2005-11-06

It's a Sony DRM disaster

Image hosted by Photobucket.comThis is like Christmas. There is a very special feeling in the air: the smell of a big company having their butt kicked is a sweet one indeed. The fact that this big company happens to be Sony is just so extra special. Glee! Initially I didn't want to post this because it was too obvious given my Sony sentiment expressed throughout my Blog (indeed the previous item about the iTunes Store). However I just couldn't help myself. Maybe there is some sort of help line.

What is the hoo haa about? Sony doesn't like people sharing music. Sony doesn't like you converting your own music to other formats to be used on other devices that you own. According to them: if you buy a CD it should only be played in Audio CD players. If you want to play the music in your MP3 player then you must pay for the music again and purchase from an approved seller who has placed extreme DRM (digital rights management) on the music files. The DRM prevents you from doing things with the files that Sony don't want you to do, like burn to an Audio CD more than once or ever - whatever they decide.

Plain audio CDs have no copy protection. There are some methods out there but they all fail at one point or another. Sony decided to place some DRM software on your CD that installs and hides itself on your computer and prevents you from copying the CD. Unfortunately the software also allows hackers to use the Sony's DRM to hide their own hacker code on your computer. Also the DRM software is buggy, allegedly causing crashes and drives to vanish (not physically, but windows can no longer see them). The DRM software communicates with Sony from your computer - sending and receiving information ... do you trust Sony not to spy on you? The DRM software consumes computer resources which will slow your computer. Sony's DRM software does things to your computer that are not openly explained in the end user license agreement (EULA).

You will hear the word rootkit bandied about. Basically a rootkit is a hacking tool to give you complete access to a computer. Not that the Sony stuff is a root kit, although it may be, but the Sony DRM software hides itself on your computer in much the same way that a rootkit does - by altering some deep system windows files.

Currently there is no available DRM software removal tool although there may be soon. Apparently you have to jump through many hoops to apply for this software from Sony and they are holding back from releasing anything at this point in time. There is, however, a patch available to make the DRM work better. Yeah, we really want that. Apparently the patch actually makes windows more crashy.

Apparently this trick doesn't work: if you want to rip a Sony CD and have the DRM software installed then all you have to do is rename your ripping software executable file to start with $Sys$ (eg $Sys$Audiograbber.exe - not the short cut but the file in \Program Files). This allows the copying software to use the Sony's DRM stealth technology against itself, and you can copy the music perfectly.

Do people like Sony's DRM software? Hell no! Apparently there are 24,000 Sony CD titles on Amazon that have this protection. That number seems way too high for me. Apparently people have been going to CDs published by Sony that are available on Amazon and bringing the user rating way down. Nice :)

To see if the evil Sony coorporation has installed their DRM software on your computer you can download and run F-Secure's Blacklight or use Sysinternal's Rootkit revealer. Don't remove the software though, or bad things will happen. There is sure to be a fix out soon, but I don't think it will come from Sony. Pest Patrol is making noises that they will have a solution on their spyware removal tool ... very soon.

Check out the Sysinternals blog and I highly recommend listening to Security Now episode #12, or reading their transcripts. Also articles on CNet, Internet NEWS, Computer World, The Register, ZDNet blog, etc etc.

If your favourite tech site isn't running a story or two with this then you can bet your bottom dollar that they are in the pocket of Sony (note that the ZDNet is a BLOG article and NOT from the main site, ZDNet are huge corporate suck-ups and the only news they published on this subject was the almost-apology from Sony that was moderately dismissive of users' concerns and directed users to run the DRM patch). Also note that CNN has been very quiet. Take stock of this. Do you really want your news filtered by corporations so that any serious negative news against companies is discarded? If you think you are living in the land of the free where your rights are protected then think again buddy. Your rights were sold off long ago.

I would also recommend following the process to ask Sony for the removal software, but you have to give your details and I don't know how they are going to use that. Giving Sony your personal details seems dangerous when they appear to be so exceedingly untrustworthy. The process of actually uninstalling the software is unnecessarily difficult. A better move would be to complain to them directly via their feedback form with something like:
"Please do not restrict what I can do with products that I bought using DRM. Please NEVER require me to install software on my computer to use a product that I have purchased. Please make a complete removal tool freely available (without submitting request/details) for your hidden audio CD DRM software."
People affected by the Sony virus might want to check out the boycott blog for participation in the class action law suit. For the rest of us, consider disabling the autorun feature on your CD-ROM drive, and always say NO to any EULA from Sony, particularly those that pop up after you place an audio CD into your computer.

No comments: