Sony's long-term rootkit CD woes

Sony BMG, the world's second largest record label, has for the past three weeks been the subject of a corporate embarrassment that rivals earlier public relations nightmares involving tampered Tylenol and contaminated Perrier.

While in the short-term one of the world's best-known brands has suffered enormous damage, the longer-term implications are even more significant - a fundamental re-thinking of policies toward digital locks known as technological protection measures (TPMs).

The Sony case started innocently enough with a Halloween day blog posting by Mark Russinovich, an intrepid computer security researcher.

Mr Russinovich discovered his own tale of horror - Sony was using a copy-protection TPM on some of its CDs that quietly installed a software program known as a "rootkit" on users' computers.

The use of the rootkit set off alarm bells for Mr Russinovich, who immediately identified it as a potential security risk since hackers and virus writers frequently exploit such programs to turn personal computers into "zombies" that can send millions of spam messages, steal personal information, or launch denial of service attacks.

Full