SONY AND AUTORUN IN A WORLD GONE MAD

The “Autorun” feature on your CD and DVD drives is starting to be abused and now creates another opportunity for bad people to damage your computer. I recommend disabling it. Here are instructions about how to disable Autorun in different versions of Windows.

This article is the specific example that causes me to make this recommendation; there will be more examples soon, and they won’t be limited to the music industry. Here is the Slashdot community reacting to this story tonight.

Sony and other music labels have licensed Digital Rights Management software that launches automatically when you insert a copy-protected CD into your computer’s CD drive. The author of the article found out essentially by accident that Sony had installed a “rootkit” on his computer – the latest tech term for software installed by stealth, running in secret, for some purpose of which you are unaware and would not approve. From a consumer’s perspective, it doesn’t matter if it’s called a “virus” or “spyware” or a “rootkit.” It has the potential to hurt your computer or allow people to run programs on your computer without your knowledge. You don’t want it.

In this case, the software uses tactics normally associated with malicious hackers to hide files, hide registry keys, conceal itself from antivirus and security software, and hook into the system at a deep level. It uses CPU cycles constantly to scan the computer for, for, for what exactly? Well, Sony would tell you it “just” prevents you from playing the CD somewhere not approved by Sony. Maybe that’s true, although it’s impossible to know for sure. Once installed, the software allows Sony and any other interested party familiar with this particular rootkit to operate programs on a compromised system without the user knowing it.

Put aside the philosophical question of whether Sony’s restrictions are reasonable. The DRM software it licensed is a piece of crap. It leaves security holes that could be exploited by other bad guys, and uses system resources and CPU processor cycles needed elsewhere.

No mechanism is provided to uninstall the software. If the software runs once, it permanently and irrevocably alters Windows. The article describes what the author did to remove the software from his system; the article is mildly technical but you’ll quickly understand that he’s doing deep detective work far beyond the ability of most IT professionals and certainly impossible for consumers.

This is a terrible thing to do and Sony might get sued, or might back away from this software after some bad publicity. (The story is spreading like wildfire online.) But browse Amazon and you’ll see more and more CDs identified as “Copy Protected.” There will be more stories like this, and it’s all too easy to imagine similar technology on DVDs or software CDs.

Be careful out there!