After the previous follow-up, here’s some more thoughts and info from others:
- Wired is one of the sites reporting that the rootkit used open-source software:
It turns out that this music player contains components from an open-source project, an MP3 player called LAME.
- Pamela Jones over at GrokLaw wonders if Sony’s downloadable music has similar rootkit issues:
Sony’s choice for format restricts consumers to its own hardware - a complaint the paper also makes about Apple, though at least iTunes does permit you to rip CDs to MP3 for transfer to other brands of player. Sony’s SonicStage software does not support MP3 and “it defaults to storing music in an invisible, deeply buried sub-directory”, the paper warns….
Invisible sub-directory? Hm, sounds familiar.
- Dan Gillmor points out the lies upon lies in this story:
At this page, Sony has a list of music CDs it says were infected with the “rootkit” malware that secretly installs hackable, dangerous crap on customers’ computers. (No, Sony doesn’t use these these words to describe what it prefers to think of as anti-infringement protections.) There are 52 CDs on the list.
Go listen to this report on NPR from November 4, a few days after researcher Mark Russinovich started blowing the whistle on the company’s sleazy behavior. The reporter, Neda Ulaby, quotes Thomas Hesse, president of Global Digital Business for Sony BMG Music Entertainment: “He says only about 20 CDs have the software.”
And of course the fun of the virus scanners and such not noticing this thing for over a year and various people wondering what other record companies might be putting on their CDs that we haven’t noticed yet.
Here’s hoping more and more media will pick up on this and let it backfire at Sony and friends, let this be their bridge too far.
http://i25.photobucket.com/albums/c74/comic_foxtrot2/lft051121.gif
Yeah, almost…