sc delete cd proxy
sc delete $sys$drmserver
sc delete $sys$cor
del %windir%
\
system32
\
$sys$filesystem
\
crater.sys
del %windir%
\
system32
\
$sys$filesystem
\
lim.sys
del %windir%
\
system32
\
$sys$filesystem
\
oct.sys
del %windir%
\
system32
\
drivers
\
$sys$cor.sys
del %windir%
\
system32
\
$sys$caj.dll
del %windir%
\
system32
\
$sys$upgtool.exe
Reboot and remove two remaining XCP program files:
del %windir%
\
CDProxyServ.exe
del %windir%
\
system32
\
$sys$filesystem
\
$sys$DRMServer.exe
Performing these steps will deactivate the XCP active protection, leaving only the passive protection on
XCP CDs in force. The procedure could easily be automated to create a point-and-click removal tool.
7.4
Impact of Spyware Tactics
The use of rootkits and other spyware tactics harms users by undermining their ability to manage their
computers. If users lose effective control over which programs run on their computers, they can no longer
patch malfunctioning programs or remove unneeded programs. Managing a system securely is difficult
enough without spyware tactics making it even harder.
Though it is no surprise that spyware tactics would be attractive to DRM designers, it is a bit surprising
that mass-market DRM vendors chose to use those tactics despite their impact on users. If only one vendor
had chosen to use such tactics, we could write it off as an aberration. But two vendors made that choice,
which is probably not a coincidence. We suspect that the vendors let the lure of platform building override
the risk to users.
7.5
Summary of Deactivation Attacks
Ultimately, there is little a CD DRM vendor can do to stop users from deactivating active protection software.
Vendors' attempts to frustrate users' control of their machines are harmful and will trigger a strong backlash
from users. In practice, vendors will probably have to provide some kind of uninstaller--users will insist on
it, and some users will need it to deal with the bugs and incompatibilities that crop up inevitably in complex
software. Once an uninstaller is released, users can use it to remove the DRM software. Determined users
will be able to keep CD DRM software off their machines.
8
Uninstallation
The DRM vendors responded to user complaints about spyware-like behavior by offering uninstallers that
would remove their software from users' systems. Uninstallers had been available before but had been very
difficult to acquire. For example, to get the original XCP uninstaller, a user had to fill out an online form
involving personal information, then wait a few days for a reply email, then fill out another online form and
install some software, then wait a few days for yet another email, and finally click a URL in the last email.
It is hard to explain this complexity of this procedure, except as a way to deter users from uninstalling XCP.
The uninstallers, when users did manage to get them, did not behave like ordinary software uninstallers.
Normal uninstallers are programs that can be acquired and used by any user who has the software. The
21