Besieging Sony's DRM fortress

What must it be like inside fortress Sony right now? It’s been two weeks since Mark Russinovich of Sysinternals uncovered Sony’s underhand DRM tactics of using rootkit techniques more commonly associated with hackers to hide content protection software, but the furore shows no sign of dying down.

An army composed of disgruntled and litigious users, security experts, anti-virus and security vendors, musicians, and concerned business users are massed outside the company’s fortress gates and there are signs that the walls are beginning to crumble.

First their came news that Internet malcontents had indeed written the first piece of malware to use the XCP copy protection system, developed by UK company First4Internet, to hide from anti-virus software, just as security vendors, notably F-Secure, warned would happen.

The Brepibot Trojan copies itself to a file called $sys$drv.exe. Any file with $sys$ in its name is automatically cloaked by Sony's copy-protection code, making it invisible from anti-virus scanners, effectively making the Trojan invisible. World of Warcraft hackers, meanwhile, have admitted to using Sony-BMG’s DRM software to hide cheating tools from the online game’s anti-cheating program.

Reluctantly, and nearly two weeks late, software giant Microsoft has also wheeled its anti-spyware trebuchet up to Sony’s walls. According to a posting on an official Microsoft blog, the company states: “We are concerned about any malware and its impact on our customers' machines. Rootkits have a clearly negative impact on not only the security, but also the reliability and performance of their systems.”

As a result, Microsoft will add a signature to its anti-spyware software to detect and remove the rootkit component of the XCP software used by Sony. This signature will also be added to Microsoft’s Malicious Software Removal Tool and included in the online scanner on Windows Live Safety Center.

Never ones to miss a trick, lawyers have also got in on the act and are lobbing the equivalent of diseased meat over Sony’s fortress walls. Sony is facing legal action in Italy and a class action lawsuit in California on the grounds the DRM software allegedly breaks three separate State laws.

Meanwhile the Electronic Frontier Foundation (EFF) has been examining Sony’s End User License Agreement (EULA), and if you thought Sony’s arrogance couldn’t get any more breathtaking than in its use rootkit-style DRM, then prepare yourself for a very sharp intake of breath.

According to the EFF, if your house gets burgled, you have to delete all your music from your laptop when you get home as the EULA says that your rights to any copies terminate as soon as you no longer possess the original CD. If you move out of the country, you have to delete all your music and heaven forbid if you should have the misfortune to file for bankruptcy as Sony will order you to delete all the music!

The EULA, says the EFF, also gives Sony the right to install and use backdoors in the copy protection software or media player to "enforce their rights" against you, at any time, without notice. If it should stuff up you computer in the meantime the company will never be liable to you for more than $5.00.

However, in a sign of a breach in the fortress walls, Sony announced on Friday that it is “temporarily suspending the manufacture of CDs containing XCP technology”. Sony had already issued a patch for the XCP software that removed its cloaking ability, but the media company says that concerns over the virus circulating that exploits the DRM software prompted the move.

Sony’s concern is, however, strictly limited. It will not be recalling ‘CDs’ that have already made it out to retail stores and nor has it apologised to users. When questioned about the rootkit controversy Thomas Hesse, President of Sony’s Global Digital Business, said: “Most people, I think, don’t even know what a rootkit is, so why should they care about it?” The walls may have been breached but the keep is still standing.

In all of this there are two losers. First are the legitimate users who are penalised for playing it by the rules and then are the musicians who have found there work being sold on these DRM-infested CDs. Spare a thought for those like the Van Zant brothers who find their works on content protected 'CDs' as sales are sure to have suffered.