The XMEN Clan Forums

Or at least your computer. This article:

http://www.sysinternals.com/blog/2005/1 ... ights.html

is very technical, and describes some particularly nasty, not well-written, and probably illegal software that is imbedded into your PC when you stick a Sony DRM-protected CD in the drive. This story was posted just last night and is really gaining traction, being picked up by several tech news outlets. Dunno that it will make CNN, but we can hope.

One poster commenting on the orginal story mentioned that if this one is so poorly written, but still so difficult to locate and remove, what could someone do who REALLY knew what he was doing? And how much of that is out there already?

Damn... I don't generally buy too many CDs, I prefer iTunes, but the ones I have bought lately, have not been from Sony, thatnkfully... That's just dirty, and underhanded, and I can't believe they thought no one would find this?

Some other wonderful tidbits which have been exposed:

The story made it into the Washington Post. (yay)

The company that did the protection is very small, and is losing a lot of money. The guys at the top, though, are steadily pulling down 60k pounds. (Yes, it's a British company.)

One of those top guys used to work for Sony. (Hmmm....)

Sony will send you an uninstaller if you pester them. The uninstaller, however, installs some ActiveX controls of its own. (Doh!)

Techniques to remove this deviltry have been posted, which can be performed by the average user. (Only one small download, too, I believe.)

Yet more news from the Sony music front. In short, this ain't the first time:

http://www.groklaw.net/article.php?stor ... 5001431715

This one is called MediaMax. It installs software EVEN IF YOU REJECT THE EULA! The only difference between accepting and rejecting the EULA is whether the installed software (which starts running upon installation) is set to start automatically. This software "phones home" to let them know what OS you're running and what you're listening to, and it also has DRM capabilities to allow time-limited rips. Your music, that you paid for, can thus "expire." Poof. Of course, this junk also interferes with your ability to rip/burn CDs, even under fair-use provisions. Did I mention that this one also affects Mac users?

Also, it's looking more and more like there is LAME code in the rootkit-infected player. LAME is a media player released under the LGPL, and it doesn't look like Sony complied with any of the requirements for using this code.

So apparently Sony is frightfully concerned about their own IP but doesn't give a hoot about anyone else's IP, private property, or personal information.

The story continues.

The investigation of Sony's rootkit, DRM, and uninstall software continues. And the ripple effect is occuring, too.

People are starting to wonder why our vaunted security companies haven't detected and removed this piece of malware from our systems long ago - after all, these Sony discs have been out since 2004. Surely, those companies like McAfee and Symantec that we trust to clean nasty viruses and malware off our system, with their labs and resources and such, would have found this little jewel? They wouldn't ignore it just becase the source was Sony, would they?

I don't know the real story, but these are the questions being asked. Might be worth wondering about, too.