Microsoft's Conflation of DRM/Security Patching is Serious

Microsoft rapidly pushed out, via Windows LiveUpdate, a patch to invalidate the FairUse4WM application, which strips the Digital Rights Management (anti-copying) mechanism of Windows Media Player. Most comments on this have spoken of the apparently greater zeal applied to DRM than to security, but the incident is far more infuriating than that.

Patching is an invariably risky technique. It introduces the possibility of defects, either functional or security related. It's a big deal to delegate the responsibility of deciding which patches and when to apply to your OS; the vulnerability of Internet-connected machines running Windows is so great, though, that LiveUpdate is acceptable. The implicit contract is "I will allow you to change my machine, introducing the possibility of sudden loss of capability or introduction of new defects, in order that you may reduce its security exposure." Period. I want patches for all those completely avoidable buffer overflows that somehow you still have and introduce.

To the extent that Microsoft uses live updates to perform non-security-related tasks, they seriously reduce the quality of the tradeoff.