Sony rootkit: The untold story

Sony rootkit: The untold story

Summary: In light of the way Bruce Schneier has published Sony's DRM Rootkit: The real story -- a story that recounts how quickly things have gone from bad to worse for Sony, I thought it would only be fitting to publish the untold story (does our industry have the equivalent of the E! Hollywood True Story?

TOPICS: Malware

In light of the way Bruce Schneier has published Sony's DRM Rootkit: The real story -- a story that recounts how quickly things have gone from bad to worse for Sony, I thought it would only be fitting to publish the untold story (does our industry have the equivalent of the E! Hollywood True Story?  I don't know).  But before getting to the untold story, it should be noted things have actually gone from worse to worser for Sony. 

Just when I thought that one of worst public relations nightmares in technology history was finally coming to a conclusion, I woke up this morning to learn that the never ending tale has taken another salacious twist.  This time, on the open source front.  While many people are worried about how open source code may infringe on the proprietary world's intellectual property (and the open source community is responding by circling its patent wagons), Sony is now caught in the Web of news that things are  actually the other way around for its rootkit.  According to a Reuters report on ZDNet, it looks as though UK-based First4Internet, the company that developed the rootkit software used on the Sony CD, probably used open source code in its proprietary product without proper attribution.  It's a copyright gaff that most in consumer-land won't understand but that open source advocates are likely to make serious hay about.

Now onto the untold story.

In his column on, Schneier makes his own hay because of the way that the anti-malware providers may have been co-conspirators in the rootkit fiasco.  They apparently gave First4Internet (and by way of inheritance, Sony) a hall pass to surreptitiously install and run the rootkit on users' PCs.  Now you know why I called it a Trojan horse when I first wrote about it.  Dan Gillmor picked up on Schneier's report. Indeed, if the anti-malware companies have been lured into becoming foxes that watch the henhouse, that's a major problem.  But, while that may be the real story, and while there's obviously another big story lurking in the fact that the blogosphere is ultimately what sent Sony reeling from explaining itself to offering fixes to withdrawing the product from the market in only two short weeks (wow.  just wow), the untold story, if you ask me is that the outrage against Sony is being misplaced.

Sony, as it turns out, is a very small fish in the big Digital Restrictions Management (DRM) sea.  This incident is only a hint of the the trainwreck that's coming because the various players with their hands in the entertainment pie aren't playing nice.  Not with each other.  Not with consumers.  When news first surfaced about DRM-protected CDs, it had nothing to do with rootkits.  It was a story on (one that has very mysteriously disappeared) about how the band Switchfoot was disappointed to learn that its CDs were being sold with copy protection on them -- copy protection that prevented the music from being transferred to the most popular portable audio players in the world: Apple's iPods. 

Sony's explanation for resorting to its own DRM scheme is that it has been left with no choice because Apple is refusing to license the proprietary DRM technology (Fairplay) found in its iPods. Forgetting for a minute why, it is absolutely an outrage that corporate greed is what's standing in the way of letting music and video buyers freely move the content they've purchased from one of their devices to another.  As long as this situation persists, the entertainment industry might as well come right out and tell consumers that it is now their policy to make consumers pay for the same content again and again for each device they want to play it on. 

Sony's rootkit, as bad as it was, isn't the real story. The way the entertainment cartel is applying DRM as a whole is the real story. They're applying DRM in a way that the Sony fiasco was inevitable. This wasn't the first time lack of DRM interoperability manifested itself in the end-user experience in an ugly way, and it won't be the last.  Sure, the rest of the entertainment industry is rewriting its DRM playbook to keep from repeating Sony's history.  But rest assured, another DRM-inspired trainwreck will come along that will light the grapevine ablaze and some other content company will end up with egg on its face when, in reality, it's Microsoft and Apple that we should really be angry with; two companies that are driving incompatible DRM technologies into the marketplace in a way that twists the royal (or should that be "royalty") screws into the world. 

