With some of their CDs, Sony ship a rootkit — that’s right, one of those things that virus writers use to hide their wrong doings. What’s more, they ship a shoddily written rootkit made by some people called First 4 Internet, whoever they may be.
The kit is intended to protect music on the CD it is supplied with. You can’t play the CD in a Windows PC (Mac and Linux being unaffected, thankfully) without installing a rootkit on your computer.
As a quick rundown, the kit:
- Patches system calls to hide all files with “$sys$” in their name — it hides its files in a folder prefixed with “$sys$”.
- Installs drivers that prevent a CD-ROM device driver from reading the copy-protected CDs. Should you do the naive thing and delete the driver installed by the root kit, this means that your CD-ROM drives will stop working. Great move.
- Scans every running program on your PC once every few seconds at all times, whether you are listening to the CD or not.
- Several of the drivers are marked so they load even in safe mode, meaning that if they are buggy, not even safe mode will save you.
- Pretends to be called the “Plug and Play Device Manager” service, which can’t be called anything other than intensionally misleading.
- Finally, you can’t remove the kit via any normal means. This means that once on the system, you cannot remove it, even if you decide you don’t want to listen to the CD on your PC ever again.
If having the kit on your system wasn’t bad enough in the first place — given the havoc it causes on its own — now virus writers are exploiting the rootkit.
With this kit, Sony are going to far. The kit basically allows Sony to do whatever the hell they like with your PC with impunity and without you knowing. What’s more, it affects your PC whatever you are doing with the PC: it doesn’t matter whether you are listening to the CD or not, it will sit in the background, watching and recording what you are doing at all times. And finally, should you decide you don’t want to listen to the CD on your PC any more, you can’t remove it. What the hell are they thinking?
The advice used to go “don’t install software from un-trusted sources”. If companies like Sony are going to screw you over, then maybe now this should be suffixed with “and trust no-one”
Update: Sony have a page about the software and have started a program whereby you can return affected CDs and get a copy without the software on it. Hopefully they have learnt to be more careful about how they try to “protect” their CDs.