Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by the authors of malware, including viruses, spyware, and trojans, to attempt to hide their presence from spyware blockers, antivirus, and system management utilities.
This discovery by famed Windows utility programmer Mark Russinovich, is a public relations disaster for Sony and the hundreds of bands whose music is being distributed in their copy protected format. Read the comment thread for summaries of all the possible legal exposure Sony has…
In case you don’t believe me about the PR fiasco, just ask Intuit about the firestorm the created two years ago with secret copy protection altering the master boot record of machines installing TurboTax.
My gut instinct is that this will explode like a bomb on Sony, and that if they aren’t proactively working on a a universal rootkit remover and a plan to recalled all infected CD’s by this weekend, they’re in danger of getting swamped in a sea of bad press.
See also: Sony pwns your computer – [Metafilter]
It already has:
http://www.digg.com/security/Sony,_Rootkits_and_Digital_Rights_Management_Gone_Too_Far
Sooonyyyy, you got some splainin to do!!!!!!
This must be another Rovian plot to distract from Plamegate!!!
I literally *never* download music, but Sony just went on my list of companies from whom I’ll no longer purchase anything.
Having used sony’s music players for years (minidisk and currently a NW-HD3 mp3 player), and having used their proprietary music software, SonicStage, for years now as well, I’ve never had an issue. (no rootkits revealed w/ frequent scans). Granted, I haven’t bought a CD in a long time (all purchases through connect.com), so playing a CD with an installer wouldn’t be an issue.
Truth be told, there’s probably more guilty parties than just Sony. One can only guess as to what gets installed when you try to put a DVD movie in your PC to view the ‘extras’ and blindly click OK to the EULA that pops up. Disabling autorun is one of the first orders of business for me on any PC.
As for Intuit, they lost my business forever when they pulled the MBR copy protection scheme, and with H&R’s TaxCut getting better each year, I don’t think I’ve missed out on much.
Sony has too many entertainment properties locked up to make an effective boycott feasible. But that doesn’t mean it’s not practical to hit them in the pocketbook. If you have a choice of two movies to see tonight, encourage your friends to choose the non-SONY flick and wait for cable for the other. You get the idea. It would be pretty easy for anyone to spend 30% less on SONY products this year without feeling any inconvenience.
… and having used their proprietary music software, SonicStage, for years now as well, I’ve never had an issue. (no rootkits revealed w/ frequent scans).
Duh.
Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software …
Mebbe that’s why your scans always came back clean.
Class action lawyers will be drooling over this. $$$
For any enterprising attorneys, you should probably look at the recent Sotelo v DirectRevenue case in Chicago on spyware which claimed tresspass to chattels, consumer fraud, negligence, and computer tampering.
No secrets!
Sony has gone over to the dark side. We should trust NOTHING they sell until they rid themselves of the record and movie industry holdings.
Why resort to litigation? Thats just a white-collar version of professional wrestling. Both sets of attorneys pretend to fight and charge their clients to watch. Use this as an opportunity to make money. There have to be some opportunistic programmers around that are just as bright as Sony’s. Write some software that can locate and delete at the user’s option the rootkits. Should sell quite well.
Someone will want to look up some things at the Phillips Electronics website, as Phillips holds the trademark for the use of the term ‘Compact Disc’ as it pertains to music and other prerecorded CDs for sale.
The reason is that they say that Sony and any other party that issues CDs with any form of DRM or ‘copy protection’ scheme cannot call them a CD legally.
If anyone finds out this info, please post it to this comment thread and if the blog owner finds more, post that also as another story, it needs to get out.
Hi…I know I’m late to this thread, but I think TurboTax may be at it again. I have LILO loaded in my MBR from an old Slackware dual boot install (never bothered to remove LILO, but did delete the Linux partitions.
Well, I could boot into Windows just fine until I installed TurboTax Deluxe 2005 tonight. I got several errors during the install but it seemed to work OK. It then asked me to reboot, and low and behold, my MBR was fried!
I recovered easily enough using the recovery console, but my suspicion is strong: TurboTax tried to f*** w/ my MBR.
Have you heard anyone else having this problem?
Thanks.
-M