Sony CDs Install Rootkit on Your Computer! BMG XCP2 DRM AFU! 11/8/2005 - 1,279 views, 1 Comment
|
Previous Article « Online Airplane Tracking! Track Airplane Flights on the Internet!
Read Next Article » Skype Uses Your Computer to Route Other Peoples’ Skype Calls
Sony BMG is on everyone’s lips this week, and for once they aren’t talking about the PSP or music downloads. This week they are talking about the fact that Sony has secretly embedded First4Internet’s XCP2 rootkit-like software on their CDs, which while perhaps intended only for digital rights management (DRM), actually not only spies on what you are doing and reports that back to the Sony BMG mothership, but it also opens up your computer to risk by allowing other, even more malicious spyware and other programs to slip in undetected and take over your machine’s processes. Now, to be sure, I doubt that Sony intended this situation when they arranged with First4Internet to use their XCP2 on Sony BMG CDs. Sony would tell you that all they were trying to do was make sure that you used only their media player with their CDs on your computer. Nevermind that it’s your computer, you paid good money for the CD, and so long as you aren’t copying and pirating their material, with what you choose to view the material should be none of their business. This was all blown wide open when Mark Russinovich over at Sysinternals posted an extremely detailed analysis of what he found after discovering the Sony rootkit on his own computer. Said Mark, on his blog, of what he found, “The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files.” The response among the Internet community has ranged from outrage, to surprise that anyone is surprised to, already, at least one lawsuit. Where this will all end is anybody’s guess, but in the meantime, if you choose to purchase Sony BMG CDs, and to put them in your computer, well, buyer beware. You can read Mark Russinovich’s extremely detailed write-up of his discovery here. In the meantime, Russinovich has documented SonyGate 2, his effort to uninstall the Sony rootkit and Sony’s completely unacceptable response, here. Recommended reading:
|
|
Email the link for this page to a friend! |
Read more:
» Sony BMG Pulls Rootkit - Sony BMG Statement on Pulling Rootkit
» State of Texas Sues Sony BMG Over Music CD Rootkits
» Sony Caves on RootKit, Pulls CDs, Offers Exchange Program
» Sony BMG Settles Lawsuits Over First4Internet XCP Rootkit and MediaMax Security Hole
For additional similar stories check out our archives on Just Plain Wrong, Pirates, Security
I had a spat with BMG about an earlier version of their copyright control software on a CD as I use Sony’s SonicStage software to change all my CD’s into ATRAC3 files for use on my media PC and my NetMD. BMGs response to my complaint then was to offer a non-copyright version of the CD if I sent them my proof of purchase. By the time they responded, the MP3s were available online.
It’s MY PC, I paid for the CD, I paid for the software and I want to use it HOW I WANT! Sony - when are you going to realise that you’re damaging your own reputation with these repeated anti-piracy faux-pas?
Comment by Doug Lochery — 11/9/2005 @ 12:20 am