More On Microsoft DRM Loopholes; Little On RIAA's Role

(Mis)Uses of Technology

from the good-and-bad-news... dept

Last week, we got a ton of attention for our writeup raising some of the obvious questions brought to light concerning a loophole in the way Windows DRM works that was allowing certain media files to introduce spyware to unsuspecting users. Ed Bott was noticeably skeptical of our lack of skepticism on the story, believing that, perhaps, PC World had been confused by what happened. Bott later posted a followup detailing his tests on the files, noting that a properly patched system has little to fear, and that the loophole still requires users agree to install certain files — but that these can be misrepresented. Considering that plenty of spyware products these days tricks users into “agreeing” to install, this isn’t particularly comforting. Spyware researcher Ben Edelman finds the trick much more troubling, as he notes that when he tested out one of these files he was presented with a single pop up box telling him he needed to click yes to view the video file he was requesting — and proceeded to find his computer “contaminated with the most spyware programs I have ever received in a single sitting.” That’s an impressive statement from someone who spends plenty of time messing around with spyware systems. What’s still unclear about all of this, however, is who is paying Overpeer to put these infected files onto file sharing networks? That’s a question no one seems to have investigated — but one that seems to be quite important. Considering the entertainment industry keeps saying there’s so many dangerous files on these networks, it would be quite an interesting discovery to find out they were paying Overpeer to put those files there. It wouldn’t be a stretch, since the industry has paid the company in the past to put decoy files on file sharing networks.