Tuesday, November 08, 2005

Sony / BMG Security Issue

A couple of days ago the news broke about Sony / BMG Compact Disks containing software that, when played on a computer installs it's self at a system level and takes over part of the file handling that Windows usually does inorder to hide it's presence on your computer. Apparently the End User License Agreement (EULA) states that it is easily removable when in reality it can't be uninstalled with out possibly making your computer: unbootable. This happens because it installs it's self as a system level driver and hooks into the Windows file handling system. In addition it appears to be buggy and will slow the responsiveness of your computer due to the fact that it is constantly scanning your file system and connecting with Sony when your on-line to report usage of their Music CD's. The software is so poorly written that once installed any file that is renamed so it starts with $sys$ will disappear from your file system. That means anyone who may have access to you computer, viruses, worms, etc. can place files on your computer and have them be hidden from you and your anti-virus software with out doing anything extra them selves. Recently Sony has claimed that their software does not "phone home" when in reality it has been shown that it does. Can Sony be trusted when they are going to blatently lie about what the software does besides the fact that they install it with out telling you what they are doing.

This is ridiculous! A major media company installing software under false pretenses on peoples computers just because they decide to listen to their music through their computer.

luckily, as with any software on a CD, you can hold down the shift key when you insert the CD and that will stop windows AutoRun from starting the software on the CD. As a standard practice I have disabled the AutoRun on all the computers at home and work.

Microsoft has many useful utilities, that are not offically supported, that are available from their site at: http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx under the name of Power Toys. Here you can download and install a utility called Tweek UI that will allow you to easily disable the AutoRun feature of Windows.

No comments: