“qB”:http://www.frizzylogic.org/ commented “a few posts back”:http://www.thewormbook.com/helmintholog/archives/001608.html#1757 that no one need worry about copy protection on music CDs because it was laughably easy to uninstall. Not if you play Sony CDs on Windows, it isn’t. An astonishingly “unpleasant story,”:http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html found through “Rafe”:http://rc3.org and “the Reg,”:http://www.theregister.co.uk/2005/11/01/sony_rootkit_drm/ shows that Sony CDs, when played in Windows, install a set of hidden programs (built by a [“British software house”:http://www.first4internet.com/]) using pretty advanced spyware techniques, which not only slow your computer down when they are running but completely destroy the system if uninstalled in the obvious way. The details are impenetrably techincal, but the moral is clear. Don’t buy Sony CDs until this is removed.
Once again, I demand the right to protect my money the same way that they protect their music and with the same righ to render it useless if they do anything improper with it.
I see that Sony have “announced”:http://cp.sonybmg.com/xcp/ the withdrawal of the XCP software. They will exchange CDs and provide a removal tool.
Yep. But the new removal tool installs a fresh version of the software, which has an even more horrendous security hole in it. Not, I mean, one which makes Sony insecure, io the sense that you can easily copy your CDs to your ipod, but one which hands your computer over to any passing mafioso. See [“this page”:http://www.freedom-to-tinker.com/?p=927%5D
from which comes the following paragraph:
bq. … this represents a far greater security risk than even the original Sony rootkit. The consequences of the flaw are severe. It allows any web page you visit to download, install, and run any code it likes on your computer. Any web page can seize control of your computer; then it can do anything it likes. That’s about as serious as a security flaw can get.