More on Sony rootkit/spyware

[Dave Farber <dave () farber net>]

-------- Original Message --------
Subject:        More on Sony rootkit/spyware
Date:   Sat, 26 Nov 2005 20:06:48 -0800
From:   David Josephson <dlj04 () josephson com>
To:     dave () farber net
References:     <4384E010.60906 () farber net>



Dave,

For IP if you want. It seems that the Sony "DRM" package is primarily 
not for copyright protection but for tracking consumer listening habits.

http://weblog.infoworld.com/foster/2005/11/22.html

===

You're probably getting tired of hearing about Sony BMG's rootkit DRM,
but one central mystery about it remains to be solved. What was Sony's
real motive for what many consider behavior that is awfully close to a
criminal act? To answer that question I think we're going to need to
borrow a page from the criminal profilers by tracking the company's
behavior. Fortunately, we have more than one crime scene to help us with
our profile, because it so happens that Sony has been employing more
than one form of spywarish DRM in recent months.

Even after finally confessing, under considerable duress, that the
rootkit was probably a mistake, Sony officials have stuck to the story
that their use of First4Internet's XCP DRM was intended only to protect
their CDs from music pirates. But that alibi doesn't really wash, since
the XCP copy protection only punishes legitimate customers while doing
nothing to stop file sharers. What's more, this is a pattern of behavior
we saw before with Sony when readers were complaining back in July about
another form of DRM it was using on music CDs from SunnComm, Inc.

What clues can we pick up by comparing the different DRM approaches Sony
has employed on its CDs in recent months? Fortunately, on the subject of
SunnComm's MediaMax DRM, we have the equivalent of a forensic
anthropologist who can serve as an expert witness here. Princeton
University computer scientist J. Alex Halderman is the researcher who
SunnComm threatened with charges of violating the DMCA's
anti-circumvention provisions a few years ago when he revealed how their
technology could be thwarted by holding down the shift key. The rootkit
brouhaha prompted Halderman to take a look at how the MediaMax DRM is
implemented on recent Sony CDs (all apparently on different titles than
the CDs that have the XCP rootkit), and his published findings are quite
intriguing.

While Halderman found no evidence of SunnComm's MediaMax using a
rootkit, some of the things he did discover provide considerable grist
for our behavioral profile of Sony. For one thing, before users can even
say yes or no to accepting the Sony EULA, MediaMax has already installed
a dozen files on their hard drive and started running the copy
protection code. The files remain even if the user rejects the EULA, and
the Sony CDs provide no option for uninstalling the files at a later
date.

Most interesting of all though is what Halderman discovered concerning
the spyware attributes of the Sony CDs equipped with MediaMax. As with
the XCP rootkit, MediaMax also "phones home" every time you play a
protected CD with a code identifying what music you're listening to. And
in the SunnComm server's response to these transmissions Halderman also
uncovered a very important clue to what Sony's really up to: a URL
including the term "perfectplacement." A MediaMax developer's webpage
describes Perfect Placement to potential clients like Sony as an
e-commerce revenue generation "feature of dynamic on-line and off-line
banner ads. Generate revenue or added value through the placement of 3rd
party dynamic, interactive ads that can be changed at any time by the
content owner."

OK, so let's see what we've got here. A company that seems bent on
sneaking files onto unsuspecting users' computers, pretending they've
gotten permission to do so from a vaguely-worded EULA, transmitting a
constant stream of usage information back to their servers, and using
that information for who-knows-what revenue generating opportunities.
Does this sound like a familiar profile to you? Of course, it's the
profile of all the spyware/adware scum that have come very close to
destroying the Internet just to make a few bucks peddling their trash.

But we shouldn't miss the fact that Sony's behavior with both its XCP
and MediaMax implementations matches another pattern we've seen many
times before. It's the serial DRM offender profile that Microsoft,
Symantec, Intuit, and lesser lights in the software industry have
exhibited. Their product activation and other forms of copy protection
also aren't really about stopping piracy - they admit their DRM won't
stop the software counterfeiters. It's about giving the vendors control
over your usage of the products you buy, so they can decide if you're
using it in ways they don't like, or that they ought to force you to
upgrade, or that it's time to start selling the information they've
collected about you to the highest bidder....
===




-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/