« Been a while | Main | Happy Thanksgiving! »

Sony/BMG Music

Dunno if any of you have been keeping track of this, but Sony/BMG music thought it would be a clever way to keep piraters from copying their music by introducing a small program that would copy itself to your computer when you put the CD in to rip it, and limit the number of times you could access the CD for ripping etc. Sounds great at first, but a couple of problems come up pretty fast: First off, they don't tell you that they're loading programs to your computer, and second, they hide the loaded program so you can't tell that it's there without doing some pretty sophisticated snooping. Third, they don't give you the option of removing or NOT having the program loaded. You put the CD in, it loads the program to your drive, whether or not you want it to or not.

There's another type of program out there that does this. They're commonly called "rootkits" because they install and hide themselves in the "root" of your drive. Hackers/virus writers are starting to use these to lurk unseen. At my workplace we had a problem with one of these buggers somehow getting onto our servers. Typical virus scans will not find these things, but they can still cause havoc on your system. The one we had kept causing our system to become unstable and crash. In the end we needed to use a rootkit removal tool to pull it out of our network.

I imagine Sony/BMG had reasonably good intentions with this, trying to prevent their music from being pirated, etc, but this was really a bad way to go about this.

Now, their rootkit is being used by hackers and trojan writers to breach the security of computers with it installed.

All in all a bad time for Sony/BMG's head honchos who approved this little bugger.

As a result, Sony/BMG released a tool to assuage the riled masses. Well, this tool only reveals the kit. It doesn't remove it. You need to contact Sony/BMG for instructions on how to remove it. And removing it, is not easy at all, and could potentially mess up your system even more.

And now even Microsoft is getting into the act, by removing the kit in their Anti-Spyware Beta removal tool.

Which begs the question a friend an I were laughing about...If they remove it, are they in violation of the whole DMCA rights thing?

edit: This just gets better and better. Apparently now, Sony/BMG does have a removal system for it, but, the removal program makes an even bigger security hole than the one generated by the rootkit in the first place. The cure is worse than the condition...

Posted by jason on November 15, 2005 02:08 PM |

Comments

here's a list of tainted cd's

http://cp.sonybmg.com/xcp/english/titles.html

Posted by: Jay Renard | November 29, 2005 05:15 PM

Post a comment

(To block spammers, any comments need to be approved by the site owner before your they will appear. Until then, it won't appear on the entry. Thanks for waiting.)