April 29, 2017

Controlling Software Updates

Randy Picker questions part of the computer science professors’ Grokster brief (of which I was a co-signer), in which we wrote:

Even assuming that Respondents have the right and ability to deliver such software to end users, there can be no way to ensure that software updates are installed, and stay installed. End users ultimately have control over which software is on their computers. If an end user does not want a software update, there is no way to make her take it.

This point mattered because Hollywood had suggested that Grokster should have used its software-update facility to deploy filtering software. (Apparently there is some dispute over whether Grokster had such a facility. I don’t know who is right on that factual question.)

Picker wonders whether ordinary users can really exercise this control in practice. As he notes, the user can disconnect from the net, but that’s too high a price for most people to pay. So how can users prevent updates?

The easiest method is simply to write-protect the program’s files or directories, so that they can’t be changed. Alternatively, the user can make a backup copy of the software (perhaps by copying it to another directory) and restore the backup when an update is installed.

Standard system security tools are also useful for controlling automatic updates. Autonomously self-updating programs look a lot like malicious code – the program code changes on its own (like a virus infection); the program makes network connections to odd places at odd times (like spyware); the program downloads and installs code without asking the user (like a malicious bot). Security tools specialize in identifying and blocking such behaviors, and the tools are reasonably configurable. Personal firewalls, for example, can block a program from making unapproved network connections. Some firewalls even do this by default.

Finally, a skilled person can figure out how to patch the program to disable the auto-update feature. He can then encapsulate this knowledge in a simple tool, so that other users can disable their auto-update by downloading the tool and double-clicking it. (This tool may violate copyright by modifying the program; but if we trusted users to obey copyright law we wouldn’t be having this conversation.)

The bottom line is that in computer security, possession is nine-tenths of control. Whoever has physical access to a device can control what it does. Whoever has physical control of a computer can control what software is installed on it. And users have physical control of their PCs.

A followup question is whether you can program the software to shut itself off if the user blocks updates for too long. As far as I know, nobody is claiming that Grokster had such a capability, but in principle a P2P system could be designed to (try to) work that way. This raises interesting issues too, but I’m approaching my word count limit so I’ll have to address them another day.

Comments

  1. [quote]The bottom line is that in computer security, possession is nine-tenths of control. Whoever has physical access to a device can control what it does. Whoever has physical control of a computer can control what software is installed on it. And users have physical control of their PCs.[/quote]

    Hence the desire by some to implement “Trusted Computing”. The end-user would no longer be in control of their own equipment.

  2. A simpler way to stop applications from downloading updates is to prevent the application from being able to contact the update site. This can be done using a firewall or by an entry in the hosts file so that the site cannot be resolved correctly.

  3. Avi Flamholz says:

    I imagine it would not be too difficult to prevent a person with un-updated software/hacked software from connecting to a filesharing service. Of course, an expert might manage to get the software to broadcast the appropriate flags that indicate that the program is updated when it is not, but I was under the impression that Picker was talking about ordinary users.

  4. Lance Baldwin says:

    Except the expert will generally codify his hack in the form of a program
    or patch which can be easily transferred over the Internet to all the
    non-experts. The PC, as a general purpose computer, is great for
    creating new applications and services. There’s no need to buy any
    extra components or modify the hardware. However, it also makes it
    a poor DRM device as one can modify it’s operation without having
    to physically open it up and modify it.
    If you want to enforce DRM, go ahead and do it in appliance devices
    like MP3 players, DVR’s, etc. But please leave the PC out of it.
    So what if you can’t watch or listen to content on your PC. Don’t
    most people want to listen to music on their portable MP3 player
    or on their big screen TV anyway. Yes, there will be some additional
    cost to purchasing these components, but security sometimes comes
    with a cost.

  5. Avi,

    You can try to stop non-updated versions from connecting to updated versions. But of course non-updated versions can connect to other non-updated versions. By making the new version incompatible with the old, you’re bifurcating your P2P network into two networks. This will generally make all of your users unhappy, including the law-abiding ones.

    If somebody tweaks the old version so that it speaks both the new and old protocols, then the incompatibility harms only those who accept your update. Those who keep the old version and tweak it can communicate with everybody; but those who accept the update can communicate only with others who accept the update. Somebody might then tweak the new version so that it speaks the old protocol too. Then you’re back where you started, except that your protocol has become needlessly complicated.

    (Note: The term “P2P service” is misleading here, because it connotes a level of central control and central administration that does not exist in most P2P apps.)

  6. Avi Flamholz says:

    I am still of the opinion that, when discussing ‘ordinary users’, even minory deterents and counter-measures are enough to get them to adopt the new system. No one is going make an un-circumventable (not a word, I know) system, but if the barriers are annoying enough, the majority of people will update. I believe I read something similar in one of your posts about iTunes.

    The real difficulty with a forced filter on a p2p program is that if the filter is effective enough, much of the user base would abandon the program.
    So an effective filter is stupid from the perspective of the p2p company.

    MGM was upset that Grokster did not package filtering in, but they would likewise would have been upset had Grokster included a weak filter only to the ends of saying that they included one.

  7. Rob Simmons says:

    Avi, I think you’re looking at this in too much of a black and white view. If you were referring to this post in your comment, I would point out what I believe is Dr. Felten’s relevent comment:

    “Instead, Apple built a more modest and — here’s the key point — user-friendly system that gave users freedom to make legal use of music and provided speed bumps to steer consumer behavior, but didn’t pretend to stop determined infringers.”

    There is no use of “ordinary-user” friendly iTunes crack programs, because most iTunes users (myself included) don’t find iTunes DRM annoying enough to crack. I’ve never reached the burn limit (and indeed forget if it even exists anymore) on my IMS songs, and while I’ve considered using my T22 laptop running Linux as an entertainment center, there are more pressing den-related issues for me at the moment, like getting a couch. However, let’s play out two scenerios.

    First, Apple attempts to add some extremely tough DRM to iTunes – ripped CDs couldn’t be reburned, iTunes music sharing was disabled, and let’s say, just in theory, that they managed to punch it into every single iTunes-enabled computer. Sure, lots of people would abandon iTunes, including me, but as the last five years have left the college-aged population rather disrespectful of copyright and DRM, the first “ReTunes” program that came out to pull of a “one-click” modification of iTunes would be widely popular, especially if word got out that it was unencumbered by spyware and the like. Indeed, I would like to emphasize that this has already happened – I can’t imagine you don’t know some generarlly technophobic people who used rTunes and the like because they found the “streaming-only” aspect of Apple’s DRM overly problematic.

    So in short, as Dr. Felten said to in the post you alluded to, the reason that there aren’t (even more) user-friendly iTunes modification programs is that there’s not the demand. The options aren’t “no/weak filtering and use” and “strong filtering and abandonment,” they are rather “no/weak filtering and use” and “strong filtering, some abandonment, and the creation and popularizaton of unauthorized yet easy-to-use workarounds”

  8. Rob Simmons says:

    Oops, that was one scenerio, not two. Apologies.

  9. Foolish Boy says:

    I am fool!!!

    I recently made the mistake of updating my cracked version of final cut pro. Apple have clearly put something on my hard drive to prevent the program loading up as it crashes even when I uninstall and then reinstall it. Does anyone have any tips on finding the troublesome download and how to get rid of it without having to wipe my whole hardrive?

    Any help would be much appreciated,

    Many thnaks,
    FB