Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion

search


This page contains all of the posts and discussion on MemeStreams referencing the following web page: Sony Rootkits - Play a Sony music CD, get a virus. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

Sony Rootkits - Play a Sony music CD, get a virus
by Elonka at 7:54 pm EST, Nov 17, 2005

. . . what Sony [did] is as interesting as it is nasty. An understanding of how the company's hidden software works is important to understanding what all the hubbub is about — and to protecting yourself.
 . . .
Sony, like most music companies, wants complete control over how you use the music you buy. They want to prevent you from copying it, even to an iPod or a mix you take in your car.

But in its latest attempt to control its customers' use of music, Sony went overboard.
 . . .
[Sony] hired a company called First4Internet to design a copy-protection system called XCP. If you tried to play a protected disk in your computer, you first had to agree to install a Sony music player to listen to it.

But what Sony didn't say out loud was that the software also included a rootkit.

Rootkits were invented for Unix systems (where you could log in as "root" to have complete control over a computer). They were designed by the bad hackers to let them log into a system as "root" without the owner knowing.

A rootkit effectively creates a hidden space on users' computers. In that space, Sony (or anyone else who knows how to access that space) could put anything it wanted to hide. In Sony's case, it hid its copy-protection software so users couldn't remove it.

But Sony and First4Internet did such a lousy job that the hidden space created by the rootkit could be used by anyone who knew about it. In other words, it created a huge security hole — a space on every user's computer that a virus writer could hide some nasty code.
 . . .
Besides installing a player for the CD and copy-protection software, Sony also hid other code that contacted the company every time a user played a song.

Yes, you read that right.

Now you're starting to see why people got upset.

This article on USA Today gives a pretty good "plain English" explanation of the problem. They also link to Kaminski's research.


 
 
Powered By Industrial Memetics