«
»

More on the MediaMax DRM software



The OTHER Sony-BMG DRM (Digital Rights Management) software is in the news again today. freedom-to-tinker which did great research into the security flaws that the UNINSTALL process for both XCP and MediaMax had is back to give more disturbing news. What’s interesting here is that even declining the EULA for the software is no protection against having the MediaMax system service install and run….


From the freedom-to-tinker post…

In the comments to our last MediaMax story, reader free980211 pointed out that the driver sometimes becomes permanently activated if the same protected CD is used more than once, even if the user never agrees to the EULA. This wasn’t apparent from my earlier tests because they were conducted under tightly controlled conditions, with each trial beginning from a fresh Windows installation and involving only carefully scripted operations. I’ve performed further tests and can now confirm that MediaMax is permanently activated in several common situations in spite of explicitly withheld consent.

Further they have an analysis of the situations that this software is enabled…

When you insert a CD containing either version of MediaMax, an installer program automatically starts (unless you have disabled the Windows autorun feature). This installer places the copy protection driver and other files on the hard disk, and then presents a license agreement, which you are asked to accept or decline. In the following scenarios the driver may become permanently activated even if you always decline the agreement:

You insert a CD-3 album, then later insert an MM-5 album

You insert an MM-5 album, then later insert a CD-3 album

You insert an MM-5 album, reboot, then later insert the same album or another MM-5 album

These steps don’t have to take place all at once. They can happen over a period of weeks or months.

So is it anything other than an annoyance for those that would try to illegaly copy discs (or even those that might LEGALLY want to copy tracks to a portable device?) Yes, as the software installs as a kernel driver it can post significant security risks. (Are there vulnerabilities for MediaMax??? What then – full control over the pc?)

They sum up nicely.

Is this behavior illegal? It should be. Installation of system level software where the user has explicitly denied permission raises serious security concerns and is wrong.

I think the pressure deserves to remain high on Sony-BMG until they step back from this practice.

–update 11/29 12:48AM EST–
Eweek has an editorial on Sony’s poor handling of the DRM rootkit. In fact it’s a fairly stinging writeup entitled “Rootkit DRM Constitutes Security Malpractice” It does hold their feet to the fire, not just for the one they were caught with XCP, but the OTHER one mentioned above (MediaMax). There is fair blame for Microsoft as well..

We think it’s worth remembering, however, that the origin of the current malady can be traced back to the dangerously lax security in the Windows XP operating system.

Popularity: 1% [?]

Create PDF    Send article as PDF   
Blog Traffic Exchange Related Posts
  • Sun Java security updates/ Windows software update rant... Incidents.org has the story on Sun's release of new versions of the Java Runtime Environment and the Java SDK to fix some remote security vulnerabilities. These security vulnerabilities could allow malicious, untrusted code to compromise a user's computer. Sun recommends that users update to the newest version of the SDK......
  • Artists revolting against DRM This is under the security tab because DRM software protection has proven to be a computer security issue... Spyware Confidential is reporting on artists revolting against the Sony DRM. According to the story... My Morning Jacket, the artists who recorded the copy protected CD "Z" I mentioned here, are doing......
  • Adobe Acrobat vulnerabilities.... According to The Register among other sources, there is a vulnerability in all Acrobat and Reader software prior to the following safe release numbers: Windows and Mac Reader users please install 7.0.3 or 6.0.4 to be fixed (all other 7 series and 6 series versions are vulnerable). Acrobat users on......
Blog Traffic Exchange Related Websites
  • How To Save $100-$1,000 By Troubleshooting Your Faulty Computer “Oh, wow. Looks like it’s completely dead! At this point, it’s not even worth saving. You might as well just buy a new computer.” “Really, we can’t just fix it? It’s only 2 years old!” Have you ever had that conversation before? It’s pretty common at retail establishments like Best......
  • Classic Album Review-Hank Thompson "Cab Driver" Greetings from Asheville, where good things always seem to be on tap. Here, good music is always found on the turntable, in the CD, or on the MP3. I think today's selection is one of the more interesting releases that we have looked at, so far. June, 1972, the date;......
  • Corporate Blog Security Issues If you are planning on starting your own corporate blog or executive blog, or if you already have a corporate blog that you are writing in, then one of your greatest concerns should be corporate blog security issues. There are a variety of different corporate blogging security issues that you......

Similar Posts


This entry was posted on Monday, November 28th, 2005 at 6:28 pm and is filed under Computers, Security, Software. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.

Switch to our mobile site