www.flickr.com
Maid Mirawyn's Photos Maid Mirawyn's Photos

Tuesday, November 08, 2005

Just Say "No!" to Sony!

In case you don't hang around slashdot, let me summarize what's up with Sony: they're scum. That's right, scum. Yes, that Sony!

See, Sony has this wonderful idea for protecting their music from pirates. When you buy one of their "special" digital rights managed (DRM) CDs, they require you to install special player software to access it in a computer. There's an End User License Agreement (EULA), but let's just say it's terribly misleading and leaves out lots of minor details...

Like the fact that it installs some extra special bonus software (it's called a "rootkit") that any hacker would love! And so you're not "bothered" by its presence on your system, it very kindly hides itself. In fact, it hides any file that has a filename starting with "$sys$." Like I said, hackers should love it! (Updated 11-10-2005: there's already at least one trojan making the rounds that exploits this weakness.)

And Sony doesn't see this as a problem, apparently: "The download text claims that the rootkit does not pose any “potential security vulnerabilities,” however it’s obvious that any software that cloaks files, directories and Registry keys beginning with a certain string of characters is a clear security risk." (From a post by Mark at Sysinternals)

And what else does this little bit of software (designed by First 4 Internet, by the way) do? Well, it is quite processor hungry, so it's detrimental to performance. If you are tech savvy enough to decloak all the files and get rid of all its nasty little bits (I wouldn't be, without directions), it disables your CD-ROM drive! (I'm definitely not a good enough geek to figure that one out. Fortunately, there are many people on the web who are.) Oh, and it can lead to a crashed system and data loss-not good.

And uninstalling the disclosed (player) software? (Remember, apparently no mention of the rootkit in the EULA!) It's not at all easy. Mark at Sysinternals (who seems to be the current expert on this piece of garbage) tried to contact Sony about it. They made him jump through hoops and twiddle his thumbs waiting for their response. And the patch? It installed more undisclosed stuff!

By the way, Mac and Linux users appear to be in the clear. Good thing I only listen to music on my PowerBook, not my PC!

Xandria
Posted by on

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)