Sony's Bad Move

by Bob Seidel

As I mentioned at the end of last week's column, Sony has taken a step to significantly escalate the issue of control of their intellectual property rights. Fortunately (to jump to the end of the story) Sony has received intense negative pressure and just agreed to stop issuing CDs with the XCP protection technology. Here is what it's all about.

To understand what is going on, you need to understand two terms: "Autoplay" and "rootkit". In an attempt to make PCs easier to use, Microsoft implemented the Autoplay feature in Windows XP. Usually it works quite well. The idea is that when you insert a removable medium, such as a CD, DVD, digital camera memory card, etc., Windows attempts to determine what is on the medium and to automatically start up the appropriate program to handle it. If, for example, the medium is a music CD, your default music player is started and the CD automatically plays. If Windows can't determine what to do, it asks.

If you are installing a program from a CD, Autoplay will automatically start the setup program, and that is where the problem lies. In this case, Sony has included a setup program that installs in your PC without your knowledge when you insert the CD - even though it is a music CD. Back to this in a minute.

The term "rootkit" refers to techniques to bury program or code in files that are hidden so deeply that Windows will not show them. The term "root" has its origins in UNIX systems - the root user has the maximum privileges of any user - he can do anything. In this case, the "rootkit" permits files to exist on your hard drive that are totally hidden - they cannot be seen by any normal technique that a program or user would use to examine files. But they are there, and they are functional.

The rootkit that Sony used was so hidden that it went undiscovered since March. Sony had released about 20 titles with this code, and it was only recently that it was detected. What the code does is still not fully understood, but it is believed to limit the number of times that the CD could be copied, and it will not allow downloading of the songs to an MP3 player or iPod. The program also "calls home" - making a connection through the Internet to Sony every time you play the CD. Scary stuff.

But the larger issue is that the "bad guys" (virus and spyware writers) have found that they can easily use the Sony rootkit by just installing their own bad code using Sony's file names. At least three instances of malicious code using the Sony rootkit have already been found. Sony has been called "inept" by industry techies for allowing this to occur.

Sony has now apparently agreed not to use this copy protection any more (at least for now), and have issued some directions to users and anti-spyware companies on how to eradicate it. But if you remove it, the CD you bought will not play. And stock still exists on the store shelves.

To protect yourself from this kind of intrusion, I would recommend that you turn off Autoplay. The easiest way to do this is to download one of the Microsoft Powertoys programs from www.microsoft.com. Search for Powertoy, and download the TweakUI program. When you run it, select My Computer / Autoplay / Types from the menu and uncheck the two boxes at the top of the window. But if you do this, whenever you insert a CD or DVD, nothing will happen. You will have to manually start the appropriate program, or start the Setup program on the CD if you are installing a program. That is not something that the usual PC user can do easily, so don't take this step lightly.

As have been warning for months now, the "labels" are going to make it harder and harder for inappropriate copying of their property. But in striving to protect their perceived rights, they are going to hurt and inconvenience all users - and that is just not right. As these things progress, remember that your only method to fight is your wallet. Don't buy from companies that have stepped over the line, as Sony has this time.

(Bob Seidel is a local computer consultant in the Southport - Oak Island area. You can visit his Website at www.bobseidel.com or e-mail questions or column ideas to him at bsc@bobseidel.com. For specific inquiries, please call Bob Seidel Consulting, LLC at 278-1007.)