I was reading a blog a few minutes ago and just came across this. It appears that Sony BMG is installing a program called "Rootkit". It happens when you listen to a music CD on your computer. Apparently there is a stipulation in the EULA.

Sony CD protection sparks security concerns

By John Borland
Staff Writer, CNET News.com
Published: November 1, 2005, 2:15 PM PST

Mark Russinovich was doing a routine test this week of computer security software he'd co-written, when he made a surprising discovery: Something new was hiding itself deep inside his PC's guts.

It took some time for Russinovich, an experienced programmer who has written a book on the Windows operating system for Microsoft, to track down exactly what was happening, but he ultimately traced it to code left behind by a recent CD he'd bought and played on his computer.

The SonyBMG-produced Van Zant album had been advertised as copy-protected when he'd bought it on Amazon.com, and he'd clicked through an installation agreement when he put the disc in his computer. What he later found is that the software had used a sophisticated cloaking technique that involves a "rootkit"--something not dangerous in itself, but a tool often used by virus writers to hide all traces of their work on a computer.

"We're still trying to find a line between fair use and digital rights management, and it is going to take issues like this, with discussions between lawmakers and industry, to come up with what's fair and honest," Russinovich said. "But I think this has gone too far."

Russinovich posted a detailed step-by-step account of his findings on his blog, drawing immediate criticism of SonyBMG's technology from some inside the security software community. The passionate response underlines the power copy protection retains to inflame emotions and spark bitter debate, despite the growing string of chart-topping albums that have been released over the past year with the protections included.

A handful of security companies weighed in on the issue, saying the rootkit could present a possible--if still theoretical--risk to computers.

I am not supporting or condoning music piracy, but Sony BMG has no right doing this.

Sony's mess keeps getting bigger

November 10, 2005 7:08 AM PST

Sony's PR woes just keep coming.

The media giant has taken heat recently for a bit of software included on its music CDs that was intended to prevent users from copying songs. But that software came with a little item called a rootkit, which installs itself on a user's hard drive and hides from view. Besides being sneaky, the rootkit can pose a security risk for users, since malicious software can use it to hide from antivirus detectors.

An uproar ensued, and while Sony tried to repair the damage by issuing a patch, not everyone was appeased. This week some antivirus companies said they were issuing tools to identify, and in some cases remove, the software.

In the latest developments, a class-action lawsuit has been filed by consumers in California who claim their computers have been harmed by the software. And the Electronic Frontier Foundation has taken a fine-tooth comb to the company's end user license agreement, pointing out some of the more outlandish claims.

Blog community response:

"Probably the most damning part of this spyware definition are the following sentences: 'Includes mechanisms to thwart removal by security or anti-spyware products. Cannot be uninstalled by Windows Add/Remove Programs and no uninstaller is provided with application.'"
--Things that...make you go hmm

"To me, this seems as convoluted as anything I've seen. Why would Sony have to make sure you can only uninstall from the PC you send the original request from? Why the hoops? Why not a big 'Uninstall your DRM HERE' link on their Sony BMG front page or at least a link to a FAQ? It seems like they want to make themselves look worse and worse."
--Real Tech News

"The folks at the EFF went through it and pulled out some of the more ridiculous terms. By far, the absolute best term in the EULA is that if you file for bankruptcy, you need to delete the music."
--Techdirt

"The music companies are like high-strung obnoxious rock-stars -- they need a buffer, like an agent or a retailer, to sit between them and the people who pay them. If we were to have to deal with the music oligarchs directly, the experience would be so toxic that 100 percent of the world would turn into Kazaa downloaders in 30 days."
--boingboing

Posted by Margaret Kane

If you have recently played a Sony BMG cd on your computer, you need to be aware of the potential security concerns.

Read More:

C|NET BLOGMA

C|NET News

Just a quick post to welcome you to my new blog and to say "Thanks" for stopping by. I hope to have my archived posts on here shortly, so be sure to check back soon...