Sony BMG drops spyware DRM
p2p news / p2pnet: Sony BMG and its anti-p2p rep First 4 Internet have the same mentality as the entertainment and software cartels. They don’t just believe we’re dumb. They think we’re really dumb.
A member of the Big Four record label and Big Seven movie studio cartels, Sony BMG thought it had you when it loaded a secret DRM spyware application on some of its music CDs. And it would have done the same for all of its ‘product;’ if it had gotten away with it.
But it didn’t.
Within days of each other, a company, F-Secure, and an individual, Mark Russinovich at Sysinternals, independently uncovered the Sony BMG DRM stashed on the CDs.
They were the first, but they wouldn’t have been the last.
Two class actions, the discovery that there was also a version for Apple Macs and news of the first e-bug centering on Sony BMG DRMS (Digital Restriction Management Spyware) code quickly followed, and now Sony has withdrawn its polluted CDs.
But it wasn’t the on- or offline lamescream media which forced thge company into a corner. It was blogs and news sites, which had picked up the story in the first place.
Nothing is too low for the cartels, which falsely pretend to be caring corporate citizens. But to them, you’re just brain-dead, cash-cow ‘consumers’ and they’ll do literally anything to get your money.
“Sony said it had a right to stop people illegally copying music,” says the BBC, quoting a statement which says the company also intends to “re-examine all aspects” of its “content protection initiative” to make sure it continues to meet “our goals of security and ease of consumer use”.
Actually, its vaunted “content protection initiative” hasn’t come even close to doing what it’s supposed to do. Ask SunnComm and Macrovision, and now First 4 Internet, all of whom have an unbroken records of failing to deliver the goods to their gullible clients, the software and entertainment cartels.
Sony BMG says it was stopped this time by virus threats. But that’s a load of old bollocks. Blogging stopped them. Online, the word spreads, and it spreads with the speed of light.
They’re also being stopped dead with their sue ‘em all marketing strategies, but the message hasn’t yet reached their tiny brains. But they’re dinosaurs and you know what happened to dinosaurs.
Meanwhile, you don’t depend on them. They depend on you. And not merely in a financial sense.
Who keeps their computer systems operating? You do. Who writes their codes? You. Who’s building the phoney p2p apps derived from the formerly indie apps they’ve killed? You are.
They’re still treating you like they own you, lock, stock and barrel.
“Sony said it had a right to stop people illegally copying music,” adding that the halt was precautionary,” says the BBC.
Definitely stay tuned.
JN
(FYI, p2pnet’s catflap came across Canada’s Shawn Wilson and his GlassGiant site. That’s where the poster (upper right) comes from. He’s also found a few more DIY cartoon possibillities, but more on that later ; )
November 13th, 2005 at 1:19 pm
« SonyBMG DRM Customer Survival KitSony Shipping Spyware from SunnComm, Too
Saturday November 12, 2005 by J. Alex Halderman
Now that virus writers have started exploiting the rootkit built into Sony-BMG albums that utilize First4Internetâs XCP DRM (as I warned they would last week), Sony has at last agreed to temporarily stop shipping CDs containing the defective software:
We stand by content protection technology as an important tool to protect our intellectual property rights and those of our artists. Nonetheless, as a precautionary measure, SONY BMG is temporarily suspending the manufacture of CDs containing XCP technology. We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use.
What few people realize is that Sony uses another copy protection program, SunnCommâs MediaMax, on other discs in their catalog, and that this system presumably is not included in the moratorium. Though MediaMax doesnât resort to concealing itself with a rootkit, it does behave in several ways that are characteristic of spyware.
I originally wrote about MediaMax back in 2003. It was the first copy restricting technology that installed software in an attempt to block ripping and copying. SunnComm has continued to develop its anti-copying tools, and today MediaMax is distributed on albums from Sony-BMG and several smaller labels. Sony titles that use MediaMax include Grown and Sexy by Babyface and Z by My Morning Jacket. These discs arenât hard to spot; the back album covers usually contain a label that includes a sunncomm.com URL.
