Sony’s Proprietary Spyware
On October 31, 2005, Mark Russinovich, chief software architect at Winternals Software discovered thatSony BMG Music was putting hidden copy protection software on their CDs and not adequately notifying customers. In fact, security researchers have described Sony’s technology as “spyware,” saying it is difficult to remove, transmits without warning details about what music is playing, and that Sony’s notice to consumers about the technology was inadequate. Sony executives have rejected the description of their technology as spyware.
This would be a big enough deal if the rabbit hole didn’t go any deeper, but it does. Sony’s technology, whichthey call “XCP” actually makes your computer vulnerable to hackerswho distribute malicious programs over the Internet that exploit the antipiracy technology’s ability to avoid detection. Hackers discovered they can effectively render their programs invisible by using names for computer files similar to ones cloaked by the Sony technology. In fact, this got so big, thata senior Homeland Security official cautioned entertainment companies against discouraging piracy in ways that also make computers vulnerable. Although he didn’t cite Sony by name, Stewart Baker, a secretary for policy at DHS said,”It’s very important to remember that it’s your intellectual property, it’s not your computer, and in the pursuit of protection of intellectual property, it’s important not to defeat or undermine the security measures that people need to adopt in these days.”
The program, which works only on Windows computers, prevents customers from making more than a few copies of the CD and prevents them from loading the CD’s songs onto Apple Computer’s popular iPod portable music players. Some other music players, which recognize Microsoft’s proprietary music format, would work. XCP is included on about 20 popular music titles, including releases by Van Zant and The Bad Plus.
What is even worse, is that Sony tells people to install this software without telling them what is does or how to reverse the process. (of course this in only for the CDs in which the program is not set to auto-install.) In fact, if you visit the site, Sony tells you that in order to remove the software, you must contact customer service,and that if you do, the CD that you paid for will no longer work in your computer.
Needless to say, this caused quite a stink when it hit the surface, and Sony has made a statement saying that they will “halt manufacturing CDs with the XCP technology.” Although they admit no wrongdoing on their part, and still defend their action under the need to fight piracy.
Since this came to light many of the anti-virus software companies have released patches and updates for their programs that allows the programs to seek, see, and destroy the program, removing it from your computer.
What really gets me about all of this is that Sony is willing to go as far as they have in order to “stop piracy.” They have essentially written and distributed a program that helps hackers attack people. What is funny is that they are actually giving people incentive to pirate their music. I mean, the software may not allow you to put the music you paid for onto your iPod, but is still allows you to put the music on your computer, which allows you to share it. So, in all actuality, Sony is not preventing piracy, they are invoking and inviting it. So, next timeyou go to the store and get ready to pony up $17 for that new CD, remember, Sony loves you so much that they are not only giving you 13 songs on that CD, but they are going to give you a nice little piece of spyware that opens a backdoor for any hackers who might want to give you some presents of their own. So, enjoy your Sony music, while you still can, because soon your computer will be acting like a troubled child on crack, and your operating system will be as unstable as Charles Manson.