Amarra: Uses a Rootkit for Copy Protection

[roccoriley]

I was doing some research on Amarra and saw that it uses Ilok for copy protection, and that, according to Wikipedia, Ilok incorporates a Rootkit in their protection scheme. After all the static that Sony got for the rootkit they used for copy protection on some of their CD's, I was surprised that Amarra was utilizing this kind of protection because it seems to me that users of Amarra are fairly sophisticated computer users and I thought that most serious computer users would never use software that installed a rootkit.

 

Any comments?

 

[cfmsp]

 

http://en.wikipedia.org/wiki/Rootkit

 

 

clay

 

 

 

[The Computer Audiophile]

There is definitely a bad connotation associated with Rootkits.

 

[The Computer Audiophile]

Link to info about Sony's use of a Rootkit.

 

http://en.wikipedia.org/wiki/Sony_BMG_CD_copy_protection_scandal

 

[Andrew S.]

Well I have to say one major issue I have with iLok is the Kernel level infiltration. Beyond it's MBP user unfriendliness that is....

 

actually while I think about it how do you get rid of the Ilok on your MBP when you don't want Amarra?

 

[cfmsp]

 

"how do you get rid of the Ilok on your MBP when you don't want Amarra?"

 

Andrew, there's an uninstall Amarra command in the Amarra folder. Don't know if it also uninstalls ilok, but I'll let you know shortly if they don't fix the file name length issue VERY SOON!

 

clay

 

 

 

 

[Bob Stern]

I downloaded the Amarra demo 4 months ago, so my observations may not apply to the current version.

 

At that time, the iLok uninstaller did remove the important stuff:

/System/Library/Extensions/PACESupportFamily.kext

/System/Library/CFMSupport/InterLok® Engine

/Library/StartupItems/PACESupport/

 

It did not remove two harmless items:

/Library/Application Support/PACE Anti-Piracy/

~/Library/Preferences/Authorization Preferences/Authorization Log

 

On the other hand, the Amarra uninstaller did not work at all.

 

One unnecessary intrusion by Amarra is that it installs a font "SF Digital Readout". Why can't they use one of the numerous fonts included in OS X instead of adding another that will show up in the Font menu of every other application on your computer?

 

[Andrew S.]

Thanks Bob

I downloaded the iLok installer package from Pace - it had the terminal command. It left the unimportant extensions as you describe. I removed them.

@Clay - getting a tad frustrated mate? I feel it from here.

TTYL

A

 

 

 

[Audio_ELF]

Can you actually say where on Wikipedia it says iLok uses a Rootkit - I was curious so found the iLok article on Wikipedia -- http://en.wikipedia.org/wiki/ILok -- but nowhere (that I can see) does the term "rootkit" or even "root" come up searching the webpage. Googling "iLok Rootkit" does bring some references up admitedly.

 

There is one definitive statement that iLok is a Rootkit here -- http://www.versiontracker.com/php/feedback/article.php?story=2007060115513123

 

Other references all track to Hacking and Warez sites.

 

Eloise

 

[roccoriley]

Here is what it says on Wikipedia:

 

"The PACE protection scheme is sometimes viewed as malware, as it installs itself to a kernel driver level unknowingly to a software user, may not uninstall along with the associated product, and contains many mechanisms that cause the computer system to misbehave. The kernel mode driver prevents debugging activities commonly used by hackers."

 

The term "Rootkit" is used to describe programs that install to the kernel (Root). Most people that understand what this is will not permit any software that installs at the kernel level on their machine.

 

Also: "Kernel-level rootkits add additional code and/or replace portions of an operating system, including both the kernel and associated device drivers. Most operating systems support kernel-mode device drivers, that execute with the same privileges as the operating system itself.[12] As such, many kernel mode rootkits are developed as device drivers or loadable modules, such as loadable kernel modules in Linux or device drivers in Microsoft Windows. This class of rootkit is dangerous simply because of the unrestricted security access the code has obtained, regardless of the features the rootkit may employ. Any code operating at the kernel level may have serious impacts on entire system stability if bugs are present in the code. "

 

"Kernel rootkits can be especially difficult to detect and remove, because they operate at the same level as the operating system itself, and are thus able to intercept or subvert any operation made by the operating system. Any software, such as antivirus software, running on the comprised system is equally easily subverted. In a situation such as this, the whole system can no longer be trusted while it is running. "

 

[cfmsp]

 

 

Presumably the font named "SF Digital readout" is for the funky numerical display in the Amarra window.

