(originally posted November 16, 2005)
For those of you who haven't heard yet, some interesting news has been swirling around over the past couple of weeks regarding copy-protection on SONY/BMG Music CDs. The record label had placed DRM (Digital Rights Management) software on some of their CDs, which installs a rootkit onto Windows PCs when the CDs are played on the computer. According to Mark Russinovich, who discovered the rootkit,
"Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden."
The software on the CDs automatically installs when the CD is played, and limits the amount of copies that may may be made. It disguises itself as essential files, and most shockingly, if a user deletes the cloaked files, it will disable Windows. The End User Licence Agreement on the CDs makes no mention of the fact that software will be installed that the user can not uninstall.
In addition to all of this, experts agree that trojans and other malware can use the rootkit to hide on users' computers, and although SONY has created an uninstall for the rootkit, experts warn not to download the current version of the uninstaller, as it will create security vulnerabilities on your PC.
Due to public backlash, SONY has issued a
list of CDs containing the rootkit (although one wonders about the completeness of the list), has stopped the production of CDs containing it, and claims that it will shortly re-release those CDs without the technology. It is staggering to think of the amount of infected CDs currently in stores, in people's homes, and the number of computers that have already been infected, though.
Links to stories:
Schneier on Security - Nov 1Schneier on Security - Nov 15Boing BoingMark Russinovich's Sysinternals BlogIn fact, Boing Boing has also reported that government agencies are banning the use of SONY CDs in the workplace, due to security concerns. Alberta Agriculture has
banned all CDs!
Posted in:
law,
music
on