Coupons.com, DRM, Virtualization and You
It seems coupons.com has a requirement to stick controls on your computer in order to print their coupons. In order to print from their system, you must install their proprietary binary. What they don’t tell you this binary communicates with their servers, not just facilitate communication between your PC and your printer.
I don’t like 3rd-party software making un-disclosed changes to my system. One work-around cases like this is to simply re-install windows after every install/use of coupon.com’s software. Ubsurd? Nah. Simple tools for virtualbox.org can help.
Virtualbox.org offers a virtualizer that runs under Linux, OSX and Windows XP upon which you can install another entire operating system. It does not require any special hardware nor modification to the guest operating system, and performance is at least as good as VMware’s. I don’t know how this is even possible, and I suspect there is a lot of “pre-compilation/optimization” type events going on in the background, but consider me impressed.
One of the really cool features of virtualbox is the ability to build a virtual installation, then mark it as “immutable” so that any changes made to the system by any software (including viruses, malware, DRM crap, etc) are lost upon shut-down and the state of the virtual machine restored to it’s original state as installed by you. It can can actually be rebooted without reverting state, just not “shut down”.
In a nutshell, here’s how to deal with running software you suspect may be making undisclosed or un-desired changes to your computer:
- Install your guest O/S under virtualbox
- run all updates for this guest O/S
- Install all normal, trusted software
- RTFM for Virtualbox, then make the guest O/S’s hard drive image immutable
- Boot the guest O/S (now immutable). Install unknown product. Use.
- Power off the guest O/S. Upon the next start-up, your system will be totally fresh as if the unknown product had never been installed in the first place.
Of course if you need to make permanent changes to your system, change the drive to “normal” from “immutable”, make the changes/updates, then make back into “immutable”. This technique also works very well for keeping a teenager’s computer clean and free of the nasties.
Now I couldn’t resist but watch what this “coupon printer” software does once I installed it. Since I’m running fully virtualized, I attempted to watch the network traffic to/from the VM. I found the “coupon printer” actually does TLSv1 encryption between itself and the mothership. I identified a Thawte certificate via Wireshark. I can only wonder what information is being sent back and forth in those encrypted packets.