Sony BMG, Music CDs, and Keeping Your Computer Clean
I've been following this story and collecting links for a couple of months now; and today, when I don't otherwise feel like blogging, seems like a good time to spew them out in some sort of coherent form.
The story in brief: It seems that Sony BMG, in an attempt to develop an innovative way to copy-protect music CDs, has stumbled on a way to 1) infect your computer with questionable software which is almost impossible to uninstall, and 2) destroy its public image in the process.
The "uninstaller" Sony released has, as the article says, come in for criticism of its own. This site has a technical description of the problem, but by way of summary it says
I first encountered the problem via a post on the always-interesting Madville.com, which tends to have the best of the weird and interesting. The post in question is from a site called Mark's Sysinternals Blog and is generally above my ability to understand, but it scared the bejezus out of me and I immediately bookmarked the site in a folder called "Scary Computer Stuff." He summarizes his experience by saying
Time was that the biggest problem you had running your computer was that your TRS-80's cassette drive would chew up the tape with the program you just spent 30 minutes loading. I've never been paranoid of spyware, though I do routine searches on a regular basis, but this is beginning to turn me into a conspiracy theorist.
Tags: Sony BMG, Sony, Rootkit, Copy Protection, Computers and Internet, Spyware, CD, Virus, Madville, Malware
The story in brief: It seems that Sony BMG, in an attempt to develop an innovative way to copy-protect music CDs, has stumbled on a way to 1) infect your computer with questionable software which is almost impossible to uninstall, and 2) destroy its public image in the process.
What's all the fuss about? Sony BMG loaded the so-called XCP rootkit onto 52 album titles, or more than 2.1 million CDs sold in the U.S. The program self-installs onto a PC playing the CDs and makes it susceptible to viruses. By now, the rootkit has likely already made its way into "hundreds of thousands, to millions" of computers, figures Dan Kaminsky, a security consultant. "This is a worm-scale infection."What Sony doesn't mention is that they're also being sued by the state of Texas over the whole fiasco.
A patch issued by Sony BMG to rectify the problem only made it worse. And some computer security experts say the company was slow to respond to early warnings.
Sony BMG maintains that XCP and its other copyright protection software "is not intended to cause any harm to your computer and is not a monitoring technology," according to its Web site. It has suspended its use of XCP and has asked retailers to pull the affected CDs off shelves. On Nov. 15, the outfit announced an exchange program for the affected CDs. "The company shares concerns of consumers and is committed to making things right," a Sony BMG spokesperson says.
The "uninstaller" Sony released has, as the article says, come in for criticism of its own. This site has a technical description of the problem, but by way of summary it says
The uninstaller requires you to install an ActiveX control to your system before you can even request for an uninstall url. Turns out, the uninstaller activex marks itself safe for scripting, and has plenty of interesting methods available for everyone to use. Although I have not analyzed them in depth, I have tested one of them to confirm it really does what I think it does. It's called "RebootMachine". If you have installed Sony's ActiveX control, follow the link to invoke the RebootMachine method. I don't even want to know what the ExecuteCode method does...In short, it requires to you install more code on your machine, which it then leaves behind, in order to uninstall the thing you regret installing in the first place.
I first encountered the problem via a post on the always-interesting Madville.com, which tends to have the best of the weird and interesting. The post in question is from a site called Mark's Sysinternals Blog and is generally above my ability to understand, but it scared the bejezus out of me and I immediately bookmarked the site in a folder called "Scary Computer Stuff." He summarizes his experience by saying
The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files.If you're concerned you may have one of the destructive "rootkits" on your system, check out this list of Sony CDs with the alleged "protection."If you've bought one and run it on your computer, chances are you're infected...and you would never know it.
Time was that the biggest problem you had running your computer was that your TRS-80's cassette drive would chew up the tape with the program you just spent 30 minutes loading. I've never been paranoid of spyware, though I do routine searches on a regular basis, but this is beginning to turn me into a conspiracy theorist.
Tags: Sony BMG, Sony, Rootkit, Copy Protection, Computers and Internet, Spyware, CD, Virus, Madville, Malware
posted by Jeff at 8:51 AM
0 Comments:
Post a Comment
<< Home