I wish I’d never starting posting about the Sony DRM issues, because now I feel like I have to continue the long, long story. But I’ll keep it short, as I think Sony is going to have to make some major concessions in order to stop this PR nightmare.
Today Mark Russinovich did more research into the DRM, and discovered that the patch that Sony provided, because of the nature of it, could crash your system, although that chance is slight.
However, Sony’s uncloaking patch puts users systems at risk of a blue-screen crash and the associated chance of data loss. The risk is small, but I made the point in my last post that the type of cloaking performed by the Aries driver prohibits safely unloading the driver while Windows is running:
It’s never safe to unload a driver that patches the system call table since some thread might be just about to execute the first instruction of a hooked function when the driver unloads; if that happens the thread will jump into invalid memory. There’s no way for a driver to protect against this occurrence, but the Aries driver supports unloading and tries to keep track of whether any threads are executing its code. The programmer failed to consider the race condition I’ve described.
Great, eh? In addition, the CEO of the company which provides digital rights management tools and software to global music publisher Sony BMG denied that his software is a rootkit. Technically, it is NOT, because it does not open a backdoor for communication. On the other hand, tell that to Blizzard.
We haven’t heard the last of this.
