Sony CDs secretly install spyware
Sony is spying on thousands of listeners who buy and play its music CDs on their computers, a leading computer security firm said yesterday. Computer Associates International Inc. said that new anticopying software Sony is using to discourage pirating of its music also secretly collects information from any computer that plays the discs.
Of ourse it doesn’t do any good just to collect the data, does it:
But Computer Associates said the antipirating software also secretly communicates with Sony over the Internet when listeners play the discs on computers that have an Internet connection. The software uses this connection to transmit the name of the CD being played to an office of Sony’s music division in Cary, N.C. The software also transmits the IP address of the listener’s computer, Computer Associates said, but not the name of the listener. But Sony can still use the data to create a profile of a listener’s music collection, according to Computer Associates.
“This is in effect ‘phone home’ technology, whether its intent is to capture such data or not,” said Sam Curry, vice president of Computer Associates’ eTrust Security Management unit. “If you choose to let people know what you’re listening to, that’s your business. If they do it without your permission, it’s an invasion of privacy.”
Yikes! This idea REALLY sucks! But wait! It’s even worse:
In late October, a well-known Windows computer engineer, Mark Russinovich, stumbled across the Sony software on one of his personal computers while running a security scan. Russinovich had used the computer to play the Van Zant CD, not realizing that it had installed the anticopying program. When he tried to remove it, Russinovich found that the program lacked the ‘uninstall” feature found in most Windows software. Indeed, key components of the software hid themselves deep in his computer by applying the same techniques used by data thieves to conceal their activities. Even a skilled user who identifies the correct files can’t safely remove them, said Russinovich. ‘Most users that stumble across the cloaked files…will cripple their computer if they attempt the obvious step of deleting the cloaked files,” he wrote on his technology website, SysInternals.
Computer Associates yesterday concurred with Russinovich’s assessment. Curry said Sony has made it so difficult for listeners to uninstall its software that some could lose all their data in the process. “It can damage the operating system and the operating system’s integrity, so it can’t reboot at all,” Curry said. “As an expert in security, I can say this is bad behavior.”
Indeed, Computer Associates has added the software to its list of spyware programs that collect personal information from computer users without their permission.
Russinovich also said that a patch Sony and First 4 released Friday to stop the software from hiding inside computers malfunctions and can cause an irreparable loss of computer data.
H/T to Strange Women Lying in Ponds.