First of all, apologies for churning out these blog entries at such a snail pace. I had intended to write up the DRM scam sooner, but considered it a fringe thing. Good thing I was slow on the draw with this one, though, because it has proven to be more serious than I thought, and I would have exacerbated the problem by downplaying the risk.
Embarrassingly, I seem to be the last one to get the message. This has been known to many for years. But hey, if it was news to me, it might be for you as well. So here’s more on it:
The DRM Scam defined:
Internet users frequently encounter a WMV (Windows Media Video) or WMA (Windows Media Audio) file which they’ve downloaded perhaps by way of BitTorrent.
Upon trying to play this file, they encounter a message from Windows Media Player stating that a minor security upgrade is required. This has to do with Digital Rights Management, and is a clear signal to the savvy that “You’re about to be charged for viewing this”. Myself, being a cheapskate, I bail out at this point.
What is supposed to happen otherwise is, that once the security upgrade is taken care of, you’ll be whisked away to some web site where you can purchase a “token” or a “licencse” to view the protected content. In other words, bring out your VISA card, or your wallet, or your PayPal, or whatever you use to pay for stuff online. After that, you’re supposed to be able to view the file, but only on that computer, and usually only for a limited amount of time. Your purchased right to view the content does not travel with the file; nor does it persist forever.
I discarded this as a ‘Pseudo-scam’, designed merely to make a quick buck out of inexperienced users. A P.T. Barnum quote is called for here, but I won’t digress.
However, it must be categorized as a scam, because the origninators of the DRM-protected file don’t actually own the material proffered, but have pirated it from somebody who does. In other words, you’ll be paying your hard-earned cash to the wrong people. If you’re gonna have to fork over your dough, do it to the ones who are legally entitled. Not to some scam artist.
The DRM Threat
What I failed to realize, and to know, was that this scam isn’t just about making a quick buck, but is actually another vehicle for infesting your computer with spyware.
Others have already done a great job of describing the threat for me, so I refer you to this immensely useful article: WMP Adware: A Case Study In Deception
Read the whole thing, and note the presence of numerous links pointing to other articles dealing with this threat. Depending on your configuration of Windows platform and version of Media Player, you could be susceptible to vulnerabilites. Following the links, you also become aware of Microsoft’s stubborn refusal to deal with a security hole they alone are responsible for creating.
I would therefore make the following suggestions:
Use an alternative media player, such as VLC or Media Player Classic. These players don’t honor the embedded DRM links, but simply try to play the encrypted content (VLC) or report “Could Not Render The File” (MPC). Make sure you asosciate the WMA and WMV extensions (hell, asosciate all of them, for all I care) with one of these players, so that you don’t inadvertently launch Media Player by double-clicking on a downloaded file.
Never, ever, under any circumstances, accept the premise to pay for stuff you’ve downloaded for free. Never respond yes to any dialog which prompts you to install anything in response to trying to play a media file, whatever it be. Not only are you being taken, your computer might be as well.