Friday, December 02, 2005

But Wait, There's More!

Just when I thought that my level of pissed-offedness with the whole Sony thing had reached its apex, they have done it again:
In an earlier post I described how MediaMax, a CD DRM system used by Sony-BMG and other record labels, behaves like spyware. (MediaMax is not the same as XCP, the technology that Sony-BMG has recalled; Sony-BMG is still shipping MediaMax discs.) MediaMax phones home whenever you play a protected CD, automatically installs over 12 MB of software before even displaying an End User License Agreement, and fails to include an uninstaller.

Part of the software that MediaMax installs is a driver meant to interfere with ripping and copying from protected discs. I had believed that MediaMax didn’t permanently activate this driver—set it to run whenever the computer starts—unless the user accepted the license agreement. As it turns out, this belief was wrong, and things are even worse that I had thought.

In the comments to our last MediaMax story, reader free980211 pointed out that the driver sometimes becomes permanently activated if the same protected CD is used more than once, even if the user never agrees to the EULA. This wasn’t apparent from my earlier tests because they were conducted under tightly controlled conditions, with each trial beginning from a fresh Windows installation and involving only carefully scripted operations. I’ve performed further tests and can now confirm that MediaMax is permanently activated in several common situations in spite of explicitly withheld consent.
(emphasis mine). I'm no expert on IP law, but "[t]his is trespass, plain and simple. No software should ever install itself on a user’s computer without some notification to the user and opportunity to decline." Honestly, in my mind, this is even worse than the other one. At least with the rootkit, you had agreed to a EULA, and were on notice that something was being installed on your computer. This one doesn't even give you that chance, and:
This may be an annoyance to music fans—unless you disable the driver, you’ll have a hard time playing any MediaMax-protected titles, let alone copying them to your iPod—but it’s also a security risk, since the driver is loaded as part of the Windows kernel and has the ability to control virtually any aspect of the computer’s operation. We don’t know whether the MediaMax driver contains any vulnerability that can be exploited to do further damage, but the way it is installed creates a dangerous precedent.


(emphasis mine, again). So after unknowingly installing something which 'phones home', there's also a sign post to hackers that says "In here fellas!" Not to get tinfoil-hatty, but this is starting to seem a little Big Brotherish...

2 comments:

Jake said...

awesome. Thanks, Sony.

Frankie said...

It's times like these when I am happy I have a Crapintosh.

Tin foil hatty - love it.