Interesting Stuff

You may remember in November 2005 when I wrote about [1] the Sony/BMG rootkit scandal. To summarize: they put software on their music CDs that, when run in a computer, automatically installed files you couldn’t detect (this was the rootkit part) that acted a lot like malware, and screwed with your CD-ROM drivers so that if you tried to uninstall it, you could no longer use your CD-ROM drive. The intended purpose was to run DRM software that kept you from copying your CDs, and to hide this software so you couldn’t uninstall it. However, the rootkit could also be exploited by others, so that any malicious software (if installed in the right place) would go completely undetected by any antivirus program you might be running. It was nasty stuff. Sony eventually recalled the CDs and offered to give out software to remove the rootkit if you gave them your name, address, phone number, and a bunch of other information. In the meantime, the FTC ruled that the software was illegal, and Sony paid out millions of dollars in class-action lawsuits.

Why do I bring this up, I hear you ask? Well, it seems that Sony can’t let this idea die: earlier this week it was revealed that Sony is trying a similar thing with their new USB flash drives. Again, this software automatically installs a rootkit on your computer, and again this rootkit can be easily exploited by any other software to hide files on your machine. I suspect this will end similarly, with a recall and a class-action lawsuit, assuming this gets as far in the media as the last rootkit did (I hope the media picks up on this).

I remember back in the day when Sony was a great company, and I really liked them. Things seem to have changed significantly since Howard Stringer became CEO of the company (which happened about 9 months before the first rootkit scandal was born). These days, I’m really dismayed with them. I’m now going to start boycotting Sony products (which shouldn’t be too hard, since I don’t buy much from them anyway).

[1] Only half the links in my old post still work. Sorry about that. Does anyone have any good ideas for how to avoid this problem in the future?

This entry has been edited for accuracy. The old version equated the current Sony DRM with the old Sony DRM rootkits, but they are two separate pieces of malware. This paragraph has been changed to correct this error. See the apposite comments for more information. It now appears that the CDs with Sony’s DRM technology on them (the CDs with rootkits have been recalled, so you luckily can’t get them any more, but other DRM’ed Sony CDs are still out on the market) will install their software even if you do not accept the EULA. Woah. This has definitely crossed some new sort of line that it hadn’t crossed before (and the old DRM rootkits had crossed several lines already). I hope Sony gets what’s coming to them…

On the terrorist front, the Bush administration appears to be afraid to defend its enemy combatant policy in front of the Supreme Court. One of these cases, in which a US citizen has been held without charges for 3 years on suspicion of planning to detonate a dirty bomb (he was recently charged, though these charges made no mention of such a bomb), has finally been appealed to the Supreme Court. In response, the Bush administration has attempted to move him to a civilian jail, rather than the military prison he is currently being held in (this would nullify any ruling that would otherwise be appealed to the Supreme Court). The Bush administration also tried to overturn a ruling which stated that the government could hold such people indefinitely (although this seems counterproductive at first, such an overturn would also keep this from going to the Supreme Court). The Bush administration’s actions on this case give the impression that they are afraid that the Supreme Court will rule against them in favor of basic civil liberties, and the administration appears to be trying their best to weasel out of this and continue holding citizens indefinitely. I really hope this hits the Supreme Court soon.

First, the news:

The big story at the moment is that Sony installs rootkits on computers when you use their DRM’ed CDs. This was first discovered here but was confirmed here. This has really been all over the internet. The basic idea is that rootkits are small programs that are designed to hide their own presence and the presence of other programs from everyone else on a machine. They are mainly used by crackers to keep people from noticing that they have malicious software controlling their computers. Sony, however, seems to think it needs to hide their DRM software in a similar way. Moreover, when you try to remove this, it messes up the drivers for your CD-ROM. It also makes it easier for actual crackers to hide their software. Truly nasty stuff coming from such a public company.

We also have our usual scandals going on in the US (“Scooter” Libby is pleading Not Guilty), Canada (the Liberal Party has apparently been having a financial scandal involving kickbacks to certain companies, and almost everyone except Prime Minister Paul Martin seems to be involved), and the UK (David Blunkett resigned again over poor business practices, and his unpopularity is again rubbing off onto Tony Blair).

Now for me:

Again, boo NSF Fellowship essays! the plan is to just work through this weekend on them. However, once they’re finished, I have to study for the CS GRE and figure out the bus/subway system again (is anyone going to Cal State – L.A. on November 12? Can I get a ride?). I’m also now 3 weeks behind on my Algorithms grading, and it would be nice to get caught up on that before the end of the semester. Argh! Too much stuff! I have to make next semester easier. In the meantime, I fear you won’t hear from me again for at least a week…