This item would normally be in the weekly BugBlog Report, but it deserves a story of its own. As recounted in today's BugBlog:
It appears that as part of a stringent Digital Rights Management (DRM) scheme, Sony Music is shipping new CDs that secretly install a root kit on your PC. If you manage to discover this and try to delete it normally, you may screw up your CD.
This was discovered by expert Mark Russinovich, who knows more about Windows than everybody outside of Microsoft (and probably inside too.) This is Sony's lame attempt to help - you will need to contact them to get the uninstall procedure. You can see Russinovich's meticulous research here.
The CD from Sony, or at least the one that Russinovich bought, said it was copy-protected. The problems are with the intrusiveness of the scheme plus the general stealth factor. There is also the potential for virus-writers to possibly use this to hide their own malware. As Russinovich says in summary:
The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files.
While I believe in the media industry’s right to use copy protection mechanisms to prevent illegal copying, I don’t think that we’ve found the right balance of fair use and copy protection, yet. This is a clear case of Sony taking DRM too far
The workaround is simple - don't buy stuff from Sony if you don't like this scheme.
Article comments
1 - Aaman
It gets worse,
2 - Mark Saleski
i've only had one cd do this to me. it's the latest leo kottke/gordon disc.
i tell ya, i hated to see the dialog box telling me that it was updating something in winn2/system32.
i mean, this is my freaking work computer people!!! you screwed up my cd player. i had to spend half an hour to fix this. i should send you a bill.
worst of all: your dumbass software said that this wasn't a valid copy of the cd. like hell it wasn't.
idiots.
3 - Bruce Kratofil
Additional follow-up in the Washington Post
here
He recounts the protracted procedure you have to go through to get the removal software.
4 - Yashin
This is nothing short of disgraceful.
But sadly it's another classic example of how Sony is completely focused on its own agenda and pays absolutely no attention to the needs of its customer base.
An Article on Ars Technica suggested that Sony is absolutely obsessed with DRM, to the point where they are rejecting the PC and the internet and attempting to create their own distribution network through the PS3.
I for one expect this to fail, consumers need an open market where competition and innovation can give them a good deal. As a content provider, distributor and hardware company, Sony is desperate to control every aspect of the supply chain. This is not good.
Vote with your wallet - don't buy Sony.
5 - Triniman
Before you insert a Sony CD, hold down the shit key and it won't autorun and install the software automatically.
This may work.
6 - Triniman
Sorry!! Typo, honest!
7 - Aaman
Sony has offered a 'Service Pack' that removes the 'rootkit' - no word on whether it also installs a compulsion to only play Top 20 hits.
8 - Ken Edwards
This is why i refuse to buy CDs these days. I will buy it online via iTunes or another music store before I will buy it on a physical disc. There are so many different types of these DRM schemes by all these music companies that it makes life hell.
Some even will not allow you to play the freaking music on a Mac.
The music industry has no clue.
How it does not see that it is loosing business by pissing off customers is beyond me. But its the oblivious majority that still will buy this Sony DRM crap so it doesn't matter that the aware computer geeks do.
9 - roseman
call me lo-tech, but i simply play CD's in an old-fashioned CD-player, rather than in my computer :p hopefully it won't install a rootkit in the boombox...
10 - jon
aye, i've recently taken to just playing CDs in a standard CD player. Maybe when i get a new pc in a month or two i'll look at ripping my stuff back to hard disk (my old old hard disk that had my music on recently died completely) again but for now, a standard cd player is good enough for me
11 - Guppusmaximus
Has anyone tried Alcohol 120%??
12 - hihh
I just purchased the latest Sony DVDRW and I’m thinking of taking it back. I know these root kits are from CD’s but could they be hidden in a firmware update?