Sunday, November 06, 2005

Sony Introduces Malware on Music CD's

I saw a report on this last week, and thought that surely Sony will try to make this right, so I decided to wait and see what happens. It isn't pretty.

Last week on Mark Russinovich blogged on his discovery of a rootkit in his system, and unfolded his detailed detective work to find out where it came from.
Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files.
Once the sofware is installed there is no way the casual user can get rid of this thing, There is no Uninstall, and the files are cloaked in such a way as to be invisible. The software once installed will cause a 1 to 2 percent CPU usage.

OK, Sony got caught and one might expect they would try to head off a potential public relations disaster. But the ever arrogant Sony came out with the fix that fixes nothing

Despite a chorus of criticism over Sony not delivering an uninstaller with their DRM software, Sony refuses to admit blame and to make an uninstaller readily available. The uninstall question on Sony's FAQ page directs you to another page that asks you to fill out a form requesting for uninstall directions to be emailed to you:

There’s no way to access the uninstaller without providing this information, and clicking on the Sony privacy policy link at the bottom of the page takes you to a notice that your email address will be added to various Sony marketing lists.

A few minutes after submitting the form I received an email assigning me a case ID and directing me to another page on Sony’s site where I would have to submit an uninstall request a second time:

You have to agree to get spammed by the bastards that gave you this trojan to get rid of it!!
Then it turns out it doesn't work after all. The uninstaller doesn't uninstall at all!

A new developement is that even though Sony denies it, The software is proven spyware it phones home reporting your IP numbers, and the CD that you are playing. A true invasion of privacy. all this is done without the owners permission or knowledge.
I dug a little deeper and it appears the Player is automatically checking to see if there are updates for the album art and lyrics for the album it’s displaying. This behavior would be welcome under most circumstances, but is not mentioned in the EULA, is refuted by Sony, and is not configurable in any way.

Sony BMG in her arrogance is asking to be sued, or perhaps even criminally prosecuted

posted by Liberty @ 12:59 PM

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home >>