Forum

Blogger sees that Sony gets served

By Tartan Board  |  Nov 21, 2005

On October 31, Windows spyware expert Mark Russinovich was testing out the latest version of his RootkitRevealer program when he noticed something odd: His software found 22 suspicious files, all of which were otherwise completely invisible to Windows.

Confused as to how his own system could have been ?infected,? Russinovich did some sleuthing and eventually traced the malicious files to his copy of Van Zant?s Get Right With The Man album.

As it turns out, Sony BMG ? the publisher behind all of this ? began ?protecting? 52 titles with a technology called XCP from the company First4Internet. Over 2 million CDs were shipped with a program that would stealthily infect Windows computers into which the owner inserted the disc.

Ethics and privacy concerns mount quickly: If Sony BMG surreptitiously installs a program that can tell the company when and how you listen to your CDs, what comes next?

It gets even more outrageous: Four days later, Sony BMG published a ?Service Pack,? telling users that the DRM rootkit software was in no way malicious, but offering to remove it anyway.

The service pack only makes the DRM files visible; it doesn?t remove them. Even worse, the service pack opens up a ton of vulnerabilities in Windows, leaving systems both crippled and open to attack.

Three weeks later, with their DRM software infecting more than half a million computers, Sony BMG has finally owned up to their mistake. They?ve issued a recall for the XCP-protected CDs, offering replacement with CDs that have a different protection scheme.

Sadly, though, the company hasn?t officially acknowledged they caused damage to hundreds of thousands of computers. Nor have they issued a notice that their service pack only makes the situation worse. One example of their inaction is how Sony BMG failed to do anything for several days after researchers noted how dangerous the service pack was.

Rising from this whole episode of being oppressed by the man, we see a refreshing and interesting vehicle for change. Russinovich merely blogged his findings on the relatively obscure sysinternals.com. Before long, though, technology watchdog Cory Doctorow linked it from the popular boingboing.net, and it set the wheels in motion.

Wired, NPR, USA Today, and finally the New York Times covered the story, convincing Sony BMG to temporarily suspend its practice of completely exploiting its customers.

While it would be premature to herald this as the turning point in a new age of democracy and ?power to the people,? it is yet another demonstration of the Internet?s incredible power. Everybody has a voice in this world, and it?s becoming harder and harder for the establishment to silence people who have something to say.

So, even if large, international conglomerates decide to take advantage of the little man ? and get away with it ? there is still an avenue to fight back against the corporate machine and have your voice heard. Even if it is via Internet blogs.