Since Hallowe'en, we've been posting the details about he revelations relating to Sony's DRM systems, which show jaw-dropping contempt for their customers, for copyright law, for fair trading and for the public interest. With all these posts strung out over a couple weeks, I thought it was high time we put together an omnibus post, summing up all the posts to date:
- Oct 31: Sony DRM uses black-hat rootkits
- Mark Russinovich, a security researcher, discovers that Sony has been sneakily installing "rootkit"-based DRM on their customers' computers. Rootkits are black-hat hacker tools used to disguise the workings of their malicious software. Removing Sony's rootkit nukes your Windows installation.
- Nov 3: Sony releases de-rootkit-ifier, lies about risks from rootkits
- Sony announces a "service pack" for its rootkit DRM. It deceptively downplays the risks the rootkit presented. It turns out that the remover doesn't actually work, either.
- Nov 3: Felten on Sony's rootkit-"remover"
- Princeton DRM researcher Ed Felten analyzes Sony's rootkit "remover" and concludes that it's a hunk of junk: "they're almost certainly adding things to the system…they're not disclosing what they're doing."
- Nov 3: Defeat WoW spyware using Sony's rootkit
- Warden, a program used by Blizzard to scour World of Warcraft players' system and report on the contents to the company can be defeated with the Sony rootkit. Blizzard claims that Warden only detects a few programs that facilitate cheating, but researchers have found evidence to the contrary.
- Nov 8: Defend against Sony's rootkit with DRM-ripping software
- AnyDVD, a DVD-ripping program, advertises that it can also inoculate you against the Sony rootkit.
- Nov 9: List of CDs infected with Sony's rootkit DRM
- EFF releases a partial list of CDs believed infected to infected with Sony's rootkit. Buyer beware — you're better off buying music from someone else.
- Nov 9: Sony's EULA is worse than their rootkit
- EFF attorney Fred von Lohmann analyzes the license agreement that accompanies Sony's rootkit DRM (that's right, a license to listen to an audio CD!). It is unbelievably outrageous, the kind of thing that makes you want to get a torch and a pitchfork and head over to the nearest Sony office.
- Nov 9: Wanna sue the pants off Sony?
- EFF is looking for people who bought rootkit-infected CDs to join a potential lawsuit against Sony
- Nov 10: Sony Music CDs infect Macs, too
- Mac users shouldn't be smug — Sony's audio CDs also contain an app that patches OS X's kernel with unspecified restriction-software; though Mac users have to take a few more steps before their computers are compromised
- Nov 10: Fantastic screed against the coders who wrote the previous Sony DRM junk
- This isn't the first time Sony's been caught doing crap like this; the last time around a geek wrote an amazing rant excoriating the coders who helped Sony write its anti-customer malware
- Nov 11: Sony will stop shipping infectious CDs — too little, too late
- Twelve days after being caught using rootkits, Sony announces that it will stop shipping rootkit-infected CDs. No recall of the existing rootkits, though — and Sony doesn't come close to apologizing. Buying Sony CDs is a great way to screw up your PC, but a lousy way to acquire music.
- Nov 12: Sony's *other* malicious audio CD trojan
- Princeton DRM researcher Alex Halderman reports on the other malicious software found on Sony CDs, a Suncomm product called MediaMax. MediaMax is a vicious little bug, which spies on you and reports on your deeds to the mothership.
- Nov 12: New Sony lockware prevents selling or loaning of games
- Sony patents a piece of software that can prevent you from playing a game that's been inserted into one console on another console; speculation is that this is destined for the PS3. Kiss game rentals, loaning and re-sale goodbye. Also, if your PS3 breaks or is stolen, you might as well toss out all your games, they're useless without it.
- Nov 13: Sony's malware uninstaller leaves your computer vulnerable
- A Finnish researcher discovers that the "uninstaller" for Sony's rootkit leaves a ton of crap behind that hackers can exploit — he can reboot your computer just by getting you to load a web-page
- Nov 13: Sony's rootkit infringes on software copyrights
- There are strong indications that Sony ripped off a Free Software-based library called the LAME Encoder for its rootkit. The LAME Encoder is licensed under the Lesser GPL (LGPL), which was released for free re-use by public spirited programmers who merely requested that they be acknowledged. In Sony's zeal to protect its copyrights, they had no compunction about clobbering the copyrights of those software authors.
- Sony lied about its rootkit. They said it didn't phone home with information about your deeds. It does. When they were caught in the lie, they said that they didn't pay attention to the information it sent back, so it's OK
- Microsoft is building a Sony rootkit-remover into its anti-spyware product
- Lawsuits against Sony are already underway in Italy and the US
- At least one piece of malicious software that exploits Sony's rootkit has been discovered in the wild
Update: Christopher sez, "You missed one in your Sony timeline that I think is excellent. A call from Dan Goodin over on Wired to boycott all Sony products until they make amends…"
Update 2: Rob sez, "This a reference to the NPR interview where Sony BMG Global Digital Business President Thomas Hesse puts his foot in it saying, 'Most people, I think, don't even know what a rootkit is, so why should they care about it?'. The NPR interview aired Nov 4."