I WAS NOT GOING TO POST ANY THING FOR THE HOLIDAYS,BUT HERES MORE SORY CRAP..
SunnComm MediaMax may be as bad as XCP without rootkit
Posted by Seán Byrne on 24 November 2005 - 01:00 - Source: p2pnet.net
While Sony's XCP Rootkit copy protection may have caused enough problems so far, apparently the MediaMax technology Sony uses to copy protect its other CDs can be just as bad as XCP without the Rootkit part. Unlike the XCP copy protection, the MediaMax service is automatically installed, whether or not the user agrees to the EULA. It is also considered Spyware since it 'calls home' without the user's consent and finally, like XCP it also lacks an uninstaller and is rather difficult to remove.
As the MediaMax technology needs to install itself as a kernel service, users can only play these CDs while logged on as an Administrator, which not only hogs system resources and memory as a constantly running background process, but also prevents users at universities and at work from playing these CDs if they don't have administrative rights to their system.
Finally, in order to play these CDs, consumers need to use the included MediaMax player. This player only works with these CDs and vice versa, thus preventing consumers from using their preferred players, let alone use MediaMax as a player that plays all CDs. As a result, some consider this to be a potential security risk since if any security flaws are found in either the software or the kernel service, the user cannot simply just uninstall MediaMax to eliminate the security risk, like what happened with XCP, not to mention the risk of using its uninstaller!
Yesterday two lawsuits were filed against Sony, by the Texas Attorney General and the EFF. The Texas suit claims that Sony’s XCP technology violates the state’s spyware law. The EFF suit claims that two Sony technologies, XCP and MediaMax, both violate various state laws.
One interesting aspect of the EFF suit is its emphasis on MediaMax. Most of the other lawsuits have focused on Sony’s other copy protection technology, XCP. The EFF suit does talk about XCP, but only after getting through with MediaMax. Emphasizing MediaMax seems like a smart move — while Sony has issued an apology of sorts for XCP and has recalled XCP discs, the company is still stonewalling on MediaMax, even though MediaMax raises issues almost as serious as XCP.
As Alex wrote last week, MediaMax is spyware: it installs software without notice or consent; it phones home and sends back information without notice or consent; and it either doesn’t offer an uninstaller or makes the uninstaller difficult to get and use. MediaMax lacks the rootkit-like feature of XCP, but otherwise MediaMax shares all of the problems of XCP, including serious security problems with the uninstaller (mitigated by the difficulty of getting the uninstaller; see above).
The full article can be read here.
It looks like the felt-tip pen / sticky tape method will start coming in handy when it comes to these CDs, even as a temporary measure to make a local unprotected copy and then never pop the dreaded CD in the PC again. Even if Sony or any other music label is forced to provide an uninstaller for their copy protection software as a result of the recent EFF lawsuit, it will not be of much benefit if the user is forced to install the player each time they wish to play their CD. On the other hand, it will be interesting to see if anti-spyware tools start updating their database updates to recognise these installed copy protection tools and offer to remove the unwanted services, like what some do for XCP.
http://www.cdfreaks.com/news/12724
MediaMax place in Sony scandal
p2p news / p2pnet: At least one report has it that Sony BMG's sales haven't been affected by the ongoing DRM spyware scandal.
Meanwhile, Sony BMG's First4Internet app has been getting all the attention – except from the EFF (Electronic Frontier Foundation) n>>>>>>>>>>>>>>>>>>>>>>>>
More Suits Filed; MediaMax Insecurity Remains
By Ed Felten - Freedom to Tinker
Yesterday two lawsuits were filed against Sony, by the Texas Attorney General and the EFF. The Texas suit claims that Sony’s XCP technology violates the state’s spyware law. The EFF suit claims that two Sony technologies, XCP and MediaMax, both violate various state laws.
One interesting aspect of the EFF suit is its emphasis on MediaMax. Most of the other lawsuits have focused on Sony’s other copy protection technology, XCP. The EFF suit does talk about XCP, but only after getting through with MediaMax. Emphasizing MediaMax seems like a smart move — while Sony has issued an apology of sorts for XCP and has recalled XCP discs, the company is still stonewalling on MediaMax, even though MediaMax raises issues almost as serious as XCP.
As Alex wrote last week, MediaMax is spyware: it installs software without notice or consent; it phones home and sends back information without notice or consent; and it either doesn’t offer an uninstaller or makes the uninstaller difficult to get and use. MediaMax lacks the rootkit-like feature of XCP, but otherwise MediaMax shares all of the problems of XCP, including serious security problems with the uninstaller (mitigated by the difficulty of getting the uninstaller; see above).
But even if all these problems are fixed, the MediaMax software will still erode security, for reasons stemming from the basic design of the software.
For example, MediaMax requires administrator privileges in order to listen to a CD. You read that right: if you want to listen to a MediaMax CD, you must be logged in with enough privileges to manipulate any part of the system. The best practice is to log in to an ordinary (non-administrator) account, except when you need to do system maintenance. But with MediaMax, you must log in to a privileged account or you can’t listen to your CD. This is unnecessary and dangerous.
Some of the security risk of MediaMax comes from the fact that users are locked into the MediaMax music player application. The player app evades the measures designed to block access to the music; and of course the app can’t play non-MediaMax discs, so the user will have to use multiple music players. Having this extra code on the system, and having to run it, increases security risk. (And don’t tell me that music players don’t have security bugs — we saw two serious security security bugs in Sony music software last week.) Worse yet, if a security problem crops up in the MediaMax player app, the user can’t just switch to another player app. More code, plus less choice, equals more security risk.
Worse yet, one component of MediaMax, a system service called sbcphid, is loaded into memory and ready to run at all times, even when there is no disc in the CD drive and no music is being played. And it runs as a kernel process, meaning that it has access to all aspects of the system. This is another component that can only add to security risk; and again the user has no choice.
It’s important to recognize that these problems are caused not by any flaws in SunnComm and Sony’s execution of their copy protection plan, but from the nature of the plan itself. If you want to try to stop music copying on a PC, you’re going to have to resort to these kinds of methods. You’re going to have to force users to use extra software that they don’t want. You’re going to have to invoke administrator privileges more often. You’re going to have to keep more software loaded and running. You’re going to have to erode users’ ability to monitor, control, and secure their systems. Once you set off down the road of copy protection, this is where you’re going to end up.
=====================
Tired of being treated like a criminal? They depend on you, not the other way around. Don't buy their 'product'. Do bug your local political representatives. Use emails, snail-mail, phone calls, faxes, IM, stop them in the street, blog. And if you're into organizing, organize petitions, organize demonstrations and then turn up on your local political rep's doorstep, making sure you've contacted your local tv/radio station/newspaper in advance.
http://p2pnet.net/story/7082
It's easy to say "boycott thier product", but there's still one big problem. The public, in general, has no idea that any of this is going on. Yes, all of us here in the forums know what's going on and I'm sure 99% of us spread the word to our friends, neighbors, etc., but when's the last time you watched something on your local news or read something in the newspaper. Until the masses are informed, these big corps are just going to keep pushing and pushing.
