Blog

This can be Sony's worst nightmare: first, Sony decided to distribute a rootkit in there music CDs, to be installed in your PC (without your knowledge), in order to hide is DRM software; second, Mark Russinovich discovered the existence of this rootkit, and make it public, which make people start to scream at Sony; third, someone took advantage of the rootkit and wrote a trojan codenamed Stinx-E, able to hide from Windows, so impossible to be detected and cleaned; fourth, Sony decided to provide an uninstaller to allow people to erase the rootkit, but this uninstaller raised new security holes; and finally, it seems Sony used some LGPL code, without delivering the source, so breaking copyright:

It turns out that the rootkit contains pieces of code that are identical to LAME, an open source mp3-encoder, and thereby breach the license.

This software is licensed under the so called Lesser Gnu Public License (LGPL). According to this license Sony must comply with a couple of demands. Amongst others, they have to indicate in a copyright notice that they make use of the software. The company must also deliver the source code to the open-source libraries or otherwise make these available. And finally, they must deliver or otherwise make available the in between form between source code and executable code, the so called object files, with which others can make comparable software.

Sony complied with non of these demands, but delivered just an executable program. A computer expert, whose name is known by the redaction, discovered that the CD "Get Right With The Man" by "Van Zant" contains strings from the library version.c of Lame. This can be concluded from the string: "http://www.mp3dev.org/", "0.90", "LAME3.95", "3.95", "3.95 ".

So, after all the fuss around this issue, Sony decided to allow people to download an uninstaler for is DRM software. All you have to do is fill a form, download the software and run it. Know that you know that, don't do it. People from Freedom to Tinker found out that if you install Sony uninstaller in your PC, you are opening a huge security hole. Malicious users can execute code in your PC, all you have to do is visit one of there websites. Where (and when) is this going to end?

There are a lot of different definitions for what is Web 2.0. Wikipedia as one, Tim O'Reilly another, and there is even a cumulative definition. Maybe Web 2.0 is about this: peer-to-peer services, where your peers helps you getting what you need, and in return you help your peers by participating. And this can be used for viewing television and videos over the internet, with Tioti (Tape If Of The Internet), for writing and reading stories, with Glypho, or for finding interesting stories with Digg. What I really now is that, like Mark Evans, I'm drowning in Web 2.0 apps.

Via pfig, Media Central (inspired by Front Row and CenterStage).

So, Sony installs a rootkit in your PC when you buy a CD from them, in order to implement his DRM.

This was discovered by Mark Russinovich in October (highly technical post). In my personal opinion, this an unacceptable behavior, and I'm not alone: Frederico Oliveira wrote what I consider to be the first anti-Sony manifesto, which I totally subscribe.