Tuesday, November 1st 2005
Uncovering Sony's DRM software
The Digital Rights Management software that Sony BMG Music Entertainment uses is a bit of a security risk and CPU hog according to sysinternals.com. The website disassembled the DRM software and found a variety of problems with it.
The worst of it is that the software "hides any file, directory, Registry key or process whose name begins with '$sys$'" from the Windows API. Which can obviously allow malware writers to hide their programs from Windows users courtesy of Sony's DRM software.
Another problem is that it's un-uninstallable for most users. It doesn't register itself with Windows' Add/Remove Programs.
You need to have access to a variety of specialized programs and Windows knowledge to be able to first "uncloak" the files and reg keys the DRM software installs.
The guy who wrote up the original article had his CD drive disabled after he deleted the software. He had to get rid of more reg keys the software had created but...
Another problem with it is the CPU usage it takes up after being used. It'll scan all the processes you're running even after you've "shut down" the software. The author of the article says it was taking up 1-2% of his CPU usage constantly after closing down the program.
bit-tech.net calls it malware and spyware but it looks as if it's a badly though-out and coded piece of software. Calling it spyware is pretentious, but Sony should enlighten it's customers on why such a poor program is required to listen to DRM protected Sony music on a computer.
Just another reason why DRM is a consumer's and end-user's dream come true...
The worst of it is that the software "hides any file, directory, Registry key or process whose name begins with '$sys$'" from the Windows API. Which can obviously allow malware writers to hide their programs from Windows users courtesy of Sony's DRM software.
Another problem is that it's un-uninstallable for most users. It doesn't register itself with Windows' Add/Remove Programs.
You need to have access to a variety of specialized programs and Windows knowledge to be able to first "uncloak" the files and reg keys the DRM software installs.
The guy who wrote up the original article had his CD drive disabled after he deleted the software. He had to get rid of more reg keys the software had created but...
Those keys have security permissions that only allow the Local System account to modify them, so I relaunched Regedit in the Local System account using PsExec: psexec -s -i -d regedit.exe. I retried the delete, succeeded, and searched for $sys$ again. Next I found an entry configuring another one of the drivers, Cor.sys (internally named Corvus), as an upper filter for the IDE channel device and also deleted it. I rebooted and my CD was back.Obviously all the wrangling around to get rid of the software is to protect itself from being tampered with by the casual computer user. But by giving no option to uninstall itself if the user doesn't want it on their computer anymore is unnacceptable.
Another problem with it is the CPU usage it takes up after being used. It'll scan all the processes you're running even after you've "shut down" the software. The author of the article says it was taking up 1-2% of his CPU usage constantly after closing down the program.
bit-tech.net calls it malware and spyware but it looks as if it's a badly though-out and coded piece of software. Calling it spyware is pretentious, but Sony should enlighten it's customers on why such a poor program is required to listen to DRM protected Sony music on a computer.
Just another reason why DRM is a consumer's and end-user's dream come true...