Story: Microsoft to delete Sony DRM 'rootkit'

Posted by: Adam (Monday 14 November 2005, 3:00 AM)

I find the actions of Sony deplorable and would like to thank Microsoft for putting an end to this nonsense.

Firstly, artists and record companies need to be fairly compensated for the work they produce. I think Sony et al would have a hard time showing that their current compensation schemes are anywhere near fair. Unless you are a hugely successful artist, you do not have any negotiating power, so drop the high moral act and admit how little of the amount we pay for a CD actually makes it to the artist.

Secondly, piracy is wrong. I am a software developer, so I understand the cost of this, and I accept that companies need to take action to prevent unlawful use of their property, but there is a line, and there can be little doubt that F4I crossed it.

Thirdly, installing a rootkit is wrong. Microsoft has an open operating system that allows different hardware manufacturers to write device drivers that interact with windows. Most malware needs to trick the user into executing it, or find a security flaw in some common program that lets it execute. Surely any developer with half a brain should have seen how questionable this cloaking technique is, and how some with even worse intentions may exploit any vulnerability you introduce.

Fourthly, it is a poorly written driver. Mark Russinovich has written a program to prove it crashes severely (BSOD) when receiving a poorly formed input data. Normally, windows is pretty graceful and would just provide a normal error message.

Fifthly, you can't uninstall without breaking your CD drive access - not good enough.

Sixthly, the "patch" provided by Sony does not remove the DRM, but rather "upgrades it". The upgrade does not remove it, but simply unhides it.

Seventhly, there is no easy way of associating the problems you may encounter with the DRM to Sony support, so users may have no option but to reformat to get their system working again.

Eightly, it phones home when you play the CD, although only to get a next banner. ***cough cough bull ....

Ninethly, you have to accept an ActiveX control to uninstall, plus provide an email address, but they wont use that in their marketing. *** cough ***

Tenthly, the uninstaller is signed so it only works on the machine that accepted the ActiveX. Not good enough where you are maintaining a large network of machines.

Eleventhly, depending on the age of the person and the country they are in, you may have no legal right to enforce the terms of a contract.

Twelthly, it doesn't prevent copying from Linux or Mac, so what is the point. Why is it easier to transfer music to a mp3 player from some P2P system then to legitimately buy the CD and convert it?

It might be time to re-investigate the whole process of Auto-run. I am considering writing a custom tool to disable auto-run and ask permission whenever a new CD is inserted with autorun. I suppose if I had more time, I could link it to an online database. Where is DVD Jon when you need him ;)

But I can't believe a company as large as Sony would attempt this. It is only that it is Sony that different virus scanners have not given it the classification it would get if I wrote it.