And, it's only going to get worse.  Unbeknownst to most people, what started with music (let's just say audio) already applies to video and it's not going to stop there. Video that's wrapped in Microsoft's DRM has been in the market for quite some time already.  The fact that video has been added to Apple's iPods and that FairPlay-protected video will be sold through Apple's iTunes Music Store (IMS) only adds insult to injury. Just like with music purchased at the IMS, the video you buy at the IMS can only be played back where Apple lets you play it back.  This is different from the old days where you could buy a DVD knowing that you could play it in any DVD player. 

Unfortunately, for us, video is not the end of the line for DRM.  Text -- the form of content that dwarfs all others -- is next.  Consider the many media companies that force you to log in into their Web sites before you can view their content, or the ones that make you pay for that privilege, and then the ones whose intellectual property gets completely lost when their content gets cut and pasted into things like e-mail, blogs, and Web sites.  I'm supposed to pay to get to the Wall Street Journal's content.  But, because of text's equivalent to the broadcast industry's analog hole (good ole' cut n paste), I never do.  I read the Wall Street Journal for free all the time because other people just keep forwarding its stories to me (By the way, I don't ask for this.  Usually, I just get these stories along with a question like "What do you think?").  Much the same way the entertainment industry struggled with the copying problem for years (before DRM came along), the text industry is still struggling to plug the holes through which its content leaks.  They call this "gating" (as in putting a gate on the content).

Then, along comes DRM.  Much the same way DRM'd music and videos can't be e-mailed around, posted to  blogs, or cut and pasted into Web pages, could the same be done with text? The answer is yes and much the same way incompatible DRM technologies prevent us from listening to or viewing music or videos on the device or platform of our choice, imagine a day when you'll need one device or platform to read one text item (a news story, a book, a magazine article, etc.) and you'll need another to read another text item. After all, Apple is controlling where you can view IMS-purchased music and videos.  What on earth would prevent the same thing from happening to text?  Particularly since the technology to do the same thing to text is already here and evolving as I write this. 

Today, on an Internet level, the application of DRM to text is largely limited to electronic books which are often distributed by way of marriage between Adobe's Portable Document Format (PDF) and DRM technology. On a private (intranet level), businesses can use the same marriage to tighten the security around sensitive documents -- particularly ones that contain trade secrets.  I don't hear, see, or frequently bump into the marriage and, whereas Apple and Microsoft have done a masterful job of e-commerce enabling DRM'd audio and video (when you click to buy, what goes on under the hood is nothing short of extraordinary), the application of e-commerce to DRM'd text is apparently pretty kludgy (here's one fubar-ish account of how it's a bit immature).  Given its expertise in e-commerce, now that Microsoft is in the PDF and the PDF-killer games, my expectation is that that will change.

Consider that XPS (code-named Metro, Microsoft's own PDF-esque technology) is a format that Microsoft is not only marrying its DRM to, but that it will very likely support across all its platforms. In other words, documents will be easily saved in XPS with products like Microsoft Office 12 and readable across its desktop and mobile platforms (phones, "content" players, etc.)  in precisely the same way that Windows Media formatted files (wrapped in Microsoft's DRM) can be transferred across and listened to or viewed across those same platforms.  Marry that to e-commerce much the same way that the Microsoft PlaysForSure-compliant content that can only be played on PlaysForSure-compliant devices is now available from PlaysForSure-compliant stores -- the other big DRM silo with which nothing in the Apple world is compatible, and the DRM trainwreck we're heading for takes on a whole different dimension.  In saying:

Is Microsoft about to inflict on us another e-book reader tied to Windows, just like Microsoft Reader? And DRMed books that can’t be read on other platforms?...Beware. Even “open formats” don’t count with closed DRM, especially if the full works will run just on Windows machines. Let’s hope that the dots don’t connect and that we won’t see in effect another proprietary approach...

David Rothman, a ringleader of the OpenReader Consortium that's focused on applying open Web standards to PDFesque documents in a way that drives down access to eBooks for the poor (amazingly consistent with Nicholas Negroponte's $100 notebook project), spotted the the potential trainwreck in April of this year.  As a side note, given the proprietary DRM silo that Microsoft is very rapidly building, I couldn't help but notice a bit of kettle-pot-black in the way Microsoft expressed concern over the Sony rootkit.  It's the continued erection of non-interoperable DRM silos by companies like Microsoft that are getting us into this mess in the first place.  Which leads me back to my main point.  The bigger picture.

The Sony rootkit fiasco is the equivalent of that red light somewhere way down the line that some runaway train in the movies blew through.  Somewhere in a control booth far away is someone flicking some indicator light with his finger.  He knows something's wrong, but he's not ready to sound the alarms just yet. It's the squadron of Japanese Zeros heading for Pearl Harbor that the radar technicians mistook for a flock of birds. We are ignoring the warning signs even though they're right in front of our faces.  We are heading for a situation that we are all going to dreadfully regret -- essentially the bad pipe dream that Doc Searls wrote about in his recent treatise -- if we don't treat the Sony rootkit issue as a symptom of a much much bigger problem.

If the Sony rootkit case study teaches us anything, it's how the fear of Internet-inspired economic punishment can result in a rapid change of direction.  Sony is pulling its rootkit CDs from the market and not a moment too soon.  Though we don't know what Sony will come up with over the long term to replace it, it is ultimately the best conclusion anybody could have asked for.  It's proof that public outrage can work.  Now, if only we can apply that same outrage to the real problem, then and only then will things start to look up.

[BOF Update: One thing I forgot to mention is that, at the upcoming Syndicate Conference in San Francisco (Dec 12-14), I'll probably be leading an ad hoc BOF (birds of a feather) session on the business challenges created by the current DRM regime.  The session will be for technologists, businesspeople, and media executives who want to plan now in order to successfully navigate the future DRM labyrinth later. The session *is* ad hoc so the plans aren't 100 percent firm yet.  But even so, for anybody with a business interest in current and future content management, distribution, and syndication technologies, Syndicate should prove to be a worthwhile event. Disclosure: I'm an unpaid member on the conference's Board of Advisors.]

Topic: Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Sony???

    I have frequently purchased Sony products over the years as I have always believed those products to be "superior" in quality of construction. Not anymore!

    It seems to me that Sony products have, over the last few years, begun that gradual "slide" that often results from a "long-term" investment in high quality. That means that someone high up in the Sony Management Stratosphere has decided that "so much more money could be made if only we reduced our committment to quality a trifle."

    Apparantly, it seems that Sony also decided that even MORE money could be made if they bowed to pressure from "Artists" and others by jumping on the bandwagon of "copy protection." Thus, lower quality equal more $. and copy protection equals
    more $. For Sony! And "Forced Purchases" equals more $ for Sony!

    Unfortunately, for Sony, the reduction in quality of their products coupled with their increased efforts at providing copy protection to some/all of their artists has left me with a very bad taste in my mouth.

    Most recently, I purchased a "Sony" MP3 player that turned out to be a real piece of dung. In that in two years they have failed to produce any kind of software upgrade that will allow the player to operate with any kind of simplicity or common sense, and second, they have now produced a whole host of music that has boggled-up my WinXP

    Therefor, I have, like many others, decided that I will no longer purchase any Software, Hardware, music or other attachments(such as Blank CD's or Floppy's, or floppy drives, that utilize or contain Sony products.

    Lastly, allow me to say that as for Music Downloads, I have, in the distant past, been known to acquire same via the internet. However, let it be said that such songs were "old" timers almost all of which I had legally purchased on vinyl, and were therefor somewhat legal to posess.
    And, the rest were individual cuts that I would NEVER have purchased in the first place.

    Therefor, I honestly believe that in downloading such music I have violated no llaws. The "artists" lost nothing on an album I would not have purchased anyway.

    produces a host of buyers based on that consistant quality.
    • sony who?

      I totally agree in that I not only have stoped buying all sony hardware or media but I also am returning a Sony carcorder I just bought.
      I know Sony is not the only one but they have been caught. What we have to do is economically punish anyone else who gets caught.Note I now spell sony with a small s.
      While I have never pirated software of any kind I can now see some small justification for those that do.
    • So strip the DRM off the music

      I too was really annoyed when a new CD couldn't be ripped, despite fair use laws. Annoyed enough that I dumped the output of the CD through a high quality DA/AD converter thus passing the music through an analog conversion step that completely strips all protection.

      One pass and it's gone, and with good quality DACs the fidelity loss is not noticable even with audiophile grade equipement.

