Sony Rootkit Scandal

Sony distributed spyware with its Music CDs last year. I heard of rumous at that time, but I didn't pay attention to this scandalit. Today after I read the documents about it and found it is big because Sony is big, and usually people trust big companies.

Those Music CDs are equipped with XCP software. You can still play them using CD Player as usual, but if you put them into computer, the computer will install XCP software automatically from the disks. Consequently, all the activities of CD will be monitored by XCP software. If you tried to copy music, or do anything not permitted by Sony, this XCP software will stop the action. Yes, the intention of this software is to protect the copyright of CDs. "XCP" stands for Extended Copy Protection.

Looks fine, right? But the software is installed without user's permission. According to Wiki, The software is installed silently before EULA(End User License Agreement) is showed, which means, when you see the EULA, although you don't agree onwith it, the software is installed already. Actually EULA doesn't mention this software at all. And, there is no easy way to uninstall it. Manually uninstall it might lead to defuntionmalfunction of your CD Drive.

These areThis is not the main reason why we call it "spyware". To conceal itself, this software changes system files (Microsoft Windows and Mac OS) so that it is not shown up in the system. The intruded system will hide any process/file/registry key if the processfile/registry key name begins with "$sys$". This is how we call it "rootkit". It has the root privilege to hide itself from being detected. With this privilege, this software can do anything it likes! It is reported that personal information was sent to Sony website by this software.

Ten days after it was discovered by Mark, virus which takes advantage of this software was found in Internet: The virus has the name start with "$sys$", so if your computer installed XCP, you can't detect this virus by any means.

This is not the whole story. Sony had to give out uninstall software under presure, but the uninstall software was found with a bigger problem. It doesn't uninstall anything. It simply shows/reveals the hidden files. The worse is that it installs aditional software that can not be uninstalled. (More on Sony: Dangerous Decloaking Patch, EULAs and Phoning Home)