Like XCP, recent versions of MediaMax engage in spyware-style behavior. They install software without meaningful consent or notification, they include either no means of uninstalling the software or an uninstaller that claims to remove the entire program but doesnât, and they transmit information about user activities to SunnComm despite statements to the contrary in the end user license agreement and on SunnCommâs web site. Iâll describe each of these problems in detail below.
1. MediaMax installs without meaningful consent or notification
When a MediaMax-protected CD is inserted into a computer running Windows, the Windows Autorun feature launches a program from the CD called PlayDisc.exe. Like most installers, this program displays a license agreement, which you may accept or decline. But before the agreement appears, MediaMax installs around a dozen files that consume more than 12 MB on the hard disk. Most are copied to the folder c:\Program Files\Common Files\SunnComm Shared\, shown below:
These files remain installed even if you decline the agreement. One of them, a kernel-level driver with the cryptic name âsbcphidâ, is both installed and launched. This component is the heart of the copy protection system. When it is running, it attempts to block CD ripping and copying applications from reading the audio tracks on SunnComm-protected discs. MediaMax refrains from making one final change until after you accept the licenseâit doesnât set the driver to automatically run again every time Windows starts. Nevertheless, the code keeps running until the computer is restarted and remains on the hard disk indefinitely, even if the agreement is declined.
To see if SunnCommâs driver is present on a Windows XP system, open the start menu and select Run. In the box that pops up, type
cmd /k sc query sbcphid
and click OK. If the response includes âSTATE: 1 STOPPEDâ, the driver is installed; if it includes âSTATE: 4 RUNNINGâ, the driver is installed and actively restricting access to music. Alternately, you can look for the driverâs file, sbcphid.sys, which will be located in the c:\windows\system32\drivers\ folder if it is installed.
(Newer version of SunnCommâs software can also block copying on Mac systems, as reported by MacInTouch. However, since Mac OS X does not automatically run software from CDs, Mac users will only be affected if they manually launch the installer.)
Is there any meaningful notice before the program is installed? On the contrary, the Sony license agreement (which happens to be identical to the agreement on XCP discs, despite significant differences between XCP and MediaMax) states that the software will not be installed until after you accept the terms:
As soon as you have agreed to be bound by the terms and conditions of the EULA, this CD will automatically install a small proprietary software program (the âSOFTWAREâ) onto YOUR COMPUTER. The SOFTWARE is intended to protect the audio files embodied on the CD, and it may also facilitate your use of the DIGITAL CONTENT. Once installed, the SOFTWARE will reside on YOUR COMPUTER until removed or deleted.
Notice too that while the agreement partially describes the protection software, it fails to disclose important details about what the software does. Yes, the MediaMax driver tries to âprotect the audio files embodied on the CD,â but it also attempts to restrict access to any other CD that use SunnCommâs technology. You only need to agree to installation on one album for the software to affect your ability to use many other titles.
2. MediaMax discs include either no uninstaller or an uninstaller that fails to remove major components of the software
None of the MediaMax albums Iâve seen from Sony-BMG include any option to uninstall the software. However, some titles from other labels do include an uninstall program. For instance, the album You Just Gotta Love Christmas by Peter Cetera (Viastar Records) adds MediaMax to the Windows Add/Remove Programs control panel, the standard interface for removing programs. If you elect to remove the software, it displays the following prompt:
Clicking âYesâ does cause parts of MediaMax to be deleted, including nearly all the files in the SunnComm shared folder. However, the protection driver remains installed and active despite the suggestion that âMediaMax and all of its componentsâ would be removed. That means iTunes and other programs still cannot access music for any SunnComm-protected CD.
3. MediaMax transmits information about you to SunnComm without notification or consent
Sony and SunnComm seem to go out of their way to suggest that MediaMax doesnât collect information about you. From the EULA:
[T]he SOFTWARE will not be used at any time to collect any personal information from you, whether stored on YOUR COMPUTER or otherwise.
