Sony DRM Installs Root Kit with Spyware-like Properties
RTA Information Technology, Tempe, Arizona
Sony continues to make headlines with its Digital Rights Management (DRM) software. The most worrisome (to consumers) version is contained on 52 Sony copy-protected music CDs. Originally outed in Mark Russinovich's blog, without warning the software installs a root kit on Windows PCs, tells Sony every time a copy-protected song is played, and can easily act as a camouflage for viruses or other malware.
Sony has now recalled all CDs protected by this "XCP" version of copy protection, promising to replace any customer's CDs with non-copy-protected versions.
There are currently class action lawsuits against Sony in three states. Some larger companies have outlawed ALL music CDs from company computers.
Analysis:
There are major issues here, untested in U.S. courts.
1) How much disclosure is necessary in an End User License Agreement (EULA)? Is a software maker obligated to inform the purchaser that software being installed:a) Is NOT just a "music player", but is a root kit that modifies key system functions?b) Sends out encrypted information across the Internet without asking the user?c) Runs constantly on the computer, using up CPU cycles.d) Cannot be un-installed?e) Modifies system properties to hide certain files (possibly introducing a security hazard)?
2) How much liability does Sony have for damages caused by their software?
Sony's EULA limits damage to a maximum of $5. What if the DRM program, which installs as a root kit, directly causes data loss for a company? Or requires that a computer operating system be rebuilt?
Sony continues to make headlines with its Digital Rights Management (DRM) software. The most worrisome (to consumers) version is contained on 52 Sony copy-protected music CDs. Originally outed in Mark Russinovich's blog, without warning the software installs a root kit on Windows PCs, tells Sony every time a copy-protected song is played, and can easily act as a camouflage for viruses or other malware.
Sony has now recalled all CDs protected by this "XCP" version of copy protection, promising to replace any customer's CDs with non-copy-protected versions.
There are currently class action lawsuits against Sony in three states. Some larger companies have outlawed ALL music CDs from company computers.
Analysis:
There are major issues here, untested in U.S. courts.
1) How much disclosure is necessary in an End User License Agreement (EULA)? Is a software maker obligated to inform the purchaser that software being installed:a) Is NOT just a "music player", but is a root kit that modifies key system functions?b) Sends out encrypted information across the Internet without asking the user?c) Runs constantly on the computer, using up CPU cycles.d) Cannot be un-installed?e) Modifies system properties to hide certain files (possibly introducing a security hazard)?
2) How much liability does Sony have for damages caused by their software?
Sony's EULA limits damage to a maximum of $5. What if the DRM program, which installs as a root kit, directly causes data loss for a company? Or requires that a computer operating system be rebuilt?
posted by Myron Johnson | 3:22 AM
0 Comments:
Post a Comment
<< Home