Looking for writing-related posts? Check out my new writing blog, www.larrykollar.com!

Wednesday, November 02, 2005

The Latest Outrage: Sony music CDs install malware

Current Music: HBR1

If you’re not outraged, you’re not paying attention. — A bumper sticker


Mark Russinovich obviously knows his way around a Dozebox. So when his rootkit detector turned up something nasty on his computer, he went hunting (extremely technical article alert). He eventually tracked the culprit down to a Van Zant CD that added a few sour notes to the music. The upshot is:
  1. If you have autorun turned on, insert this CD into a Dozebox and it automatically installs something calling itself “digital rights management (DRM) software,” along with a special media player, somehow forgetting to tell you it’s happening or to give you a chance to say no.

  2. The DRM software — bah, let’s call it what it is, malware — wedges something called a “lower filter” between the normal CD driver softare and whatever applications access the CD drive. Its purpose in life is to prevent you from ripping the music into iTunes, or WMP, or whatever, and limiting the number of copies you can make.

  3. Because of the “lower filter,” if you try to remove the malware using standard spyware cleanup tools, you end up with a disabled CD drive.
Mark describes the malware, supplied by a British company calling itself First 4 Internet, as “poorly written.” One of the people commenting on his article did a little digging and found that one of the principals of First 4 Internet is a former Sony director — no surprise there. Having a crony on board beats having a quality product any day, especially when you’re pulling something shady like this.


Fortunately, there are ways around these problems. The easiest way is to simply not purchase music CDs that have copy-protection or “digital rights management” software (i.e. they want to “manage” your rights). Second easiest is to not use Microsoft operating systems (malware tends not to be a problem on MacOSX or Linux right now), although I certainly have no intention of supporting Sony’s behavior anyway.

If you have to use that particular operating system, there’s a way to disable autorun if you’re not using XP Service Pack 2 (which turns it off by default). This is a kind of scary way to do things, though: if you mistype something in regedit you can really hose a PC. An easier way to do it is to hold down the Shift key when inserting a CD, which turns off autorun until next time, although you have to remember to do it each time.

Sheesh. I thought we’d fought (and won) this battle back in the 1980s with software companies and copy-protection. Deja vu all over again. Oh well. In the next couple of years, we’ll have to replace our TV. You can bet the new one won’t be a Sony. Eventually, I want to upgrade to a nicer camcorder... but not a Sony. I was thinking about getting one of those minidisc thingies; now I’ll do something else. New headphones to replace the broken ones? I can’t trust Sony, so I won’t deal with them.


I've written about the ongoing shift from the old consumer paradigm to the new creator-consumer paradigm before. Telling it like it is: Sony (and the other record companies) are scared to death of the wrong thing — while they go after kids swapping music, technology is letting people make their own music and share it at will. Not just music, but movies and books as well; ironically, Sony actually makes some halfway-decent music and video software for the PC crowd. But as long as the Sonys of the world insist on using courts and bought-and-paid-for congresslime to force us to give up control of our hardware to them, instead of trying to cope with reality, all they’re going to do is hasten their own demise.

So why fight? Why not let them cut their wrists and bleed to death quietly? It’s not like their DRM malware runs on my computer, after all. That’s an easy one: it’s not going to stop with a half-baked installer. I remember reading, but can’t find the reference off-hand, that the eventual goal of the record companies (and perhaps the movie studios) is to collect royalties every time you listen to a song — just like they do with radio stations now. To get that intrusive, they need to be able to take over at least some of the hardware so they can control what you can and can’t play. Indeed, about two years ago they attempted to ram a law through Congress mandating DRM controls on hardware. It failed, not because Republicans care a scrap about consumer rights, but because the hardware manufacturers objected to the added expense and potential public-relations fallout.

Now if record companies could control your computer, what would stop them from blocking free music from the growing number of artists placing their work online? That’s what it would come to: eventually, they would wake up to the real threat to their revenue and find the solution already at hand.

We can object all we want to, but the only thing that will put an end to this creeping corporate encroachment is one thing: crates of copy-protected music CDs coming back to their warehouses from stores, because nobody’s buying. That’s the only thing that killed software copy-protection, and it’s the only thing that will kill music copy-protection.

1 comment:

  1. FYI... I think that bumper sticker reference may be from Radiohead's 'Hail to the Thief' CD. Excellent CD, btw.


Comments are welcome, and they don't have to be complimentary. I delete spam on sight, but that's pretty much it for moderation. Long off-topic rants or unconstructive flamage are also candidates for deletion but I haven’t seen any of that so far.

I have comment moderation on for posts over a week old, but that’s so I’ll see them.

Include your Twitter handle if you want a shout-out.


Related Posts Plugin for WordPress, Blogger...