Tuesday, November 15, 2005

More Sony DRM Fun

Not much play on this in the Mainstream Media, but, understandably, it's being covered extensively in the tech press. So what's up with that Sony rootkit? From here:
Like a virus, there is no meaningful uninstaller available. Now, some of the DRM protected CDs will indeed add an entry for SunnComm to the Add/Remove control panel.

When activated, it removes most of the files in the shared folder, but leaves the core copy protection module (sbcphid.sys) active and resident.

That means other programs (like iTunes) can't access other SunnComm protected CDs.But wait, there's more. MediaMax "phones home" without your consent every time you play the CD. When a CD is played, a request is sent to a SunnComm server that includes an ID along with the request that identifies the CD.
Oh geez, more (emphasis mine)...
Of course, the request by itself identifies the OS you are running as well as your IP address.

The request seems to be for SunnComm's "Perfect Placement" feature, which can insert ad content while viewing the CD.

So, Windows users have to deal with a triple threat. Without user consent, the DRM installs software on the target computer, provides no way to uninstall its core, and lets SunnComm know every time the CD is played.
Ahh, but here's the icing on the cake (again, my emphasis)...
Someone in the Netherlands did a decompile on the XCP rootkit that has gotten most of the attention lately. It seems that parts of the rootkit use the LAME mp3 encoder, which is licensed under the Lesser GPL. That means by delivering only an executable (the rootkit) without source or crediting, XCP violates the GPL Violating the GPL puts Sony at massive legal risk for—wait for it—copyright infringement.

Sony BMG will have a big job ahead of it as it tries to replace all copies of controversial copy protection software, according to a computer security expert, who says that he has evidence there are more than 500,000 versions of the program installed worldwide.

No comments: