Digital Rights Management Gone Wild

I really respect Mark Russinovich. His Sysinternals website is a dream for tech geeks like me. There is a lot of useful software and information available for free. For example, I use RootkitRevealer, PsTools and Process Explorer all the time.

I was shocked when I read the following article:

Mark Russinovich was doing a routine test this week of computer security software he'd co-written, when he made a surprising discovery: Something new was hiding itself deep inside his PC's guts.

It took some time for Russinovich, an experienced programmer who has written a book on the Windows operating system for Microsoft, to track down exactly what was happening, but he ultimately traced it to code left behind by a recent CD he'd bought and played on his computer.

More details at News.com.

Here's what Russinovich found that's really scary: with the assistance of the copy protection rootkit, Windows will deny the existence of any file, directory, process or registry key whose name begins with "$sys$." He verified this by making a copy of Notepad named "$sys$notepad.exe," which promptly vanished. This means that any hacker who can gain even rudimentary access to a Windows machine "infected" with the program can now hide anything he wants under the "$sys$" cloak.

When I buy a CD, I don't expect to have a rootkit installed on my PC, especially when the EULA does not mention it. There are things I don't want on my PC. C-Dilla (remember the TurboTax activation debacle?) or StarForce (mostly used by games). I've always been careful with software and games, making sure I don't "corrupt" my PC by installing extra software that never goes away. Looks like I will have to start doing the same with music I buy.