I don’t want to turn this blog into a Felten-summary service, but I couldn’t resist linking to a pair of fantastic posts over at Freedom to Tinker.
First, Ed Felten explains why we shouldn’t be surprised that MediaMax, like XCP, has security flaws. Security is all about managing risk, and SunComm, like First4Internet designed their software with reckless disregard for the risks it might impose on users. So while the particular bugs that have been discovered were almost certainly an honest mistake, those bugs would have been much less harmful had they not been so cavalier about disregarding ordinary security practices in developing their spyware-like software.
In his second post, Prof. Felten explains that it wasn’t a coincidence that both XCP and MediaMax behaved like spyware. By its nature, DRM software is designed to restrict how users use their computers. Obviously, most users would rather not have that software on their computers at all. So in order to function, the software must deceive the user into install itself, and then must avoid detection and/or resist removal. And what do you know, that’s exactly the same design parameters that spyware authors face. Is it any wonder they came up with similar solutions?