Wednesday, November 02, 2005

Sony, Rootkits and Digital Rights Management Gone Too Far

Mark's Sysinternals Blog (blargticle)

Long story short: This guy is testing a program that looks for hidden malware. He finds some on his computer, thinking it’s an error because he is very careful about what he does with the computer, he does some searching about what the malware is, and where he got it. It turns out that the malware is from a copy-protected Sony CD, which, under the banner of DRM, was installed onto his computer. He notices that the license agreement with the CD never says that anything like this would be installed, and what is worse is that the program checks on the media 8 times every second, thus using up about 2% of his processing power, *even when he does not have the CD in the drive*. He gets very frustrated that a music CD installed malware on his computer, without his consent and that it uses a fairly large chunk of resources even when it is not needed. He gets further frustrated that there is no way to delete the program included on the CD. So he uses the original malware detection program to delete the program (he couldn't even get around to it from the SafeMode because Sony has it boot even then (!!!)). But all is not well after the deletion of the program, Sony wrote the program so that if you delete the DRM program off your computer you lose the ability to use your CD drive. (Pause for a second, and think about that one... Sony installed a program on your machine without your consent and then if you delete it you can't use ANY CD in your computer.) Luckily this guy is very computer savvy and was able to restore the CD drive functionality, but it is not something that the normal person would be able to do.
He concludes:

The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files.


In short copy-protection has *already* gone too far, not just in theory but in reality now. My advice to you is to not buy copy protected CDs, at all. And if you must **DO NOT** run them on your computer.

It's a $10 music CD... jeez, and lawmakers let these guys tell them what to do about the movie/music industry... I'm doubt Sony is looking out for me... or even the artist.

No comments: