Schneier on the Sony DRM Rootkit

In case you’ve been living under a rock for the past two weeks and haven’t heard about it, Bruce Schneier has an excellent article on the Sony DRM Rootkit debacle. Until recently, Sony has been distributing a rootkit on its CDs that hides itself on your system (and helpfully lets other malware hide too) and phones home about what music you listen to.

And if that weren’t enough, Ed Felten and J. Alex Halderman discovered that as part of the arduous uninstall process to remove the rootkit, the web-based uninstaller opened a massive security hole on your system that would let any malicious website run arbitrary code on your computer! (Followups here and here.)

Note in particular how people who downloaded the album illegally had no problems from any of this (as the DRM is easily bypassed), but customers who bought legal copies of the CD were punished by being spied on and having their computers opened up to attackers.

Comments are closed.