Sony DRM
Sony has used a hidden root kit style DRM system on some of its audio CDs which inadvertently opens up users' computers to malicious use by installing a mechanism in Windows that makes it possible to hide files in the filesystem from both the user and the operating system.
The Sony DRM rootkit is automatically installed on Windows computers when affected audio CDs are inserted by taking advantage of the Windows 'autoplay' feature, which reads and attempts to execute programs on inserted discs and devices automatically. This behaviour occurs regardless of whether or not the user of the system consents to the End User License Agreement (EULA) that accompanies the rootkit-style DRM software.
Creators of malicious software (e.g. viruses and spyware) have discovered that they can use the Sony DRM rootkit's file-hiding mechanism to make it difficult to detect and remove their software.
Attempting to remove the Sony DRM rootkit can leave a Windows computer unable to play CDs because of the way the software embeds itself into the Windows operating system.
Issues Raised
- Extent to which media companies should be allowed to restrict and control access to products purchased and owned by customer.
- Control of one's own equipment and what may be installed on it and uninstalled from it.
- Dishonest use of EULAs.
News Articles
- BBC: Sony slated over anti-piracy CD
- Search Security.com: The rootkit of all evil?
Other discussion
- Mark's Sysinternals Blog: Sony, Rootkits and Digital Rights Management Gone Too Far
- Schneier on Security: Sony's DRM Rootkit: The Real Story