2008 Woodie Awards
Sony scathed by spyware scandal
By Brandon Himes
Rocket Web Editor
Issue date: 11/18/05 Section: Life
On Oct. 31, it was discovered that Sony-BMG has been distributing CDs that install spyware, which Sony calls XCP, on any computer used to play them. Listeners should be aware that playing these CDs on a computer will install intrusive and potentially malicious software.
Sony currently refuses to release a complete list of titles that were distributed with spyware, but an incomplete list is available at the Electronic Frontier Foundation (EFF) Web site: http://www.eff.org/IP/DRM/Sony-BMG/. The EFF site also explains how to identify CDs that contain this spyware.
The spyware installed includes a music player that sends information about any media played on it back to Sony. Sadly, this kind of spyware has become run of the mill. All sorts of everyday applications install similar software.
If you use AOL Instant Messenger then you already have similar software called ViewPoint on your computer. ViewPoint works just like Sony's spyware; it sends information about whatever you're playing in Windows Media Player back home. Seedy, I know. My recommendation is not to use AOL's instant messenger.
Even more nefarious is another tool Sony installs called a rootkit. This is a tool commonly installed by hackers to cloak their presence on their victim's computer. While the term "rootkit" comes from Unix, a non-Windows operating system, this tool has been adapted to work on all sorts of operating systems. Typically a hacker uses a rootkit to modify a system so that malicious processes that are being run are not visible to the owner of the machine.
Sony has adapted this tool to protect their anti-piracy measures. Sony used their rootkit to hide all file names that begin with "$sys$." While this might not seem inherently bad, it is. Not only does this keep the owner of the machine from removing the software should he or she desire, it also provides a cloaking mechanism for other viruses or spyware to hide under.
Soon after Sony's scheme was uncovered, spyware and viruses with files names beginning in "$sys$" began to appear. These malicious pieces of code that would normally be detected by antivirus or antispyware applications are now safe from detection due to Sony's rootkit.
Sony currently refuses to release a complete list of titles that were distributed with spyware, but an incomplete list is available at the Electronic Frontier Foundation (EFF) Web site: http://www.eff.org/IP/DRM/Sony-BMG/. The EFF site also explains how to identify CDs that contain this spyware.
The spyware installed includes a music player that sends information about any media played on it back to Sony. Sadly, this kind of spyware has become run of the mill. All sorts of everyday applications install similar software.
If you use AOL Instant Messenger then you already have similar software called ViewPoint on your computer. ViewPoint works just like Sony's spyware; it sends information about whatever you're playing in Windows Media Player back home. Seedy, I know. My recommendation is not to use AOL's instant messenger.
Even more nefarious is another tool Sony installs called a rootkit. This is a tool commonly installed by hackers to cloak their presence on their victim's computer. While the term "rootkit" comes from Unix, a non-Windows operating system, this tool has been adapted to work on all sorts of operating systems. Typically a hacker uses a rootkit to modify a system so that malicious processes that are being run are not visible to the owner of the machine.
Sony has adapted this tool to protect their anti-piracy measures. Sony used their rootkit to hide all file names that begin with "$sys$." While this might not seem inherently bad, it is. Not only does this keep the owner of the machine from removing the software should he or she desire, it also provides a cloaking mechanism for other viruses or spyware to hide under.
Soon after Sony's scheme was uncovered, spyware and viruses with files names beginning in "$sys$" began to appear. These malicious pieces of code that would normally be detected by antivirus or antispyware applications are now safe from detection due to Sony's rootkit.
