I don't know if anyone has been following this, but for those of you who have collections with CDs, be aware that there is a potentially fatal problem with the new anti-piracy software that comes with new Song/BMG titles. These CDs come bundled with their own player, which has to be installed in order for the CD to run. This program then limits the number of copies that can be made from the CD to three. However, in doing this it also installs a rootkit.
Rootkits, according to Mark Russinovich, who writes a computer blog, are "cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden." What this rootkit does is actually rewrite parts of the code on your OS. Trying to delete these files may cripple your system, and may leave it vulnerable to other viruses and worms that capitalize on security weaknesses in the new code. It may also lead to the "Blue Screen of Death" and potential loss of data.
Note that nowhere in the licensing agreement we all click without reading does it say that using the CD will alter your OS or rewrite your computer's code. It is also very hard to get the uninstall program from Sony, and it doesn't seem to work very well if you do get it.
The original problem was noted in Russovich's blog:
Sony, Rootkits and Digital Rights Management Gone Too Far
and its follow-up:
More on Sony: Dangerous Decloaking Patch, EULAs and Phoning Home
It has also been covered by several news outlets and on IT security websites:
Sony Rootkit or Aggressive DRM?
Hackers Raid Sony's Playbook
(this has good links to other ariticles [sic] as well)
Because libraries buy and circulate CD copies to mulitple users, you may want to take a look at the CDs in your collection and avoid these. Apart from the spyware and privacy aspects, this is potentially a huge security problem, and may actually cause Windows PCs to fail. Caveat emptor.
I haven't had time to look into whether or not we have any of these CDs. There is a list that is making the rounds on slashdot and elsewhere. I'm not sure if there is any way to tell if they have this software before ordering them, but it might behoove us to look into it. It won't really be a problem for old fogeys like me who rarely listen to CDs on a computer, but our patrons who do might be understandably irritated by this. Thoughts?
3 comments:
Definitely something to look out for. There's probably something on the packaging that gives the info but it might not be easily noticable when just ordering from where ever. I do know a title that (unbeknownst to the artist) was issued recently in that format, so I'll do a little investigating.
Another example of how "big media" just doesn't get it. Or gets it and doesn't like what it sees.
Ok, I did an unscientific study of 5 major online retailers and only 2 (Amazon and Barnes and Noble) indicate that a cd is "copy protected". They don't give the specifics of what the protection will do, but at least its something. The other 3 (Walmart, Best Buy and Borders) don't give any obvious indication that the product is protected. So definitely an issue when purchasing online for multiple users like library circulation.
The CD I know is protected in the way Tessa mentioned in the post is called "Z" by My Morning Jacket if you want to see what the notifications do or don't look like.
Sony has now decided to stop using this particular type of protection on their cds. Not that that helps all the folks who now have the files stuck in their registries. Or buy the thousands of copies of the protected cds that are already out there.
Story from cnn.com.
Post a Comment