Auckland University security researcher Peter Gutmann is being challenged to substantiate his accusations that content-protection technology in Microsoft’s Vista operating system reduces system performance.
Two ZDNet bloggers, Ed Bott and George Ou, attacked Gutmann after he reiterated his accusations in the United States this month, with Ou saying bluntly that “Gutmann’s theories are unsubstantiated and they’re all wrong”.
Ou concludes: “Peter Gutmann if you’re reading this, have you even bothered to do any research before you make your claims? As for the media that keeps citing Peter Gutmann, have you guys checked the validity of Gutmann’s claims? I have thoroughly debunked Peter Gutmann’s claims and it’s time we put this nonsense to sleep.”
The brouhaha has pushed Gutmann back into the media spotlight, with UK Guardian newspaper technology blogger Jack Schofield commenting that last year, when Gutmann made his initial accusations, Vista was a bit of an unknown, “but today it’s the world’s second most-used operating system, after Windows XP. It must have reached New Zealand.
“[It] Seems to me that Peter Gutmann should step up to the challenge, and either do the research needed to substantiate his claims or withdraw his paper. [It] seems to me that doing neither reduces his credibility to zero. Sorry.”
Gutmann revisited his thesis — that content-protection features in Windows Vista are preventing customers from playing high-quality video and audio, and harming system performance, even as Microsoft neglects security programs that could protect users — at the USENIX Security Symposium in Boston earlier this month.
“If there was any threat-modelling at all, it was really badly done,” Gutmann said, while giving a talk on Vista content protection. “Once the enemy is the user and not the attacker, standard security thinking falls apart.”
In a posting on his website, Gutmann responded to Ou, accusing him of ignoring his argument.
“He decided (without ever hearing my talk or seeing my slides) that what I’d said in the slides was wrong. Quite a remarkable feat really, since he’s never actually seen them.
“I offered to send him my slides, with all the information in them, as soon as I got back into the country, but he went ahead and posted his preconceived conclusions anyway, still without ever actually having seen the slides he’s commenting on.”
Gutmann says Ou has tried since to get hold of a copy of the slides — “from other people, in order to find out what it is he’s been attacking for the last week or so”. (Update: Ou responds and denies this claim)
The security researcher then lays down a challenge of his own: “George Ou, if you’re reading this, it’s obvious that you’ve done no research whatsoever before you made your claims, since by your own admission you’ve never seen the slides you’re commenting on. Is inventing content and attributing it to others in order to criticise it the standard of journalism applied at ZDNet?”
Gutmann argues that Vista requires premium content, like high-definition movies, to be degraded in quality when sent to high-quality outputs, so users are seeing status codes that say “graphics OPM resolution too high.” Gutmann calls this “probably the most bizarre status code ever”.
While Microsoft’s intent is to protect commercial content, home movies are increasingly being shot in high definition, Gutmann says. Many users are finding they can’t play any content if it’s considered “premium”.
“This is not commercial HD content being blocked, this is users’ own content,” Gutmann says. “The more premium content you have, the more output is disabled.”
Gutmann, who wore a white T-shirt marked with a Windows Vista logo during his US presentation, as he did at a Computerworld New Zealand security briefing in May, first issued his criticisms late last year, with a paper titled, “A Cost Analysis of Windows Vista Content Protection”. Gutmann’s paper famously called Vista’s content protection rules “the longest suicide note in history.”
— Additional reporting by Jon Brodkin