Ad: Manage updates with the Download App

Will Sony's DRM nightmare affect future policies?

Sony's attempt at protecting its music CDs from piracy has turned into a tale of security woes that has quickly gone from bad to worse. New software on several of the company's CDs installs a copy protection rootkit on a user's PC once the license agreement on the disc is accepted. Virus writers jumped on the fact that Sony's rootkit hides itself on users' computers, and a few Trojan horses have been released that piggyback on the software, effectively hiding from antivirus software. The rootkit Sony adopted is clearly flawed. But where will it fit into the larger debate about music labels' use of DRM software? Is the security gaffe enough to derail use of similar tools, or will consumers have to tolerate more copy protections on the music they purchase?

How Sony's security saga unfolded

Sony halts production of 'rootkit' CDs
CNET News.com

Mac users not safe from Sony BMG DRM
RealTechNews

Sony rootkit backlash, week 2
Enterprise IT Planet

Sony gets an earful over CD software
San Francisco Chronicle

'Bots' for Sony CD software spotted online
CNET News.com

Sony sued for rootkit copy protection
InformationWeek

Are these the Sony rootkit CDs?
CNET News.com

Computer Associates blacklists Sony DRM
WhatPC?

Antivirus firms target Sony 'rootkit'
CNET News.com

Sony death-wish: Rootkits and responsibility
Playlist Mag

Sony's reaction doesn't go far enough
eWeek

Sony CD protection sparks security concerns
CNET News.com

Sony, rootkits and digital rights management gone too far
Sysinternals

Related video:

Rootkits
John Sheesley, senior editor, TechProGuild

How to regulate software?
RSA Conference panelists take a hard look at the pros and cons of regulating the software industry.

45 comments

Join the conversation! Add your comment

Poor virus writers.

I remember those glorious times of M$ DOS and its viruses. DOS
viruses were state of the art: small, efficient, stealth, poly-
morphing/self-modifying and just beautiful. Removing it from
memory with standard debug.exe was just pure pleasure.

I can only mark modern virus writers as 'sloppy programmers'.
All OSs from Redmond include various back-doors for patching,
system libraries and so on. Even slight glimpse over official API
reveal number of loop-holes allowing any piece of software to
dig itself so deep into OS so only mean removing it will be
complete reinstallation of OS.

Have virus writers wanted any protection from anti-virus
applications - it is already there - it's Windows itself.

To me it all seems like lack of experience and competence.

As to the Sony with its DRM stuff. I'd rather have forced
politicians protect people from lengthy EULAs - then matters
like Sony's DRM will not even show up. People will just make
theirs buying decisions on screwedness of what they are buying
- not only on shiny promotions and advertisements.

Posted by Philips (400 comments )

November 13, 2005 7:34 AM (PST) Like Reply Link Flag

"...Hiding itself...": Also to my point.

Why on a earth would any piece of software want to hide itself?

Press 'Ctrl-Shift-Esc' and watch list of processes.

How many names make any sense to you? I doubt much. I knew
all services on Windows NT - but 2000 & XP added a bunch.

So now even I is in dark about what's really running on my
(office) PC. (Save me God from having Wind0ze at home again.)
Posted by Philips (400 comments ): November 13, 2005 7:46 AM (PST) Like Link Flag

Current Sony PC customers: I recently bought a SOny VAIO desktop. Is it possible that the rootkit was installed on this machine as a matter of course?
Posted by Buttertoes (1 comment ): November 18, 2005 6:32 AM (PST) Like Link Flag

Sony's DRM Should Affect Future Policies: Instead of bending over backwards to thwart copying of content, the content provides should be embracing technology to both further distribute their content as well as making the providing of their content so attractive as to make the customers want to come to them instead of going for illegal copies. This is what is meant by "competing in the free market." The future will for those content providers who adapt to the new market paradigms and not to those who want to maintain the passe' status quo.
Posted by WildcatRay (3 comments ): November 13, 2005 8:20 AM (PST) Like Reply Link Flag

Sony DRM Nothing New: Sony apparently did not learn from a past DRM case see this consumer protection lawsuit from September 2001 against one of Sony's other DRM vendors for, amongst other things, alleged privacy intrusion: <a class="jive-link-external" href="http://techfirm.typepad.com/clickrights/2005/11/index.html#a0007468925" target="_newWindow">http://techfirm.typepad.com/clickrights/2005/11/index.html#a0007468925</a>
Posted by (1 comment ): November 14, 2005 10:06 AM (PST) Like Reply Link Flag

BOYCOTT SONY: Boycott all things Sony. They don't derserve your business.
Posted by Stan Johnson (322 comments ): November 14, 2005 12:33 PM (PST) Like Reply Link Flag

Stop the insanity

Stop punishing people who purchase CDs legally and work your butt off to compete in the free marketplace. Record company executives have thrown their hands up, saying "we can't compete with free," but iTunes and others have proved them wrong. Put together your content in a compelling package, don't load it with spyware, and let me play it in a reasonable number of venues. The customer will be happy, the customer will continue to buy more music, and the record companies will rebound from their record losses. It seems the record industry is the only business these days that doesn't seem to understand that the customer is always right.

Posted by omaryak (58 comments )

November 14, 2005 12:38 PM (PST) Like Reply Link Flag

I agree . . .: And thank you for putting your response into an intelligent manner. It's the first thought-out comment I've seen on this board for a while.
Posted by ljlego (7 comments ): December 31, 2005 5:44 AM (PST) Like Link Flag

Sony should just give up: This incident if anything shows that Sony cannot be trusted as a competent industry leader. Sony is trumpeting its proprietary format as technologically superior. Did they learn nothing from the Betamax-VHS battle? Before the advent of the iPod did they see how everyone continued to snap up portable CD players and CD recorders while Mini Disc products sat idle on store shelves? Consumers don't always go for what is technologically superior; they go with what is more recognizable and easy to use. Sony seems to be brilliant at coming up with arcane technology that's supposed to be superior but just can't quite catch on in the marketplace. This DRM fiasco is just the latest in a long line of failures for the company whose last great success was a portable cassette player that's gone the way of the 8-track.
Posted by omaryak (58 comments ): November 14, 2005 12:43 PM (PST) Like Reply Link Flag

sony drm: sony takes your money and you still don't own it!
Posted by mike210 (2 comments ): November 14, 2005 2:20 PM (PST) Like Reply Link Flag

BOYCOTT ALL THINGS SONY

Boycott all things SONY, from a to z! A casual check of assorted consumer electronics at a local bulk store shows that the greater majority of Sony's consumer electronic products!, were far more expensive and lighter in spec's, than the majority competitors equivalents especially in the LCD tv line!

Posted by heystoopid (691 comments )

November 14, 2005 9:29 PM (PST) Like Reply Link Flag

Call for boycott unnecessary: First, maybe it's been my bad luck, but I've never had a Sony product that didn't die prematurely. That includes a VCR, CD changer, video camera and CD burner. (Call me a slow learner.) And I too have long been aware that Sony products are usually more expensive that the competion.

I don't thing it's necessary to call for a boycott. A lot of people will quit buying Sony products whether they make a conscience decision to do so or not. SOny has destroyed many of their custormers' trust in the company and that won't be easily regained. How many millions of people, the next time they go to buy a CD, are now going to look at label and if its Sony/BMG will ask themselves if they really want that CD? For must-have CDs it probably won't be an issue, but for casual purchases, many will decide they don't really want the CD that badly. Any how many million of people will decide that it is no longer worth the price premium when a less expensive Panasonic, Samsung, ect. with the same features will do just as well? Or maybe that new XBox will be worth looking into now.

Sony had destroyed a trust that it will NEVER regain in millions of people (i.e. customers). And they have earned that all by themselves.
Posted by TotallyMadeUpName (170 comments ): November 17, 2005 11:06 AM (PST) Like Link Flag

More trouble for Sony...: It also seems that their CDs make unlicensed use
of some GPL'd MP3 libraries without
acknowledgement and without publishing the
source code.

If so, that makes the Sony corporation the
biggest copyright violator (in sheer number of
copies distributed) on the planet.
Posted by Gleeplewinky (289 comments ): November 15, 2005 7:21 AM (PST) Like Reply Link Flag

Sony's Rootkit DRM Response: Sony has went a step too far by including rootkit software that installs itself without asking, and then hiding itself with cloaking methods. This is nothing short of Malware and a step beyond most spyware. I keep hearing about a fix, but apparently the fixs (or attempts to remove it) have caused Windows stability problems. There is concern that the rootkit has written itself into the boot record and MFT of many machines, and removal could cause some computers to need a complete reinstall with the MBR reformatted. IMO Sony should come up with a removal tool that is safe, and do it fast. They should also be made an example that any activity of this type by ANY company in the future will result in large fines, and a full refund for any CD or DVD containing this DRM software regardless of where it was purchased. The only other alternative is a class action lawsuit and possible boycott of all Sony products.
Posted by Abirdy Toldme (1 comment ): November 16, 2005 1:46 PM (PST) Like Reply Link Flag

Doesn't matter: It doesn't matter to me what policies Sony changes. I own about six Sony products, not counting CDs. I'll never own another.
Posted by dltberry (1 comment ): November 16, 2005 5:02 PM (PST) Like Reply Link Flag

stupidity: Sony could have said it didn't know about the details of the DRM they bought. Their arrogant (ignorant?) reaction however shows they really don't care. It's only after Microsoft adding to the flack that Sony/BMG decided to capitulate and offer a "uncloacker", not even a uninstaller as the program only pulls the dRM in the open, it does not uninstall the software.
While I can (barely) understand SONY-BMG will defend their rights on DRM whatever it takes, I am astonished as to why SONY has not reacted yet. Stringer, the new Sony CEO should step in and get SONY-BMG to reppent and get way low profile to save the face of the whole SONY group. The Japanese bigwigs are probably thinking about committing harakiri about this or otherwise too stupid to be in their positions if they fail to see the danger. The result of the bad handling by Sony-BMG is an all out boycott of SONY (electronics, entertainment) something thay can't afford now. Personally I think this is the last drop in the bucket; I've been putting up with crappy software (hey, I can't even save files where I want them? and lackluster customer support for a while. This nightmare makes it rather clear that Sony doesn't really care about customers, not only in the way they want to spy on you (and open the door to your pc for any hacker) but rather in the way the handled the whole situation, including the non-action by Sony...Samsung must be laughing its head of...
Posted by kiji (5 comments ): November 16, 2005 7:37 PM (PST) Like Reply Link Flag

Sony's "Instant Video Everywhere".: What kind of rootkit does IT install? I'm guessing that every Sony product you plug into your machine will call home to see whether or not you should be allowed to have a working computer, something Microsoft already does with Windows.

I just sold my Sony DSC-R1 camera and The laptop goes next. Sony has lost my trust and my business.

This opinion has been brought to you from an AMD 64 bit machine running SUSE 10.0 and Firefox.
Posted by tc399 (1 comment ): November 18, 2005 10:59 AM (PST) Like Reply Link Flag

What's all the fuss, this technology was known a year ago???: Am I the only one mystified by all of the fuss about this Sony CD rootkit stuff. This "technology" from First 4 Internet (F4i) and SunnComm has been well documented in the trade mags and Internet sites starting over a year ago. What is disappointing is the fact that even the supposed technical mags missed asking F4i how their "technology" really worked. No wonder F4i and Sony thought the "technology" was wonderful, even the computer mags seemed to like it. Foolish. F4i's technology was obviously going to install software on systems when the user put the CD into a computer, nothing mysterious about that. For proof of the reporting by the media about this great technology, look at: <a class="jive-link-external" href="http://news.zdnet.com/2100-9588_22-5492395.html" target="_newWindow">http://news.zdnet.com/2100-9588_22-5492395.html</a> , <a class="jive-link-external" href="http://news.zdnet.com/2100-3513_22-5238208.html" target="_newWindow">http://news.zdnet.com/2100-3513_22-5238208.html</a> , and even Slashdot, <a class="jive-link-external" href="http://slashdot.org/article.pl?sid=04/12/18/189224&from=rss" target="_newWindow">http://slashdot.org/article.pl?sid=04/12/18/189224&from=rss</a>. At least the Slashdot users saw some of the potential issues. For even more articles, just look at the Press section at the First 4 Internet site: <a class="jive-link-external" href="http://www.xcp-aurora.com/press_related.aspx" target="_newWindow">http://www.xcp-aurora.com/press_related.aspx</a>.
Posted by RockyFromWA (2 comments ): November 18, 2005 7:36 PM (PST) Like Reply Link Flag

Sony should be vigorously prosecuted: The effect of the software embedded in Sony's digital rights
managment software doesn't appear much different than many
trojan horse viruses that teen hackers distribute through the
internet.

Simply because Sony's motive was greed should not excuse
them from what appears to me an intentional act of aggression
on an people's computers.

Thow the book at them, open them up to an array of civil
lawsuits and hurt the stockholders and management.

Treat the executives who implemented and approved this
software with prison terms and heavy fines in the manner of a
teen hacker. It will assure this kind of behavior will be more
limited in the future.

I also urge people to write to the artists and artists' managment
to use this episode to void current contracts and sign new
agreements with recording companies that do not engage in this
kind of malicious conduct.

Brian Richards
Posted by BrianRichards (7 comments ): November 18, 2005 10:09 PM (PST) Like Reply Link Flag

Record exects just dont' get it: No matter how consumers react, the record executives just don't
get it. They insist on making their CDs anti-piratable, but they
forget they should really be listening to the users, customers
who are paying their fat salaries and bonuses, and make sure
what they do meet consumer demands. Apple's success should
clearly be a wake up call for the record labels on what they
ought to do. Higher per-song fees and anti-piracy measures
that inconvenient consumers will only drive more people
underground. Their very act of trying to protect their copyrights
this way is going to make the consumers rebel.
Posted by shunchu (7 comments ): November 19, 2005 1:06 AM (PST) Like Reply Link Flag

What are they thinking at Sony?: When are these people at Sony going to
realize that they have to come clean
and make amends for this whole mess?
Posted by Brucenote (4 comments ): November 19, 2005 5:31 AM (PST) Like Reply Link Flag

Boycott All Things Sony: To hell with them. Let's make this an example to big business and government that my computer is MY DAMN computer. What I put it on it, in it etc. is my choice.

Let's make this sting!!
Posted by Buckaroo_Banzai (1 comment ): November 19, 2005 6:05 AM (PST) Like Reply Link Flag

Unfortunately, consumers "just don't get it"

While most CNET readers are incensed by the obvious wrong of Sony's action, by far the majority of the music-buying public are oblivious to the nature of this crime. (Yes, crime!)
This is only the latest of such practices perpetrated on the consumer by corporate jerks who've gone to college to study American stupidity. (Makers of a popular creme-filled chocolate cookie announced that, due to the obesity problem in America, they were going to reduce the number of cookies in a package by one-third... to which a news anchor responded with genuine enthusiasm, "Oooh, I just can't wait!")
Americans go shopping the way steers march into the slaughter house. I wish all the writers who responded to this article were able to convince the rest of the country to stand up and take Sony to task but... don't hold your breath.
BTW, I won't be buying anything Sony makes ever again either.

Posted by El Kabong (100 comments )

November 19, 2005 7:41 AM (PST) Like Reply Link Flag

Just don't buy any more Sony STUFF.: I was lookling forward to buying a Sony SXRD TV. Unfortunately Sony has lot my dedication, most of the video equipment I own is Sony. From now on I will buy Hitachi, as long as they don't pull off any stupid stunt like this Sony stupidity. Even though Sony equipment was very proprietary, I didn't mind until now. Sony will never again see a penny from me, even if bluray is the winner.
Posted by JMRod (1 comment ): November 21, 2005 4:58 AM (PST) Like Link Flag

Good bye Sony: I have a large music collection; it's on vinyl (large black disc that can be watched as they turn). No need to copy music. I bought my first Sony product in (I believe) 1965; my boys grew up with Sony products. My last purchase of Sony products was blank CD's (not for music copy) in 2005; but that was when Sony was trustworthy. I don't think Sony will miss me, nor do I believe that it will make a bit of difference in their bottom line. The CEO can rest well tonight with the assurance that his future products are safe from me.
Posted by vgraybeard (35 comments ): November 19, 2005 9:59 AM (PST) Like Reply Link Flag

Hit them where it hurts and look past Blu-ray...

and allow HD-DVD to become the standard. Blu-ray offers greater capacity, but what will the eventual cost to a consumer be? What sacrifice will the consumer make for Sony.

Sony has it wrong. They treat a consumer like a criminal by putting their copy protection on anything and increasing the cost of the product by investing in this technology. Someone that is going to steal a song or movie is not going to buy it. I know the stores by me will not allow you to return an open DVD or CD. They only allow you to exchange it for the same title.

Posted by SithTracy (2 comments )

November 19, 2005 4:10 PM (PST) Like Reply Link Flag

blu-ray was never a good idea: I own a sony camera and video recorder (the last sony tech I will ever get) and I, as well as almost anybody who owned sony equipment, know better then to support blu-ray. Personally, after I found out that the SD card reader on my laptop is useless because my camera and camcorder use proprietary memory sticks. I mean I know better than to buy an overpriced Vaio, so I have to carry USB cables around. Sony makes good products on occasion, but their buisness practices are really bringing them down.
Posted by 0wnz (69 comments ): November 19, 2005 6:57 PM (PST) Like Link Flag

Sony may owe users rent for disk space and processor time

If Sony did not explicitly ask for permission to install software on the user's hard drive as a condition of purchase of the music CD, then an argument could be made that Sony owes its customers rental fees for the hard disk space and processor time their unauthorized software used.

Posted by glennwsharvey (2 comments )

November 19, 2005 6:37 PM (PST) Like Reply Link Flag

as well as for the services provided...: as well as for the services provided...
Posted by amana (7 comments ): November 22, 2005 9:59 AM (PST) Like Link Flag

Others take close notice !: I will never buy a Sony product ever again - even as they recall their crap they are saying they will use other means. This to me means not trustworthy. BMG has lost my Biz and if Columbia house follows BMG they will lose it also.

Courts should make Sony responsible for all and any damage caused by this in not only personal PC's but any computer related problems anywhere.

Class action suits should automatically include anyone who purchased this crap from any supplier.

Also should be sued by companies spending time and money (antispyware and antivirus) in trying to deal with this mess.

An example should be made of Sony for others to follow that this is not what you do to people buying your products even if it means Sony going out of Biz.
Posted by nnjdonny (8 comments ): November 21, 2005 4:07 AM (PST) Like Reply Link Flag

TO: Song writers and Artists: We still want your music !

Stand up to Sony with lawsuits!

We want your song and you want the money but sure won't get any from me if it means crap like Sony tried to pull off or any other company for that matter.
Posted by nnjdonny (8 comments ): November 21, 2005 4:26 AM (PST) Like Reply Link Flag

Are Adults running this Biz?: Must be a 15 year old exec running Sony...sure glad I don't have stock in Sony.
Posted by nnjdonny (8 comments ): November 21, 2005 5:11 AM (PST) Like Reply Link Flag

Will Sony's DRM nightmare affect future policies?

Related video:

Join the conversation

Report offensive content:

E-mail this comment to a friend.

Warning! You will be deleting this comment and all its replies (if applicable).