CyberTech Rambler

November 3, 2005

Letter to Sony regarding “Rootkit” DRM (Updated 7 Nov)

Filed under: Uncategorized — ctrambler @ 5:59 pm

Dear Sir/Madam:

[Please forward this letter to the appropriate person on my behalf. I am sorry to have to write to you but you were listed as the “General Enquires” contact for for “http://www.sonymusic.co.uk/”. Many thanks in advance.]

I read with alarm the technique used by Sony in protecting its rights:

http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.htmlwebmaster@sonymusic.co.uk

I must admit I am not a Digital Restriction Management fan, but this simply goes over the top. Regardless of what your “Terms and Conditions” says, the modification you had done overstep the mark of fair protection. I agree with the author for the same reasons they mentioned in the website that your DRM is in fact, a Rootkit.

The thing that most alarmed me is the fact if you continue on this course, and assuming your customer accepts the DRM (they have to, don’t they? you did not give them any realistic choice), your customers will have problem distinguishing between the DRM you imposed onto them, and more malicious Rootkits. Anti-virus protection programs will be correctly identify your DRM as Rootkit and attempt to remove your DRM from your customers’ computer. Unfortunately, as the author shown, this will cripple the optical drive in question. Your attempt at protecting your rights thus not only leave your customer with a crippled computer, but impose cost on others (your customers, their tech support, anti-viral companies) to correct the situation. This is totally unacceptable.

Whatever your approach to DRM, this is definitely not one a reputable firm like Sony BMG should even contemplate to exploring. Any DRM system you selected should at the minimum allow itself to be uninstalled. It is your responsibility to ensure that and make your DRM immune to uninstallation. Your behaviour here is no better than a malicious hacker.

Best Regards,

—–

news update on this PR Disaster: (updated 4 November)

  • Information on how to remove the Rootkit. According to this ZDNet News article, it simply replace the Rootkit element of the DRM with a non-rootkit one uncloak the DRM. If you want to remove the DRM completely, you have to write to Sony. My recommendation is that one write to Sony whether or not you want to leave the DRM on. Better still, write to Sony to request for a removal every week or so, after you are entertained by the CDs. If Sony does not understand that consumer do not want DRM, may be an economic reason is a good way to make them think twice. [Deleted 4th November because downloading the patch is simply you interacting with a computer. See the description of how to download a patch and what the patch does from the person who first posted the problem publicly.

    [updated 4th Novemeber] Sony had demonstrated that it is unrepentent for using this highly unprofessional technique for a commercial company

  • [4th Novemeber] F-Secure has a more detail analysis of the DRM.
Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: