Thought y'all may be interested. (Just checked, and none of my
audioCD's are Sony. Whew).
The Rootkit of All Evil
We like to keep tabs on what GenX is thinking and doing, for a lot of
reasons, one of them being that these young people are so much more
computer literate than we are. Thus it got our attention when we were
recently chatting with one of our favorite thirty-somethings and he
said that he and his friends were boycotting Sony products forever.
Why? we asked.
As it turns out, Sony has been installing secret spyware on unknowing
users’ computers, and GenXers—among the fiercest defenders of Internet
freedoms—don’t like it one bit. Once we found out what’s going on, we
didn’t like it, either. Here’s the story:
Sony BMG Music Entertainment, concerned as many companies are about
file sharing, decided to protect the CDs that it releases
commercially. They did it by encoding selected CDs with a tool called
a “rootkit,” a nasty little program often used by virus writers. (A
rootkit takes partial control of a computer's operating system at a
very deep level in order to hide the presence of files or ongoing
processes.) This antipiracy tool—developed by Sony’s British partner,
First 4 Internet Ltd., and keyed to Windows—is installed on the host
computer when the user plays the CD, and it locks up the music so that
it can’t be copied to a hard drive or distributed over the Net.
So far, Sony BMG has placed the software on about 20 titles, including
works by Dexter Gordon, Vivian Green, and country rockers Van Zant. It
was on the latter’s new “Get Right with the Man” release that a
computer engineer first discovered the spyware.
Granted that music providers have a right to try to protect their
products, what then is the problem? There are several. For one thing,
the rootkit has been placed on the host’s computer without his or her
consent, or even knowledge, and that in itself raises serious ethical
questions. For another, it is very difficult to find. Worse, even if
found, there is no easy way to uninstall it. Finally, and perhaps most
sinister, in addition to performing its antipiracy function, it also
surreptitiously opens up a line of Internet communication between the
host computer and the parent company.
All of it came to light on Halloween, when noted computer engineer and
author Mark Russinovich posted news about this trick with no treat on
his technology website, SysInternals. Russinovich chanced upon the
secret software while running a routine security scan of his computer
after playing the Van Zant CD on it.
The rootkit was insidious, Russinovich claimed, because it had no
“uninstall” feature. Furthermore, he found that attempts to disable it
were dangerous. “Most users that stumble across the cloaked files. . .
will cripple their computer if they attempt the obvious step of
deleting the cloaked files,” he wrote. Even an expert like Russinovich
couldn’t remove the files without rendering his CD drive inoperable.
A week later, Computer Associates International, a world leader in
software and information technology, confirmed Russinovich’s findings.
Computer Associates reported that the software enables Internet
communication with an office of Sony's music division in Cary, North
Carolina. It transmits the name of the CD being played, as well as the
IP address of the listener's computer, providing the company (at a
minimum) with the opportunity to profile the user’s tastes. “This is
in effect ‘phone home’ technology, whether its intent is to capture
such data or not,” says Sam Curry, vice president of Computer
Associates’ eTrust Security Management unit. ”If you choose to let
people know what you're listening to, that's your business. If they do
it without your permission, it's an invasion of privacy.”
Curry also reiterated that Sony has made it so difficult for listeners
to uninstall its software that some could lose all their data in the
process. “It can damage the operating system and the operating
system's integrity, so it can't reboot at all,” he said. “As an expert
in security, I can say this is bad behavior.”
Bad indeed, but that may be just the tip of the iceberg. A greater
worry was expressed by some antivirus companies who warned that the
First 4 Internet tool could let virus writers hide malicious software
on people’s computers, if the coders piggybacked on the file-cloaking
functions. “For now it is theoretical, or academic, but it is
concerning,” said Mikko Hypponen, chief research officer at antivirus
company F-Secure. “There's no risk right now that we know of, but I
wouldn't keep this on my machine.”
Sony BMG/First 4’s initial response was denial. “We don't receive any
spyware information, any consumer information,” said Mathew
Gilliat-Smith, First 4’s CEO. But this was quickly followed by an
announcement that First 4 has released a patch to antivirus companies
that will eliminate the copy-restricted software's ability to hide,
thereby also preventing virus writers from piggybacking their work on
the copy-restriction tools. A similar patch will be posted on Sony
BMG’s website for customers to download directly. “We want to make
sure we allay any unnecessary concerns,” Gilliat-Smith said. “We think
this is a pro-active step and common sense.”
End of story?
Not exactly. When Russinovich tried using the patch, he reported that
it malfunctions and can cause an irreparable loss of computer data.
While we believe that Sony will take prompt action to fix that
problem, we remain troubled by other aspects of the situation. For
example, naïve consumers who don’t follow media coverage of
controversies such as this—the vast majority, in all likelihood—will
remain in the dark about what they’re doing when they play encoded
CDs. Among those who do read the story, there will inevitably be many
for whom it is too much of a hassle to do anything about it, and they
will leave Sony’s uninvited guest on their system. Plus, even if the
patch works perfectly, it doesn’t remove the rootkit, it only makes it
visible. Those who desire to purge the offending software altogether
have to take the extra step of contacting Sony BMG’s customer support
service for instructions.
Then there’s the overriding ethical issue: Is what these companies are
doing appropriate at all? So far, neither Sony nor First 4 has
suggested that future CDs will cease to carry the embedded software,
and so that one remains unresolved. Our readers will have to make up
their own minds as to whether this constitutes a minor inconvenience
or enough of an affront that it causes them to join our
thirty-something friends in their boycott of Sony products.
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.7/182 - Release Date: 11/24/2005
_______________________________________________
EUGLUG mailing list
[email protected]
http://www.euglug.org/mailman/listinfo/euglug
