Yesterday, Windows innards guru Mark Russinovich of Sysinternals wrote of his disturbing discovery regarding one of those newfangled "copy-protected CD's."
(These are music CD's that self-install software on your computer, and then prevent you from doing some of the things you might want to do -- like copy a song for a mix CD. Some artists have spoken out against this freedom-reducing scheme that has been used on their CD's without their consent -- although major record labels working against the interests of artists is nothing new.)
Russinovich discovered that this CD had installed its software in an extremely well hidden way, via something called a "rootkit," which basically interferes with the operating system kernal so that it becomes extremely difficult to detect its presence, or to remove it.
His findings included:
- This hidden software appeared to be poorly written, and was hogging up some of his computer's resources at all times, even when he wasn't playing the CD.
- Its hiding techniques would also have inadvertently made it easy for others to hide software on his machine.
- It took actions that could have resulted in a system crash.
- It tried to disguise itself as a legitimate Windows service.
- It didn't provide a way to remove the software.
- Upon his own manual removal of the software, his CD drive was rendered useless.
These are exactly the techniques commonly used by the most insidious malware (viruses, worms, spyware, etc.), the ones that are so difficult to remove from Windows machines.
And he found that this software had been installed by the CD he'd gotten from Sony.
The End User License Agreement (EULA) from Sony went into none of these details, merely saying that "a small proprietary software program" would be installed on his machine. The EULA actually mentioned removal of the software, even though there was no means provided to remove what he had found.
This is a big deal, and one might expect a lawsuit (class action?) to evolve out of this (putting aside the "Waiver of Trial by Jury" clause in the EULA).
Here's Russinovich's article: "Sony, Rootkits and Digital Rights Management Gone Too Far" (which is quite thorough and very technical).
The wise and careful (who of course already avoid DRM, by not buying protected CD's, or protected audio from the iTunes Store) who scan their machines for malware (with free tools such as Spybot-Search & Destroy and Ad-Aware) might consider adding the free Sysinternals RootkitRevealer tool to their arsenal.
Here's Cory Doctorow of EFF on Why DRM is bad everyone (and here's another critique of his).
Finally, Richard Stallman of The Free Software Foundation: Can You Trust Your Computer?
UPDATE: Sony releases PR "patch" for its DRM malware that doesn't address the problems (Nov. 3, 2005)
UPDATE: Lawsuits against Sony for sneaky DRM, and refuted denials from malware author (Nov. 7, 2005)
UPDATE: Sony's Deteriorating DRM Mess: One Month Later (Dec. 1, 2005)