Sony’s Rootkit on their CDs!
For the past few days, I’ve been reading tons about Sony’s rootkit installation in their “Content Enhanced” CDs.
For those unfamiliar with this, basically, Sony has included within its newly release CDs a piece of software that installs on your computer after you accept the EULA. Of course, people usually don’t think much about that, but effectively, this software is really installing a rootkit on the computer, and sending Sony information about you as well as the CD and how many times songs have been played and such things.
I guess Sony did not account for the fact that a root kit can also create a vulnerability on your machine that would allow a hacker to get to your machine and do whatever.
In my opinion, Sony is way out of line by doing this, and maybe that’s why this is whole deal is making so much noise in the community. If you ask me though, I won’t be buying any of their CDs anytime soon.
If you’re interested in more gory details about how this rootkit works, check out the article in sysinternals about it.
About Me
Georges Khairallah
What doesn't kill you... makes you stronger
I'm a husband. I'm a musician.
I'm a technologist. I like to network.
I like to blog. I own a business.
my garden is my bliss. my camera is my escape.
let's connect!
RSS 2.0 Feed URL
Llinuxiac, Thanks for your comments, and I thought no one read this blog :) Anyway, the update about the patch that MS put out, AND that Sony's "solution" to the rootkit was to INSTALL another rootkit were both news to me. I had not followed up too much about it after this post. I thought it was interesting though. As for your comment about the use of OpenSource. I am also a proponent of Open Source, I use fedora on all my servers, and several other open source apps. However, when you work for a corporation, from my experience, they seem to usually be opposed to open source, because they're scared of the whole "Community Support" model, instead they'd rather pay thousands of dollars in support contracts to get fast service, which in a way, I understand, and your stance as a teacher is probably completely different, and Open Source works better for you, given, probably, lower budgets and such. Hope to see you around again soon.
I run two XP Pro systems, and up to 40 Open Source systems, on my network(s). No one has run any of the 59 Sony BMG audio CDs. But, always interested in developments that could affect Rights, I have boycotted Sony entirely. Why is it important to Sony BMG that I boycott a product? I am a teacher and a Rights Advocate, with the time and expertise to influence thousands. And, there are thousands more people like me. The important info is that MS has issued a patch that eliminates the Sony DRM product that loads as soon as the CD is read, BEFORE the user gets to accept or reject it! The Sony BMG 'Uninstaller' INSTALLS a new version of the first DRM (rootkit) immediately upon insertion of the CD into any Windows system. First4Internet's product is theft of the LAMP aucio program, without any copyright acknowledgement, and, is the SECOND product used by Sony BMG, that violates user's Rights! The grevious violations of both copyright and the Rights of privacy, under US laws, mandates a serious and most firm penalty for this criminal conduct. The Sony BMG rootkits also facilitates several new Trojan Virus programs, as if the 140,000+ that already exist weren't reason enough to switch to one of the FREE Open Source BSD or GNU/Linux OSes! http://livecdlist.com http://linuxiso.org http://distrowatch.com At the LEAST, run Mozilla, and Open Office, http://mozilla.org http://openoffice.org and other Open Source applications: http://sourceforge.net Keep on blogging!