. . . what Sony [did] is as interesting as it is nasty. An understanding of how the company's hidden software works is important to understanding what all the hubbub is about — and to protecting yourself.
. . .
Sony, like most music companies, wants complete control over how you use the music you buy. They want to prevent you from copying it, even to an iPod or a mix you take in your car.
But in its latest attempt to control its customers' use of music, Sony went overboard.
. . .
[Sony] hired a company called First4Internet to design a copy-protection system called XCP. If you tried to play a protected disk in your computer, you first had to agree to install a Sony music player to listen to it.
But what Sony didn't say out loud was that the software also included a rootkit.
Rootkits were invented for Unix systems (where you could log in as "root" to have complete control over a computer). They were designed by the bad hackers to let them log into a system as "root" without the owner knowing.
A rootkit effectively creates a hidden space on users' computers. In that space, Sony (or anyone else who knows how to access that space) could put anything it wanted to hide. In Sony's case, it hid its copy-protection software so users couldn't remove it.
But Sony and First4Internet did such a lousy job that the hidden space created by the rootkit could be used by anyone who knew about it. In other words, it created a huge security hole — a space on every user's computer that a virus writer could hide some nasty code.
. . .
Besides installing a player for the CD and copy-protection software, Sony also hid other code that contacted the company every time a user played a song.
Yes, you read that right.
Now you're starting to see why people got upset.
