It's ok, you can open your eyes now. Everyone's managed to pull themselves back from the edge of their respective cliffs, except for that one 17-year-old. But it's ok. He only fell two feet.
While computers and CDs were becoming well-known and popular, another new technology was taking shape. Obviously, this required another bright and intelligent young person. History is full of bright and intelligent young people. Odd, how often they die early, horrible deaths. At any rate, soon after computers began to be hooked up into networks called 'networks', he looked at the wire trailing out of the rear of his machine, followed it with his eyes into the wall, and was hit with a stupendous revelation.
"If I make a program that can somehow be planted onto another computer, I could give it the capability to spread itself to other computers. Furthermore, I could make another program to hide the first program where even the computer itself wouldn't be able to see it, so my software would be very difficult to remove. With this, I could... could... RULE THE WORLD!!!!! Bwah-ha-ha-ha!"
Unfortunately, his house was demolished by mutant termites 23 days later. But not before he could tell someone else about his software ideas. These grew into 'viruses' and 'rootkits', respectively. They were used widely for things like "Trespassing onto other people's computers without their permission," "Causing havoc and mayhem," and "Being generally annoying and disliked." The bright and intelligent young person's name would have been infamous, were it not for the fact that the mutant termites also devoured all his forms of id.
Clearly, a sample of such famous software should be immemorialized by including it on music CDs which would then be bought by the unsuspecting public. Sony BMG's subcontractor, First 4 Internet, having been tasked with creating legendary DRM, decided the 'rootkit' idea deserved just such an honor. This rootkit would be used to hide the DRM software, so the crafty users couldn't worm their way around it in their unending quest to play music on unsupported music players. What's more, since it would hide everything, and hide itself, no one would know the difference. And if anyone did find out, they would be eternally grateful for the lengths to which Sony BMG and First 4 Internet had gone to prevent them from illegally doing illegal things.
It would hide itself, and the DRM software, by putting a few extra characters at the front of the names of the things to be hidden. Not only does a rose by any other name not smell as sweet, under certain conditions it turns invisible. Presumably by invoking random alternate dimensions.
Unfortunately, someone found out. This someone was testing a program designed to find rootkits, presumably with the idea that rootkits can be used to hide evil programs. This someone poked around in the rootkit a bit, and soon discovered where it came from. At this point he announced it to the world. A small portion of the world was shocked. A large portion of the world was oblivious. A larger portion of the world asked why the small portion of the world was shouting in the large portion of the world's ear.
This discovery, of course, was somewhat unprecedented. Not only did the little clicky-thingy that popped up when one of these CDs was inserted into a computer say nothing about the rootkit being installed, it also failed to mention that the rootkit could be used by evil programs to hide themselves from the computer's owner. Hitherto, it had not been widely presumed that music CDs had this capability. This was mostly due to the general public associating music CDs with 'music' and not with 'software that could let evil programs hide themselves on your computer'.
Removing this rootkit, once installed, proved troublesome. Under normal circumstances, doing so disabled the CD drive in the computer. Presumably, if you didn't want to use the DRM (and rootkit) to play one CD, you obviously didn't want to play any. Shortly after the discovery, Sony BMG released a small program which was designed to remove the rootkit. Unfortunately, it had a major security flaw. It allowed outside software to reboot one's computer and do other nasty things to it.
About a week later, Sony BMG decided to stop shipping CDs which included the rootkit. This was, of course, after somebody very high up said: "Most people, I think, don't even know what a rootkit is, so why should they care?" Most people are, I think, also somewhat shaky on what exactly a flu virus is. Yet they continue to care as they line up for vaccinations.
Microsoft, the uncrowned king of Software Which Includes Security Holes, added the initial rootkit to its list of dangerous software. The US Department of Homeland Security had unkind things to say about Sony BMG and First 4 Internet. Eventually, Sony BMG recalled the CDs. At about this same time, other Sony BMG CDs were found to install DRM software which included other, different, security holes. Not long afterwards, Sony BMG released a patch which was found to include yet more security holes. Other CDs were found to install software which called home even when the user specifically did not agree. Sony BMG is currently being sued by various states for having illegal spyware on its CDs, presumably due to state Attorney Generals having no sense of humor. Or possibly for breaking state laws.
And to think, this could all have been avoided by simply considering software 'not music', and leaving it off music CDs. And thus today's lesson:
"When selling someone a car, wise it is not to include a secret feature which causes it to crash when heading towards Chicago."
Posted by Ardith at December 22, 2005 07:20 PM | TrackBack