When Peter Gutmann posted his analysis of Microsoft’s new operating system, Vista, late last year, he never expected his views to resonate around the world and hit the mainstream media big time.
But Gutmann’s timing was impeccable. His views are controversial and his criticism, contained in a paper called, Cost Analysis of Windows Vista Content Protection, are trenchant.
Gutmann has no regrets about picking a fight with Microsoft and isn’t backing down, although, with the benefit of hindsight, he concedes he’d do some things differently. Computerworld bailed him up for a chat.
Peter, how would you characterise the quality of Microsoft’s response so far?
A mix of technical content and PR spin. The latter is pretty much a given, since they’re doing things that are very hard to defend from a technical viewpoint.
Have you had any direct talks with Microsoft? Have they tried to PR you into submission?
I’ve talked to a few Microsoft people informally, but it’s more a case of running into someone at an event and that person mentioning they’ve seen the write-up.
There haven’t been any PR attempts or anything like that. It’s good to get a chance to talk to people, to get their point of view on things. Obviously, as a security person, I have various concerns about what they’re doing, but it’s good to get a chance to see everyone’s point of view.
You made a huge splash with your paper and subsequent addenda, what happens now?
Hopefully, it all blows over and I can get back to my normal work. It’ll be interesting to keep an eye out for the next few months, now that Vista has been released, to see how this stuff pans out in practice.
For example, there have already been complaints about a Vista component called the Media Foundation Protected Pipeline consuming huge amounts of CPU and memory, so it’ll be interesting to see what further details come to light on this.
This is a bit of a coup for Auckland University, how has it been received internally?
Would you do anything differently looking back on how the argument and coverage has played out?
If I’d known that it was of interest to a non-geek audience I’d have written it to be more accessible to the general public. It still shows its origins as a posting to a security mailing list in many places, although I’ve been trying to re-work bits as time allows.