By now, you've probably heard the news that Sony, the media giant, has been quietly installing hidden software on PCs, when people buy music albums published by Sony BMG Music, and try to play them on their computers. The software, called Extended Copy Protection (or XCP) uses rootkit techniques similar to those used by viruses, Trojan horse programs, and spyware to hide the fact that it is installed from the user.
The discovery, by security expert Mark Russinovich (whose outfit, Sysinternals.com, makes several free Windows utilities I find invaluable in diagnosing spyware infestations), details how Sony uses commercial software that automatically installs itself when you put a music CD in a Windows PC's CD drive.
Russinovich's own anti-rootkit software, Rootkit Revealer (a free download), as well as the Blacklight rootkit detection utility (made by F-Secure, an antivirus company, free until the end of the year), now detect the software used by Sony, which was licensed from a British firm called First 4 Internet.
The bigger question people have got to ask is, does Sony not respect the integrity of the computers of its customers? This cavalier act of sneaking software onto PCs not only violates our own Prime Directive -- it's our PC, dammit -- but threatens the entire music industry.
After all, if you suspect that a commercial CD will install software secretly, which you won't be able to remove and which, itself, may increase the already-great security problems of your Windows PC, would you continue to buy CDs?
I'll tell you right now, I won't. I'd much rather buy an unrestricted copy of a song electronically, using iTunes, or Rhapsody, or one of the other music services that offer this feature, than take a chance that some music disc will stick some hidden files in my Windows folder, which I can't see or remove.
Sony has dealt itself a serious blow, and the best thing it -- and the rest of the music publishers -- can do right now is condemn this practice, apologize to the customers that were affected, provide a method to get this junk off affected PCs, and make declarations that they will never, ever do this again.
I don't think they will. And if they don't, I simply won't buy CDs anymore. Period. From any publisher. And I recommend that you don't, either. As a fan of music who respects the need for artists to make a living, and a security-savvy PC user, I'm incensed that Sony -- any company -- would think it's OK to do this. It's not. But the only way (I can see) to send that message effectively to Sony BMG executives is to vote against CDs with my wallet.
Sony was crucial in creating the CD format more than 25 years ago. In this age where every purchasing choice we make affects the level of control we have over our PCs, they seem to be committed to killing it.