Muzzy's summary of Sony's XCP DRM system
I figured I'd write a short summary about the issues regarding XCP
copy protection system used by Sony BMG. My research
page contains some results from my research, but it's just details
and won't give you any idea about the big picture. This page attempts
to describe what's going on, without going too much into details. If
you want to hear my opinions about this all, you can read them in my
Rant and Whine page
For another summary and information on MediaMax as well, see this
comparison
chart by jiri. It's easier to read than my bloated page :)
Main functionality
"XCP offers a comparatively high level of protection against
casual piracy, while working to provide the authorised customer with a
quality digital music experience on their chosen platform." --
www.xcp-aurora.com
- The protected CD is a multisession CD containing unprotected
audio and malware that tampers with your computer's ability to
read the said unprotected audio
- Takes over your computer, modifying running OS kernel
to alter how the system sees its resources
- Prevents your CD-ripping software from functioning
correctly, probably partially based on a blacklist of known ripping
software
- Constantly monitors your running applications and open
windows to see if you're running software the DRM system is interested in,
even when there's no protected CD in the drive
- Phones home reporting when you play a protected CD,
providing Sony with information on which protected CD you're playing, when,
and where you're from.
- Hides files and running programs with names beginning
with $sys$ from the system, cloaking their existence
- Provides a custom player application which can be used
to play the CD and to make 3 private copies, you can't use your
own player software
- Adds noise to ripped CD audio when the DRM system
determines you shouldn't be ripping
Problems
"Most people, I think, don't even know what a rootkit is, so
why should they care about it?" -- Thomas Hesse, the head of Sony
BMG's global digital business.
[source]
- Sony BMG claims that users don't care about their computer being
taken over if they don't know it has happened. Sony isn't apparently
going to apologize, and they're likely going to try again
- EULA on the CD fails to mention what the software really
does, and isn't presented to the consumer prior to purchase
anyway.
- The software doesn't provide uninstall mechanism in
itself
- Since the software is hidden, it's hard to know if and when
it needs to be updated, as user won't know if he/she has it
installed
- File and process hiding creates a security hole which
is already used by multiple viruses
- Bad programming in XCP causes system crashes for some
people
- The player application doesn't work properly on every
system
- Old uninstaller installs ActiveX backdoor which can be
exploited by malicious people to take control of the computer
- Various components of the DRM are deliberately misnamed to
fool the user into thinking it's related to critical system
functionality instead of the XCP DRM system
- Attempting to remove XCP in the most obvious and
straightforward way disables all CD drives after the next
reboot, leaving the computer crippled.
- More than one DRM component infringes copyrights of open
source code (failing to comply with licenses of GPL and LGPL
software)
- The DRM system contains circumvention device for
Apple's Fairplay, likely in violation of DMCA
- The Old uninstaller required internet connectivity, as
it was web based and thus didn't work on systems that had no network
access. Sony BMG pulled it off due to security flaws, though
- With the old uninstalleryou needed to ask permission from Sony
BMG to uninstall, every time you uninstalled, and for every
computer of yours separately
- Probably due to DMCA and fear of being sued over reverse engineering
a DRM system, most security companies chose to ignore the
threat and prioritize their own security over that of their customers.
- The DRM makes people think they don't have a right to listen to the
music the way they want to unless there's a licence granting such right.
(Might be technically true in some legistlations, but that'd make it
illegal to copy audio CDs to portable music players even if there was
no protection system in place at all. Also, remember that there's
no right to listen to things, nor is there right to
read)
- The noise adding system for CD ripping doesn't work
flawlessly, and it is reported to rarely add noise to
unprotected CDs and it sometimes lets you rip a protected CD without
noise.
- Continuously consumes system resources by scanning
running processes and open windows even when there's no protected CD in
the drive, leading to at least 1-2% loss of computing power
- Even though Sony BMG is having an exchange program, this program
isn't being widely publicized and infected CDs will remain in
circulation, affecting hundreds of thousands of systems over
years to come.
- Sony BMG could technically inform all affected customers
with their own phone-home mechanism, by displaying a banner which tells
customers of the exchange program. They're not doing this, however.
- Apparently there will be no refund of CDS or compensation for
damages that Sony BMG has caused
Other info
- Sony BMG has finally released a
standalone
uninstaller which appears to work.
- You can prevent XCP from installing into your system by
holding down shift when you insert the CD or by
turning off
autorun. Doing so will bypass the DRM system, but pay attention
to the fact that on windows 2000 and later you're practically turning
off Media Change notifications, and some applications might depend on
this feature. (There was a better way to turn off autorun in these
systems but I can't find it right now)
- Sony BMG has
a list of the 52 affected titles on their web site. Earlier
they claimed only around 20 titles were affected
- If you have an XCP infected CD, Sony BMG has
an exchange
program to replace the CDs to a version without XCP. Notice
that even though the exchange program only says the new CD will be
without XCP, Sony BMG's XCP FAQ (below) speaks of unprotected CDs.
This should mean that they won't screw you by giving away CDs with
another copy protection scheme on them.
- You can read Sony BMG's side to the story in their
XCP FAQ.
You should, however, realize it's mostly PR
- It's actually safer to illegitimately download the songs
from the internet than it is to buy a CD and use the legitimate
version. This might be a beginning of a time when customers will be
asking their dealers if the copy they're buying is definitely an
illegitimate copy without protection, and that the dealer isn't trying
to scam them by selling them the real thing
- Since it only takes one person to rip the CD (bypassing the
protection by holding down shift), the DRM system doesn't prevent
or even slow down illegitimate distribution over the internet
- Sony BMG uses other copy protection system as well,
SunnComm MediaMax,
which is even worse than XCP in some ways. It installs even
if you say you don't agree to EULA, has no uninstaller, phones home and
so on.
Did I miss anything? Mail me if you have additions (or
corrections)
Updated 2005-12-06 Matti Nikki
<muzzy@iki.fi>