It took three days for Microsoft to release a patch to its DRM after a hacker developed an application called FairUse4WM that strips the copy protection from Windows Media DRM 10 and 11 files.
Compare this with “Patch Tuesday” - the second Tuesday of every month, the day on which Microsoft releases security and other patches to all its software.
Wired News: Quickest Patch Ever by Bruce Schneier:
If you really want to see Microsoft scramble to patch a hole in its software, don’t look to vulnerabilities that impact countless Internet Explorer users or give intruders control of thousands of Windows machines. Just crack Redmond’s DRM.
[...]
Since 2003, Microsoft’s strategy to balance these costs and benefits has been to batch patches: instead of issuing them one at a time, it’s been issuing them all together on the second Tuesday of each month. This decreases Microsoft’s development costs and increases the reliability of its patches.
The user pays for this strategy by remaining open to known vulnerabilities for up to a month. On the other hand, users benefit from a predictable schedule: Microsoft can test all the patches that are going out at the same time, which means that patches are more reliable and users are able to install them faster with more confidence.
[...]
Why? Because it makes near-term financial sense to Microsoft. The company is not a public charity, and if the internet suffers, or if computers are compromised en masse, the economic impact on Microsoft is still minimal.
Microsoft is in the business of making money, and keeping users secure by patching its software is only incidental to that goal.
Now, this [developing an application that strips the copy protection] isn’t a “vulnerability” in the normal sense of the word: digital rights management is not a feature that users want. Being able to remove copy protection is a good thing for some users, and completely irrelevant for everyone else. No user is ever going to say: “Oh no. I can now play the music I bought for my PC on my Mac. I must install a patch so I can’t do that anymore.”
[...]
This clearly demonstrates that economics is a much more powerful motivator than security.
[...]
It should surprise no one that the system didn’t stay patched for long. FairUse4WM 1.2 gets around Microsoft’s patch, and also circumvents the copy protection in Windows Media DRM 9 and 11beta2 files.
[...]
Certainly much less time than it will take Microsoft and the recording industry to realize they’re playing a losing game, and that trying to make digital files uncopyable is like trying to make water not wet.
I am Prasad Sunkari,
co-founder of