Sony's DRM: It Just Keeps Getting Worse

By Larry Loeb
Updated: Just when you thought Sony's DRM mess was bad enough, along comes SunnComm's MediaMax DRM.

When I wrote last week about Sony DRM mess, I opined that it would serve MBAs of the future as a textbook example of how not to do things.

It turns out that there's even more things that Sony is doing, without permission, to their customers' computers with another DRM system.

People more savvy than me about Windows (like J. Alex Halderman) have discovered that SunnComm's MediaMax DRM installs itself on Windows systems as well as Mac systems.

While most attention has been focused on the XCP rootkit that the Sony/BMG installs on PCs, this additional DRM has been flying under the radar in the Windows world.

PointerSony's DRM rootkit comes in Mac flavor, too. Click here to read more.

The DRM acts like a virus in many ways. When a Sony DRM-protected CD is inserted, the autorun feature of Windows immediately invokes a program called PlayDisc.exe.

Though it displays a EULA, all the files the DRM needs are inserted on the hard drive at C:\Program Files\Common Files\SunnComm Shared\ before the EULA appears.

The only difference detected thus far between accepting and rejecting the EULA is that acceptance causes the DRM to launch every time the OS starts up.

The DRM files remain installed on the hard disk even if the EULA is declined.

Like a virus, there is no meaningful uninstaller available. Now, some of the DRM protected CDs will indeed add an entry for SunnComm to the Add/Remove control panel.

When activated, it removes most of the files in the shared folder, but leaves the core copy protection module (sbcphid.sys) active and resident.

That means other programs (like iTunes) can't access other SunnComm protected CDs.But wait, there's more. MediaMax "phones home" without your consent every time you play the CD. When a CD is played, a request is sent to a SunnComm server that includes an ID along with the request that identifies the CD.

Of course, the request by itself identifies the OS you are running as well as your IP address.

The request seems to be for SunnComm's "Perfect Placement" feature, which can insert ad content while viewing the CD.

eWEEK.com Special Report: Digital Rights Management

So, Windows users have to deal with a triple threat. Without user consent, the DRM installs software on the target computer, provides no way to uninstall its core, and lets SunnComm know every time the CD is played.

But wait, there's even more.

Someone in the Netherlands did a decompile on the XCP rootkit that has gotten most of the attention lately. It seems that parts of the rootkit use the LAME mp3 encoder, which is licensed under the Lesser GPL. That means by delivering only an executable (the rootkit) without source or crediting, XCP violates the GPL Violating the GPL puts Sony at massive legal risk for—wait for it—copyright infringement.

The irony is just crushing.

The true scope of what is going on here has more to do with the relationship between producer and consumer than just the technical issues of the DRM, outrageous as they may be.

Most users would probably accept that media companies have some sort of right to protect the product they sell, but hijacking a user's computer is universally felt not to be part of those rights.

By using this kind of DRM, Sony has made itself an enemy of the user. Users seem to be pretty much united in feeling that the existing implicit and explicit societal compacts that exist between someone that sells something and someone that buys it are being egregiously violated by Sony's course of action.

The resultant disconnects can only serve to harm (or destroy) Sony's business. Unlike another monopolist purveyor in the computer field, users don't feel they must buy Sony product. There are plenty of other choices.

Sir Howard Stringer (Sony's head) now faces a massive business problem, and his company's future in electronic media may well hang in the balance. He runs the risk of alienating not just the music customers, but the Playstation gamers as well.

Why? Ignoring the PR fallout from the rootkit, Sony just got a patent on a method of restricting game software to one copy on one particular machine. They seem to think that this kind of lockdown will be tolerated by its customers. Someone sell these guys a clue.

Sony is going to have to change how it does business with the public in a massive way, or face extinction as customers vote with their dollars. That's probably the simplest way to put it. But is anyone listening? We'll see.

Editor's Note: This story was updated to include additional information about this issue.


 


Comment on this article
Comment Now  | 
Read All Talkback(s)
Sponsored Content
White Papers

No registration required to download these free white papers:

Security in the World of Web 2.0

Intelligent Infrastructure for Information Services

Making Server Consolidation A Reality

Protecting Client Systems from the Crimeware Invasion

Top 10 Ways to Increase Enterprise Security While Reducing Costs
Upcoming eSeminars

Data Protection Virtual Tradeshow
Cameron Crotty 50x50

Available On-Demand
Join Cameron Crotty and experts as they explore best practices and solutions needed to maintain a secure flow of data.
Available On-Demand
Security 2.0: Controlling Complexity
with Cameron Crotty. Sponsored by Symantec
Available On-Demand
Backup Exec 11d - The Gold Standard in Windows Data Recovery
with Frank Derfler. Sponsored by Symantec
Advertisement
Sponsors
  • 64 Pages of How-To Operational Advice for IT
  • You have a choice! Ericom's Alternative to Citrix
  • Discover what 2000 Cisco customers know about Riverbed
  • ScanSoft PDF Converter Professional 4
  • Defy the laws of reporting with Crystal Reports® 2008.
  • See how EMC can help you store more intelligently.
  • When Speed Counts, Count On 3Com.
  • Download the Windows Server® 2008 Release Candidate today.
    		•
    Security IT Hub Contact Us | About | Advertise
    Ziff Davis Enterprise

    Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters | RSS Feeds | Tech Shop | White Papers | Tech Encyclopedia | PC Downloads | ROI Calculators | Tech Jobs | Enterprise Product Comparison Guides | Tech Webcasts | Tech Podcasts | Tech Video

    1UP | AppScout | Baseline | Careers | Channel Insider | CIO Insight | Cranky Geeks | DesktopLinux | DeviceForge
    DevSource | DigitalLife | DL.TV | eSeminars | eWEEK | ExtremeTech | Filefront | GameVideos | GearLog
    LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | My Cheats | Networking | PC Magazine | PCMagCasts | PDF Zone |
    Publish | Security IT Hub | Server IQ | Smart Device Central | Strategic Partner | TechnoRide | Web Buyer's Guide |
    What's New Now | Windows for Devices | Ziff Davis Media International

    Use of this site is governed by our Terms of Use and Privacy Policy
    Copyright © 2004-2006 Ziff Davis Publishing Holding Inc. All Rights Reserved. Security IT Hub is a trademark of Ziff Davis Publishing Holdings Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Media Inc. is prohibited.