SunnCommâs customer care web page is equally explicit:
Is any personal information collected from my computer while using this CD?:
No information is ever collected about you or your computer without you consenting.
Yet like XCP, the MediaMax software âphones homeâ to SunnComm every time you play a protected CD. Using standard network monitoring tools, you can observe MediaMax connecting to the web server license.sunncomm2.com and sending the following request headers:
POST /perfectplacement/retrieveassets.asp?id=
7F63A4FD-9FBD-486B-B473-D18CC92D05C0 HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: license.sunncomm2.com
Content-Length: 39
Connection: Keep-Alive
Cache-Control: no-cache
This shows that MediaMax opens a web page from a SunnComm server and sends a 32-character identifier (highlighted)âapparently a unique code that tells SunnComm what album youâre listening to. The request also contains standard HTTP headers from which the company can learn what operating system you are running (in the above example, NT 5.1, a.k.a. Windows XP) and what version of Internet Explorer you use (here, IE 6).
SunnComm also gets to observe your computerâs IP address, which is transmitted to every Internet server you connect to. You are assigned an IP address by your Internet service provider or system administrator. Many users are issued frequently changing âdynamicâ IP addresses that make it difficult to track them individually, but others have fixed, âstaticâ addresses. If you have a fixed address, SunnComm can piece together the messages from your computer to find out all the protected discs you listen to and how often you play them. In some cases, such as if you are a Princeton student, knowing the address is enough to let SunnComm track down your name, address, and phone number.
So why does MediaMax contact a SunnComm server in the first place? The serverâs response to the above request isnât very informative:
Microsoft VBScript runtime
error â800a000dâ
Type mismatch: âuboundâ
/perfectplacement/retrieveassets.asp, line 26
Apparently a bug in the server software prevents it from returning any useful information. However, the name âPerfect Placementâ in the URL provides a valuable clue about the serverâs purpose. A SunnComm web page describes âPerfect Placementâ as a MediaMax feature that allows record labels to â[g]enerate revenue or added value through the placement of 3rd party dynamic, interactive ads that can be changed at any time by the content owner.â Presumably the broken site is supposed to return a list of ads to display based on the disc ID.
Just because the server software is buggy doesnât mean it isnât collecting data. If SunnCommâs web site is configured like most web servers, it logs the information described above for every request. We canât know for certain what, if anything, SunnComm does with the data, but thatâs why transmitting it at all raises privacy concerns.
â¦
To summarize, MediaMax software:
Is installed onto the computer without meaningful notification or consent, and remains installed even if the license agreement is declined;
Includes either no uninstall mechanism or an uninstaller that fails to completely remove the program like it claims;
Sends information to SunnComm about the userâs activities contrary to SunnComm and Sony statements and without any option to disable the transmissions.
Does MediaMax also create security problems as serious as the Sony rootkitâs? Finding out for sure may be difficult, since the license agreement specifically prohibits disassembling the software. However, it certainly causes unnecessary risk. Playing a regular audio CD doesnât require you to install any new software, so it involves minimal danger. Playing First4Internet or SunnComm discs means not only installing new software but trusting that software with full control of your computer. After last weekâs revelations about the Sony rootkit, such trust does not seem well deserved.
Viewed together, the MediaMax and XCP copy protection schemes reveal a pattern of irresponsible behavior on the parts of Sony and its pals, SunnComm and First4Internet. Hopefully Sonyâs promised re-examination of its copy protection initiatives will involve a hard look at both technologies.
http://www.freedom-to-tinker.com/?p=925
November 22nd, 2005 at 11:44 pm
I admire those people who discover such practices and alert other consumers. This entire story of “SONY” becomes too much to swollow!
Their goods are =without any exception= totally overpriced and customers are being taken for a ride.
It is about time that we, the consumers, look for other brands and stop buying anything that is connected with “SONY” !!