An alert country rock fan has caught Sony using virus writers' techniques to prevent unauthorised copying of its CD albums. Has the company gone too far?
From time to time even the biggest of companies does something that, on the face of it, seems so dumb that even the committed, dyed-in-the-wool corporate supporter must have a hard time finding a grain of sense in it. Monday 31 October 2005 was the day that US Windows coding expert Mark Russinovich discovered such a blunder, and revealed in his blog that Sony had installed a rootkit on his computer without his consent.
“That's awful,” I hear you say, “but what's a rootkit?”
Rootkits are software ‘implants' used to hide malware once it's installed and ensure it doesn't get found by antivirus programs. Rootkits are starting to be used by a small number of computer virus writers because they allow malicious code to be inserted deep inside the Windows OS (operating system), meaning that it will not be spotted by most antivirus scanners.
After a spell of serious delving, Russinovich realised that the ‘cloaked' software had been installed when he first listened to the Sony CD album ‘Get right with the man' by Van Zant, a country rock band. Although resembling a virus, the hidden files had come from Extended Copy Protection, or XCP, an anticopying system developed by a UK software company called First 4 Internet. XCP allows only three copies of an album to be made, and if you listen to it on a computer, only a proprietary media player will work. The CD plays normally on a hi-fi and, interestingly, the copy protection does not affect computers running Apple or Linux OSs.
Ridding his computer of XCP proved difficult and briefly crippled Mark Russinovich's CD drive. According to him the licence agreement that he accepted when he first listened to the album made no mention of the fact that he could not uninstall the program, or of the significant changes it made to his computer.
Mathew Gilliat-Smith, CEO of First 4 Internet, said the techniques used to hide XCP were used by many other programs. He added that Russinovich's revelations (and no doubt the ensuing media fuss) had prompted the firm to release information to antivirus companies that would help them spot the hidden XCP files.
Consumers can also contact Sony for the patch to uncloak, rather than remove, the hidden files. Not content with lumbering its customers with an unwanted guest in the first place Sony seems intent on making them jump through hoops to get rid of it. Removing the software completely involves filling in a form on the Sony website, visiting a unique URL and agreeing to download another program to your hard drive; only then can the uninstall proceed.
All this has been going on in far-off America, of course. But what happens there tends to happen here sooner or later, and at PC Advisor we think you should know about such things. It's my personal view that if Sony - or anyone else - released XCP copy-protected CDs in the UK the company might be open to prosecution under the Computer Misuse Act, for making unauthorised changes to a PC's file system. That hasn't happened yet, but we'll be watching the situation closely. In the meantime, check that licence agreement when you next buy a CD.
So, what of Sony and its faux pas? Well, as I typed this article it posted what amounts to an apology on the Sony BMG website, telling its “valued customers” that any CD with XCP may be exchanged for one without copy protection, and announcing “voluntary suspension of the manufacture of CDs with the XCP software”.
End of story, then? Not quite. Microsoft - not normally one to speak out on these issues - has taken what I think is a bold and welcome step. This is what the firm had to say on the subject: “We are concerned about malware and its impact on our customers' machines. Rootkits have a clearly negative impact on not only the security, but also the reliability and performance of their systems. In order to help protect our customers we will add a detection and removal signature for the rootkit component of the XCP software to the Windows AntiSpyware beta.”
Nice one, Redmond.