So why did Sony BMG resort to using rootkit techniques all those months ago to help cloak its XCP music copy protection system?
We know *how* it was done in some detail, but nobody has properly explained why it was done. As music-related questions go, it’s not yet up there with timeless conundrums of our time such as why did Phil Spector add so much “wall of sound” instrumental backing to The Beatles’ song The Long and Winding Road and get away with it. But it’s turned out to be significant in its own way.
The answer is actually very simple. Sony did things the way it did things, because it could. Sneakiness is always easier than being straight, especially if you’re almost certain that nobody will notice.
With nearly a year’s hindsight, we have Sony BMG to thank for embedding rootkits in the technical consciousness, when virtually nobody had heard of them before this event. The word is now so commonly used, even Gartner can now hold press conferences to tell the world that rootkits pose an epochal threat.
As the infamous Rumsfeld dictum would have it, there are “known knowns”, “known unknowns”, and “unknown unknowns”. Rootkits are in the third category, which is why they so easily oil the cogs of security angst.
At least we now know that there are things we don’t and can’t know, which means we have pulled off the astonishing feat of manufacturing knowledge out of our complete ignorance.
Sony suffered and the DRM (digital rights management) industry suffered even more, but everyone else gained an important insight. If nothing else, the realisation that rootkit incursion is a real threat could help move the security industry on from its obsession with relying on obsolete (if still useful) technologies such as downloading signatures for every “known known”.
Raise a glass to Sony BMG. There is a company that should have listened to the Lennon & McCartney song, even if we’re thankful they didn’t: “The long and winding road/ That leads to your door/ Will never disappear”.