MediaMax: worse than you thought

Freedom to Tinker revisits MediaMax (Sony BMG’s other DRM scheme for audio discs, the one that comes from SunnComm and doesn’t contain a rootkit) and finds that its surreptitious installer behavior is even more user hostile than previously documented. Previously it was documented that code is always placed on your machine prior to acceptance of the EULA. Now it appears that the copy protection driver can be permanently activated even if you never accept the EULA:

When you insert a CD containing either version of MediaMax, aninstaller program automatically starts (unless you have disabled theWindows autorun feature). This installer places the copy protectiondriver and other files on the hard disk, and then presents a licenseagreement, which you are asked to accept or decline. In the followingscenarios the driver may become permanently activated even if youalways decline the agreement:

  • You insert a CD-3 album, then later insert an MM-5 album
  • You insert an MM-5 album, then later insert a CD-3 album
  • You insert an MM-5 album, reboot, then later insert the same album or another MM-5 album

These steps don’t have to take place all at once. They can happen over a period of weeks or months.

This gives some real ammunition to the EFF lawsuit, which is the only one of the currently active lawsuits to address MediaMax. Installing software even when the user says No is sleazy, nasty behavior. It also indicates poor testing on the part of MediaMax–which is hardly surprising if you look at their development process, which like First4Internet involves asking for help in public forums. (Thanks to BoingBoing for the links.)

8 Responses to “MediaMax: worse than you thought”

  1. Josh Says:

    It’s a bug, one that must follow halderman’s instructions exactly. You have to do all five steps (the 3rd step is actually 3 steps: insert MM-5, reboot, insert MM-5) in order.

    The odds of it actually happening are small. Reboot at any other step and it doesn’t happen. Don’t reboot at all and it doesn’t happen. The only person that has demonstrated the bug besides sunncomm’s testers is halderman himself, and it has in fact been fixed in MM-5 long ago.

    It’s yet another attempt by halderman to get his fifteen minutes of fame. First4Internet screwed up big time, and the best he can do is join in on the flame fest by trying to tie any issues with mediamax, however small with xcp.

    - Macrovision CDS-300 hooks the syscall table (exploit me!)
    - iTunes has your name and credit card info in every iTunes purchase,
    - windows media player and \windows\system32\blackbox.dll mkay

    And people sensationalize mediamax?


    ex sunncomm developer

  2. Dave Says:

    Dude, he isn’t saying those are steps — he’s saying they are three different scenarios in which the driver will install/run permanently. And I think there’s more than a “small chance” of one or more of these scenarios occurring, especially if SonyBMG really does intend to corrupt all of its titles with this crap eventually.

    But the larger issue is, where do you people get off putting this sh*t on other people’s computers? You act like you own my system’s resources and functionality. Well, you don’t. I consider this kind of behavior theft and trespass.

    The Suncomms/SonyBMGs of the world want it both ways: they want their stupid EULAs to be legal agreements for the user, but not be binding on their company in any way. I don’t think any intelligent person considers EULAs to be real agreements or demonstrate meaningful consent anyway, so at least I agree with the companies’ decision to ignore them. So should we all.

    (Also, I thought the “But Johnny did it too!” defense was mostly unlearned after one left kindergarten, but apparently not in the Suncomm/Sony universe.)

  3. Steve U.K. Says:

    Sony, F4i, SunnComm?…HANG ‘EM ‘n’ hang ‘em HIGH !!!…..

  4. Jiri Baum Says:

    The just-filed District of Columbia lawsuit also addresses MediaMax.

  5. Tim Jarrett Says:

    Jiri, do you have a link for the DC lawsuit? I can’t find it in any of the usual sources.

  6. The Sony Boycott Blog » Blog Archive » Lawsuit in DC? Says:

    […] Jiri posts in my comments that there is a “just filed” lawsuit in the District of Columbia that covers both XCP and MediaMax. Anyone have a link? […]

  7. SunnComm Exposer Says:

    I think you will find the following post “explosive” in the corruption inside SunnComm. In the above blog you give a link to a request by SunnComm for help in public forums: http://www.boingboing.net/2005/11/28/programmers_on_sonys.html

    If you go to that link you will find the requester name as Ken Fagan and the date 01-may-2001.

    SunnComm has a feature on its web site called “Ask The President”. This is supposed to be an informal Q & A where SunnComm’s President Peter Jacobs answers questions from investors and others (those who follow it closely, know it is used for blatant pumping of the company stock with inuendo on deals that never materialize etc.). Most old Q&As have been removed, but with the benefit of Wayback Machine, we can see some Q&As from 2002.

    http://web.archive.org/web/20021018095120/http://www.sunncomm.com/asktheprez/asktheprez.asp

    Take a look at the 2nd last Q&A at that link. As you can see it is an almost incredulous endorsement of SunnComm by Microsoft (Has Microsoft ever said such glowing statements about any other company, never mind a penny stock?). The statements were made by Ken Cavelon, Engagement Manager, Microsoft Services for ISV Partners. But when that Q&A first appeared on AskThePrez, the name was not Ken Cavelon, but Ken Fagan, using the same title.

    When the original, with Ken Fagan as the author appeared, some astute investors remembered the name Ken Fagan from an SEC filing by SunnComm. It appears that Ken Fagan (at the time employed by Microsoft) was given a contract by SunnComm to help sell SunnComm products to major software vendors (including Microsoft).

