The Tridecadal Korean (astralblue) wrote,
The Tridecadal Korean

Sony's “Rootkit-Like” DRM Enforcement Software

Brought to attention by darksakura:

It seems that Sony/BMG finally gave in. ]

It's a good thing that they're finally taking a corrective action at least, but it seems, in fact, that they're doing it because they were cornered and forced to.  To quote the article:

“The recall and exchange program, which was first reported by USA Today, comes two weeks after news began to spread on the Internet that certain Sony BMG CD's contained software designed to limit users to making only three copies.  The software also, however, altered the deepest levels of a computer's systems and created vulnerabilities that Internet virus writers could exploit.

“Since then, computer researchers have identified other problems with the software, as well as with the software patch and uninstaller programs that the company issued to address the vulnerabilities.

“Several security and antivirus companies … quickly classified the software on the CD's, (sic) as malicious because, among other things, it tried to hide itself and communicated remotely with Sony servers once installed. …

“On Saturday, a Microsoft engineering team indicated that it would be updating the company's security tools to detect and remove parts of the Sony BMG copy-protection software to help protect customers.

“Researchers at Princeton University disclosed yesterday that early versions of the "uninstall" process published by Sony BMG on its Web site, which was designed to help users remove the copy protection software from their machines, created a vulnerability that could expose users of the Internet Explorer Web browser to malicious code embedded on Web sites.

“Security analysts at Internet Security Systems, based in Atlanta, also issued an alert yesterday indicating that the copy-protection software itself, which was installed on certain CD's beginning last spring, could be used by virus writers to gain administrator privileges on multi-user computers.”

Good job, Sony.  Dunno if you are suing First 4 Internet to recover the recall cost, but you know what?  I think you are partially responsible and should pay some of the cost as well—as 1) a lesson fee for learning that there's this thing called business ethics, which draws a line that you oughtn't cross, and also as 2) a penalty for persisting until even security experts all turned their back against you.  You know, what kind of a shame is that?  *tsk tsk*

Tags: bmg, drm, security, sony

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.