More on the Sony rootkit
Posted by isilanes on April 19, 2006
Writing the previous post lead me to read this Wikipedia article about the Sony DRM rootkit fiasco last year. Read it, because it is very interesting.
Among other things, I’ll quote the following (boldface emphasis mine):
Sony BMG released a software utility to remove the rootkit component of Extended Copy Protection from affected Microsoft Windows computers, but this removal utility was soon analyzed by Russinovich again in his blog article “More on Sony: Dangerous Decloaking Patch, EULAs and Phoning Home”, and revealed as only exacerbating the privacy and security concerns. In fact, the Sony BMG program merely unmasked the hidden files installed by the rootkit, but did not actually remove the rootkit. In addition, this program was reported to install additional software that cannot be uninstalled.
So, the “solution” Sony gave to its screaming customers was worse than the problem they had previously caused!
Now, read what the Wikipedia article recomends to eliminate the risk of abuse from Sony (and others):
The XCP software can be prevented from installing in several ways. First of all, a user can refuse to purchase such copy-protected CDs, perhaps downloading the music from a digital music distributor. Second, it is possible to disable autorun so that the software will not run automatically (this can be done, temporarily, by holding the SHIFT key while inserting the CD). Putting a piece of tape on the outside of the CD will also prevent the DRM from running. An alternative is to use an operating system which the software does not automatically install itself on, such as Linux or Mac OS X, or running Windows under a restricted account instead of an administrator account, in which case the installation program will not have the sufficient rights to install the rootkit.
Quite remarkable is, also, the fact that the DRM scheme Sony wanted to force-feed into its customers, with the alleged objective of preventing copyright infringements, did actually breach a previous copyright, more precisely, a LGPL license (that of LAME MP3 encoding library). That is, they were stepping on the toes of some Open Source material: THEY, the defenders of artist and creator rights, were attacking US, the thugs that want a free-for-all right-smashing steal-fest of all kinds of materials!