Sunday, November 20, 2005

Sony Update

A friend recently wrote me askng about the Sony rootkit woes and I sent the following reply:

[Where I work] I've programmed our firewall to watch for anything that resembles the phone-home info. We're seriously considering banning all audio CD's from any worksite, which, before this, would have sounded stupid but is now is wildly supported! I think Sony is only now, weeks after Mark broke the story, beginning to realize what a shit-storm they're in. The repercussions for the company are going to be very serious, which is a shame because I'm big fan of Sony's electronics, if not their business practices.

RIAA's obsession with preventing people from moving their own property around has risen to a point where, in an individual, it would look like insanity. One of the goals of the DRM was to prevent people who'd bought the CD's from listening to them on an iPod. (Incidentally, iPod's destroyed Sony's walkman as the portable player of choice, which I think may have been a motivating factor in all of this.) If these had been LP's it would be like a program that seeks to keep you from recording the music to cassette tape for car-play. That's just nuts. And it was ineffective. Linux users are still the biggest segment of the high-tech population that record and swap files and the XCP program was completely ineffective in that regard.

If anything, this episode will drive slightly-more technically sophisticated users (the users who would have been inclined to rip Sony music and post it on the net anyway) to avoid even occasionally buying commercial CD's - it's just too dangerous.

Right or wrong, this program could only target the audience least likely to get their music except through purchasing commercial CD's. Corporate users are generally not operating at the root level and couldn't have installed the rootkit if they wanted to. Sophisticated users could bypass the RK entirely and did. For example, working with [a major anti-virus company] I found that of the 52 titles that Sony admits to having been encoded with this Aries, all of the most popular ones were available on pirate servers in MP3 format, free of XCP code, within hours of release.

Other things to consider is the implicit collusion of Microsoft and A/V vendors in this. MS doesn't have a problem with intrusive DRM programs, hell, it's going to be a core part of Vista. They just don't like other people rewriting the kernel with DRM that doesn't pay a royalty to Bill Gates. According to techie insiders I've talked to, some major anti-virus vendors knew about this program and even worked with XCP in concealing it in as much as it wasn't reported to users as being dangerous. That worries me. There's a mindset that says these kinds of actions, which would certainly be considered crimes if committed by a group of Ukrainian teenagers, is okay when its done by a rich multinational corporation.

Finally, I think the concerns about the CD's already in circulation being some kind of ongoing hazard are over blown. I have a canary machine that I put into the external internet every now and then just to see how quickly it gets infected by something. The time averages between 5 and 20 minutes. Such old threats as Sasser and even Code Red are still floating around the web and unpatched machines will get hit fairly quickly. Patched machines don't even see these viruses and so the vast majority of users assume that these viruses have died out. They haven't; people are just protected against them. Eventually the same will be true of this particular version of XCP software; Microsoft has announced that their malicious software removal tool will detect and remove this pest and, eventually, the kernel will be hardened against this threat. In the meantime, someone, somewhere, is concocting a completely novel attack that will surprise everyone - until it's patched against and we go back to waiting for the next thing. And on and on it will go.

So I'm watching two things - Sony's Sunn Comm media, which is as bad as XCP, just not as well known and the progress of the various lawsuits. I'm not sophisticated enough to watch the stock market, but I've asked my cousin (who's a financial planner and manages what few investments I have) to let me know if any of this turns into an economic down-turn for Sony. So far it hasn't.

Important sites related to the Sony rootkit mess:

No comments: