More on Sony: Dangerous Decloaking Patch

Found on Sysinternals on Sunday, 06 November 2005
Browse Software

Despite a chorus of criticism over Sony not delivering an uninstaller with their DRM software, Sony refuses to admit blame and to make an uninstaller readily available. The uninstall question on Sony's FAQ page directs you to another page that asks you to fill out a form requesting for uninstall directions to be emailed to you.

There's no way to access the uninstaller without providing this information, and clicking on the Sony privacy policy link at the bottom of the page takes you to a notice that your email address can be added to various Sony marketing lists.

However, Sony's uncloaking patch puts users systems at risk of a blue-screen crash and the associated chance of data loss. The risk is small, but I made the point in my last post that the type of cloaking performed by the Aries driver prohibits safely unloading the driver while Windows is running.

The EULA also makes no reference to any "phone home" behavior, and Sony executives are claiming that the software never contacts Sony and that no information is communicated that could track user behavior. However, a user asserted in a comment on the previous post that they monitored the Sony CD Player network interactions and that it establishes a connection with Sony’s site and sends the site an ID associated with the CD.

I dug a little deeper and it appears the Player is automatically checking to see if there are updates for the album art and lyrics for the album it's displaying. This behavior would be welcome under most circumstances, but is not mentioned in the EULA, is refuted by Sony, and is not configurable in any way. I doubt Sony is doing anything with the data, but with this type of connection their servers could record each time a copy-protected CD is played and the IP address of the computer playing it.

It just gets worse every day. Instead of providing a simple direct download, Sony wants user information (which might be shared with others). That's no way to treat your customers. Just like Russinovich's first article, this one is worth reading too. It should also be mentioned that Sony gets sued over rootkits and will hopefully have to reveal more details about all that.