Here’s an interesting story from a Windows user who found a rootkit on his system. Further investigation revealed that it had been installed by Sony when he had played the digitally protected music on a CD he had bought (Get Right With The Man bu Van Zant). Sony is apparently so concerned about protecting its copyright that it is happy to use the same techniques that crackers use to take control of unprotected computer systems. As the discussion on the story mentions, installing this kind of software without the user’s permission almost certainly breaks the Computer Misuse Act.
Oh, and when he removed the offending software (which took a lot of work), his CD drive stopped working.
This nasty piece of software was written by a UK company called First 4 Internet.
Yet another reason not to buy copy-protected CDs.
Update: The BBC have picked up on this story.
Update: Sony have released a patch which allows users to “uncloak” this software. They say
This component is not malicious and does not compromise security.
It might be true that the software isn’t malicious (just incredibly stupid), but it’s certainly not true that it doesn’t compromise security. Just look at the comments on the original article.