      No copy protection or DRM survives the trip through the analog stage.

      Too bad SONY - it won't take long if the protection is a real pain to get every Tom, Dick and Harry comfortqable with a DA/AD passthrough step to kill DRM.
      • Strip the DRM Skip the DA/AD

        Of course high end CD players can be purchased that have the option of SPDIF out (digital stream). The Denon DN-C680 for instance. Of course you need a card for your computer that is also SPDIF compatible, but those are cheap.

        Don't want to buy a high end CD player? Do own a DVD player hooked up to your TV and your 5.1 surround sound audio system? Many DVD player will play audio CD's as well. The two channel digital audio data is sent out on the same line as the 5.1 audio data. You will need a higher end sound card, but again not that expensive.
    • Sony Baloney 2

      I, too, have purchased Sony products in the past on the belief that their quality was superior. From a Betamax deck that weighed as much as a Humvee back in the '70's(?was it that long ago?) through a litany of products, I've always had faith in Sony.

      As the saying goes, the unquestioned life is not worth living. I was reflecting on my Sony experience, now having decided I will never buy another Sony product in my lifetime, courtesy of this inexcusable lapse of judgement on their part (of course, it could be a moot point if they are driven bankrupt by the lawsuits that will follow from corporate disasters courtesy of the rootkit - I'd wait to see if they'll be around long enough to support their products in that case). And having reflected, I realized that Sony products really weren't all that good.

      The Betamax went toes up in relatively short order, my first portable CD player died inexplicably, my Sony TV has been repaired many times, my Sony CD player in my stereo used to jam up all the time, tapes scrambled in the VCRs, don't even get me started on the lousy software they bundled with their CD/RW drive on one of my computers - slow, to boot, and unreliable, etc. When I was in the optical disk business, the Sony optical disk jukebox had some horrifying flaws that exposed our clients to the risk of data loss, the advertised design throughput was 'way off base, and they lied about it, but we caught them. The 5 1/4" optical drives were always behind the curve, the early Sony CD-R media suffered from media rot (I still have a few pieces to remind me), and Sony's support policy on them stunk - anyway, on and on it goes.

      My uncle used to say that people who loved their Volkswagens (the old beetles, and he had one, so he was speaking from experience) didn't really love their beetles; they were really just pretending to love them so they wouldn't feel like idiots for having spent the money on a tin can with an underpowered wind-up motor. I have a feeling that there's a story in common with Sony; people pretend they are better, when they know in use, they're not. And before purchase, they are higher priced, so you THINK they must be higher quality. In fact, they are just higher priced.

      So much for the Sony shell game. They'll do without my dollar, that's for sure. And I would hope without the dollars of many, following this greed-based invasion of people's computers.

      Sony? Baloney.
      • Sony - professional and consumer products - it's not all baloney

        Let's not forget that these feelings for Sony products and services is that of a consumer. I have also been a major Sony affecionado for at least 2 decades. In that time, I agree that I have seen Sony's quality go downhill but ONLY IN THE CONSUMER PRODUCTS.

        From gsteele531 who has had bad luck with Sony products to me, the complete antithesis, the issues are the same with every brand out there. Someone will curse the brand to hell for all that they went through and others like me will praise the equipment they've produced.

        That said, I know that all their Japanese made CRT's are the best by far in terms of reliability and from my own perception in terms of viewability (that's subjective of course). A few series in their Malaysian made TV's haven't been bad either (I bought a factory 2nd KX-T21Z which only blew a capacitor in the HV stage last year and cost me 20c to fix it myself) but they've had their share of lemons too.

        I know the Sony MZ-R50 and MDS-JA30ES minidisc units were the last of their reliable units and absolute workhorses, replacing optical blocks no more often than once every 4 years of serious abuse. My current MZ-NH1 HiMD portable unit has been a worthy upgrade but the DRM was an absolute friggin' pain in my butt until their recent release of software which allowed me unlimited uploads of my own recordings. Sony listened to its outraged customers and thankfully responded, although in what I perceive to be a baby step. HiMD is still a preferred format for me compared to solid state recorders in professional portable recording purposes because the media is more robust. I must admit, however, I have been tempted to go to the new M-Audio solid state recorder but I still need removable (and cheap) media for cataloguing purposes and at least I don't have to worry about accidentally zapping my discs with static electricity. As for the quality of my NH1, it feels solid but who knows? However, due to its diminished popularity in Australia, Sony Australia have pulled the plug on all things MD in the consumer world.

