Amarra: Uses a Rootkit for Copy Protection

[cfmsp]

eloise says

"I'd just like to add support to Chris's statement and suggesting that maybe this is getting a little out of hand an blown out of proportion."

 

I'd like to also lend support to Chris's statements above (all of them) BUT also humbly suggest that those who aren't affected have no business telling those who ARE affected to "just get over it" or that "this is getting a little out of hand an (sic) blown out of proportion".

 

No offense intended. But, you didn't just find out that your software product vendor had you unknowingly install a potential security threat (onto machines that are absent anti-virus protection) that's only purpose in life is to protect the software vendor's interests.

 

"Sonic Solution (Jon above) have said they are asking PACE for some clarification and until then no one really knows."

 

While I applaud Jon's presence and effort here, I'm not expecting PACE or Jon to offer anything that won't read like it came from their marketing departments.

 

I'd love to be proven wrong. We shall see.

 

clay

 

 

 

 

 

 

[Fuel]

iLOK is - like it or not - industry standard for DAW and DAW plug ins

 

Us moaning on this board isn't going to change that

 

What it may change is whether Sonic Studio uses iLOK for Amarra. My sense from reading this board is that Sonic would have been prudent to perform more beta testing before releasing the product. It doesn't seem to be well tested, has many bugs and some unusual functionality choices (e.g. only one parametric eq). One of these pieces of market research should have been about product protection.

 

[cfmsp]

 

"iLOK is - like it or not - industry standard for DAW and DAW plug ins

 

Us moaning on this board isn't going to change that"

 

totally agreed. I just don't think it's relevant to retail, non-professional sales.

 

Also, pros actually get some benefit from the hardware key - they can install software on multiple systems and have ready access to all without having to purchase multiple licenses.

 

I checked the PACE site, and saw nothing about their methods of implementation, not that this was expected, nor any FAQs addressing potential concerns by uses such as have been noted here.

 

 

clay

 

[roccoriley]

Concerns about Pace and iLok are all over the Internet

 

Here's a link http://studionebula.com/blog/2007/12/02/why-i-boycott-products-that-use-paceilok-and-why-you-should-too

 

His first paragraph says:" PACE is a form of copy protection used by many music software companies. It’s nearly ubiquitous in professional audio software. Unfortunately it is also invasive, prone to malfunction, expensive, and–like all forms of copy protection–ultimately ineffective. When I upgraded my music PC with a new motherboard, CPU, hard drive, and graphics card recently, I decided to make it a PACE-free computer. I’ve had so many problems with PACE over the years that I finally decided that it was time to stop using it: stop using any products I’d purchased which use PACE, and stop buying any products which use it. Unfortunately this rules out many fine products from companies whose work I admire, but so it goes. PACE has in the past rendered one of my hard drives permanently unusuable and on another occasion prevented me from using the product protected by it. (Those are just the most conspicous problems on a long list of mishaps.)

 

[xenophilic]

Hi, Chris,

 

In most discussions a person with an opposing view can be labeled as "twisting facts" but such mudslinging, especially from the forum moderator, doesn't really further the discussion.

 

Your response appears to request that I elaborate on my statements, and I will, but it would also help if you could explain why you are confident that I am wrong. I'm happy to learn something new.

 

"artificlally augment the sound" : The folks who market the Amarra software have been extremely evasive in describing what Amarra does or does not do. It's not my exclusive opinion that the sound of music played through the Amarra software exhibits a sense of expanded soundstage that is oddly similar to what can be achieved through DSP. There's no way to validate that without more openness from Amarra. I am sure that my hypothesis is reasonable, and it is easily tested, but the test is actively evaded by the software marketers.

 

"also installing spyware on your computer" : As folks here have pointed out, rootkits installed for DRM almost always communicate out and receive communications in without permission from the computer's owner. In addition, the rootkit monitors what you are doing on your computer and is designed to take action against the computer owner if, in the assessment of the software algorithms, the user is doing something unapproved. And rootkits also open holes in security at the kernel level that can expose a system to takeover by other malware/spyware. To be precise here: when you install Amarra, another piece of software is secretly installed on your computer that monitors what you do and takes action against you. This is spyware in my book.

