Is Sony's CD DRM malware?

One of the biggest challenges the computer industry faces is getting Joe and Josephine Enduser interested in the security, reliability and manageability of their machines.

It seems no amount of education will make them understand that as their lives become more defined by the use of PCs and the Internet, protecting their computers isn't just a cool, geeky idea. It is up there with filling out tax returns: Tedious and boring, but fail to deal with the issue properly, and really bad things are guaranteed to happen.

Along with this Sisyphean education effort is the problem of legislation. We've got laws that deal with spamming (as toothless as they are), laws that can be applied to hackers and virus writers (if we can catch them) and laws that protect our personal data (don't get me started).

The good news is that something happened recently that may lead to changes in consumer awareness and legislation.

The event was the discovery that Sony - yes, that's right, the huge, megacorporation Sony - not only has been installing software on people's PCs to enforce digital rights management (DRM) without telling them but also has installed software to hide the fact that they did so.

But wait; it gets better! The code Sony uses has been found to be naive and poorly engineered. It has a high possibility of crashing any PC it is installed on and soaks up processor cycles because of inefficient coding.

As far as I can determine, the first person to figure out what was going on was one of my heroes: Mark Russinovich of Winternals Software. He was testing the latest version of Winternals' RootkitRevealer, which can find a type of malware called a rootkit that can give an attacker full control over a PC and attempts to hide itself from detection, and noticed that his system apparently had a rootkit installed. This surprised him greatly, because he is really careful when it comes to avoiding risks such as malware.

To cut a long story short (see his posting), in the process of trying to find out what was going on, he dug deep using a variety of tools. Turns out that he had played a Sony BMG music CD that can be played only on a computer using the media player on the CD and which restricts the number of times you can burn CD copies.

After spending considerable time picking apart what was going on, Russinovich described his experience as "frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall." He points out that if users attempt the obvious solution of deleting the malware they could find that their CD drive is disabled.

What is particularly interesting is that the end user license agreement (DocFinder: 9654) that comes with the software does say "this CD will automatically install a small proprietary software program . . . onto your computer," but the description of the software's purpose - "The software is intended to protect the audio files embodied on the CD, and it may also facilitate your use of the digital content" - is, at best, misleading.

Worse still, the end user license agreement's claim that, "Once installed, the software will reside on your computer until removed or deleted," is disingenuous, given the rootkit software makes uninstalling as difficult as possible.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2005 IDG Communications, Inc.