This is an email I got from a technology list that apparently comes from
www.freedomtotinker.com; I asked the person who sent this for a direct link and he hasn't replied yet.
MediaMax Permanently Installs and Runs Unwanted Software, Even If User
Declines EULA
Monday November 28, 2005 by J. Alex Halderman
In an
earlier post
I described how MediaMax, a CD DRM system used by Sony-BMG and other record
labels, behaves like spyware. (MediaMax is not the same as XCP, the
technology
that Sony-BMG has recalled; Sony-BMG is still shipping MediaMax discs.)
MediaMax phones home whenever you play a protected CD, automatically
installs over
12 MB of software before even displaying an End User License Agreement, and
fails to include an uninstaller.
Part of the software that MediaMax installs is a driver meant to interfere
with ripping and copying from protected discs. I had believed that MediaMax
didn't
permanently activate this driver-set it to run whenever the computer
starts-unless the user accepted the license agreement. As it turns out, this
belief
was wrong, and things are even worse that I had thought.
In the comments to our last MediaMax story, reader free980211
pointed out
that the driver sometimes becomes permanently activated if the same
protected CD is used more than once, even if the user never agrees to the
EULA. This
wasn't apparent from my earlier tests because they were conducted under
tightly controlled conditions, with each trial beginning from a fresh
Windows installation
and involving only carefully scripted operations. I've performed further
tests and can now confirm that MediaMax is permanently activated in several
common
situations in spite of explicitly withheld consent.
When this happens depends on what version of MediaMax is being used. An
older version, called CD-3, was introduced in 2003 and is present on albums
released
as recently as this summer. There is also a newer version, MediaMax MM-5,
which has been shipping for a little over a year. You can tell which version
is on a CD by examining the files in the disc's root directory. Albums
protected by MediaMax CD-3 contain a file called LAUNCHCD.EXE, while MM-5
albums
include a file named PlayDisc.exe.
When you insert a CD containing either version of MediaMax, an installer
program automatically starts (unless you have disabled the Windows autorun
feature).
This installer places the copy protection driver and other files on the hard
disk, and then presents a license agreement, which you are asked to accept
or decline. In the following scenarios the driver may become permanently
activated even if you always decline the agreement:
List of 3 items
. You insert a CD-3 album, then later insert an MM-5 album
. You insert an MM-5 album, then later insert a CD-3 album
. You insert an MM-5 album, reboot, then later insert the same album or
another MM-5 album
These steps don't have to take place all at once. They can happen over a
period of weeks or months.
This is bad news for people who like to play CDs in their computers. Many
users are unaware that their CDs contain MediaMax until the license
agreement
appears on their screens, but by this time it may be too late to stop the
driver from being permanently activated. Even if users are careful to
decline
the EULA every time, the circumstances when the software becomes active
anyway are common enough to be practically inevitable.
This may be an annoyance to music fans-unless you disable the driver, you'll
have a hard time playing any MediaMax-protected titles, let alone copying
them
to your iPod-but it's also a security risk, since the driver is loaded as
part of the Windows kernel and has the ability to control virtually any
aspect
of the computer's operation. We don't know whether the MediaMax driver
contains any vulnerability that can be exploited to do further damage, but
the way
it is installed creates a dangerous precedent.
Is this behavior illegal? It should be. Installation of system level
software where the user has explicitly denied permission raises serious
security concerns
and is wrong.
