For the past few days, I’ve been reading tons about Sony’s rootkit installation in their “Content Enhanced” CDs.
For those unfamiliar with this, basically, Sony has included within its newly release CDs a piece of software that installs on your computer after you accept the EULA. Of course, people usually don’t think much about that, but effectively, this software is really installing a rootkit on the computer, and sending Sony information about you as well as the CD and how many times songs have been played and such things.
I guess Sony did not account for the fact that a root kit can also create a vulnerability on your machine that would allow a hacker to get to your machine and do whatever.
In my opinion, Sony is way out of line by doing this, and maybe that’s why this is whole deal is making so much noise in the community. If you ask me though, I won’t be buying any of their CDs anytime soon.
If you’re interested in more gory details about how this rootkit works, check out the article in sysinternals about it.