November 02, 2005

Is There a Lawyer in the House?

Yeah, I know half of my audience is seemingly made up of members of the legal profession, so I would like to ask y'all what your opinion is on this bit of joy.

{...}The issue erupted into the public consciousness late on Monday, when computer developer and author Mark Russinovich published a blog detailing how he had found the First 4 Internet software hiding deep in his computer, after he had listened to a copy-protected CD distributed by Sony BMG.

The anticopying technology included a tool called a "rootkit," often used by virus writers. A rootkit takes partial control of a computer's operating system at a very deep level in order to hide the presence of files or ongoing processes.

Rootkits, while not intrinsically malicious, are viewed with deep suspicion by many in the software development community. They are extraordinarily difficult to find and remove without specific instructions, and attempts to modify the way they act can even damage the normal functioning of a computer.

In the case of the First 4 Internet software, attempts to remove it manually rendered the CD drive of the computer inoperable, Russinovich found.

Several antivirus companies followed Russinovich's news with warnings that the First 4 Internet tools could let virus writers hide malicious software on computers, if the coders piggybacked on the file-cloaking functions. {...}

To sum up: Sony BMG put this rootkit software on their music CD's as a part of their "digital rights management" program. The upshot of this is that if you play a Sony CD on your computer, it will install this software on your computer. As the husband says, "Hackers install rootkits because they can hide them from the Windows API, meaning that any anti-virus or any anti-spyware program that is running within Windows won't be able to see it." So, this is sneaky software that is designed to do sneaky things. According to the article, if you tried to remove the rootkit software, it rendered your CD drive inoperable.

Keep in mind that this is your computer system Sony thinks it has a right to install this sneaky software onto. It doesn't matter to them if you're trying to copy their CD's or not. You could, conceivably, just be listening to a CD on your computer, and if you have some knowledge of how these things work and you found the rootkit, if you tried to remove it, said rootkit will instruct your CD drive not to run.

And this all because you listened to a Sony BMG music CD on your computer.

Now, some bright soul pointed out to Sony that this rootkit debacle opens up people's computers to black hat hackers---people who would do damage to you and your system. What's even worse about this situation is that if, per chance, you were infected with a virus via this rootkit hole on your machine, your anti-virus software wouldn't recognize the fact you have a virus. It would be flying under the radar because it came in through a hole that's under the radar. Sony's bright idea to solve this problem is to release a patch. They think the software should remain on people's machines; that they have a right to install software on your machine without your knowledge to damage your equipment if you do something they don't like---like try to remove software they installed.

This is just astonishing that Sony thinks they can get away with this sort of thing. This is the equivalent of a contractor smashing a hole in the wall of your house and then handing you a piece of plastic and some duct tape to fix it, and then claiming that this should do the trick and you should be warm and dry in the middle of January.

Which, I think we can all agree, is bullshit.

Now here's the question for the lawyers in the house: one would think that Sony would be in big trouble legally for this stunt. Are they? This just reeks of a Class Action suit to me...but I'm no lawyer. Universal Music has subscribed to rootkits, too.

{Hat Tip: Tech Dirt}

Posted by Kathy at November 2, 2005 09:35 PM | TrackBack
Comments

Without doing the legal research to support my feeling about this, I think that they have no right to do this. I think that they would have to respond in damages. I can't imagine that a court would let them get away with asserting that there is an implied licsence to install anything on anyone's computer because they listened to music.

I'd love to see the legal opinion that Sony got before they did this.

Posted by: RP at November 3, 2005 05:23 AM

I'm not a lawyer either, but this reeks of liability. I think they've opened themselves to, as you suggest, a class action suit the likes of which has rarely been seen.

Their packaging, I'm assuming, makes no disclosures about software being installed, nor when you insert the CD do you get a warning. To me, this is like sending a loaded gun into a kindergarten class hidden in a sock puppet.

The vast majority of people do not do the normal preventive maintenance type of things that computers should get. Computers are too cheap, in many respects, to worry about this. Just so, not many are all that concerned with their virus protection either.

These facts being known, I believe Sony to have acted in bad faith.

But, I could be wrong.

Posted by: Phoenix at November 3, 2005 07:02 AM

I read about this a couple of days ago, I have since made my mind to buy no more CDs from Sony... Actually, I'm pretty much just going to boycot Sony because of it.

Posted by: Contagion at November 3, 2005 02:30 PM

The latest update is that you can use Sony's rootkit to hide cheat patches from World of Warcraft's cheat-patch-scanner thingy.

Posted by: Pixy Misa at November 3, 2005 09:45 PM

Pixy,

the husband plays WoW, hence I heard about this earlier today. They have no idea of the can of worms they opened.

Posted by: Kathy at November 3, 2005 10:04 PM
Post a comment









Remember personal info?