Play that funky malware, live!

(Written for the Business Standard, November 30, 2005)

Among the albums Sony released last month on CDs backed with its patented DRM (Digital Rights Management) system were Suspicious Activity by Bad Plus, Nothing is Sound by Switchfoot and Invisible Invasions by The Coral.

Prophetic titles. On October 31, Mark Russinovich discovered that Sony’s CDs installed a rootkit on computer systems. Rootkits are hacker tools, designed to hide “malware”; if you tried to uninstall Sony’s rootkit, Windows crashed. Sony is now at the centre of an epic PR disaster. Its stealth DRM systems were designed to prevent unauthorised copying of CDs, but they created serious security holes in the user’s system, and allowed data to be transferred back—not just to Sony, but to any other hacker willing to exploit the vulnerabilities opened up by the malware.

In effect, if you played a CD encrypted with Sony’s new DRM software, you had just blown the security system of your computer sky high. As geek after geek discovered, the rootkit is fiendishly hard to remove—Sony’s own malware patch opened new gaping holes in computer security systems. Sony is one of the world’s most respected companies, but its response was appalling: first it denied and played down the problem, then it stopped shipping CDs but failed to pull the offending CDs off the racks.

In the face of growing anger from fans and musicians and a score of lawsuits in the US and Europe, Sony is finally coming to grips with the debacle. It should be stressed that Sony’s stealth malware didn’t just create privacy problems—it constituted a serious security threat.

Pity the ordinary music lover. Caught between downloading pirated music or being nuked by malware distributed by the record company, what are the options?

1) CD-buying: Check to see if the CD will play only on a proprietory system or if the CD is digitally encrypted with DRM/ CP (Content-Protection) systems. If either of these is true, don’t buy it. You wouldn’t have bought a record that played on only one kind of player; don’t do it with a CD. You wouldn’t buy malware-ridden software—don’t do it with CDs either. If you are going to play a music CD, read the EULA—the End User License Agreement—it may be thousands of words of fine print, but it should list any spyware-like properties and tell you if something is being installed on your system.

2) Music downloads: I can’t recommend the many file-sharing networks that sprung up in Napster’s wake, because several are illegal and also bundle spyware onto your system. If you must, try Shareazaa. It isn’t spyware-riddled, but it’s like buying pirated CDs in Malaysia or Sri Lanka—if you get in trouble, you’re on your own. Legal options include the iTunes music store, the Real Networks music store and a score of others, which typically charge 99 c per song. All of them use their own DRM protection; we can’t vouch for Sony, but the iTunes DRM systems are regarded as fairly benign.

3) For broadband babies: If you’re on broadband or a good WiFi network, you’re probably already plugged into streaming radio and Podcasts. Many media players offer ways to record the stream legally; Podcasts can be recorded. Existing radio playlists can be downloaded and modified by the listener. The sound quality isn’t great, but radio playlist recording and modification is already a popular way to listen to music.

3) The direct route: Many sophisticated users go directly to musicians’ websites and download their music from there, cutting out the middleman. This has a downside: many bands and artists don’t yet have an online presence, or don’t own their music. But more artists are moving in this direction, and some websites, like Calabash Music, have been offering music from small, independent world musicians for a while now.

I know; these options aren’t great. The best of them is actually the streaming radio boom and the growth of online music stores. But the music industry has been protecting its rights by holding the customer hostage. Until they figure out a new way to do business, you’ll have to see whether you can afford the high cost of doing business with them.





One response to “Play that funky malware, live!”

  1. Accidental Fame Junkie Avatar

    I’m all for “free” music specially the ones that the musician loads onto his site and allows his fans to download. 🙂

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: