Looking to thwart piracy and the unlicensed, unprofitable consumption of its content, Sony is reportedly spiking its music CDs with digital rights management (DRM) software that is similar to malicious code used by computer attackers, including virus writers and spammers.
The code, exposed recently on blogs and reports from industry observers, mirrors a so-called Trojan code — which has historically been a method of installing and concealing viruses and other malware — installing itself at the root level, consuming PC resources and ceding a degree of control along the way.
While some observers indicate Sony has good reason to add toughness and tact to its DRM software, others called it outrageous that the company is quietly installing the code, which at the very least carries performance and program compatibility implications.
“It’s hard enough to keep a computer running without a music company installing something you don’t know about and you can’t uninstall,” Electronic Frontier Foundation staff attorney Fred von Lohmann told TechNewsWorld.
The software was apparently uncovered when blogger Mark Russinovich discovered the code on his computer using rootkit scanning software. Rootkits are considered hacker tools, and are traditionally associated with something malicious, iDefense VeriSign senior engineer Ken Dunham told TechNewsWorld. Dunham explained that the stealthiness of such software is a big part of it, since computer attackers do not want to be discovered and lose the control they’ve gained through infection.
Sony’s software reportedly limits playing of its CDs and requires the rootkit software, which users may or may not be aware of, depending on the licensing agreement and disclaimer.
The software is not the first problematic DRM solution from Sony, which felt a significant backlash on another disc DRM technology that did not allow the playing of legitimately purchased CDs on some systems.
What’s It Do?
Yankee Group senior analyst Mike Goodman said the most important factor of the Sony DRM solution is what the software does once installed on a user’s system.
“It’s root level code, so it obviously is doing something once it’s there,” he told TechNewsWorld. “What do you do with the data once it installs? Is it reporting back to Sony? Does it open you up to be sued? Does it prevent ripping or downloading?”
Goodman predicted other software creators will produce software that will remove the Sony DRM solution, as well as software to innoculate users against it, similar to how computers are protected against the latest viruses and variants.
Reason For More
Dunham — who noted that the software is not malicious though it is problematic because of privacy and other implications — indicated that Sony had good reason to harden and hide the DRM software. He said the technology will thwart regular users from copyright violations, but will not stop passionate, highly skilled or profit-motivated users.
“By taking this product to the next level, they’re able to ensure that the average home user is not able to circumvent it,” he said. “They’ve brought their software strategy position where it can mitigate theft.”
Dunham added that he expects more “interesting and clever programs” that are similar, since vendors and content holders are in a continuing fight against losses to fraud.
Privacy and Performance
EFF’s von Lohmann questioned the legality of the software, saying that there have been discussions of lawsuits as a response to it. The attorney also said Sony’s DRM software installs secretly in a way the average user does not understand.
“It is not clear that you’re installing software that will use your computer’s resources and that you will have difficulty uninstalling,” he said. “Our frustration is not concern that Sony will turn my machine into a spam zombie, it’s that you run so many programs, there’s a lot of potential for unintended conflicts. Sony is not helping here.”
Von Lohmann further criticized the DRM software from Sony, a company that warns against malware on unlicensed peer-to-peer (P2P) networks, saying that it punishes legitimate purchasers of CDs.
“These are the people who did the right thing,” he said. “Someone downloading from Kazaa doesn’t have to deal with these restrictions.”