 

There is now an Amarra preferences delete command, which might also delete the iLok preferences.

 

Cheers,

Clay

 

 

[poop]

I had no idea this was part of Amarra, and am more than a little frustrated to find out post install! There is absolutely no way I would have installed it had I known.

 

Many thanks for posting about this - very important issue IMO. Thanks Bob for your post regarding removal, Amarra uninstaller did not work for me either. I am no longer remotely interested in Amarra, I don't care how 'good it sounds'. It has no place in my system.

 

[poop]

There is now an Amarra preferences delete command, which might also delete the iLok preferences.

 

Afraid not (not for me at least). I presume it returns Amarra back to 'factory' setting and clears any user set preferences or something similar.

 

I'm sure most people would consider me to be over reacting, but I'm absolutely disgusted that a supposedly reputable company like Sonic Studio presumably considers this to be OK. I'm furious.

 

[sonic studio]

Please note the definition of a rootkit is a program/tool/driver that grants root access. This would be the case for many drivers, and tools that are installed on a system and they are not considered malware.

 

To answer the questions posed we have communicated with PACE regarding this and will post a reply when received. It is the case that the PACE code will install kernel code as many software applications do. In the case of the iLOK the code is used to prevent malicious debugging of an application. More information will be provided when a reply is received.

 

Jon Reichbach

Sonic Studio

 

[roccoriley]

If you search the Internet for iLok cracks you will find a number of entries because all protection methods can be defeated.

 

Generally speaking, it would be better for you to use a method of protecting your software that is less intrusive than anything that installs kernel code or uses a dongle. A dongle/rootkit system may be more easily tolerated by commercial users of much more costly revenue generating software than on a thousand dollar recreational program, particularly one that has significant competition that is priced between free and cheap! Many software developers of more costly programs than Amarra started out with a dongle based security system and abandoned it in the interests of customer convenience.

 

I know that many people look forward to purchasing better player software and software developers are certainly entitled to a fair return on their substantial investment however many of us simply would not use software that requires either a dongle or installs a rootkit.

 

 

 

[audiozorro]

Most serious Amarra users are using a dedicated computer for a music server. And the very serious users only connect that computer to the Internet if they are downloading music, acquiring album tag info and cover art, or upgrading their software. The harm by a possibly malicious rootkit is therefore minimal.

 

However if you use your Mac for other things, especially those private and personal, you are at risk and exposing your Mac to infiltration that most Mac users typically never worry about. It has been a benefit that Mac users typically do not have to worry about things such as virus protection software, though obviously that may change in the future.

 

[cfmsp]

"Most serious Amarra users are using a dedicated computer for a music server. And the very serious users only connect that computer to the Internet if they are downloading music, acquiring album tag info and cover art, or upgrading their software. The harm by a possibly malicious rootkit is therefore minimal."

 

Says who?

 

I beg to differ,

 

just because there is a subset that you call 'very serious' might not be affected doesn't make the potential harm 'minimal'.

 

All my computers remain on the network for things like sharing music libraries, wirelessly routing music (which Amarra can do via Airfoil, BTW), etc.

 

iTunes is designed for use via internet connection, and Amarra is built on top of it.

 

One should NOT have to worry about continually dis-connecting their music server to/from the internet due to a potential hacker threat via Amarra. One of the reasons I chose computer audio is the convenience factor.

 

 

"However if you use your Mac for other things, especially those private and personal, you are at risk and exposing your Mac to infiltration that most Mac users typically never worry about. It has been a benefit that Mac users typically do not have to worry about things such as virus protection software, though obviously that may change in the future."

 

I agree wholeheartedly with you here, AZ. Mac users are not used to wrrying about viruses, and therefore will be more likely to respond negatively (as I have) upon learning that they have intentionally but unknowingly installed software which lessens their security.

 

Frankly, I consider antivirus software as the most likely software to interfere with pristine musical playback.

 

clay

 

 

[audiozorro]

Any computer connected to the Internet is at risk with or without Amarra whether one worries about it or not. That’s the very reason classified computers should not be connected to the Internet and top secret computers should not be networked, period. And when they are connected or networked, they very well may be hacked despite some of the best talent out there trying to prevent unauthorized and illegal intrusions.

