Root Down

There’s a very important story that’s been hitting the mainstream news lately concerning Sony BMG (Sony Music) and some of their recent CD releases. It brings the conflict between Intellectual Property and consumer rights into sharp relief. The good news is that it looks like Big Brother backed off on this one. The bad news is that they will certainly give it another shot.

Several recent titles released by Sony have special anti-copying software bundled on them. On a Windows PC, there’s a feature called autorun that lets Windows check a CD for special software to run before it tries to access the actual music content on the disc. Most publishers use this to provide some kind of multimedia add-on that make the CD more fun to play on your PC. But Sony has done a very naughty thing and included a rootkit on their CDs.

A rootkit is a software package that is designed to give itself and any accompanying programs administrative access to your computer. In this case, the software installs itself, hides itself so that you cannot locate it, and then makes sure you can’t make more than two copies of the CD. Sony figures that this will help keep piracy down. (Never mind the fact that industrial-grade pirates don’t use PCs to make copies.) The big media companies, including movie and record producers, are scared to death of modern digital technology because it makes high-quality copying so easy. They don’t want people to distribute copies of movies or songs without paying for them.

The problem is that they are so zealous that they’ve forgotten that while they may own the copyrights to the movies and music , they do not own our computers. That’s the line that Sony crossed with this new software.

A press release on Sony’s site states very plainly that the software is not a security risk. That’s a lie, plain and simple. It’s already been exploited by at least one virus. See, the Sony software alters Windows to not display any file whose name starts with “$sys$”. That introduces a huge security problem, because it removes your ability to control what files are on your computer. Imagine for a second that Sony called you up and said, “Hey, we’ve modified your credit card statements so that you won’t see any transactions going to companies whose names start with ‘S’. Don’t worry, this isn’t a security problem.” Anyone going to buy that?

Personally, I think that current copyright and intellectual property law is really, really screwed up. Patents and copyrights are supposed to encourage innovation, but they are increasingly being used to preserve monopolies and defend revenue streams. But even if you accept the current laws as being fair, companies like Sony are overstepping their bounds. With this rootkit software, Sony is using the same techniques as organized crime. There are already two lawsuits against them for this in the US, and I hope many more follow.

Update
It just keeps getting worse. Looks like Sony has provided an uninstaller, but if you use it, you’re leaving your system wide open for even more security headaches.

No Responses to “Root Down”

  1. docwhat Says:

    Actually, this isn’t about new IP laws, etc…

    Sony can sue pirates just like they always could.

    This is about Sony treating their customers as criminals and behaving like criminals.

    Their acts are most likely illegal. See groklaw for more updates about a company I will not buy music from.

    Ciao!

  2. Administrator Says:

    Chris,

    Exactly. And their acts are most definitely illegal. Dr. Edward Felten pointed out on his blog that even if you decline the EULA, it installs shit on your hard drive which doesn’t have an uninstaller. NOT COOL.

    Geez, this is making me rethink my plan to get a PS3 when they come out. I know that the games and the music are totally different arms of the company, but still…

  3. Jane Says:

    All you need are two computers, recording software, and a cable with a mini-jack on each end , and you can easily send the audio out from one computer into the audio in of the other.

    This works for streaming off the internet that is not meant to be recorded, so I am sure it would work for this as well. Not that I am advocating it.

  4. Nealie Says:

    I’ve been following this but haven’t seen any mention of Macs. Do you know if these cds do the same thing with a Mac?

  5. Jeff Says:

    Macs are not affected unless you were to be running the CD using some type of Windows emulation (I’ve heard that the CDs won’t even play on a Mac but have no way to test).

    If you’re worried about whether or not you have the rootkit you can scan & remove it with many of the AV softwares out there including Microsoft’s AntiSpyware beta and the online scanner at http://safety.live.com (both at no cost).

    Jane’s machinations to record the songs would probably work (though would degrade the quality because of converting from digital, to analog and back again) but I’ve also read that simply renaming the application you use to rip music (that’s rip, not rip-off) to include $sys$ at the start actually turns the rootkit against the DRM software and it will run fine because Sony’s player doesn’t see it.

    I won’t disagree that IP law could use some reform in the sense that those with deep pockets have an easier time filing and following and protecting their IP but, at the same time, you have only to look at Eolas to see that the little guy can actually come out ahead even with the system we have.

    I think a lot of otherwise early adopters are thinking twice about PS3 as a result of this.

  6. Administrator Says:

    I’ve read a couple of articles that said that there is actually a Mac flavor of the application, but it can’t install itself surrepetitiously on a Mac the way it can on Windows. The user would have to deliberately install the software themselves. See this article.