Muzzy's summary of Sony's XCP DRM system

I figured I'd write a short summary about the issues regarding XCP copy protection system used by Sony BMG. My research page contains some results from my research, but it's just details and won't give you any idea about the big picture. This page attempts to describe what's going on, without going too much into details. If you want to hear my opinions about this all, you can read them in my Rant and Whine page

For another summary and information on MediaMax as well, see this comparison chart by jiri. It's easier to read than my bloated page :)

Main functionality

"XCP offers a comparatively high level of protection against casual piracy, while working to provide the authorised customer with a quality digital music experience on their chosen platform." -- www.xcp-aurora.com

• The protected CD is a multisession CD containing unprotected audio and malware that tampers with your computer's ability to read the said unprotected audio
• Takes over your computer, modifying running OS kernel to alter how the system sees its resources
• Prevents your CD-ripping software from functioning correctly, probably partially based on a blacklist of known ripping software
• Constantly monitors your running applications and open windows to see if you're running software the DRM system is interested in, even when there's no protected CD in the drive
• Phones home reporting when you play a protected CD, providing Sony with information on which protected CD you're playing, when, and where you're from.
• Hides files and running programs with names beginning with $sys$ from the system, cloaking their existence
• Provides a custom player application which can be used to play the CD and to make 3 private copies, you can't use your own player software
• Adds noise to ripped CD audio when the DRM system determines you shouldn't be ripping

Problems

"Most people, I think, don't even know what a rootkit is, so why should they care about it?" -- Thomas Hesse, the head of Sony BMG's global digital business. [source]

• Sony BMG claims that users don't care about their computer being taken over if they don't know it has happened. Sony isn't apparently going to apologize, and they're likely going to try again
• EULA on the CD fails to mention what the software really does, and isn't presented to the consumer prior to purchase anyway.
• The software doesn't provide uninstall mechanism in itself
• Since the software is hidden, it's hard to know if and when it needs to be updated, as user won't know if he/she has it installed
• File and process hiding creates a security hole which is already used by multiple viruses
• Bad programming in XCP causes system crashes for some people
• The player application doesn't work properly on every system
• Old uninstaller installs ActiveX backdoor which can be exploited by malicious people to take control of the computer
• Various components of the DRM are deliberately misnamed to fool the user into thinking it's related to critical system functionality instead of the XCP DRM system
• Attempting to remove XCP in the most obvious and straightforward way disables all CD drives after the next reboot, leaving the computer crippled.
• More than one DRM component infringes copyrights of open source code (failing to comply with licenses of GPL and LGPL software)
• The DRM system contains circumvention device for Apple's Fairplay, likely in violation of DMCA
• The Old uninstaller required internet connectivity, as it was web based and thus didn't work on systems that had no network access. Sony BMG pulled it off due to security flaws, though
• With the old uninstalleryou needed to ask permission from Sony BMG to uninstall, every time you uninstalled, and for every computer of yours separately
• Probably due to DMCA and fear of being sued over reverse engineering a DRM system, most security companies chose to ignore the threat and prioritize their own security over that of their customers.
• The DRM makes people think they don't have a right to listen to the music the way they want to unless there's a licence granting such right. (Might be technically true in some legistlations, but that'd make it illegal to copy audio CDs to portable music players even if there was no protection system in place at all. Also, remember that there's no right to listen to things, nor is there right to read)
• The noise adding system for CD ripping doesn't work flawlessly, and it is reported to rarely add noise to unprotected CDs and it sometimes lets you rip a protected CD without noise.
• Continuously consumes system resources by scanning running processes and open windows even when there's no protected CD in the drive, leading to at least 1-2% loss of computing power
• Even though Sony BMG is having an exchange program, this program isn't being widely publicized and infected CDs will remain in circulation, affecting hundreds of thousands of systems over years to come.
• Sony BMG could technically inform all affected customers with their own phone-home mechanism, by displaying a banner which tells customers of the exchange program. They're not doing this, however.
• Apparently there will be no refund of CDS or compensation for damages that Sony BMG has caused

Other info

• Sony BMG has finally released a standalone uninstaller which appears to work.
• You can prevent XCP from installing into your system by holding down shift when you insert the CD or by turning off autorun. Doing so will bypass the DRM system, but pay attention to the fact that on windows 2000 and later you're practically turning off Media Change notifications, and some applications might depend on this feature. (There was a better way to turn off autorun in these systems but I can't find it right now)
• Sony BMG has a list of the 52 affected titles on their web site. Earlier they claimed only around 20 titles were affected
• If you have an XCP infected CD, Sony BMG has an exchange program to replace the CDs to a version without XCP. Notice that even though the exchange program only says the new CD will be without XCP, Sony BMG's XCP FAQ (below) speaks of unprotected CDs. This should mean that they won't screw you by giving away CDs with another copy protection scheme on them.
• You can read Sony BMG's side to the story in their XCP FAQ. You should, however, realize it's mostly PR
• It's actually safer to illegitimately download the songs from the internet than it is to buy a CD and use the legitimate version. This might be a beginning of a time when customers will be asking their dealers if the copy they're buying is definitely an illegitimate copy without protection, and that the dealer isn't trying to scam them by selling them the real thing
• Since it only takes one person to rip the CD (bypassing the protection by holding down shift), the DRM system doesn't prevent or even slow down illegitimate distribution over the internet
• Sony BMG uses other copy protection system as well, SunnComm MediaMax, which is even worse than XCP in some ways. It installs even if you say you don't agree to EULA, has no uninstaller, phones home and so on.

Did I miss anything? Mail me if you have additions (or corrections)