No, Sony. Bad, Sony!

You may or may not have heard about the so-called Sony rootkit. I had previously read some about it when the story first broke in early October, but recently Boing Boing published a roundup of the whole Sony Rootkit fiasco. I’m pleased that Texas, along with California and the EFF, are already suing Sony over this.

If you’d rather not read through that whole article, let me summarize: On October 31 a blogger, uh, blogged that he discovered harmful software on Sony BMG audio CDs. Sony owns several of labels, such as Columbia and Epic. If said CDs were inserted into a Windows computer CD drive, the user is asked to agree to a vague EULA. At that point the CD installs software on the user’s computer to restrict the user from making copies, and hides the software from the user. This software uses a rootkit to hide itself. It opens a dangerous security hole that allows anyone to very simply hide files on the user’s computer. If a user does happen to find it and remove it, his/her CD drive is disabled. Oh, and the software installs itself even if you click “I Decline.”

At first, Sony didn’t admit to doing anything wrong. Then it finally released an uninstaller program. However, it didn’t use it’s secret software to notify users that they had it on their computer, nor did they remove CDs from shelves that used this technology, called XCP. The uninstaller, however, was very difficult to obtain, required your personal information (that they can use for marketing), and required an ActiveX control that later proved to be yet another security vulnerability. For that reason, Sony later stopped offering the uninstaller.

Three weeks after the story broke, Sony was still advising customers to install their software, although they had finally pulled the CDs from shelves. Oh, and the other software that is on the CDs that is used for bonus content causes Macs to crash. They still haven’t admitted any wrongdoing or apologized to their customers.

To add insult to injury, Sony’s EULA is extremely restrictive. By law, you are allowed to make a copy of your CDs for personal use. However, Sony’s EULA requires you to delete these copies if:

  • Your CD is lost or stolen
  • You move out of the country
  • You refuse to update your software
  • You file for bankruptsy

Oh, and there is strong evidence that their software violates copyright law because it uses code released under the LGPL and doesn’t credit the authors. Remember, the point of Sony’s XCP was to protect copyrighted music.

This is not Sony’s first demonstration of its contempt for its customers. Recently they re-vamped their Star Wars Galaxies game, doing away with the two-year-old version. Players of the original version don’t get a refund if they prepaid for their subscription, even if they don’t want to play the new game. Sony also recently gained a patent on technology that allows them to limit video games to being played on one console. So if you buy a game, you can’t lend it to a friend, or sell it to Half Price Books, or play it on your new console in the event that your old one gets stolen or broken. They promise not to use it for PlayStation 3. Pinky promise.

I have gone on long enough, but I want to ask anyone reading this not to purchase Sony products this holiday (Christmas) season. I know I won’t, for fear of what they’ll do to me if I do.

Comments are closed.