The Real Story of the Rogue Rootkit
FAQ: Sony's 'rootkit' CDs
(from here)
"Most people don't even know what a rootkit is,
so why should they care about it?"
-Thomas Hesse, Sony BMG global business president
The Sony rootkit ordeal occurred about three years ago, in October of 2005. When Mark Russinovich's findings that Sony was using rootkit software broke across the blogosphere on popular blogs such as CNET, Slashdot, and Boing Boing, Sony found themselves in hot water.
In order to prevent copying of certain digital media (in this case, CDs), Sony installed a secret program called XCP (Extended Copy Protection) on selected disks that would install itself without a user's knowledge. This program is called a rootkit, a program which takes control of an operating system without the end user's consent. It is called a rootkit because the program takes control of the operating system at its core and allows someone other than the end user to take root access of the computer. First designed for Unix systems, rootkit programs have been designed for other operating systems. Now the term rootkit applies to a spectrum of software designed to take control of any operating system.
The program's intended result was to squelch illegal copying of cds, but poor coding in the software produced undesirable side effects such as computer crashes and security problems. The cloaking devices used to hide the rootkit software from the user were also exploited by hackers (of the malicious sort) and virus authors to hide their actions. Primarily, Windows users were affected by the program (insert Macs don't get viruses joke here).
After being found out, Sony continued being sneaky by pretending to fix the problem. The company released software to "remove" the rootkit. However, the software only removed the cloaking devices used to hide the rootkit in the first place. Some reported that the removal program actually installed additional programs onto the computer that could not be uninstalled.
Users affected by the rootkit had little choice than to either leave the software intact or completely replace their computer or operating system. Some computers were completely crippled by the software because rootkit was extremely difficult to remove. In fact, many say that since the rootkit affects even the basic functioning of the operating system, removing the rootkit would severely hinder or completely crash a computer.
Ironically, in Sony's attempt to protect copyright, the company itself violated copyright. Part of the program Sony used was an open-source encoder called LAME. The encoder's license agreement stated that the source code must be made available when used. Sony didn't make any information about the rootkit software available at all, including anything involving the LAME encoder. Therefore, in Sony's valiant fight to uphold copyright, they showed how lame they were by violating copyright themselves (har, har).
Sony's rootkit ordeal dented the company's reputation. Some groups even called for a boycott of the company. Sony dropped the rootkit idea and is even considering a more drastic change : in January of this year, Sony actually announced plans to drop DRM on their music altogether (though this means they will probably just search and prosecute harder for copyright violation). Crazy, huh?
The moral of the story is: being sneaky only makes people mad at you. Especially if you crash their computers. Then it gets personal.
(My favorite blog, Boing Boing, has a series of "Sony rootkit roundups" here)
No comments:
Post a Comment