On the SONY BMG rootkit fiasco

I’ve been wanting to write about the recent SONY BMG Music copy protection fiasco for a while. The whole thing is simply so messed up and I find it hard to keep my mouth shut.
Short summary:

SONY BMG Music feels legislation alone is not enough to prevent copying of their CDs. They add copy prevention software to their CDs, which is installed silently on the customers computer when the CD is inserted in the drive. The software uses a rootkit, that hides the software from the user.

Sony BMG Music doesn’t see anything shady or insecure or untrustworthy in the practice of installing covert software that hides itself on the users computer and can’t be removed by regular people. After all, you accepted a 3000 word legalese document that fails to give the full story, and most users don’t know – and therefore don’t care – about the software.

However their rootkit is unstable, terribly hard to get rid of, and an easy way for malware to hide itself. The first worm to take advantage of this has been found, others are sure to follow.

CNET.com’s Molly Wood summarizes this nicely:

So, let’s make this a bit more explicit. You buy a CD. You put the CD into your PC in order to enjoy your music. Sony grabs this opportunity to sneak into your house like a virus and set up camp, and it leaves the backdoor open so that Sony or any other enterprising intruder can follow and have the run of the place. If you try to kick Sony out, it trashes the place.

The first lawsuits against SONY BMG Music have been filed over this. The first artists have distanced themselves from their distributors malpractices.

The SONY BMG Music website is ever so quiet about this.

One thing is certain, none of my christmas gifts will contain CDs from SONY BMG Music.