 

Of course we all have different needs/concerns and take/accept different risks so what I say is not applicable to all. And the benefits and convenience of being networked and connected to the Internet need no further justification. But in my circle of computer audio associates we strive to strip out or minimize any software such as OS or antivirus software that would negatively affect the sonic performance. And the risk to our Windows computers is far greater than the possible hacking risk to our Mac computers.

 

I believe SteveN said something to the effect that Amarra is the sonic equivalent of his Pace Car 2 reclocker for about the same price. I’m not sure if I agree with him because I have not heard his product. But I found it quite remarkable that he would lavish such praise on another manufacturer’s product possibly at the expense of his own. If you find this to be true, then IMO the risk is worth it. Of course it has been said that audiophiles in their pursuit of audio nirvana will almost sell their souls to the devil (which to me is a great advertising line for the new version 2.1 Devilsound DAC).

 

 

[Fuel]

iLOK is an industry standard for the professional side of our business

 

Just get over it

 

[xenophilic]

Ha. Why does it surprise anyone that a secretive company that won't explain the nature of the digital processing they are using to artificially augment the sound is also installing spyware on your computer? DRM and rootkits and dongles are all forms of collective punishment that primarily affect legitimate users and not the folks who would like to duplicate and sell copies. The people who promulgate these offenses against their customers usually learn over the long term that once their behavior reaches the light of day, they are at a serious competitive disadvantage. Their customers will flock to less abusive alternatives. On the Mac side we have Play and VLC among other choices that tap the best quality Core Audio or Open Source codecs. This is as good as it gets in getting bit-perfect files streaming out of the computer.

 

The idea that rootkits and DRM are acceptable because they are commonly used for professional audio packages is silly. Since when is the prevalence of something an argument for its legitimacy? I recall that earlier in U.S. history slavery was prevalent, and a lot of people then thought it was legitimate for that reason. The disenfranchisement of woman is a similar case. A bad idea is a bad idea, notwithstanding how widely it has been disseminated.

 

 

[The Computer Audiophile]

Hi xenophilic - In your typical fashion you've managed to twist the facts once again and given the appearance of a hidden agenda.

 

artificially augment the sound - Are You Sure?

also installing spyware on your computer - Are You Sure?

DRM and rootkits and dongles are all forms of collective punishment that primarily affect legitimate users - Are You Sure?

Their customers will flock to less abusive alternatives - Are You Sure?

 

Bringing up slavery and disenchantment of women is really taking this one way too far. We are not talking about life and death or the flourishing of a culture or sex here. I'm guessing your next reference will be related to calling me Hitler or something similar. Or maybe you are correct and we'll see an Amendment to the U.S. constitution about rootkits similar to the slavery Amendments and Women's Suffrage.

 

[kana813]

Since the Amarra uninstaller doesn't work, I think Sonic Studio needs to provide everyone with information/procedures on how to remove this stuff.

 

 

[poop]

It's the very least they could do!

 

[Audio_ELF]

I'd just like to add support to Chris's statement and suggesting that maybe this is getting a little out of hand an blown out of proportion.

 

Sonic Solution (Jon above) have said they are asking PACE for some clarification and until then no one really knows. A lot of the information written online about the iLok system seams rather tainted by association with discussion of hacking and circumventing software licensing.

 

Eloise

 

[roccoriley]

Sony's experience with their copy protection system called XCP might be interesting to read about. At first they denied that anything they had done was intrusive but their particular code was written so poorly that it had already been exploited by several trojans and their secret could not be maintained. A lot of computers were affected and Sony was sued for damages in several jurisdictions.

 

Organizations that utilize hidden, intrusive code do not like to acknowledge that it exists and they cannot provide documentation without increasing the risk of hackers developing cracks so I wouldn't expect iLock to be particularly forthcoming with much in the way of information, even to Sonic. Disclosure of proprietary rootkit information would diminish its value and still not provide any comfort to the users.

 

When hidden, undocumented code is buried in your kernel it is impossible to know if this hidden code is providing a back door to your system or is the cause of problems with other applications or with the operating system itself and when the application itself is uninstalled, you can't tell if the rootkit was also uninstalled. Often, the only way to be sure that you have eliminated a rootkit is to do a low level format of your hard drive and this is not an acceptable risk for many users.