    “Consulting Agreement

    On August 18, 2000, we entered into a Consulting Agreement with Kenneth W. Fagan, whereby Mr. Fagan agreed to act as Special Advisor to the board of directors and a corporate consultant. The term of the agreement is one (1) year. We paid Mr. Fagan an initial payment of $2,500 upon the execution of the agreement. We also agreed to pay Mr. Fagan $2,000 per month during the term, along with 250,000 restricted shares of the Company’s common stock upon the execution of the agreement. Mr. Fagan has a right to earn up to 750,000 options at an exercise price of .22as follows: 34% to be issued upon the signing of three (3) licensing agreements with major software vendors ($25,000000 + in revenues) delivered by Mr. Fagan, and 66% to be issued upon the signing of a
    licensing agreement with a large independent software vendor (such as Oracle, Microsoft, etc.) delivered by Mr. Fagan. See Exhibit 10.17 for a copy of the Consulting Agreement.”

    http://www.sec.gov/Archives/edgar/data/1122973/000108671501000100/0001086715-01-000100-0001.txt

    They also remembered that Ken Fagan used post on the Raging Bull board for SunnComm using the alias Illuvetar. Unfortunately RB has removed all old posts, but this is an example of one of Illuvetar’s posts (I am including the link - not working now obviously - but available to the SEC/FBI should they wish to demand RB produce the original):

    “BUY BUY BUY!!! This could be a $30B Company (that’s right, a B!) in a matter of months!!!”

    http://ragingbull.lycos.com/mboard/boards.cgi?board=SUNX&read=533

    In several posts around that time, Illuvetar (his profile gave his e-mail as kenfagan@microsoft.com) identified himself as a Microsoft employee and he used his employment status with Microsoft to add credibility to his recommendations on SunnComm (he never mentioned his contract with SunnComm though). He also was (and still is I believe) a Microsoft employee when he entered that contract with SunnComm, which represented a huge conflict of interests.

    After the endorsement of SunnComm by Microsoft (via Ken Fagan) appeared on AskThePrez, posters started questioning the whole integrity of what was written since they were reminded by the astute posters of Ken Fagan’s association with SunnComm. One poster wrote some e-mails to Ken Fagan and although no satisfactory explanation was given, Fagan revealed that he had decided to change his name to Ken Cavallan.

    (Note: when SunnComm first changed the name showing in the AskThePrez Q&A from Fagan, they originally mispelled it as Cavelon - see link I gave above. It took 2 further attempts to get it right. See this subsequent Wayback Machine snapshot where they have finally got it right:

    http://web.archive.org/web/20030113222058/http://www.sunncomm.com/asktheprez/asktheprez.asp )

    Although many suspected the name change might have a lot to do with the fact that the whole event as detailed above was submitted to the SEC, Ken Fagan (now Cavallan) in a Raging Bull post gave this as the reason.

    “And yes, I did change my name on August 1st, 2002. Wouldn’t you if your name was FAGan and you could? (My kids were sick of getting teased and I was sick of re-living it! So we took my mother’s maiden name!)”

    http://www.ragingbull.lycos.com/mboard/boards.cgi?board=STEH&read=35524

    So when Fagan asked for help on May 1st 2001, not only was he under contract to SunnComm, but he was also employed by Microsoft and was asking questions concerning Windows Media DRM, a Microsoft product.

    These are some posts of Illuvetar (recorded by some of the astute investors) that show his blatant pumping of SunnComm - without acknowledging his relationship with the company:

    http://ragingbull.lycos.com/mboard/boards.cgi?board=STEH&read=38979
    http://ragingbull.lycos.com/mboard/boards.cgi?board=STEH&read=39046
    http://ragingbull.lycos.com/mboard/boards.cgi?board=STEH&read=39053

    Not only did Fagan pump SunnComm without disclosing his relationship with the company, but it also appears he was deliberately misleading. In this post he tries to give the impression he doesn’t know the CEO, Peter Jacobs.

    http://ragingbull.lycos.com/mboard/boards.cgi?board=STEH&read=39039

    That was made just 2 weeks before his contract commenced and he doesn’t know the CEO. Yet in his 21 Jan 2003 confession he tells us:

    “Actually, the relationship at its very beginnings(beyond that of just licensee), goes back to August 18th, 2000 when I joined the Board of Advisors of SunnComm, Inc. (And actually I knew Peter before that, it is the roots of our long standing relationship that have brought these two companies together.) ”

    http://www.ragingbull.lycos.com/mboard/boards.cgi?board=STEH&read=35524

    You can make your own mind up as to what type of company SunnComm is.

    Don’t forget that December 14th is the 5th anniversary of when SunnComm issued the infamous PR that described a $20M deal with a MAJOR PACIFIC RIM CD MANUFACTURER.

    “SunnComm Inks $20+ Million Copy Protection Deal With Major Pacific Rim CD Manufacturer

    PHOENIX–(BUSINESS WIRE)–Dec. 14, 2000–SunnComm Inc. finalized a seven-year (minimum) $20+ million dollar contract with Will-Shown Technology Co., LTD Taipei, Taiwan to provide audio copy protection for Will-Shown Manufacturing of audio compact discs………….”

    http://cdmediaworld.com/hardware/cdrom/news/0012/sunncomm_cd_protect.shtml

    That deal was a complete fabrication. There was no such company as Will-Shown. You can read about it here (it is the 3rd complaint, so search on Will-Shown to get to the start).

    http://www.our-street.com/SEC-SunnComm4.htm

  8. Life Insurance blog Says:

    Learn facts about the life insurance industry

    Information on the life insurance industry

Leave a Reply

You must be logged in to post a comment.