SciTech

This article at Mark's Sysinternals Blog is about how a Sony copy-protected CD installed a rootkit on his system, and the lengths he had to go to to get the normal functions of his PC back.

Summary:

• By inserting this Sony CD in his computer, Mark's computer was infected with software that installed hidden processes, modified his CD drivers, and tricked the OS into hiding any directory that started with the sequence $SYS$.
• Using the features in this software (commonly called a rootkit), the Sony DRM could monitor how many times it was being played and limit the burning of music contained on the CD to another disc. However, it also makes the listener's computer vulnerable to other infections.
• When Mark tried to uninstall the software by deleting it, his CD drive completely stopped working.

Over the line? Sony has obliterated the line. This inverts the argument about P2P networks being hives of spyware, trojans, and viruses. We no longer have to go to P2P networks to infect our computers; they now get infected by music produced by the major labels.

As if that wasn't enough: first, Sony's artists, such as Van Zant, whose CD infected Mark's computer, have nothing to gain and everything to lose from this DRM madness. Second, technically Mark is now a criminal for undoing the damage that Sony did to his system, thanks to the anti-circumvention clause of the DMCA.

UPDATE:

It's much worse than I imagined. Wired - Sony Numbers Add Up to Trouble

More than half a million networks, including military and government sites, were likely infected by copy restriction software distributed by Sony on a handful of its CDs, according to a statistical analysis of domain servers conducted by a well-respected security researcher and confirmed by independent experts on Tuesday.

boingboing-Sony anti-customer technology roundup and time-line

Since Hallowe'en, we've been posting the details about he revelations relating to Sony's DRM systems, which show jaw-dropping contempt for their customers, for copyright law, for fair trading and for the public interest. With all these posts strung out over a couple weeks, I thought it was high time we put together an omnibus post, summing up all the posts to date:

boingboing-Sony's spyware "remover" creates huge security hole

Princeton's Ed Felten and Alex Halderman have published new research into a grave security vulnerability opened up if you run the "uninstaller" that Sony supplies to rid your PC of its malicious rootkit software, which it installs when you insert an audio CD into your PC, as a means of restricting your use of the music on the CD.

The new vulnerability is as grave as a security vulnerability can be. If you run the uninstaller, your computer can be utterly compromised by an attacker who can reach it via the Web. Your computer can be made to run any code and surrender your data. It can be enlisted to act as a "zombie" for sending spam or attacking sites that are being shaken down in protection rackets.

In my opinion Sony needs to pay for the problems they've caused. Jail time, perhaps. Stiff fines are OK but you know who pays for that. How about no fines and no time served. Just open up their catalog of digital content to the internet for as many days as their nasty spyware is allow to run free. That sounds fair.