Just when you thought it was ... Nah.
You knew there was golng to be more. All the digging, researching, blogging, and handwringing over Sony's DRM Rootkit DRM Scheme obviously led to more digging, researching...etc...etc... on other DRM mechanisms.
J. Alex Halderman at Freedom to Tinker, who was instrumental in tracking down a lot of the problem with the patch Sony issued for the Sony XCP copy protection scheme, has also tracked down problems with another Sony DRM mechanism. Sony also uses copy protection software from SunnComm. While the spyware-like behavior of that copy protection scheme is somewhat still up for debate, the problem here lies with the web based uninstaller SunnComm provides to remove the offending software.
By using the uninstall sofwate you can open a hole in your system's security that will allow malacious code to work its black magic. In fact, acccording to Halderman's research this security breach is worse than the one caused by the uninstall software for the XCP routine.
Ouch.
As always, another good source on this info is Brain Krebs with the Washington Post's Security Fix blog. He weighs in with an opinion that mirrors my own:
After the whole Sony BMG fiasco originally broke, lots of smart people were saying it could be the death knell for DRM technologies. I was not so convinced of that at the time, but as each passing day brings more revelations about how poorly designed these products are, I am beginning to come around to that opinion myself.
