Sony BMG, a company that makes a variety of consumer electronics such as the Walkman, CD / DVD drives and burners, has released a product called XCP (eXtended Copy Protection) that prevents copying musical materials from the media onto the computer. According to investigators, XCP uses rootkit technology to run spyware applications to manage the digital rights software.
A rootkit is a software package that modifies core system files to perform an undocumented feature -- often with negative side effects. For example, you can modify the DIR command so that instead of just performing a directory listing, it will also email the contents to another user, without any trace to the operator in front of the computer. For greater details, see wikipedia about rootkits.
Researchs found that XCP features a number of Spyware like behavior, such as installing materials to your computer without a EULA (license agreement), not providing a means to get rid of the installed materials (if you un-install the software package, you cannot get rid of this subsystem without reformatting!), and it sends data about the user's habits without permission!
A system administrator named Mark Russinovich wrote up a detailed examination of Sony's features on his website:
There, you will find information how to detect the rootkit, along with a description of what he had to do to get rid of it. The tools he used, and the methodology invoked are far above and beyond your average Windows user.
It appears that Macs and Linux are immune, as the registry edits and specific kernel files on these platforms are outside of the Windows' paradigm. The article also notes that Windows systems ship (and most software instructions *expect*) with AutoPlay functional. All you need to do is slip in a CD-ROM with some code on it, and AutoPlay will go crunch through whatever instructions, and install stuff, without any decision prompting by you, the owner and user.
This is a very serious issue: the installation of behind-the-scenes software without user's knowledge. The software spys on what you have running on your machine; it uses your internet connection to contact Sony for updates, and it provides a means for other people to hook into this technology to install other hidden programs on your computer.
This really sucks, and in my professional opinion, completely unethical on Sony's part to develop such a process and bring it to market.
As I was writing this article, I found out that Sony has issued a patch to reveal the hidden files that are automatically installed to hard drives. You can find more information here:
That is all nice and good, but the copy protection software remains, along with the processes (spyware), and the drain on your system's resources.