        My DVD player, again Sony DVP-S7700, is sweet and has been for the past 5 years. I bought it imported from Hong Kong already modified to remove all forms of DRM. Recently, I found that a particular DVD recordable didn't play on my player. A quick visit to the service menu and an automatic recalibration fixed that and this is from a unit that was released long before the advent of PC based DVD burners. Now THAT is why I've always gone for Sony products but also the high-end product exclusively. Because I know that the Japanese production is going to be of higher quality and the technical capabilities of the units mean that I'd be using them for quite some time.

        Car hifi - again, Sony MDX-C8900 MD unit (7 years old) and XM210EQ DSP unit. Amps also Sony but I need more power now so I'm going to a competitor. This is one area where Sony's product has turned to complete poop even at the high end that's available here. There are some sweet units in Japan but that's the unfortunate side of supply and demand too back here. I'm always after technologies that nobody wants at home :-/ . The fact remains that their car audio division is truly dead to me, at least here at home.

        Now before I get accused of sounding like a walking Sony marketing machine, I am extremely selective about what products I buy. I definitely acknowledge that Sony has lost the plot well and truly. The problem of late has been that the once pioneering company which had products designed by top notch engineers has scrapped the bulk of their engineers for low level engineers and high level lawyers. Everything is now being designed by the lawyers and the engineers are simply deciding on what friggin' housing material will make the thing look good. Again, this is in the consumer division. For those who are prepared to fork out the cash (and in my case, I do justify it for my purposes), you could always go to the professional range and see that they really do produce some good products still, just not for the consumer. So to be fair in all this Sony bashing, they do produce fine products but only if you know where to look and are prepared to pay the cashola.

        In summary, yes I am p'ed off at them, BIG TIME. If they hadn't sorted out the HiMD DRM situation, I would've gone for the M-Audio unit, though reluctantly. Hopefully Stringer and his board will finally have the epiphany that forces the breaking of the tight relationship between the electronics and entertainment divisions. More importantly, I hope that their epiphany results in the reduction of their legal team and the increase in quality and quantity of engineers.

        It is only then that I truly believe that Sony can go back to concentrating on being the #1 electronics company it once was.
  • Text-DRM?

    Let's see. To read text, it has to be displayed. If it's displayed,
    screen-grab/OCR should get by it fairly easy...PDF or whatever.
    • Or Even More Reliable

      The user Opens up the article and just retypes it. Or the read it into a microphone and creates an adio file for the article.

      Text DRM is useless.
      Edward Meyers
      • however

        I believe that your are correct on that point.

        However, I don't think you will get very many people retyping or even creating audio of large publications ( example: books or magazines ) maybe not even small articles.
        This will be a big hassle for consumers and I believe the point of this article.

        The good news is once one person does this it can be copied literally billions of times.
        • It Depends on The Work

          Fans translated several Harry Potter books unofically in German this way. Each person in a only translates/types 1/3 pages however if you spread it out over a group then the whole can quickly be transcribed (Or translated). Several blogs also use this method to create transcriptions of audio.

          Fansubs and Fan/Translations of Japanese Videos and Comic Books likewise are created this way. Ringu and other Popular Japanese horror films, just about every anime ever created, several graphic novels, and even some japanese books have been translated and distributed by fan groups typing (and translating) these.

          Although the point that it is faster to copy and paste is also true. A Screen Grab and OCRing the grab back into text is also effective, although once the grab is made it could be distributed that way by itself. The only way around it is to disable the screengrab function.
          Edward Meyers
      • Or Even More Reliable

        <I>Or the read it into a microphone and creates an adio file for the article.</i>

        And I can sing the song in a microphone and create an audio file...
    • You guys are missing the point...

