Sony, Rootkits and Digital Rights Management Gone Too Far

SysInternals.com guru Mark Russinovich has a detailed investigation of a rootkit from Sony Music. The rootkit introduces several security holes into the system that could be exploited by others, such as hiding any executable file that starts with '$sys$'. Russinovich also identifies several programming bugs in the method it uses to hook system calls, and chronicles the painful steps he had to take to 'exorcise the daemon' from his system.

Please write your MP to ensure that they realize that it is Sony and other music distributors that are the ones "cracking" security and breaking into computers, and not people who are circumventing DRM in order to protect their rights (property, privacy, etc).

See also: p2pnet: New: Sony BMG rootkit DRM, The Register: Removing Sony's CD 'rootkit' kills Windows, CNET News.com: Sony CD protection sparks security concerns, PCPro: Sony DRM burrows into rootkit code, BetaNews: Sony to Help Remove its DRM Rootkit, BBC: Sony slated over anti-piracy CD

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Sony's rootkit

Concerning the introduction of security holes into the system and how that should be seen by our MPs, one may wish to consider section 430 of the Criminal Code of Canada, particularly the part about rendering property dangerous.

Whitewashing..

Please report to us on anything your MP says in response. I am curious who your MP is?

It is interesting how many in the media are whitewashing this cracking of computer security by Sony. Sony and "First 4 Internet" claim that the technique is being used to make it hard for people to "hack the content protection", but in reality this is a simple case of Sony/First4 breaking the security of computers. Whether the security is broken for what the media or these vendors claim isn't malicious reasons is not relevant. There is no law to justify what Sony/First4 are doing -- they don't get to break into other peoples computers like this just because they want to enforce their music contracts.


Free/Libre and Open Source Software (FLOSS) consultant.

Too bad software isn't "real"

Sadly I don't think Sony can be nabbed under section 430 because I don't think software will qualify as "property" under section 428. Though I hope that there is some other law that Sony is running afoul of, if not one needs to be created.

Section 428. In this Part, "property" means real or personal corporeal property.
R.S., c. C-34, s. 385.