>From Information Week Daily Update: Editor's Note: Sony Is Just As Bad As Music Pirates Sony's latest response to the threat of music piracy is to engage in behavior every bit as bad as the pirates it's trying to protect itself from.
Sony BMG Music Entertainment decided that the threat of piracy was so severe that it needed to protect itself by installing on customers' PCs hacker tools that exposed those systems to massive security vulnerabilities. Sony included hacker technology called a "rootkit" in the copy-protection software distributed along with one of its music titles. A rootkit is technology used by computer criminals to permit them to break into target systems. The rootkit is such a hairball to remove that security researchers recommended users not try to remove it themselves, but rather contact Sony to get instructions. http://update.informationweek.com/cgi-bin4/DM/y/erqr0GLrUD0G4n0DrIz0GI Sony countered by saying that the copy-protection software is harmless and issuing a patch. Hackers, meanwhile, are making a mockery of Sony's claims by distributing code that they claim takes advantage of security holes opened by Sony's DRM. http://update.informationweek.com/cgi-bin4/DM/y/erqr0GLrUD0G4n0DrI10G4 And, as revealed Monday, the patch presents problems of its own; it can crash Windows. http://update.informationweek.com/cgi-bin4/DM/y/erqr0GLrUD0G4n0DrI20G5 The Sony software is, plain and simple, spyware, by any reasonable standard of the word. It installs itself without users' knowledge, it runs in stealth mode, it damages the user's system, and it resists removal. Sony's tactic isn't just a problem for consumers; it's also a problem for business network managers. Employees often enjoy listening to music while at work, and an employee who innocently brings in a CD that's infected with Sony's copy protection can open a security hole to the entire network. Sony had no excuse for its behavior. The fact that some of its customers pirate music does not legitimize Sony's hacking into all its customers' computers and exposing them to security holes. Sony needs to recall the infected media, confess it did wrong, apologize to customers, and make amends. Meanwhile, law-enforcement authorities need to investigate whether Sony is in violation of civil and criminal laws against computer piracy. I'm no lawyer, but it sure looks from here like it is. Mitch Wagner mailto:[EMAIL PROTECTED]
