The Dark Side of DRM

by on November 10, 2005 · 12 comments

Lovely:

Virus writers have begun taking advantage of Sony-BMG’s use of rootkit technology in DRM software bundled with its music CDs.

Sony-BMG’s rootkit DRM technology masks files whose filenames start with “$sys$”. A newly-discovered variant of of the Breplibot Trojan takes advantage of this to drop the file “$sys$drv.exe” in the Windows system directory.

“This means, that for systems infected by the Sony DRM rootkit technology, the dropped file is entirely invisible to the user. It will not be found in any process and file listing. Only rootkit scanners, such as the free utility RootkitRevealer, can unmask the culprit,” warns Ivan Macalintal, a senior threat analyst at security firm Trend Micro.

Now here’s the awkward question for supporters of the DMCA: what would constitute “circumvention” in this case? The DMCA doesn’t make an exception for poorly-written DRM schemes. It doesn’t say circumvention is illegal unless it’s necessary to safeguard the security and stability of your computer. So if I had a PC infected with Sony’s software, would I be a criminal if I removed it? Is a programmer who shares a removal tool “trafficking” in circumvention tools?

The fundamental problem with the DMCA is that it focuses on technological design decisions (“does this product circumvent a DRM scheme”) rather than on the behavior of people (“does this company’s business model undermine copyright holders’ rights?”). The members of Congress aren’t computer programmers, and so not surprisingly, when they tried to legislate about technological design decisions, it didn’t work very well. We get vague concepts like “technological protection measure” and “circumvention device” that don’t track well with the way actual computer software works.

One solution would be to amend the DMCA to make it clear that you can circumvent DRM schemes that threaten the security of your computer. A better solution, though, would be to get Congress out of the business of legislating about technological designs altogether by repealing the anti-circumvention provisions of the DMCA.

Update: I agree with Ed Felten. This is spyware, plain and simple. Felten also links to a great followup by Mark Russinovich, the guy who broke the story in the first place, on the embarrassingly complicated uninstall process that Sony has set up to dissuade users from removing its spyware from their computers. Sony needs to realize how badly it has screwed up, apologize to its customers, and publicly distribute a one-click un-installer for its spyware DRM.

Also, if you still have a PC (and really, isn’t it time you jumped on the Mac OS bandwagon?) you should disable auto-run to protect yourself from incidents like this in the future.

  • http://www.ssokolow.com/ Stephan Sokolow

    Or, of course, an OS like Linux or FreeBSD if you’re a geek who doesn’t feel comfortable on MacOS. (Like myself)

  • http://www.ssokolow.com/ Stephan Sokolow

    Or, of course, an OS like Linux or FreeBSD if you’re a geek who doesn’t feel comfortable on MacOS. (Like myself)

  • http://www.binarybits.org/ Tim

    What’ not to love about Mac OS? It’s got open source Unix goodness at its foundation, purty graphics, and fantastic industrial design.

    Linux and *BSD are great, but in my experience they lack the polish of Mac OS. I love vi as much as the next geek, but I don’t want to have to use it to change my laptop’s config files.

  • http://www.binarybits.org/ Tim

    What’ not to love about Mac OS? It’s got open source Unix goodness at its foundation, purty graphics, and fantastic industrial design.

    Linux and *BSD are great, but in my experience they lack the polish of Mac OS. I love vi as much as the next geek, but I don’t want to have to use it to change my laptop’s config files.

  • http://www.robhyndman.com Rob Hyndman

    Cory notes that the Mac CD also contains crippleware:

    http://www.boingboing.net/2005/11/10/sony_music_cds_infec.html

    Oh,the humanity!!

  • http://www.robhyndman.com Rob Hyndman

    Cory notes that the Mac CD also contains crippleware:

    http://www.boingboing.net/2005/11/10/sony_music

    Oh,the humanity!!

  • http://www.ssokolow.com/ Stephan Sokolow

    I don’t know. Maybe it’s MacOS’s annoying space-wasting gumdrop buttons, overly bright colors (I prefer a subdued look), or maybe it’s the fact that you can’t tweak it enough. (The “research shows this will improve your productivity so just get used to it” design)

    There’s also the fact that usage counts as endorsement and I refuse to endorse closed-source software if there’s an acceptable alternative. MacOS would bloat my “closed-source or restrictively-licensed packages” count from 5 (Sun Java, Macromedia Flash, Win32Codecs fallback, UnRAR 3.x, and NVidia binary drivers) to some ungodly number.

    Besides, I don’t use vi either. I prefer nano (console) or SciTE (GUI) for editing config files.

  • http://www.ssokolow.com/ Stephan Sokolow

    I don’t know. Maybe it’s MacOS’s annoying space-wasting gumdrop buttons, overly bright colors (I prefer a subdued look), or maybe it’s the fact that you can’t tweak it enough. (The “research shows this will improve your productivity so just get used to it” design)

    There’s also the fact that usage counts as endorsement and I refuse to endorse closed-source software if there’s an acceptable alternative. MacOS would bloat my “closed-source or restrictively-licensed packages” count from 5 (Sun Java, Macromedia Flash, Win32Codecs fallback, UnRAR 3.x, and NVidia binary drivers) to some ungodly number.

    Besides, I don’t use vi either. I prefer nano (console) or SciTE (GUI) for editing config files.

  • enigma_foundry

    No, MAC OS is just as evil as MS stuff. All proprietary all non-free.

    Graduate to freedom:
    http://www.gnu.org
    http://www.linux.org

  • http://enigmafoundry.wordpress.com eee_eff

    No, MAC OS is just as evil as MS stuff. All proprietary all non-free.

    Graduate to freedom:
    http://www.gnu.org
    http://www.linux.org

  • http://www.tmcnet.com/voip/ Archibald

    nixoffow ekewuonb

  • http://www.tmcnet.com/voip/ Archibald

    nixoffow ekewuonb

Previous post:

Next post: