Bill P. Godfrey et al

Wednesday, November 09, 2005

Remember when music CDs just had music on them?

Recently, Sony BMG were found publishing a CD, Van Zant's Get right with the man, which when played on a Windows PC, installs a software gizmo, written by First4Internet that interferes with the CD driver.

Mark Russinovich discovered the gizmo running on his computer and wondered where it came from. (Read his writeup.) He found that;
  • It hides itself by modifying the operating system to hide any files that begin with a magic five character sequence. (That could include software from anyone, including the next crop of viruses, hiding from your virus scanner.)
  • The process is always running, using up around 1% of processor time even when the CD isn't running.
  • If you do manage to find it, it identifies itself as a "Plug and Play Device Manager".
  • If you delete the gizmo, your CD drive stops working.
  • There were no facility to uninstall.
  • There was no mention of any of this in the licence agreement.
Since all this negative publicity for Sony blew up, they offered an update which "removes the cloaking function". You have a jump through hoops and agree to another licence to get it. According to Mark Russinovich again;
"Without exaggeration I can say that I’ve analyzed virulent forms of spyware/adware that provide more straightforward means of uninstall."
This is happening to paying customers. Meanwhile, people who download copyright infringements get on just fine.

And now for my usual pieces of unasked advice.
  • Disable autorun. When Windows sees a CD inserted into the drive, it checks for an "autorun" program and runs it. It was convenient once, but its now being exploited. To install legitimate software, open the CD and click on the "SETUP" icon.
  • Microsoft: Disable autorun. It's too much of a security risk to expose to your customers now.
  • Don't buy CDs that do this, even if you can bypass it. It only encourages them to do it again.
  • Look for the "Compact disc digital audio" logo, pictured right.
  • Remember that Windows comes a perfectly good CD player. Don't run the player on the CD.
  • If your computer has already been infected, make backups of your files and consider reinstalling your operating system. (To test, make a folder called "$sys$Test". If it disappears, you have a problem.)
  • If you can't backup your files because your CD recorder stopped working ever since you tried that new CD you bought, remind yourself how much you enjoyed listening to it.
  • Music industry: Stop bundling software with your CDs. It only looks bad and pushes your loyal customers towards copyright infringement. But if you must insist on doing this, be honest about it. And that doesn't mean including weasel words in a long and incomprehensable licence.

What happens if you have 100 CDs, each of which leaves behind a process that takes 1% of your computer's time?

How many CDs do you have?


  • More importantly.. what happens if you have 101 CDs, each that leave behind a process that takes up 1% :-)

    Some "Bonus" things are good. Videos, informative things. There was a Sheryl Crow CD a couple of years back that did a karaoke thing highlighting lyrics as the songs were sung. Very clever, nice additional content.

    This whole thing exists to stop people running cd extractors and making "illegal" copies - no no, you have to download official mp3s of music you already own in one format at a cost of 69p - 99p per track.

    also. On the whole "download" music thing. Some of these [wma] allow you to burn up to 3 CD's with the file before becoming unusable. How pointless is that ? Once its on cd you just extract the track to an unprotected mp3 file and burn as many as you like.

    [on the subject of copy protection, I did like the way that scanners in the past, when scanning paper money would obscure the image to put off would-be counterfeiters :-) ]

    By Blogger M., At 1:13 PM, November 10, 2005  

Post a Comment

<< Home