 

DRM and rootkits and dongles primarily punish legitimate users: This is a certainty. The iLok scheme has been cracked and poses no barrier to someone who wants to use copies of software that requires iLok. The only folks who suffer are those who bought the software: 1) if you want to sell your software, you have to pay iLok to transfer the license; 2) if you want tech support for iLok you have to pay them; and 3) if your iLok dongle fails then you are locked out of using software that you own (unless, of course, you've paid iLok an additional $100 for their "Zero Downtime" program). That's a lot of punishment of legitimate users (on top of secretly installing a rootkit). This might account for the volume of discussion among sound professionals about how to get and use the iLok crack so their business isn't shut down by iLok failures disabling the software they paid thousands of dollars for.

 

"Customers will flock to less abusive alternatives": Another certainty. Not only is it self-evident, but the phenomenon is observed repeatedly. I leave the exercise to the reader.

 

Finally, my references to slavery and women's suffrage were on target and perfectly illustrative of my point that the fact that something is common or accepted doesn't validate it. This was in response to the previous post that suggested that iLok was prevalent in professional audio, and so everyone should accept it. At no point did I compare rootkits or DRM to slavery or disenfranchisement.

 

[audiozorro]

and copy protection, whether you like it or not, is part of the reality. I prefer not to have any copy protected software, but I understand why some software vendors feel it is necessary.

 

I seem to recall Amarra being very easy to install. In fact most software is very easy to install and most computer users have no idea of all the files being installed or existing files modified. That's just one of the reasons that software companies have you click on their terms to accept the license agreement.

 

Sonic Studio and Pace are not insidious like what Sony tried to do when they installed a hidden copy protection scheme in music CDs, but they are protecting their financial interests and investments. Anyway I'm not taking sides, but there are two sides to the copy protection issue as in the below post, including feedback from a Pace employee.

 

http://createdigitalmusic.com/2007/12/20/pace-waves-respond-to-bloggers-blue-screen-and-a-promise-from-cdm/#more-2771

 

[Lars]

I feel this is a non-issue. I would also add that most of the people complaining the loudest don't own Amarra nor will they ever own Amarra.

 

I'll wait to hear from Jon before I worry about security issues.

 

[The Computer Audiophile]

Hi xenophilic - Your comments preceding my comments did absolutely nothing to further any discussion. Now you claim I am not furthering the discussion. I am trying to further a good discussion about facts, not speculation based on the worst case scenario. I think if everyone looks back at your post about the Computer Audiophile Symposium they will get a sense for what kind of reader/commenter you are. Thus, my comments in response to your initial post.

 

Your answers here take the stance that one (PACE, iLOK, Soinc Studio) is guilty until proven innocent. I am looking at this entirely different.

 

Your suggestion that Amarra is "artificlally augment[ing] the sound" is opposite from my opinion. In fact I believe Amarra is doing much less to the sound than anything else, thus a better sound to many people.

 

All rootkits are not created equal. Some are malicious, some are poorly written, and some are written wonderfully. The blanket statement that this one is spyware only stirs the pot and prejudges a lot without any knowledge. Again, in your mind PACE, iLOK, and Sonic Studio are all guilty until proven innocent.

 

"DRM and rootkits and dongles primarily punish legitimate users" You call this a certainty, but I disagree. With the iLOK I have installed Amarra on all my Macs and move the dongle to the one Mac I need for a specific listening session. I have no need to keep a license key available. There are many pros and cons to any method of protecting intellectual property, but they don't punish legitimate users. Perhaps the cost of software would skyrocket if a company could not protect its intellectual property. The paying customers would subsidize the non-paying customers in order for the company to recoup its investment and pay the bills. Plus, an iLOK is much harder to crack than a software license key. I'm willing to bet many more people would use a license key they found on the internet than would spend the time to crack the iLOK or even research how to do this. There are levels of protection not all of which are created equal. I just don't view protecting intellectual property as punishment.

 

I also don't think paying to transfer a license or paying for tech support is really a big deal. Were aren't talking about a toaster here. This is a much more complex issue than sticking bread in a toaster and pushing the button. Being locked out because of a failure is certainly not fun, but I don't think it merits a STOP THE PRESS WARNING to the general public.

