Check out Bruce Schneier’s excellent story in Wired about Sony’s Rootkit/DRM debacle.
The controversy relates to Sony’s desire to prevent customers from illegally copying music CDs.
Here’s what happened: if you bought a Sony music CD and tried to play it on your Windows PC, Sony’s CD would covertly install a batch of particularly troublesome software. In addition to preventing customers from making too many copies of the music they purchased, the software installed a “rootkit“, which (1) hid the “copy-protection” technology from normal view (also making it invisible to anti-virus software) and (2) also secretly communicated back to Sony when its CDs were placed in a computer. Such rootkit software is notoriously vulnerable to exploits; this means that, potentially, hackers could gain access to each infected PC and its owner would never know. To top it off, according to the story, removing the software would damage Microsoft Windows, rendering the CD player unusable.
It’s unclear how many computers were infected, but it’s probably more than 500,000. Take a look at this: each red dot represents a likely infected PC (the image was created by Dan Kaminski, who has done fine work in exposing the scope of the problem).
Here’s a list of all CDs with the problematic software.
And here’s Sony’s official response. This is obviously outrageous, and it’s hard to believe that Sony would insinuate that this is a third-party vendor’s fault. Clearly, much more needs to be said (and done)–and not just because Sony may have exposed itself to legal liability.
