Monday, November 07, 2005
Are Sony CDs evil?
Are Sony CDs evil?
On my Audacity users email discussion list, I found this unusual item. Is it a false alarm? A vicious rumor? An urban legend in the making? Or a sober and serious warning?
Let me know what you find out, by posting a comment. I know there are some fellow geeky types who read my blog and like investigating corporate scandals and crimes against humanity.
[QUOTE, names deleted]
"DO NOT USE/PLAY ANY SONY CD'S ON YOUR COMPUTER!!!
they infect pc's with unremovable rootkits, allowing SOMEONE complete control of your machine remotely!!
the ONLY way to completely remove them is to reformat your harddrive....and the rootkit will nuke your CD burners, as well...read on:..."
Okay, now Sony's rootkit is bad, but won't do all THAT.
The rootkit won't allow anyone to control your machine remotely. It's possible that your computer could get ANOTHER trojan which hides itself behind Sony's modifications, and THAT program could allow remote control of your machine, but Sony's DRM doesn't allow that in and of itself.
Sony's DRM *does* monitor all your CD-ROM drives by installing a new driver that keeps tabs on things and passes on all requests to your original drivers. Removing this new driver is quite difficult, but it can be done without a reinstall if you know what you're doing and it won't physically damage any drives in any case. At worst you'd have to reinstall Windows to get everything working again.
The software DOES also "phone home" to Sony every time you play one of their CDs on your computer. The data sent to Sony's servers includes which CD you're playing, the date and time, and the IP address of your computer. It's quite unlikely that they are saving this information or using it for tracking purposes, but it would be possible for them to.
Read about the original discovery here: (full of technical details)
A similarly-detailed followup is here:
And the company that Sony contracted to create the rootkit responds here:
I do agree that Sony's behavior is abominable. But let's be accurate about what the rootkit actually does.
Graham [deleted] - computer science teacher, [deleted] High School
"Man is the best computer we can put aboard a spacecraft... and the only one that can be mass-produced with unskilled labor."
-- Wernher von Braun
This is so phenomenally tyrannical, deceptive, and malicious, it astonishes even jaded jejune Vaspers.
DANGER WARNING ALERT:
This sounds like a malevolent, greedy way for Sony to discover if you are improperly copying their music CDs and therefore possibly selling them to your friends and your Aunt Gary.
Just think. You thought you could download music files and burn CDs, illegally, recklessly, and with impunity, you imp. Now your dream bubble has burst, and you're maybe going to be sued and really go to prison for umpteen years, you pirate.
Think twice about the sites you visit, the intellectual property you download, and the CDs you burn. Can you prove you're not freely or otherwise distributing copyrighted material?
Then again, to take over, monitor, or otherwise invade a person's computer, without the person's knowledge, and with costly, difficult remedies, is a filthy evil act.
I will start hating and harrassing Sony, once I discover the truth of this. I will launch a detrimental hate campaign against Sony, using email, blog posts, comments at other blogs, and other clandestine blacklight operations against such an immoral entity, if I verify the accuracy of these allegations.
I'll check in at Wired, Slashdot, CNET, PC Magazine, Dvorak Uncensored, Doc Searls, David Weinberger, Kottke, Plastic Bag, and other reputable computer, digital culture oriented sites.
Let's dig into this, then take appropriate measures. Get ready to sting, my unlovely zingers. Marching orders will be coming after reconnaisance patrol makes a full report.
The concluding remark in the first Sysinternals link above:
Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files.
While I believe in the media industry’s right to use copy protection mechanisms to prevent illegal copying, I don’t think that we’ve found the right balance of fair use and copy protection, yet. This is a clear case of Sony taking DRM too far.
[signed] Steven Streight aka Vaspers the Grate
Posted by steven edward streight at 11/07/2005 11:07:00 PM