WIL WHEATON dot NET

50,000 Monkeys at 50,000 Typewriters Can't Be Wrong

Schneier on Sony’s rootkit DRM

  • Web/Tech

Bruce Schneier’s latest article for Wired is all about Sony’s hyperevil rootkit DRM debacle. It includes a comprehensive timeline, as well as Bruce’s efforts to get to the real story in the whole saga. Bruce says, "It’s a David and Goliath story of the tech blogs defeating a mega-corporation."

It’s a tale of extreme hubris. Sony rolled out this incredibly invasive
copy-protection scheme without ever publicly discussing its details,
confident that its profits were worth modifying its customers’
computers. When its actions were first discovered, Sony offered a "fix" that didn’t remove the rootkit, just the cloaking.

Sony claimed the rootkit didn’t phone home when it did. On Nov. 4,
Thomas Hesse, Sony BMG’s president of global digital business,
demonstrated the company’s disdain for its customers when he said, "Most people don’t even know what a rootkit is, so why should they care about it?" in an NPR interview. Even Sony’s apology
only admits that its rootkit "includes a feature that may make a user’s
computer susceptible to a virus written specifically to target the
software."

However, imperious corporate behavior is not the real story either.

This drama is also about incompetence. Sony’s latest rootkit-removal tool actually leaves a gaping vulnerability. And Sony’s rootkit — designed to stop copyright infringement — itself may have infringed on copyright. As amazing as it might seem, the code seems to include an open-source MP3 encoder in violation of that library’s license agreement. But even that is not the real story.

It’s an epic of class-action lawsuits in California and elsewhere, and the focus of criminal
investigations. The rootkit has even been found on computers run by the
Department of Defense, to the Department of Homeland Security’s displeasure. While Sony could be prosecuted under U.S. cybercrime law, no one thinks it will be. And lawsuits are never the whole story.

This saga is full of weird twists. Some pointed out how this sort of software would degrade the reliability of Windows. Someone created malicious code that used the rootkit to hide itself. A hacker used the rootkit to avoid the spyware of a popular game. And there were even calls for a worldwide Sony boycott.
After all, if you can’t trust Sony not to infect your computer when you
buy its music CDs, can you trust it to sell you an uninfected computer
in the first place? That’s a good question, but — again — not the
real story.

So what is the real story? I’m not going to steal Bruce’s thunder, or deprive Wired of your precious clicks. So if you’re interested, I highly recommend giving it a read.

  • Click to share on Reddit (Opens in new window) Reddit
  • Click to share on Facebook (Opens in new window) Facebook
  • Click to share on Tumblr (Opens in new window) Tumblr
  • Click to share on Bluesky (Opens in new window) Bluesky
  • More
  • Click to share on Pinterest (Opens in new window) Pinterest

Like this:

Like Loading...

Related


Discover more from WIL WHEATON dot NET

Subscribe to get the latest posts sent to your email.

Subscribe

17 November, 2005 Wil

Post navigation

WWdN West Cost Warmup #2 → ← he was chrome and he said

9 thoughts on “Schneier on Sony’s rootkit DRM”

  1. JessHollis says:
    17 November, 2005 at 1:39 pm

    Just a warning to people using Napster…IT SERIOUSLY FUCKS UP YOUR COMPUTER!!!! I tried the free trial and it requires you to download this DRM program. Long story short, I decided to cancel Napster because itunes is actually cheaper. I then uninstalled Napster and the DRM program. I later found out that DRM had secretely attached itself to other programs that I already had, including the main WINDOWS XP and caused serious problems with my system. I worked for days with technical teams in an attempt to correct it. It still doesn’t work the same and many of my music files won’t play anymore. I hope that the knowledge about this dilema spreads so some people will be saved from the all the drama it causes.

  2. AmiNTT says:
    17 November, 2005 at 9:26 pm

    Twice a week, I pass the Sony Store in the Rideau Centre, and they have a few of the Vaios in the window.
    I wonder… Is the root kit installed on all the systems they sell? I’ll have to drop in and ask them… Not that I expect an honest answer, of course.

  3. VeronicaRobinson says:
    18 November, 2005 at 9:08 am

    I actually worked for Sony at one time. I would have to agree with the whole, Sony doesn’t care about it’s customer’s, bit. They want money and they aren’t to picky about how they get it. I was a mere telesales rep but the general idea was, find out what the customer wanted, then convince them that they need twice as much. Sadly, in order to meet our unreachable sales goals, we did this.
    And here’s a hint on returning something: Don’t waste your time. Put it on ebay and hope for the best.

  4. terrymr says:
    18 November, 2005 at 9:17 am

    This just gets better, now they’re accused of infringing on software written by DVD Jon.
    http://www.pcpro.co.uk/news/80271/sonys-drm-woes-expand-to-include-copyright-infringement.html

  5. terrymr says:
    18 November, 2005 at 9:18 am

    lets try that link again

  6. Wil says:
    18 November, 2005 at 9:53 am

    Yeah, not only DVD Jon’s software, but First4Internet included elements of the LAME encoder, in violation of hte LGPL and the GPL!
    It’s hard to decide if they are more evil, or just more stupid.

  7. Ricochetv1 says:
    18 November, 2005 at 11:45 am

    Viaos have been known to be some of the biggest POSs when it comes to packaged systems. I would never buy a Sony. The only reason I have a Sony burner is because I bought it from a friend for $50 when he upgraded to DVD.

  8. Sleep Interrupted says:
    18 November, 2005 at 1:37 pm

    Sony Copy Protection Evilness

    I sent my Road To Rouen CD back and got a full refund. This was the first Copy Control CD that I failed to circumvent, but having read Bruce Schneiers article via Wil on the Sony rootkit evilness, I will in future refuse to purch…

  9. Bitch says:
    23 November, 2005 at 6:17 pm

    Hello!
    I found your blog in the fabulous hypertext way (I’m dating myself by using that word, eh?). A quiz told me that I was most like your StarTrek character, and since I knew your name, just nothing about StarTrek, I poked around. Voila!
    I see “Geek.” I see, uh, hmmm, what? Bruce Schneirer. WTF and holy cow. So then I learned more and couldn’t resist posting just to say, WTG.
    I sometimes write on infosec for ordinary users — people who don’t know how to send an attachment, for instance. I love to make connections to pop culture, to get their attention in an entertaining way. So I’m thrilled! Will Wheaton pays attention to security!
    And, btw, I knew your acting best through Stand By Me and not Star Trek.
    Bitchy!
    W00t!

Comments are closed.

Related Posts

having exhausted my ability to solve a simple problem, i turn to the internet for assistance. help me, mysterious internet; you’re my only hope.

this post is an ask for technical support. Just a basic, straightforward, "Hey, Internet, can someone help me out here?" And before you ask, yes, I have turned it off and back on again.

nothing but bluesky is such a predictable title for this post

I am still on a break from public life, but I understand some number of people were concerned that someone was building a foundation to impersonate me, and I wanted to verify that those accounts are, indeed, mine. There is no need to report them. But thank you for looking out for me.

children are not property. they are people.

Children deserve to be children. Children are not the property of their parents who can use and exploit them for their own gain. They are CHILDREN and they will spend the rest of their lives hurting because you stole that from them. Ask me how I know.

buy the ticket, take your turn

It's another one of those round up posts, like in the Before Times!

Recent Posts

catching halos on the moon

catching halos on the moon

I had such a good time with my garden last season. It was the first time I had ever capital-t Tended a garden in my life, and it was a […]

More Info
in the heat of the summer better call out a plumber

in the heat of the summer better call out a plumber

Back in the old days, the good old days, when it was generally accepted that Fascism and Nazis were bad, bloggers would write these posts that were sort of recaps […]

More Info
lift every voice and sing

lift every voice and sing

Lift every voice and sing,‘Til earth and heaven ring,Ring with the harmonies of Liberty;Let our rejoicing riseHigh as the listening skies,Let it resound loud as the rolling sea.Sing a song [...]

More Info
it picks me up, puts me down

it picks me up, puts me down

I’ve been open and unashamed about my mental health struggles and triumphs, always willing to talk about my CPTSD, always willing to supportively listen when someone chooses to share their [...]

More Info

 

  • Instagram
  • Facebook

Member of The Internet Defense League

Creative Commons License
WIL WHEATON dot NET by Wil Wheaton is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.
Based on a work at http://wilwheaton.net.

Search my blog

Powered by WordPress | theme SG Double
%d