?

Log in

No account? Create an account

The small print of DOOM! - John C. Kirk

Mar. 8th, 2007

10:59 pm - The small print of DOOM!

Previous Entry Share Next Entry

I've had today off work (getting my electricity meter replaced), so I've used that time to do some computer maintenance. I was going through the log files on my firewall server when I saw something odd: my PC was trying to send outbound traffic on port 6667 every 30 seconds. At first I thought that this was for my IRC client, but it wasn't. Instead, it's a legacy of the "Sky by Broadband" service that I signed up for last year.

I used the Sky application to download one film (Ella Enchanted) on 12th March 2006. I haven't run it since, and I reduced my channels in January so that I no longer get free access to their films. However, part of it has been running in the background ever since. This blog post provided an explanation: the application actually uses "peer to peer" technology rather than being client/server. I don't remember reading anything about that when I installed it, and looking at the Sky website (now rebranded to "Sky Anytime") they haven't made it prominent.

Basically, apart from the front end application, there's a service (kservice.exe) which is configured for automatic startup. In other words, every time you turn the PC on, this thing starts running in the background, with full local system privileges. As I mentioned, it's literally trying to contact the Sky servers every 30 seconds, as per my logs:

Log files
(Click on that picture for a full screen view.)

Fortunately, ISA 2004 (running on my server) is blocking that traffic. However, the average ADSL router is configured to allow all outbound traffic by default (while blocking inbound traffic), so it would go through. Since I'm running Windows XP, I do have a local firewall too. However, the Sky installation program modified that to include some exceptions:

XP exceptions

The first exception is for "Delivery Manager":
First exception

The second exception is for "Delivery Manager Service":
Second exception

(Incidentally, both had full scope, i.e. they'd talk to anything on the internet rather than the Sky servers specifically.)

When I stopped the "KService" service on my desktop PC, ISA stopped reporting the relevant traffic, so that was definitely the culprit. Anyway, since I no longer need this program, time to uninstall it. This is a bit more long winded than is strictly necessary.

1. Remove the "Sky by Broadband" application, using "Add/Remove Programs" in Control Panel. This removes the front-end application, but leaves "KService" running.

2. Download the "kclean.exe" utility from the Sky website, as described here. Running this utility successfully removed the service and the program files/registry settings behind it.

3. Remove the "C:\Program Files\kservice" folder. It was pretty much empty, but the "downloads" subfolder contained the film I downloaded last year.

4. Remove the exceptions from the XP firewall. (They're pretty much harmless at this point, without the corresponding files, but it's still neater to get rid of them, and avoids any problems of rogue files exploiting that hole.)

This process does raise a few questions.

Firstly, if the installation program was able to make all of these changes, why couldn't the uninstallation program undo them all? Item 3 on the kclean page says: "Because Kontiki is a Windows service, not an application, it can only be removed using KClean; Kontiki cannot be removed using the "Add/Remove Programs" Control Panel." In my professional opinion, this is untrue. I am willing to accept that the Sky programmers don't know how to do it, but other uninstallation programs manage this fine (e.g. SQL Server, Exchange). Frankly, if they can't clean up their own mess, I don't want their sloppy code on my machine.

Secondly, why was the video still on my machine (using up 640Mb on my hard drive), given that I could no longer watch it? According to item 6 on the kclean page: "Note that once your license to view these videos expires, the videos will be deleted automatically from your PC". Clearly this didn't happen. It may be that this is a function of the Sky front-end application (which I haven't run since the licence expired), but the video was stored in the kservice application folder. That in itself is dodgy, since it breaks the rules about separating programs from data, but I'll let that slide since there are bigger problems to address here.

Thirdly, would other people be able to access the film if I didn't have ISA blocking that traffic for me? The Sky Anytime FAQ refers to a "delivery grid", and says that no other end users will be accessing my PC directly (Q9 in section 6). However, item 6 on the kclean page says that "If you leave Kontiki on your PC, then any remaining Sky by broadband videos you have downloaded will continue to be 'shared' with other Sky by broadband users on the secure peer-to-peer network." These two pages apparently contradict each other, which is a bit worrying.

I guess the moral of this story is to be careful about what you install on your computer, in case it's doing sneaky things behind your back.

Comments:

[User Picture]
From:elvum
Date:March 8th, 2007 11:23 pm (UTC)
(Link)
Wasn't the Sky by Broadband service cancelled last summer anyway, after Microsoft's DRM got cracked?
(Reply) (Thread)
[User Picture]
From:johnckirk
Date:March 8th, 2007 11:28 pm (UTC)
(Link)
Possibly - I have a stack of the monthly Sky magazines in my "unread" pile, which may have mentioned this. However, in keeping with their tradition, they didn't take any great lengths to draw it to my attention.

The "Sky Anytime" service is definitely active. If you go to:
http://www.sky.com/
you can see a link for it on the front page. This seems to have taken over from "Sky by Broadband", i.e. the same service under a different name.
(Reply) (Parent) (Thread)
[User Picture]
From:johnckirk
Date:March 8th, 2007 11:43 pm (UTC)
(Link)
Quick follow-up on this, after digging through my folder of unread emails from mailing lists...

Email 1 (7th Sep 2006):

"We're currently carrying out an essential update to the Sky by broadband security system, and unfortunately this means we’ve had to temporarily suspend access to movie downloads and some sports content. But don't worry, this won't affect your computer and you can still bookmark content for when it's up and running again."

Email 2 (17th Oct 2006):

"We sent you an email last month telling you that we unfortunately had to suspend access to movie downloads and some sports content on Sky by broadband. Well, I'm delighted to say that all downloads are now available to you again."

Email 3 (28th Nov 2006):

"Good news. Sky is making the Sky by Broadband service bigger and better than ever. So you can enjoy an exciting choice of Sky programmes on your PC, anytime you like. We're giving Sky by Broadband a new name, too –
Sky Anytime on PC. It is part of the new Sky Anytime service, which also offers great entertainment on your mobile."
(Reply) (Parent) (Thread)