Update on Sony DRM/Rootkit Fiasco
Posted by Ray @ 9:45 pmUpdated 16/11/05
- Boing boing has a much more complete summary here.
- Wired has a revealing article up, detailing just how many PCs got infected with DRM (I’m liking that phrase). The short answer? A lot - and it includes US Military and Government computers. I smell a criminal suit! Link here.
There’s been lots of dung-flinging going on ever since Sony’s rootkit fiasco was uncovered by the good folk over at SystemInternals. Here it is, in no particular order:
1) The Italians get a nice tip of the hat for launching the first legal investigation at Sony. The investigation was requested of the Italian Government, by Italy’s equivalent of the Electronic Frontiers Foundation, the ALCEI-EFI.
Link: News here. Official Press Release here. (Page is in Italian. Need a translation? Use the babelfish).
2) In the meantime, Sony puts up a webpage where you can “remove” the rootkit. The removal kit requires you to jump through multiple hoops: enter e-mail, receive confirmation e-mail, click on a link in the confirmation e-mail, go to the page with the uninstaller, install an ActiveX control (thereby limiting access to Internet Explorer users only), uninstall DRM.
Too add insult to injury, the DRM isn’t actually uninstalled. No, it’s just had its “cloaking” capabilities removed.
Too add even more insult to injury, the patch de-cloaks the software in a manner that could crash your computer. The company who made the DRM, First 4 Internet, denies this. After Mark demonstrated it could happen.
As a final kick in the nutsack, the patch is “keyed” in to your computer. If you have multiple computers, you cannot move this patch from computer to computer to remove the DRM on the other computer. No, you have to jump through the hoops all over again on Sony’s website.
Link: Mark’s further investigation is here.
3) Cheaters use the cloaking DRM to bypass World of Warcraft’s anti-cheating measure. In other news, lawyers everywhere flock to Blizzard Studios and camp outside.
Link: News here.
4) The first virus to make use of the cloaking capabilities of the rootkit hits the ‘net. It took about 10 days from the revelation of the DRM, to the release of the virus.
Link: News here.
5) Mark does more digging, finds out that the DRM on your computer phones home to Sony with an ID of what CD is being listened to. Without your consent, of course. If that isn’t scary Big Brother behaviour, I don’t know what is.
Link: Mark’s investigation here.
On an ironic note, some random dude discovers that by affixing a “$sys$” to the beginning of your CD-ripping program, you can bypass Sony’s DRM and copy the CD.
So you’re using Sony’s DRM… to bypass Sony’s DRM. Hah!
6) The EFF posts a list of affected CDs. Some big names are in there, including Neil Diamond, Celine Dion, and Ricky Martin.
Alright, alright, I take Ricky Martin back…
Link: EFF’s affected CD list here. Slashdot reader’s journal’s more complete list, here.
7) And at last, the news everyone’s been waiting for. Californian lawyers have filed a class-action lawsuit against Sony. They seek an injunction preventing further sales of such CDs, and compensation to consumers affected by the CDs.
So c’mon folks, give us lawyers some lovin’. Preferably the hot kind.
Link: Californian lawyers sue, news here.