MsGeek.Org v2.0

The ongoing saga of a woman in the process of reinvention.
Visit me at my new blog, MsGeek.Org v3.0

Heard the Word of Blog?

Friday, November 04, 2005

A little late on this, but better late than never...I'm putting this up in a first-ever bilingual post, because I want the folks at Sony in Japan to know exactly what I am saying here.

Are you ready?

Here it is:
SONY is foolish.

Translation: Sony is foolish. Or to be more anime/manga/Japanese colloquial: Sony are baka. Thank you very much, Google language tools.

Let me get into the etymology of the word baka. It comes from a Chinese proverb that was so consonant with the Japanese culture it has become familiar to all there. "He points to a deer and says it's a horse." Baka literally means "deer-horse" in the Chinese-inflected readings of the component words. This can have one of two connotations. One, the person is so stupid he doesn't know the difference between a deer and a horse. Or two, the person is deliberately trying to deceive you by telling you a deer is a horse. Or to use more familiar terms, by way of Judge Judy: "Don't pish on my leg and tell me it's raining." Baka can mean stupid or a willfully deceptive bastard. Sony is both stupid and willfully deceptive.

Sony has been two-faced in their dealings with technology ever since the technology company also became the owner of Big Media companies in their purchases of CBS/Columbia/Epic Music, RCA/BMG Music, Columbia Pictures, and Metro-Goldwyn-Mayer Pictures. CBS Music was first, of course. Then Columbia. Then RCA/BMG. Then most recently, the hollow shell that is MGM. From the technology first, technology only company that successfully and muscularly defended its Betamax home video recorder from the onslaughts of the MPAA and MPAA signatory Universal Pictures in the early '80s, Sony has now become sufferers of corporate Dissociative Identity Disorder.

The technology personality of Sony still makes pretty decent technology. I have become an enthusiast for the minidisc recorder since Tom Reed introduced me to them. They're cute, they're cool, they sound better than cassette, and people look at them and scratch their heads because they never really caught on here but they are actually technology from back when people still talked about megabytes for hard drive space. However, I will never buy one new, and I am going to avoid buying Sony-made media for them. Because the content-owner/Big Media Company personality of Sony has managed to make life miserable for all of us.

Sony has released Digital Rights Manglement infested CDs before, using content control technologies like Suncomm and Cactus and even offerings from Macrovision, the bane of all videogeeks. Those systems were annoyances, making it hard for legitimate CD buyers to enjoy their music on any player they wish, but not tying the hands of the big organized crime-connected piracy rings who counterfeit CDs (Pressed, not burnt, folks!) and distribute them to sellers at flea markets, swap meets and people who sell on blankets on Santee Avenue downtown. And certainly the massive operations in Asia who flood the region with cheap counterfeit CDs go on as if nothing was stopping them.

However, now Sony has stooped to using a content control system that actually installs, as part of the system, a way of concealing the rest of the content. It's known as "stealthing" or "rootkit" technology in anti-virus/spyware/malware/crookware parlance. And this concealment technology can be further put to use by script kiddies and worm writers to improve their ability to fsck your system over.

This infernal malware (Yes, it's malware and I won't couch it in more delicate terms!) was written by a British company called First4Internet. And apparently it's written so badly it can bog down performance on Windows systems, to the point of even bluescreening some installations when the system cannot find the now-indispensable "aries.sys" driver that is doing the concealment part of the malware's dirty work.

So far this particular malware has been found on one CD by Van Zant and another by Switchfoot. I am sure that if this is showing up here in the US there are several European CDs that have been using this system for months. Usually the Four Families of the Record Industry test DRM schemes on the European market before putting them out in the US and Canada.

Sony has issued a so-called "service pack" for this system, but apparently all that does is get rid of the concealment scheme. The other programs installed by First4Internet interfere with the ASPI layer that is used to control CD-ROM drives and other kinds of optical drives, and if you yank them out by the roots you will apparently lose the ability to use your CD-ROM, CD-RW, DVD-ROM, DVD-RAM or DVD-/+RW drive.

I will not gloat, but this malware is all very Windows-centric and doesn't run under alternative operating systems on x86 hardware like Linux and FreeBSD. And it certainly doesn't run on a Mac. I needn't give you the rap on software monocultures and the vulnerability of Windows-only enterprises, offices, households and schools, I'm sure you've heard it before.

Anyway, here is more information on the story.

Security Now! with Leo Laporte and Steve Gibson, episode 12
WFMU "Beware of the Blog" on Sony DRM CDs
C|Net: Sony CD protection (sic) sparks security concerns
Freedom To Tinker: Mysterious software update from Sony and First4Internet
And the article that started it all -- Sysinternals: Sony, Rootkits and DRM gone too far