For some, the title should be obvious and so true that it does not need to be stated. But for some companies, this is not considered true. This blog post will take a look back at attempts on the part of one company to use malware.
In 2005, Sony implemented copy protection measures on 22 million CDs. This copy protection prevented piracy of the software and music included on the CD by installing one of two rootkits onto the users hard drive. The rootkits modified the operating system to interfere with CD copying. The rootkit installed could not easily be removed, and it unintentionally created vulnerabilities in the computer that were exploited by unrelated malware.
One variant of the rootkit asks that the user accept an End User License Agreement, but the rootkit is installed regardless of the choice to accept the EULA on the part of the user. The other variant installs itself silently without the user being any the wiser. Sony initially denied that the rootkits were harmful. Sony then released an "uninstaller" that only installed more software, collected an email address, and introduced more security vulnerabilities.
Following public scorn, government investigations and class-action lawsuits in 2005 and 2006, Sony partially addressed the issue with consumer settlements, a recall of about 10% of the affected CDs, and the suspension of copy protection measures taken in early 2007.
It is important to note that this is not the only case where a company has attempted to protect its software from piracy using malware.
Stay tuned for Part 2. As always, I invite readers to comment with any questions or comments, thank you for reading.
No comments:
Post a Comment