Author: Ed Felten
-
The DMCA Should Not Protect Spyware
Yesterday was the deadline to submit requests for limited exemptions from the DMCA’s ban on circumvention of access control technologies. This happens every three years. Alex Halderman and I submitted a request, asking for an exemption that would allow the circumvention of compact disk copy protection technologies that have certain spyware-ish features or create security…
-
Sony, First4 Knew About Rootkit Issue in Advance
Security vendor F-Secure contacted SonyBMG and First4Internet about the companies’ rootkit software on October 4 – about four weeks before the issue became public – according to a Business Week story by Steve Hamm. Here’s the key part of the article’s chronology: Nevertheless, Sony BMG asked First4Internet to investigate. Both Sony BMG and F-Secure say…
-
What Does MediaMax Accomplish?
I wrote yesterday about the security risks imposed by the SunnComm MediaMax copy protection technology that ships on some Sony CDs. (This is not to be confused with the XCP technology that Sony recalled.) MediaMax advocates may argue that it’s okay to impose these security risks on users, because MediaMax effectively prevents copying of music.…
-
More Suits Filed; MediaMax Insecurity Remains
Yesterday two lawsuits were filed against Sony, by the Texas Attorney General and the EFF. The Texas suit claims that Sony’s XCP technology violates the state’s spyware law. The EFF suit claims that two Sony technologies, XCP and MediaMax, both violate various state laws. One interesting aspect of the EFF suit is its emphasis on…
-
Does Sony's Copy Protection Infringe Copyrights?
The Sony copy protection debacle has so many angles that the mainstream press is having trouble keeping track of them all. The rootkit. The spyware. The other spyware. The big security hole. The other big security hole. It’s not surprising, then, that at least one important angle has gone nearly undiscussed in the mainstream press:…
-
Immunize Yourself Against Sony's Dangerous Uninstaller
Jeff Dwoskin and Alex Halderman have developed a simple tool that can immunize a Windows system against the dangerous CodeSupport ActiveX control that we have written about over the past few days. The immunization tool should disable CodeSupport if it is already on your system, and it should prevent any future reinstallation or reactivation of…
-
Sony's Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs
[This post was co-written by J. Alex Halderman and Ed Felten.] Over the weekend a Finnish researcher named Muzzy noticed a potential vulnerability in the web-based uninstaller that Sony offers to users who want to remove the First4Internet XCP copy protection software. We took a detailed look at the software and discovered that it is…
-
Don't Use Sony's Web-based XCP Uninstaller
Alex Halderman and I have confirmed that Sony’s Web-based XCP uninstallation utility exposes users to serious security risk. Under at least some circumstances, running Sony’s Web-based uninstaller opens a huge security hole on your computer. We have a working demonstration exploit. We are working furiously to nail down the details and will report our results…
-
SonyBMG DRM Customer Survival Kit
Here’s a handy bag of tricks for people whose computers are (or might be) infected by the SonyBMG/First4Internet rootkit DRM. The instructions here draw heavily from research by Alex Halderman and Mark Russinovich. This DRM system operates only on recent versions of Windows. If you’re using MacOS or Linux, you have nothing to worry about…
-
SonyBMG "Protection" is Spyware
Mark Russinovich has yet another great post on the now-notorious SonyBMG/First4Internet CD “copy protection” software. His conclusion: “Without exaggeration I can say that I’ve analyzed virulent forms of spyware/adware that provide more straightforward means of uninstall.” Here’s how the uninstall process works: The user somehow finds the obscure web page from which he can request…