/* Javascripts ----------------------------------------------- */ /* * * * * * * BODY * * * * * * * ----------------------------------------------- */

Note that the title of most blog entries provides a link to the relevant document.

Tuesday, November 01, 2005

Mark's Sysinternals Blog: Sony, Rootkits and Digital Rights Management Gone Too Far

It appears that Sony, one of the biggest companies in the world, has potentially made a huge mistake legally. They are apparently installing Root Kit level Digitial Rights Management (DRM) software when people buy their music and try to play it on their computers. A Root Kit is defined by Wikipedia as: "...a set of tools used by an intruder after cracking a computer system. These tools can help the attacker maintain his or her access to the system and use it for malicious purposes." They then go on to describe two types of root kits, user level and kernel level. The Sony DRM code is kernel level. Among other things, it does Windows system call hooking - which means that it diverts certain system calls to its own ends. It also apparently runs every two seconds, querying about the executables for all the then running processes. It also fairly effectively hides itself by cloaking itself and hiding directories.

I should note that the author of the above cited article thinks that the system call hooking potentially opens up some timing windows in Windows. In other words, it is fairly crudely done and introduces potential instability into Windows systems in which the DRM software is installed.

Originally, the Sony End User Licensing Agreement (EULA) apparently didn't even mention the installation of the software. It was modified to do so last night. However, the modifications don't go nearly far enough, esp. when suggesting that you could uninstall the software if you didn't like it - despite not including uninstall software in the first place. Also, if you uninstall yourself, your CD player becomes inoperative.

Posters to that blog entry point out that the Sony DRM software more than likely violates the laws of numerous countries, and, here in the U.S., the laws of several states. Also, the company could be liable to its customers under any number of legal theories, including trespass to chattels (a case came down a week or so ago accepting this theory).

[+/-] show/hide this post


Post a Comment

Links to this post:

Create a Link

<< Home