The past few days have seen an upsurge of negative sentiments against media giant Sony/BMG for its use of rootkit technology as a digital-rights management (DRM) tool for its “Copyright protection enhanced” CDs.
Rootkits basically alter an operating system’s core and can pretty much let the author do anything within the OS of the affected computer once running. The rootkit, in this case, stealthily installs itself into a PC upon use of a CD, and is so badly written that the computer’s performance will take such a performance hit!
What’s really bad is that the security holes opened by the rootkit has the potential to wreak much havoc on affected systems. And it looks like there are already other malicious software taking advantage of the holes left open by Sony/BMG’s rootkit, as reported on the Register.
Check out these blog posts by Mark Russinovich of SysInternals, who discovered the rootkit while searching for other malware on his system:
- DRM Gone bad
- Sony’s rootkit phoning home
- Rootkit creator responds
- Sony reaaaaaaly doesn’t want to uninstall its rootkit!
The Electronic Frontier Foundation also makes a commentary.
Sony is also being hit with class action suits for damages caused by its malware. This might include a suit by the EFF, who has quite a comprehensive legal analysis of the end-user license agreement Sony asks people to “agree to” when installing (stealthily) the rootkit.
I have likewise made a couple of commentaries on the J Spot, where I also delve into the nature, definition, and implications of piracy and intellectual property protection.
I hope the recording and other media-publishing companies learn their lesson, with the Sony incident. This is not digital rights management. This is digital rights mis-management!