Sony-BMG is now being sued left, right and center over the software, which was included on a number of its popular titles. Litigants include the State of Texas, which is going to focus particularly on the fact that Sony lied about the risks posed by the trojan. Consider this Q&A from the company's Web site:
"Q: I have heard that the protection software is really malware/spyware. Could this be true?
A: Of course not. The protection software simply acts to prevent unlimited copying and ripping from discs featuring this protection solution. It is otherwise inactive. The software does not collect any personal information, nor is it designed to be intrusive to your computer system. Also, the protection components are never installed without the consumer first accepting the End User Licence Agreement. If at some point you wish to remove the software from your machine simply contact customer service through this link."
Every statement - except for the last one, which is arguable - is untrue. And users are concerned, to put it mildly. Just search Amazon for 'Copy protected' and read the customer reviews if you need convincing that the natives are somewhat restless.
However, the real story is that the companies that are supposed to protect us all from horrors like this have been looking the other way, if not actually being complicit.
The CEO of the company that created this malicious code for Sony said: "The company's team has worked regularly with big anti-virus companies to ensure the safety of its software, and to make sure that it is not picked up as a virus."
So, if I have got this right, a dangerous infection on the scale of Blaster and Slammer has been quietly spreading since mid-2004, and the anti-virus firms have been actively involved in saying nothing about it? Just who on earth are they working for?
Certainly not the end-users, who buy products from vendors, such as McAfee and Symantec, so that they will not be infected with the latest virus. The only conclusion I can reach is that they are really working for the big media companies - with the exception of Finnish company, F-Secure. You can be certain that Sony's is not the only malware circulating round the world on audio CDs.
Where are the warnings and clean-up tools from the anti-virus companies? Oh yes, I forgot. They have added a disinfect for Sony's infection for now. Hey, even Microsoft needed 'time to think' before coming up with a solution.
This is not some kind of trivial spat over what you may and may not do with audio CDs that you buy. A widespread network infection can have life-or-death consequences.
Stewart Baker, US Department of Homeland Security Assistant Secretary for Policy, says it best: "It is very important to remember that it is your intellectual property - it is not your computer. And, in the pursuit of protection of intellectual property, it is important not to defeat or undermine the security measures that people need to adopt in these days. If we have an avian flu outbreak here, and it is even half as bad as the 1918 flu, we will be enormously dependent on being able to get remote access for a large number of people, and keeping the infrastructure functioning is going to be a matter of life and death, and we take it very seriously as well."
(Charl Bergkamp is an overworked, underpaid systems support engineer in the Lambda Bureau, the ICT department of the Ministry of Boards, Committees and Working Groups. He would love to hear from kindred spirits in the ICT corporate world. Send tip-offs, hints and blatant accusations to charl.bergkamp@gmail.com)