 

In a perfect world all software would be like OS X where there is no license keys or dongles etc... You just put the disc in and install the software.

 

Customers flocking to alternatives presupposes there is an equivalent alternative. Right now there is no alternative that provides the exact features of Amarra. I would not call this situation a certainty. Many applications decisions involve much more thought than the once or twice per year licensing issues that are possible. I suppose all things being equal in a perfect world the choice is a no-brainer. Nobody would elect to use software with DRM. But, this is not reality. All things are almost never equal. I'm trying hard to think of applications that are 100% equivalent to each other.

 

 

I think I could have been clearer with my condemnation of your slavery and suffrage statements. Bringing such heavy topics into a pretty much meaningless discussion (in the grand scheme of things) is similar to Godwin's Rule of Nazi Analogies.

 

 

 

[The Computer Audiophile]

Hi Lars - I think you have the right approach. I bet you're listening to much more music than those of us commenting extensively on this topic.

 

[Andrew S.]

I actually agree with Lars - it's a little of a non issue. I think the wider point is the acceptance of iLok in a consumer enviroment. Frankly I feel Amarra have significant issues on that front. Amongst others.

Mind you - as an ex Amarra owner I wasn't too thrilled having to jump through hoops to get the iLok off my MBP. I 'm never a fan of kernal infiltration when not flagged as such. Indeed I doubt I would have loaded / bought Amarra if I understood that what was planned for my OS Kernel. Coming from open source (linux) that is unforgivable in my book.

I also agree with xenophobic - just because something is the norm doesn't mean it cannot be criticised or examined, particularly when the contextual enviroment changes.

I also see Chris's point and empathize there.

Frankly I'm happy to pay the $$$ for Amarra...I just want the bloody stuff to work and have no iLok - which is NOT suitable for my needs.

Just my 2 Cents...

 

 

[icebreaker]

You dealt with a number of points I wanted to make.

 

The emerging field of computer audio really owes a debt of gratitude to the Pro Audio world for many new products. So I'm a bit uncomfortable with this dichotomy of the Audiophile world vs. the Pro Audio world and their respective sets of customer expectations. At this point in the development of field I think that the computer audiophile is straddling both worlds.

 

[cfmsp]

 

"At this point in the development of field I think that the computer audiophile is straddling both worlds."

 

agreed, but...we have a voice in what we are willing to accept from the pro audio world. We vote with our wallet whether we know it or not.

 

I'm deeper into pro audio than most audiophiles, but perhaps only above average when compared against the regular posters here on CA, and certainly don't hold a candle to Bruce, Barry and other pros who post here. I research the pro audio forums for gear choices. I listen more closely to opinions on these forums than on audiophile forums. I actually own and use a portable, pro audio DAC in all it's glory, and use Firewire exclusively for critical audio listening. I have no fear of downloading/installing Firewire drivers, which seems to be the only legitimate advantage USB has over Firewire DACs as audiophile devices (other than WAF).

 

I also love the fact that pro audio hardware comes with almost NO margins.

 

There's a lot to be gained from the pro audio 'world'.

 

OTOH, I hate that pro audio software is often VERY expensive, and I hate the very idea of the iLOK.

 

What's my point? If we don't let the pro audio companies attempting to cater to the audiophile community know what we believe is acceptable, how will they change?

 

I for one am not willing to just quietly accept what is offered with respect to things like pro audio software prices and 'dongles' - and certainly not just because they are accepted by the pros.

 

clay

 

 

 

 

 

 

 

 

 

 

 

[icebreaker]

I have read your posts on this forum as well as others. You are someone who investigates both audiophile hi-fi and pro audio. You are not afraid to ask questions and let your expectations be known.

But most importantly you listen to the answers given and are willing to understand others positions. And you often adjust your views accordingly. So my point is that we need more of this approach. Hopefully more people will follow your example.

 

Unfortunately, some people seem to be willing to write off Sonic and other pro audio as hopeless (or worse!). Yet because of fora like this one Sonic Studios has actually made a number of adjustments to their approach. We need to adjust our expectations as well when we invite the world of high end pro audio mastering gear and software into our home listening rooms.

 

Regards,

 

 

 

 

 

 

 

 

[xenophilic]

Chris, I am posting here on topic and focusing on the substance of this thread. Your implied insult about what "kind of reader/commenter" I am is not productive or relevant.

