This isn't going away anytime soon, if ever. Sony's use of rootkit technology in DRM software on some of their CD's is causing an uproar all over the blogosphere. People are calling for a boycott of Sony products, not just CDs, but all Sony products. There's even a Boycott Sony blog. Sony has been blasted not only for using the rootkit in the first place, but for their poor response to the public outcry. Ed Bott had some advice for Sony last week, but alas, they didn't seem to listen.
Fire First 4 Internet immediately and publicly.
Remaster the CDs with DRM-free versions.
Offer free replacement CDs to anyone who purchased one of the rootkit-infected CDs.
Provide toll-free tech support for anyone who experiences a problem with their Windows computer that they think is related to this software.
Instead, Sony execs have continued to minimize the problem and deny what Mark Russinovich proved, that the DRM software is phoning home and transmitting information without proper notice and consent. One antivirus vendor has already labeled the software as spyware. Even law professor Eric Goldman agrees on this point.
In my previous post, I said that Sony’s software wasn’t spyware. However, if the software is reporting back information about each user’s behavior, and that reporting back feature wasn't disclosed, then I agree with Suzi that surreptitious and undisclosed monitoring and reporting back of user activity sounds like spyware.
Declan McCullagh, writing for CNET, reports at least one attorney is talking class-action lawsuit. Mark Russinovich, who first documented the rootkit found on a CD he purchased, posted some additional damning info. The vendor of the DRM software, First4Internet, responded to points raised by Russinovich last week and now Russinovich has blasted First4Internet and Sony right out of the water... again. His conclusion:
Instead of admitting fault for installing a rootkit and installing it without proper disclosure, both Sony and First 4 Internet claim innocence. By not coming clean they are making clear to any potential customers that they are a not only technically incompetent, but also dishonest.
Ed Bott gets first place for best blog post title, Sony’s hired guns: incompetent, dishonest, or both?
Today I spoke to a representative from a major anti-spyware company who says Sony's DRM software meets their criteria for detection and removal. Stay tuned -- I'll have the details tomorrow.