Okay, I won’t really do commentary on this since so many people have been talking about this for several days now (an eternity in the Internet world). If you aren’t aware, a programmer named Mark Russinovich discovered that “copy protection” (DRM) software placed on some of SonyBMG-produced CDs installs a rootkit to “protect the software” itself. The reality is that a rootkit may be one of the most evil things you can install on a person’s computer– it’s essentially a piece of software that can conceal all traces of certain activities on a computer. As you can guess, this is a tool often used by hackers and virus writers to hide their activities once they’ve gained access to a machine. The term comes from the fact that the software is usually a recompiled set of Unix commands that allows the intruder to act as “root” (the super user on a system with all rights and permissions in all modes) without being detected even by the system administrator. Although the term stems from Unix, rootkits exist for a number of operating systems, including Windows. Evil, isn’t it?
On top of that, once Sony was outed, they offered a Web-based uninstaller for the rootkit. However, if you were to use the Sony-provided uninstaller, it would leave a security hole open on your computer that could be easily exploited by a mailicious user (i.e., hacker). Again, evil, no?
In any case, I thought I would post on this for those people who might read this little blog and who might have not been paying attention to the Sony DRM fiasco because they didn’t readily understand words like “DRM” and “rootkit.” If you consume music, if you use a computer, this is an important thing for you to be aware of and to learn about. In my mind, in the name of balancing the demands of fair use and copyright, Sony took advantage of a malicious technology because the average person could not understand it, much less detect it. Of course, what really amazes me is that in among all of the software engineers, product managers, and others who were involved in the development of Sony’s DRM software, not one person thought that this was a bad idea? There most likely was and I’d be interested to see if one of those people could give some insight into the origins of this fiasco, to help us make sense of this ridiculousness. Maybe that lone voice of reason lost his job or took some cash to shut up or was forced to sign an NDA or other confidentiality agreement over it, but I’ve got a feeling that if he was brave enough to talk now, I’m sure many would be interested in what he had to say and I bet some would even champion him for getting out the truth.
For more info on this whole thing, review Russinovich’s original post on his discovery as well as Ed Felten’s ongoing commentary, including Alex Halderman and his analysis of the security hole caused by Sony’s uninstaller and their proof-of-concept exploit.