Dennis D. McDonald ( consults from Alexandria Virginia. His services include writing & research, proposal development, and project management.

What is a "rootkit"? (Sony and DRM)

What is a "rootkit"? Till this morning I didn't know. Then I read about Sony's use of "rootkit technology" for implementing their Digital Rights Management (DRM) system from their "protected" music CD's.

I've already written questioning articles about this type of CD based copy protection. My concern initially was that online retailers were not always telling potential purchasers about the DRM software status of individual discs.

This "rootkit" situation is more serious. When you buy a "protected" Sony CD and try to play it on your PC, you must agree to abide by the license agreement that pops up in a window informing you that special software will be installed to enable you to use the CD you just bought.

What Sony hasn't been telling you is that, when you click on the "agree" button, the CD actually install hidden software in your Windows operating system that is not only hidden from view but also (a) hides other software from view, (b) takes up system resources even when you are not playing a CD, and (c) provides no "uninstall" instructions that can be used by non-geeks.

If you read Mark Russinovich's article, you begin to understand that what you may have inadvertently installed on your computer is similar in some ways to a virus:

"Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden..."

In other words, Sony's DRM software not only prevents you from legally using their product but it also increases your computer's vulnerability to attack from unscrupulous hackers.

I assume that Sony will scramble to repair this situation. They already publish information on their web pages about how to crack their DRM, and there will probably be a press release.

There are additional issues that a press release alone won't address:

  1. This type of publicity gives "copyright protection" a bad name. Copyright law is a good thing. What Sony is doing has less to do with copyright than with its desire to control post-sale product usage.
  2. The artists who are handled by Sony need to distance themselves from this. They should NOT want to be associated with products that increase the vulnerability of the computers owned by the people who are buying their music.

Sony's competitors could, if they wanted to, have a field day with this. I can see it now -- big yellow stickers on CD jewel boxes with the words, "Just Say No to DRM," or maybe something like "Certified 100% DRM Free!"


Is The New Santana Album Infected?

Cassini Huygens Update