 

Amarra manipulating sound: Your hypothesis is that the sound is not manipulated, and mine is that it is. I've explained why I think that it is likely to be manipulated. Why do you think that it is bit perfect?

 

PACE, iLok, and Sonic Studio install a potentially harmful rootkit on the customer's computer, without the permission of the customer, and the installed rootkit is capable of taking action against the customer. The presumption of innocence ends when the facts are in. Did the Amarra installer ask you if it could modify your system kernel with uninstallable software that would monitor your use of the computer that you own and the software that you just paid for?

 

The facts about the destructiveness of the iLok rootkit are also in. Google it. One guy had his whole hard drive disabled when it went awry. A guy who paid thousands of dollars to purchase his software legally. This is punishment of legitimate users.

 

Regarding the whole issue of DRM being acceptable to you, necessary, etc.—it comes down to one fact: it doesn't work. Ever. There's not a DRM scheme out there that hasn't been cracked or wouldn't be if someone took an interest. All of the rationales for using DRM evaporate in this case. It's an illusion of protection. And it comes at a heavy cost to legitimate customers.

 

Regarding Godwin's Rule--not news to me. Nor relevant. Again, the point is that the validity or acceptability of something is not supported by the fact that it is prevalent. Choose whatever example you're comfortable with.

 

[Bodyslam]

Xenophilic opines:

 

"artificlally augment the sound" : The folks who market the Amarra software have been extremely evasive in describing what Amarra does or does not do. It's not my exclusive opinion that the sound of music played through the Amarra software exhibits a sense of expanded soundstage that is oddly similar to what can be achieved through DSP. There's no way to validate that without more openness from Amarra. I am sure that my hypothesis is reasonable, and it is easily tested, but the test is actively evaded by the software marketers."

 

Regardless of how well Sonic has or hasn't explained what their software does, your conclusion is not supported by logic or by experiment.

 

In my line of work we have been quite interested in knowing which products change the audio data and which do not. Using bit-comparison techniques we have satisfied ourselves that Sonic products are capable of storing, retrieving and passing data without changing bits (except of course when we want them to) for the twenty years that we have been using them. We have checked Amarra, and found that it also passes the audio without changing the bits (unless you intentionally invoke a sound-changing process.)

 

I am not a part of the company, just a customer for twenty years.

 

[poop]

I think many of the 'pro Ilok' posts are taking the 'anti Ilok' posts a little out of context. If nothing else I am very grateful to those who took the time to post regarding this issue, I would otherwise have been unaware and for me - this is a huge problem. For most of you it probably isn't, and that's great, but not all of us are using our computers solely to listen to a few tunes and browse the web...

 

iLOK is - like it or not - industry standard for DAW and DAW plug ins. Us moaning on this board isn't going to change that

 

That really isn't the point, and I don't consider the discussion thus far to be 'moaning'. The point is that Amarra seems to employ a rootkit as part of installation, and that is a potential threat to many (or at least a few) of us. Some of us are running systems or networks for whom security is of the utmost importance - this may not apply to you specifically, and so I understand that you may not really comprehend the relevance or extreme nature that this threat presents. More likely, those who don't have a problem with this implementation of protection are underestimating or oblivious to the real threat it can pose.

 

This is not a new issue and copy protection, whether you like it or not, is part of the reality.

 

It is in the context of this particular application, and whilst I understand the apparent need for some companies to protect their intellectual property/financial interests/investments, it can be done in a transparent and clear manner. Surely said companies' customers deserve that much?

 

I feel this is a non-issue. I would also add that most of the people complaining the loudest don't own Amarra nor will they ever own Amarra.

 

FOR YOU, it may be. Ownership of Amarra is irrelevant (though I'm sure most owners of the software weren't aware of the security threat). The demo is all one needs to install to be at risk.

 

[Bob Stern]

Paul, since you did a loopback test to verify that Amarra is bit perfect, I'm interested to know whether you performed the same test on iTunes without Amarra. If so, did you find that iTunes is bit perfect?

