I was going to write about my latest adventures in Guild Wars, but, I decided to tackle something far differnt.
Recently, large entertainment buisnesses (mostly music, such as Time Warner, BMG, Sony, etc.) has decided to include DRM to restrict your rights when using thier music. Digital Rights Management was touted as a consumer-demanded "feature," but it simply isn't. With the advent of computers with CD burners and P2P on high-speed internet, the old corporations became scared that they would loose control over the distribution system they have become dependant on. So, DRM is belived to be thier saving grace, where digital content will be restricted to how they want it used, not how you want it used.
Most of the DRM of yore was pathetic. Usually it was some program that would autorun on a Windows machine to disable the CD drive from reading the audio portion of the disc correctly or by confusing the drive to cause the computer to crash. Lots of these attempts even prevented the discs from being played on normal stand-alone CD players. The consumers weren't happy, and they showed it with large amounts of these CDs being returned. Retailers had to foot the bill, leaving them quite mad as well.
Now Sony takes it up one notch. With some recent music, such as Switchfoot's "Nothing is Sound" album they released the worst possible DRM they could come up with. (For an entire listing of DRM protected Sony CD's from Amazon to avoid, check
here. ) Sony's DRM autoruns a program on Windows asking you to install a specifically built CD-player. The installer presents a standard EULA (End User Liscense Agreement that is presented with almost all software during installation) where there is no mention of the DRM Sony will be installing nor the way the DRM works. But here is what Sony doesn't want you to know.
The DRM installs what is called a rootkit (rootkits are generally an essential part of any good trojan). Essentially, it really screws with Windows to hide itself and all the files it wants to from Windows. Specifically, any file, program, process, or folder starting with "$sys$" are hidden from Windows, and thus from you. The DRM uses this cloaking rootkit to hide the true DRM, a new CD-ROM driver. The new driver has a special function to scramble the data when a ripping program attempts to rip tracks from not just Sony's CDs, but all CDs. It also goes so far to disable CD burners from creating audio discs. It will aslo contact Sony each time you play thier CD to download advertisements to your computer. All in the name of corporate greed.
The cd-burner and ripping isn't new, and has been done before. But what is new and what is getting everyone very mad is the rootkit. Here are a few things that can be done with the rootkit:
- World of Warcraft hackers are using the rootkit to hide thier cheating program from Blizzard's anti-cheating program called Warden. Rename the program with the "$sys$" in front of it and it becomes completely hidden.
- Any virus, worm, trojan, spyware, adware, and malware can use this rootkit to hide itself from the user and any virus/spyware scanner.
- Sony can seemlessly install even more restrictive DRM, such as blocking a new program the old version didn't, without the user's knowledge or consent.
The exterior of the CD you buy doesn't mention the wonderful rootkit. It never mentions how it would affect your ability to listen to, burn, or rip other CDs. Sony attempts to hide behind a shrinkwrap EULA. What are they? "By opening this product, you agree to all the terms within." The problem is you have no way to know what the terms are without opening it, and if you don't agree with it you are instructed to return the product to the place of purchase, which, for the most part, won't return opened CD's or computer games since they could have been copied. The really bad part is the EULA inside doesn't mention the above DRM protection methods at all, including the phoning-home part.
Only after the DRM was dragged into the light did Sony offer a uninstaller, which at first required you to email two seperate people and wait for a response from them to get a link to go get the uninstaller. They're obviously trying to frustrate the casual user to keep thier rootkit on your computer. Better yet, the uninstaller doesn't uninstall the DRM, but mearly removes the cloaking feature of the rootkit. In fact, the uninstaller UPGRADES the DRM to a newer version!
And yet, after all of this, Sony still calls thier DRM impliementation "not a security risk."
Maybe after newer versions with deeper imbeded rootkits that also disable P2P software people will realize what all the rage was about.
PS: This was reposted, after the comments were spamed. It was only once, but enough to tick me off, enable post moderation, and repost this post to purge the comments.