Active CD protection and spyware

Active CD protection and spyware

Summary: By now, you've probably tired of hearing about Sony BMG's rootkit-based DRM and may have come to the conclusion that this was one bad actor in a sea of less intrusive and maybe even effective DRM strategies.  In his usually clear style, Ed Felton has explained why this isn't so.

SHARE:
TOPICS: Security
7

By now, you've probably tired of hearing about Sony BMG's rootkit-based DRM and may have come to the conclusion that this was one bad actor in a sea of less intrusive and maybe even effective DRM strategies.  In his usually clear style, Ed Felton has explained why this isn't so.  In Ed's analysis, active CD DRM strategies have to use the same strategies as spyware purveyors. 

So if you’re designing a CD DRM system based on active protection, you face two main technical problems:

  1. You have to get your software installed, even though the user doesn’t want it.
  2. Once your software is installed, you have to keep it from being uninstalled, even though the user wants it gone.

These are the same two technical problems that spyware designers face

As Ed points out, people who face the same technical problems usually find similar solutions.  In the case of active CD copy protection, that technical solution comes down to rootkits.  You either have to use the same tactics that spyware manufacturers use or your copy protection will be easily rendered ineffective by end users.  This could even be done automatically by other programs. 

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

7 comments
Log in or register to join the discussion
  • Yut, yut, yut! Pretty much correct (sadly).....

    CD's are becoming more and more protected, I am buying fewer and fewer CD's. Pretty simple inverse relationship. I used to buy CD's without even thinking about it. Now, I find out first if they have copy protection. If so, no sale. Far as I'm concerned, the record companies are not much above spyware companies in that they want to control and/or monitor what I do with my computer and my data.
    shawkins
  • I was thinking the same thing

    In fact, I posted something similar to a previous talkback: http://news.zdnet.com/5208-1009-0.html?forumID=1&threadID=14921&messageID=298246&start=-1
    enduser_z
  • Copy protection as illegal as spyware

    The scumbag and parasite who design those pathetic attempt at taking away customer >>***LEGAL***<< rights should be arrested on the spot. There is no moral (and financial) reason to copy protect media content. Since the introduction of the 1st consumer recording device, low life corporate like the total garbage macrovision who as stole billions of dollars form consumer for nearly 20 years. Every time there is a copy protection involved customer are ripped off on many levels like: loose of privacy, paying for a crippled hardware (the illegal macrovision taxes on DVD chip and VCR). Beside no copy protection of any kind has ever worked. There only and sole result is the illegal removing of consumer rights. They have never prevent and will never prevent real pirates from making copy and selling them. The consumers (and the media companies) are been ripped by company like macrovision and fisrt 4 internet as they product as/is not/will never stop illegal copying of DVD/CD.

    The only thing that will stop piracy is LOWER PRICE and nothing else. Also when company has a copy proof product then are immediately starting ripping off consumers. It?s not only on the CD protection part that Sony is a scumbag. Look at the almost criminally inflated price of movie on UMD for the PSP. Lucky for most PSP?s owner, the UMD format as been cracked wide open and now those movie as floating on the net. Sony will blame piracy for sluggish for sure, but what about selling the UMD what they really worth? ~10$.
    Copy protection as illegal as spyware


    The scumbag and parasite who design those pathetic attempt at taking away customer >>***LEGAL***<< rights should be arrested on the spot. There is no moral (and financial) reason to copy protect media content. Since the introduction of the 1st consumer recording device, low life corporate like the total garbage macrovision who as stole billions of dollars form consumer for nearly 20 years. Every time there is a copy protection involved customer are ripped off on many levels like: loose of privacy, paying for a crippled hardware (the illegal macrovision taxes on DVD chip and VCR). Beside no copy protection of any kind has ever worked. There only and sole result is the illegal removing of consumer rights. They have never prevent and will never prevent real pirates from making copy and selling them. The consumers (and the media companies) are been ripped by company like macrovision and fisrt 4 internet as they product as/is not/will never stop illegal copying of DVD/CD.

    The only thing that will stop piracy is LOWER PRICE and nothing else. Also when company has a copy proof product then are immediately starting ripping off consumers. It?s not only on the CD protection part that Sony is a scumbag. Look at the almost criminally inflated price of movie on UMD for the PSP. Lucky for most PSP?s owner, the UMD format as been cracked wide open and now those movie as floating on the net. Sony will blame piracy for sluggish for sure, but what about selling the UMD what they really worth? ~10$.
    Mectron
  • Copy protection as illegal as spyware

    The scumbag and parasite who design those pathetic attempt at taking away customer >>***LEGAL***<< rights should be arrested on the spot. There is no moral (and financial) reason to copy protect media content. Since the introduction of the 1st consumer recording device, low life corporate like the total garbage macrovision who as stole billions of dollars form consumer for nearly 20 years. Every time there is a copy protection involved customer are ripped off on many levels like: loose of privacy, paying for a crippled hardware (the illegal macrovision taxes on DVD chip and VCR). Beside no copy protection of any kind has ever worked. There only and sole result is the illegal removing of consumer rights. They have never prevent and will never prevent real pirates from making copy and selling them. The consumers (and the media companies) are been ripped by company like macrovision and fisrt 4 internet as they product as/is not/will never stop illegal copying of DVD/CD.

    The only thing that will stop piracy is LOWER PRICE and nothing else. Also when company has a copy proof product then are immediately starting ripping off consumers. It?s not only on the CD protection part that Sony is a scumbag. Look at the almost criminally inflated price of movie on UMD for the PSP. Lucky for most PSP?s owner, the UMD format as been cracked wide open and now those movie as floating on the net. Sony will blame piracy for sluggish for sure, but what about selling the UMD what they really worth? ~10$.
    Copy protection as illegal as spyware


    The scumbag and parasite who design those pathetic attempt at taking away customer >>***LEGAL***<< rights should be arrested on the spot. There is no moral (and financial) reason to copy protect media content. Since the introduction of the 1st consumer recording device, low life corporate like the total garbage macrovision who as stole billions of dollars form consumer for nearly 20 years. Every time there is a copy protection involved customer are ripped off on many levels like: loose of privacy, paying for a crippled hardware (the illegal macrovision taxes on DVD chip and VCR). Beside no copy protection of any kind has ever worked. There only and sole result is the illegal removing of consumer rights. They have never prevent and will never prevent real pirates from making copy and selling them. The consumers (and the media companies) are been ripped by company like macrovision and fisrt 4 internet as they product as/is not/will never stop illegal copying of DVD/CD.

    The only thing that will stop piracy is LOWER PRICE and nothing else. Also when company has a copy proof product then are immediately starting ripping off consumers. It?s not only on the CD protection part that Sony is a scumbag. Look at the almost criminally inflated price of movie on UMD for the PSP. Lucky for most PSP?s owner, the UMD format as been cracked wide open and now those movie as floating on the net. Sony will blame piracy for sluggish for sure, but what about selling the UMD what they really worth? ~10$.
    Mectron
  • Customers are Not The Enemy

    The DRM model is based on an assumption that is essentially self-fulfilling... basically that your customers are your enemy.

    The challenge for business and security folks is to change that model.

    Make customers your friends. Put them on the same side of the economic equation as you are. Create a carrot, not just a stick.

    After all, what are the other things that we know:

    1. DRM and similar security systems "fail deadly" - once broken, there is no way for the system to recover.

    2. DRM, rootkits, and similar systems do not work that well.... how many security companies will take liability for the weaknesses of their solution or provide customer support for false-positives?

    3. Media companies expose themselves to liability and huge customer support problems with any of these approaches.

    4. The goal of a company is to maximize its revenue, security approaches need to balance that out. How many sales are gained vs. lost? Is the security approach the best use of dollars? There is a knee-jerk element to the entire anti-piracy movement. What are the downsides? See the article at: http://www.playnoevil.com/serendipity/index.php?/categories/7-DRM-Piracy on how ADV manages its piracy threat.

    Also, see:

    http://www.itglobalsecure.net/pdf/BeyondDigitalRights.pdf

    The challenge for companies concerned about protecting digital assets is to find new strategies.... today's approaches are at best failures, at worst, they could destroy your business.

    Steven Davis
    CEO
    IT GlobalSecure Inc.
    http://www.secureplay.com/
    secureplay_z
    • Competitors are the Enemy

      drm isn't working. bottom line is that all music that is drm-protected will end up as an mp3 file, even if it's just the legal owner of a cd who wants the convenience of listening to it on his non-compatible (but .mp3 capable) player. eventually each and every work of .mp3 music will end up shared. so, i've been puzzled why the record companies even try. well,
      Ed Felton has a wonderful analysis of why here:

      http://www.freedom-to-tinker.com/

      for starters: it has nothing to do with preventing the purchaser from listening to his music. that's just collateral damage.

      mark d.
      markdoiron
  • Active CD protection and spyware

    The lads (Mectron & company) have certainly made good points. Although few care for Mechtron's rhetoric, his message is certainly true. The only reason to develop and maintain copyright devices in media is to make money. Money can be made in two ways. Legimate purchases or litigation.

    There will always be the fringe element that feels it is their destiny to "steal" content. And, they will not be stopped.

    However, if media companies continue to "cripple" or "enhance" their products to the point that no one wants to buy them legitimately, then that source of revenue is lost to them.

    This is when they (like Sony and the other Hollywood pirates) turn to litigation. But soon they will realize that, given the high cost of law school, this will also turn out to be a net loss.

    Not to mention the continuous payment of royalties to the "dirtbags" that create these odious schemes to keep us from listening to our music or our grandchildren from watching their movies.

    Which brings me to my final point.

    I now refuse to buy any media which cannot be duplicated. In my personal use, I do not parade my master copy of a music CD or movie DVD around to be damaged in casual daily usage. I make a copy and secure the original in a fire-proof box. When the copy becomes worn to the point that it will not operate (or, as I have painfully learned the hard way with grandchildren when one of the little tykes bent a popular, expensive and now unreplaceable Disney DVD in half by accident) I merely retrieve the original, make another usable copy and return the original to it's safe place. My grandchildren are learning to use the VCR (since it is, to my knowledge, impossible to obtain DVDs without the moronic copy protection schemes) and my music collection has shrunk by the number of CDs found with any software whatsoever found on the disk.

    Just one person's experience you say? Does anyone remember Lotus' popular spreadsheet program from long ago? Can anyone even tell me it's name? Come. Please. It is as easy as ... here it comes ... 1-2-3. Why isn't this supposed tower of spreadsheet power still in common daily usage? Well, aside from some very apparent lack of compatibilities with other PC programs, and one actual mis-calculation that I know of (that they refused to fix BTW), it had an odious copy protection scheme that drove everyone nutz. It was a little laser hole in the floppy disk. So when your disk wore out, your license did too and you had to get it replaced! Talk about holding up the works, eh!

    The only reasonable approach I've heard of ... keeping in mind that we legitimate purchasers of media entertainment want the pirates caught as badly as anyone else ... is something called watermarking. Watermarking "marks" the original disk with the original purchaser's identity (or at least some legally identifiable information in case you need to prove ownership). For us, the legitimate purchasers, this is nirvana. We can play anywhere, copy as required and generally enjoy the media which we have legitimately purchased.

    However, with "watermarking", if you are some college kid bozo with a broadband connection or a pirate in Beijing, it is your backside that the authorities will be hunting for and more power to them I say!! I can produce my original ... can U!

    Speaking of college bozos ... I've said on more than one occasion that if Sony and the Hollywood jokers were actually serious about theft (rather than ballooning profits), they could eliminate more than 3/4 of it by billing college universities for each copyrighted song that passes through the college server farm. Easy to track (build the filter into the server software on the next "update"), easy to bill (every transaction traceable) and legally easy to collect (the copyright information is already in place)!!!
    ttocsmij