| Security |
| Sony: The Root of the Problem |
| by Cat Rambo |
| Be careful this winter when buying music CDs - they may contain Sony's holiday present to hackers. |
While it’s understandable to want to protect what you consider your property, be careful of the means you employ. Sony BMG outsourced its anti-piracy software and failed to inform consumers about what it was installing on their machines. As a result, the company found itself faced with a public relations nightmare in a case that involves two of the most vexing and controversial issues of the 21st century: digital rights and electronic privacy.
As early as August of 2005, Windows users reported crashes connected with a program named aries.sys, although they mysteriously could not locate the program on their systems. Reports of inaccessible CD drives rose. The culprit in both cases, it turned out, was software installed when playing Sony copy protected disks.
What the users didn’t know was that the first time they played such a disk, a program was installed on their machine after they agreed to the license agreement, which made no mention of the installation. The program intercepted attempts to access the CD by any programs, such as MP3 players or rippers, other than the music player installed by the software. Only limited actions could be performed on the CD – among other things, it would not permit the music to be played on an iPod.
The software, a program called XCP (Extended Copy Protection), had been produced by British company First4Internet Ltd. In their efforts to create a program that would fully copy-protect music CDS, they inadvertently included flaws allowing hackers to hide malicious code on PCs where the software had been installed. The software package contained what is called a “rootkit” – a tool that inserts itself into a computer’s operating system and hides its actions on the machine. Unfortunately, anyone could take advantage of the rootkit, including hackers. The software provided no means for uninstalling the rootkit and removing the files it placed on computers had the disastrous potential of crippling the OS.
At the same time, the poorly designed software decreased computer performance by making repeated calls to determine the processes running on the machine, shortening hard drive lifespans with its continuous read attempts. The CD-ROM filter driver installed with the rootkit made it impossible to read CDs with anything other than the reader installed by Sony. When other music readers tried to read the CD, the driver inserted random noise into the data, making the music unlistenable.
Since the software was specific to Microsoft Windows, it had no effect on other operating systems such as Linux or Macintosh OS X. However some discs also contained a program called MediaMax, which attempts to install similar functionality on Macintosh systems. (This software remains on Sony discs.)
(article continues on next page below)
|
|
