Many Sony CDs install a piece of spyware on listeners' PCs. The program, called MediaMax, from SunComm, has received less attention than the rootkit that made headlines on Hallowe'en, but it is even sneakier, in some ways, than the rootkit was.
Previously, Princeton researchers revealed that the MediaMax software installed itself even if you declined the EULA (the pop-up license agreement). However, the researchers concluded that if you declined the EULA, the software was only active until you restarted Windows.
Now Princeton's Alex Halderman reports that if you insert another MediaMax-infected CD (or the same CD again) and decline the EULA a second time, the software can activate itself permanently.
In some ways, this is unsurprising — we know that non-negotiated "contracts" like DRM EULAs aren't really agreements. No one even expects them to be read, and no one allows you to negotiate the terms if you disagree with them. They contain abusive clauses that no one would ever willingly consent to. They're a comb-over that does little to disguise the glistening, liver-spotted bald pate of bad business-practices that underpin the entertainment industry.
So it's hard to get a lot of spit in your mouth over the revelation that they don't particularly care if you agree to the terms or not — they'll impose them anyway. This is illegal, and EFF is suing them for it. Can't wait for them to get their comeuppance.
In the comments to our last MediaMax story, reader free980211 pointed out that the driver sometimes becomes permanently activated if the same protected CD is used more than once, even if the user never agrees to the EULA. This wasn't apparent from my earlier tests because they were conducted under tightly controlled conditions, with each trial beginning from a fresh Windows installation and involving only carefully scripted operations. I've performed further tests and can now confirm that MediaMax is permanently activated in several common situations in spite of explicitly withheld consent.
Previous installments of the Sony Rootkit Roundup: Part I, Part II, Part III
(Cool Sony CD image courtesy of Collapsibletank)