      You can only cut and paste IF MS/apple OS ALLOWS you to cut and paste. I have seen DRM from Microsoft where all cut and paste copy etc have functions have been eliminated along with print functions, forwarded email etc. Unless you are the owner of the material you can only read it on the screen.

      In fact DRM would be HUGE boon to MS and Apple as they would advertise to vendors that your property rights are protected under my solution and any software has to play in our sandbox.

      As far as typing in or speaking the text - sure no problem UNTIL the first blog site has Copyrighted/DRM protected text on it and then watch that site get shut down in a heartbeat.

      Remember the big IPS's have to abide by these rules. The small sites could do it but they have to jump around alot.

      The only real answer would be napster type systems that spread the information around and we saw what big industry did to napster type sites.
      • All this has done is damage.

        Now that this has come to light, is it just me, but wont a lot of people be ripping off CD's the old fashioned way now? Using a CD Walkman and recording the sounds from the walkman onto the computer so they have then compress them and listen to them without ever inserting the original CD into thier computer?

        How are Sony, et all going to stop that? then whats to stop someone from distrobuting it in compress form on the Filesharing networks?

        This has done nothing but taint Sony and now even more consumers feel screwed over and are now pointing the proverbial middle finger at Sony..
      • Actually so are you

        It's a piece of software. There isn't any such thing as a totally secure piece of software. This was tried about 20 years ago back in the 80's where copy protection was applied to computer software. The result was somebody wrote a program to break the copy protection "for backup purposes only". The same thing will happen here because the concept of DRM is that you don't own what you just paid for. If that's the case then the entertainment companies need to radically drop their prices as they are restricting their market intentionally by applying DRM to the content they are selling you. One of the reasons music companies have traditionally given for the inflated prices on CD's is that people copy them for use in other media if they apply DRM they need to drop that price by about 80%.
    • screen-grab should work

      Screen-grab & OCR it - should be 100% accuracy because there's no noise to worry about on a screen.
    • Or print it

      Assuming the thing allows printing, it's easy to intercept printed text.

      Also, for the application to display text, it normally hands text & font information to the OS. To capture the text, you could use a shim to capture the data en route, or a device driver that can log them.

      So there are technical workarounds, just as today there are technical workarounds for Flash pages and Microsoft Office documents. A long way from interoperability, though.

      But I'm not that worried. Once upon a time, there was no Internet. Now there is, and the publishing facists want to build their walled subnets. Let them. Free software will continue to be free; the free Internet will continue to exist. (Or, if it does not, DRM won't be why.) The Linux virus will eventually infect and kill Microsoft insides its own armor. And the media companies will gain experience with software complexity, taming their appetite for it. If they want customers, they're going to have to make DRM either very good or very lame. Either one's OK by me.
    • Don't worry

      I'm sure those excellent Russian programmers will come to our aide and create a crack for any DRM needed. Maybe some of our virus writers could help society by giving up their old ways and fighting this iniquity?
  • Cutting their own throats?

    Your implication is that the consumers will be forced to accept
    these things, will willingly buy multiple devices to access all of
    the content from all of the different sources. Why wouldn't it go
    the other way? Any company who puts out content that can't be
    easily accessed by all will have a hard time selling that content.
    Look for the multitude of iPod users to stop buying cds from
    Sony and others if they can't put them on their iPod. That leaves
    Sony with a choice, either to continue down their path to
    insolvency, or to just give up on the DRM and continue to make
    tons of money the way they always have done so.

    The same thing goes for movies and books. I'm not going to
    buy any movie that I can't watch on my computer and television.
    I'm not going to buy any electronic book that I can't readily
    access on all my equipment, and no, I'm not going to buy 4
    different book readers to access material from different
    publishers. The content owners seem to think they can push us
    around, and that seems to be the future you're predicting.

    I think it'll go the other way. Any company stupid and stubborn
    enough to make their own products difficult and expensive for
    the consumer will see a drop in sales and eventually capitulate
    or just go under.
    tic swayback
    • Remember Divx ( The movie player not the compression )

      The same thing you just commented about has already happened once before.

      Divx died a horrible death do to its limitations that the consumer didn't want.
      • Not to mention...

        ...those disintegrating dvd's they tried to sell us recently.
        tic swayback