years?
    It needs to be a crime, a REAL crime, for a company to conspire to undermine your systems security. PERIOD Not a fine, not a class action suite Corporate liability shield doesn’t shield against Criminal activity. So Sony’s Bungled attempt to Rootkit every one… everyone involved from CEO to tech that knew is a criminal PERIOD and should be in prison no different than Kevin Mitnik. If they Really want to control their media.. they don’t have to sell it.
    They compare piracy to theft of a CD – shoplifting… thats 100$ fine. and umm if digital IP is comparable to real property do i have to Pay Ford to if i paint my car? Change a tire? rebuild or sell it? use it for commercial or personal use? if my wife drives my car do i have to pay Ford again for a second car? Do i have to pay to make a custom engine for my Mustang? Of course not. This scam called licensing need to be held invalid! Its politicians that have sold out and its politicians that need to be slammed on this.

  27. @ZAN “Replacing critical system DLLs and modifying permissions on folders that can break windows SHOULD be hard — those are not “basic things”. Furthermore, taking control of a folder that contains hard links can cause you to majorly mess up your system. These things SHOULD be hard.”

    I guess you would not be upset if you needed a special key and a call to your car manufacturer to obtain permission to open the hood.

  28. After NSA offered Microsoft technical help to fight vulnerabilities in the OS (, not only Windows 7 left a wide open doors in your networked machines for all kinds of regulatory bodies, the XP updates introduce the same element into your systems, as well.

    Want to use your old applications safely? – Disconnect from the Internet, install an old fresh copy of the XP and use a separate computer for browsing. There are few ways to connect the two together: one being to use a KVM switch.

Comments are closed.