Sony BMG recently implemented a copy-protection scheme on some of its music CDs that has the tech community up in arms and has even managed to make the popular press. Here’s what you need to know about it.
The music CDs play without problem on standard CD players, but require special software to play on a computer. When you insert the disc into your CD drive, you get a license agreement. After clicking on the “Agree” button, DRM software is installed from the CD allowing you to play the music. So far, so good. Maybe a bit annoying, but not newsworthy.
The problem is that, on Windows systems, Sony utilizes a rootkit to help prevent people from disabling the DRM software. A rootkit is a set of programs and tools that enables a (typically malicious) program to hide its presence on a system. This fact was discovered by Mark Russinovich when he ran his Rootkit Revealer program and got an unexpected positive. (By the way, if you’ve never checked out the SysInternals web site, I heartily recommend it. They have some useful freeware utilities that you can’t find anywhere else.)
Mark posted the discovery on his blog, and it didn’t take very long for the tech community to go ballistic. They called it an infection, a trojan, spyware, etc. But the real problem was that the Sony rootkit hides “any file, directory, registry key, or process whose name begins with ‘$sys$’”. It was thus theoretically possible for malicious hackers, upon gaining access to a system, to utilize the rootkit for their own purposes. And it wasn’t long before that theoretical possibility became a reality.
Sony slowly began to realize they had a problem. First they gave difficult and convoluted instructions on how to remove the rootkit. After complaints from the tech community, they came up with a better method. As publicity mounted, Sony finally decided to recall the copy-protected CDs. Then the lawsuits began. The EFF filed a class-action lawsuit, and the state of Texas filed a civil lawsuit claiming the DRM software violated its spyware laws. Finally, as the tech community dug further into the DRM software, they discovered that Sony had illegally copied some LGPL-licensed software.
This was an expensive public-relations fiasco for Sony. The funniest part is that it’s possible to circumvent the copy protection using a piece of tape, holding the Shift key while the CD is loading, or disabling autoplay. (Note that the tape method is old news—it seems that sometimes they never learn.)
So that’s the whole thing in a nutshell. Here are some links with more details: