CyberTech Rambler

December 9, 2005

Why one should stick to standard software installation practice and rare case of plaintif in a lawsuit siding with defendent

Filed under: Uncategorized — ctrambler @ 1:28 pm

Yesterday, the news was EFF and Sony issue joint Press Release on vulnerability of MediaMax Digital Restriction Management. This is one of the rare case where you see the defendent (Sony) and plaintif (EFF) publicizing that they are on the same page for the issue under litigation. Kudos to EFF.

Today, the news was that EFF is withdrawing its recommendation that users install the patch as news break on Freedom to Tinker that the patch reintroduce the vulnerability. Ouch!

From software technology perspective, the biggest issue here is that you are infected by simply putting the CD inside your CDRom Drive. Granted, you are putting your computer at risk when you insert CD with Autorun-enabled, or you click on “setup.exe” on the CD. However, most people is right to demand that, as soon as I remove the CD, or refuse to install the software on the CD, the vulnerability will cease. This is not the case here. Initially, I thought it was the fact that the MediaMax software still continue running (until you reboot your computer) that is causing the problem. Unfortunately, it appears that it is worse than that as MediaMax had written something permanent onto the computer, and it is the stuff it writes that is vulnerable to exploitation by malicious people.

This shows why it is necessary to adhere to standard Industrial Practice: When user declines to install the software, the installer should remove every trace of the software.

The stink in the tail is that there is no benefit whatsoever for the consumers to install the DRM software offerred. There is no upside for the consumers, simply more pain.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: