Sony resorts to malware techniques

Posted on by

Fascinating technical analysis by Mark Russinovich of what happened to his PC when he inserted a copy-protected Sony music disc into his machine. Basically, it installs a ‘rootkit’ — the kind of covert software used by malware authors (aka ‘hackers’ to the mainstream media) to compromise computers they have penetrated. Ed Felten has posted several thoughtful updates and comments on this unsavoury discovery. And Andrew Brandt of PC World is absolutely incandescent about it. Here’s what he has to say (en passant):

The bigger question people have got to ask is, does Sony not respect the integrity of the computers of its customers? This cavalier act of sneaking software onto PCs not only violates our own Prime Directive — it’s our PC, dammit — but threatens the entire music industry.

After all, if you suspect that a commercial CD will install software secretly, which you won’t be able to remove and which, itself, may increase the already-great security problems of your Windows PC, would you continue to buy CDs?

I’ll tell you right now, I won’t. I’d much rather buy an unrestricted copy of a song electronically, using iTunes, or Rhapsody, or one of the other music services that offer this feature, than take a chance that some music disc will stick some hidden files in my Windows folder, which I can’t see or remove.

Sony has dealt itself a serious blow, and the best thing it — and the rest of the music publishers — can do right now is condemn this practice, apologize to the customers that were affected, provide a method to get this junk off affected PCs, and make declarations that they will never, ever do this again.

I don’t think they will. And if they don’t, I simply won’t buy CDs anymore. Period. From any publisher. And I recommend that you don’t, either. As a fan of music who respects the need for artists to make a living, and a security-savvy PC user, I’m incensed that Sony — any company — would think it’s OK to do this. It’s not. But the only way (I can see) to send that message effectively to Sony BMG executives is to vote against CDs with my wallet.