Wednesday, November 02, 2005

Sony's DRM--not much different from criminal hacking

Mark Russinovich at Sysinternals.com, a security professional who is careful about what software he installs on his computer, found a rootkit on his Windows machine. A rootkit is a set of applications designed to hide malicious activity from the owner or administrator of a machine. He found a hidden directory, several hidden device drivers, and a hidden application.

After further investigation, he found that the software installed on his machine without his consent or authorization included files identified via Sigcheck as part of "Essential System Tools" from a company called First 4 Internet. Google revealed that First 4 Internet has implemented Digital Rights Management for several record companies, including Sony. It turned out that a recent CD he had purchased, "Get Right with The Man" by the Van Zant brothers, contained Sony's DRM.

Additional experimentation shows that the software is poorly written, and creates a load on the system by scanning the executable files associated with every running process every two seconds, and querying file information including size eight times per scan.

The End User License Agreement (EULA) gives no indication that this software will be installed to your machine, and provides no mechanism for removing it. (They have apparently since modified the EULA in response to Russinovich's analysis.) Russinovich took the trouble to take the steps necessary to remove the software (and return his computer to a functional condition), but as his analysis points out, this would be very difficult for an inexperienced user. A typical responsible computer user who saw the rootkit files and simply deleted them would cripple their computer.

This software appears to me no different from spyware, which was made illegal in the U.S. under the SPY ACT (Securely Protect Yourself Against Cyber Trespass), and also appears (as a commenters on Russinovich's blog note) to violate California state law, UK law, and Australian law. Arizona's anti-spyware law doesn't seem to apply.

Russinovich's detailed step-by-step analysis may be found here.

Don't purchase CDs with such irresponsible and sleazy DRM software.

3 comments:

Jesse said...

I had no idea they had such wonky DRM audio CD's these days. The RIAA and MPAA et al are pushing things too far.

I am glad the vast majority of the music I enjoy falls outside of there grasp

Udge said...

Don't purchase CDs with such irresponsible and sleazy DRM software.

Gladly, just tell me how. I don't think that the CD was labelled "May contain DRM software", nor do I believe that only Sony has or will implement DRM. Do we the consumers need a labelling law to defend us?

p.s. found you via Accordion Man via Postmodern Sass.

Lippard said...

Udge:

This particular CD (Van Zant, "Get Right with the Man") is identified at Amazon.com as "CONTENT/COPY PROTECTED CD".

I'm not sure what indications are given on the packaging.