Monday, November 21

What the heck is a "rootkit" anyway?

If you've been reading papers, blogs, or the web or watching TV (even listening to radio) over the past three weeks, you have probably heard this word being bandied about -- "rootkit." Sounds more like a garden tool than a hacker tool to me.

Why do you bring up such a dry, mundane, technospeaky topic, Bill?

Well, faithful reader, it seems that in its efforts to preserve its bottom line (and effectively piss off its customers), Sony has bundled its "XCP Content Protection" software onto several of its music CDs, primarily being distributed through BMG. Apparently, when customers play the CDs on their computers, the "rootkit"-like DRM software is installed without their knowledge. It was meant to limit the number of times songs could be copied or "ripped."

Well, they got caught, which isn't the worst part. Apparently, the rootkit leaves your PC vulnerable to hackers, and what's worse is the uninstaller or "patch" that Sony provided leaves an even bigger security hole. Surely that must be the worst of it, you say. Sorry, there's more.

The worst is that Sony tried to downlplay the risk and denied that the rootkit creates problems. In all the hubbub, it's also been discovered that the rootkit software is also sending information back to Sony about how the media is being used. Basically, they're spying on customers.

The results so far are that Sony CDs have been banned from the workplace of many companies and gov't agencies, Sony's DRM has infected over 500,000 computer networks including those belonging to the military and the government, and a class-action suit has been filed against Sony.

Umm, kind of a big black eye to sport going into the holiday shopping season, don't you think? So, take it into consideration as you shop for gifts for your loved ones.

If you're interested in more details about how this developed, there's a great summary on Boing Boing.

And to see the list of CDs containing the "rootkit," click here.

No comments: