I think everyone’s pretty much heard about this by now, I know I’ve been following it on BoingBoing and other forums for several weeks, but if you have attempted to rip any audio CD made by Sony or BGM you may have unintentionally installed a particularly nasty spyware program.
If you only read article about this make it Bruce Schneier’s “Real Story of the Rogue Rootkit.” BoingBoing has two pages of links chronicling the Sony debacle; be sure to visit the second page, it has the latest news. I’ll try to sum it up in the following paragraphs, but if you think you may have inadvertently copied a Sony music CD to your computer you need to read about this for yourself. Here is a list of 52 CD’s infected with Sony’s spyware.
To keep people from copying legitimately purchased music onto their computer Sony placed a program on their CD’s that wouldn’t allow users to import songs onto their harddrive. They also placed a program called a rootkit on the CD which secretly monitored the user’s computer. This rootkit would overwrite the users CD ROM drivers and it would also begin communicating with Sony. As far as I can tell no one has been able to determine exactly what information this program passed on to Sony. And as if all this wasn’t bad enough the port which the rootkit would open to communicate with Sony was unsecured, thus exposing the user to hacker manipulation.
Understandably computer users are very pissed off about this, and there are several lawsuits pending against Sony. Sony has since issued a program that supposedly removes the rootkit, but it really doesn’t, and to add insult to injury the supposed “fix” leaves the computer even more vulnerable than before. Sony has since removed this fix from its web site, because in the process of “fixing” the computer it would open up several unsecured ports and leave them open even after the program terminated, thus leaving the user vulnerable to more hacker attacks.
Most disturbing of all this is that neither McAfee nor Norton antivirus programs detected the rootkit even though it is clearly spyware (the rootkit cloaks itself but antivirus programs are designed to find cloaked software). I guess malicious programs which are designed by multibillion dollar companies are exempt, huh?
The irony of all this is that consumers are being punished for purchasing CD’s legally, because the copies that are being shared on the internet don’t have the rootkit; those wily hackers and file sharers removed it before they illegally posted the CD’s. Sony is inconveniencing and damaging the computers of millions of legitimate customers.
This only makes me want to download more pirated music.