Ben Edelman: Cleaning Up Sony's Rootkit Mess
Ben writes in his blog:
Late last month, Windows expert Mark Russinovich revealed Sony installing a rootkit to hide its "XCP" DRM (digital rights management) software as installed on users' PCs. The DRM software isn't something a typical user would want; the "rights" it manages are Sony's rights, i.e. by preventing users from making copies of Sony music, and this protection for Sony comes at the cost of 1%-2% of CPU time (whether or not users are playing a Sony CD). Notably, Sony didn't disclose its practices in its installer or even in its license agreement. At least as bad, Sony initially provided no uninstall for the rootkit, and when Sony added an uninstaller, the process was needlessly complicated, prone to crashing, and a security risk.Read more of Ben's article here.
Having bungled this situation so badly, Sony has recalled affected CDs and announced an exchange program to swap customers' affected CDs for XCP-free replacements. For savvy consumers who have followed this story, the exchange looks straightforward. But what about ordinary users, who don't read the technology press and aren't likely to learn their rights?
As it turns out, there's a clear solution: A self-updating messaging system already built into Sony's XCP player. Every time a user plays a XCP-affected CD, the XCP player checks in with Sony's server. As Russinovich explained, usually Sony's server sends back a null response. But with small adjustments on Sony's end -- just changing the output of a single script on a Sony web server -- the XCP player can automatically inform users of the software improperly installed on their hard drives, and of their resulting rights and choices.
0 Comments:
Post a Comment
<< Home