 

(Of course, for iTunes to be bit perfect, you'd have to: (1) set the iTunes volume control to maximum; (2) set Audio MIDI Setup to match the sample rate of the track being played; and (3) relaunch iTunes if you changed the sample rate.)

 

[The Computer Audiophile]

Hi Guys - Hopefully some day we'll all have software without any protection and developers will still profit from their hard word.

 

I'm on my way to the airport to catch a flight to Rocky Mountain Audiofest where I will listen to rootkitted systems all weekend :~)

 

[poop]

We already do, and developers are doing just fine! From Foobar to Songbird to Play to Amarok to Cog (and many others that haven't sprung to mind), there are some fine examples out there! Compare the functionality of any of those applications to Amarra and it's left swaggering around like an intoxicated drunkard being held aloft by its sober friend iTunes... alright that last sentence could be a tiny bit baited perhaps, but you get the point.

 

Enjoy your time at RMA, and remember to let us poor bastards who can't get along feel even worse by posting about what we missed out on! Get ROOTKITTED!

 

[cfmsp]

 

"where I will listen to rootkitted systems all weekend :~)"

 

well said Chris, after all, listening to rootkitted software in someone else's system is the only guaranteed safe way to do so.

 

enjoy yourself,

 

clay

 

 

 

 

[cfmsp]

 

Paul,

thanks for your post here. Yours is the most unequivocal and believable statement (i've read) that Amarra is indeed bit perfect.

 

I will admit to being at a complete loss, despite months of trying to sort it out, as to HOW the differences in sound which Amarra makes are actually related to the original recording if they are bit perfect like any number of other players have proven to be.

 

I can understand how some players can sound different to one another, i.e. related to more/less processing by the computer, etc., but no one can yet explain (to my satisfaction) HOW we can be sure that with Amarra, e.g., the more apparent ambience/soundstaging is actually coming from the original recording, as opposed to some other factor (phasing, for example).

 

Any thoughts?

 

Clay

 

 

 

 

 

 

[The Computer Audiophile]

You guys are the best! I'll try to post frequently from Denver.

 

[audiozorro]

I believe one of the reasons for all this traffic on potential threats is the slow trickle of interesting audio topics. I don't know how to say it more clearly than if your computer is connected to the Internet, your computer is at risk. Microsoft and Apple provide multiple avenues of access for hackers without anyone else being involved. I get bombarded with official notices everyday concerning security holes and patches to Windows and Mac operating systems. In addition there are numerous sites that offer sound recommendations to reduce the security risks that will always exist. Here's one just for Macs:

 

http://www.securemac.com/

 

If anyone is worried about the security risk of using the free demo version of Amarra, all I can say is that risk exists for almost everything you download from the Internet. Again, I seem to recall the Amarra download was easy, the installation was easy, and like most other downloads I never really know all the files that are being installed or modified.

 

I use other professional (non-audio) software and I find the use of USB dongles to be acceptable. I am curious if there is any copy protection that all users would find acceptable. And if users posted their favorite software and they were later informed of the security risks that software opened on their computer, would they uninstall the software or keep with the status quo.

 

Finally, we all take and accept different levels of risks and limitations. I happen to draw the line in the sand for audio and video content that I believe should be DRM free. Mainly because it hinders computer audio or video, it degrades the sound, it may be incompatible with future hardware/software changes, the cost of the product being protected is small, typically $10-$50, the copy protection can be easily defeated or bypassed. For instance, whether you rip a SACD or digitize it legally, it is the copyright laws that prevent you from selling or giving away free copies on the Internet, not any copy protection scheme or technology.

 

[The Computer Audiophile]

From PACE - Regarding the iLok.

--- ---

As you may already know Wikipedia, although informative, may not be the most creditable of sources on the Internet. Try searching for 'root' on the main Wikipedia article for iLok and you will not find "root" as the user indicates.

 

Our technology, including the iLok, is not nor uses what is known as a rootkit.

 

--- End of reply ---

 

[The Computer Audiophile]

From PACE - Regarding the iLok.

--- ---

As you may already know Wikipedia, although informative, may not be the most creditable of sources on the Internet. Try searching for 'root' on the main Wikipedia article for iLok and you will not find "root" as the user indicates.

 

Our technology, including the iLok, is not nor uses what is known as a rootkit.

 

--- End of reply ---