Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

[ Create a new account ]

Sony DRM Installs a Rootkit?

Posted by ScuttleMonkey on Mon Oct 31, 2005 07:04 PM
from the slice-of-privacy-pie dept.
Security Privacy
An anonymous read writes "SysInternals.com guru Mark Russinovich has a detailed investigation of a rootkit from Sony Music. It's installed with a DRM-encumbered music CD, Van Zant's "Get Right with the Man". (Mmmm, delicious irony!) The rootkit introduces several security holes into the system that could be exploited by others, such as hiding any executable file that starts with '$sys$'. Russinovich also identifies several programming bugs in the method it uses to hook system calls, and chronicles the painful steps he had to take to 'exorcise the daemon' from his system." This house is clear.
it security story

Related Stories

[+] Your Rights Online: EFF Pushes Consumers to Claim Rootkit Compensation 189 comments
An anonymous reader writes "'It's time for music fans who bought Sony BMG CDs loaded with harmful XCP or MediaMax copy protection to claim their settlement benefits', says the EFF's Derek Slater in an awareness campaign that is urging those inflicted with one of Sony BMG's rootkit infected CDs to collect what is due to them. The compensation is a DRM-free version of the original CD, $7.50, and album downloads from iTunes, Sony Connect, and others."
[+] Your Rights Online: Sony Rootkit Settlement Gets Judge's Approval 187 comments
Lewis Clarke wrote to mention a ZDNet story about Monday's final approval of the rootkit settlement in the case brought against Sony BMG Music. From the article: "The agreement covers anyone who bought, received or used CDs containing what was revealed to be flawed digital rights management (DRM) software after Aug. 1, 2003. Those customers can file a claim and receive certain benefits, such as a nonprotected replacement CD, free downloads of music from that CD and additional cash payments ... At least 15 different lawsuits were filed by class action lawyers against the record label, and the New York cases were eventually consolidated into one proceeding. The parties reached a preliminary settlement with Sony BMG in December, leaving it up to a judge in a U.S. District Court in New York to make it official. "
[+] Your Rights Online: Sony Settles With FTC Over Rootkits 133 comments
The FTC has struck a deal with Sony punishing Sony for the rootkits it included on millions of CDs in 2005. The deal is exactly like the Texas and California settlements — $150 a rootkit. The settlement isn't final yet. There will be a 30-day public consultation. American citizens who read Slashdot might want to put in their two cents. Comments will be accepted through March 1 at: FTC, Office of the Secretary, Room H-135, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580 (snail mail only). Here is the FTC page announcing the settlement.
[+] News: FTC Warns Against Deceptive DRM 127 comments
Jane Q. Public writes "At the Federal Trade Commission's Seattle conference on DRM, FTC Director Mary Engle started off by referencing the Sony rootkit debacle, and said that companies are going to have to get serious about disclosing DRM that may affect the usability of products. She also said that disclosure via the fine print in a EULA is not good enough, and 'If your advertising giveth and your EULA taketh away, don't be surprised if the FTC comes calling.' Transcripts and webcasts are available from the FTC website." Update 18:13 GMT by SM: as Jane Q. Public was nice enough to diplomatically point out, the webcasts are no longer functioning, but transcripts are still available.
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Sony DRM Installs a Rootkit? 25 Comments More | Login /

 Full
 Abbreviated
 Hidden
More | Login
Loading... please wait.

  • My question: (Score:5, Interesting)

    by conJunk (779958) on Monday October 31 2005, @07:05PM (#13919067)
    Now is that *sony's* rootkit, or a soon-to-be-former-sony-employer's rootkit?

    • Re:My question: (Score:5, Interesting)

      by ryanr (30917) * <ryan@thievco.com> on Monday October 31 2005, @07:11PM (#13919136) Homepage Journal
      If you read the article, there's a strong implication that this is a purchased commercial rootkit. Presumably, Sony very deliberately licensed and distributed it.

      Mark didn't get into a lot of detail about all of the functions, but he didn't mention any backdoors or phone home functionality.

      • Re:My question: (Score:5, Interesting)

        by networkBoy (774728) on Monday October 31 2005, @07:14PM (#13919153) Homepage
        Honestly, I see this as a real exposure to a lawsuit. If I accidently install this rootkit on my system, then try to remove it (seeing as it looks like a genuine security breach) and then disable my computer, thus having to bring it in for service what then?. If a malware company uses the rootkits ability to hide $sys$ prefixed files and uses that to steal my identity, costing me thousands of dollars and hundreds of hours of time to get my identity back, can I sue?

        -nB

    • Re:My question: (Score:5, Informative)

      by interiot (50685) on Monday October 31 2005, @07:16PM (#13919167) Homepage
      The rootkit is by First 4 Internet [first4internet.co.uk]. It's possible that Sony simply purchased this DRM from this outside company, not realizing that the DRM contained a rootkit.

      Still, one would hope that Sony would only choose reputable suppliers, ones who wouldn't allow a virus/trojan to be distributed intentially or even through neglect.

  • In democratic america... (Score:5, Insightful)

    by Anonymous Coward on Monday October 31 2005, @07:06PM (#13919071)
    corporations exploit YOU!

    hrm, so much for humor. I don't find it funny at all :/

  • as if (Score:5, Insightful)

    by scenestar (828656) on Monday October 31 2005, @07:06PM (#13919074) Homepage Journal
    DRM wasn't intrusive in the first place.
  • We *really* need to get a anti-spyware bill on the books. Something along the lines of, "It shall be a criminal offsense to install non-application software on any computer when the user has not been reasonably notified in advance and/or agreed to have the modifications made. This bill will be reevaluated for its effect in three years."

    Anything running in the background, rootkits, and other forms of spyware (which generally rely on the user not knowing they're there) would immediately become illegal.
      • shall we define "non-application software"?

        The bill would actually need a definition of "application software" so that anything that doesn't meet that definition would be automatically covered. e.g. "Application Software refers to a self-contained program that is installed on the consumer's computer. To be considered self-contained, it must not modify the operating system to execute any software at any time other than when the user runs the software in question."

        what constituteds "agreed to"?

        The courts do. Considering the difficulties they've been giving to the click-through licensers, I'm perfectly okay with that.

  • RootKits coming out in bundles? (Score:5, Interesting)

    by cwtrex (912286) on Monday October 31 2005, @07:08PM (#13919107) Journal
    I'm downloading RootkitRevealer now. I wonder how long it is going to take for Norton and McAfee to upgrade their Rootkit detection abilities? Next years anti-virus release? The last rootkit that Norton found on a computer at work was well spread and had been out for 6 months. It still was unable to remove/fix the infection. :(

  • Didn't Notice? (Score:5, Funny)

    by KidHash (766864) on Monday October 31 2005, @07:09PM (#13919111) Homepage
    Not that this makes it better in any way, but I liked how he said

    I hadn't noticed when I purchased the CD from Amazon.com that it's protected with DRM software, but if I had looked more closely at the text on the Amazon.com web page I would have known

    followed by a picture of the amazon web page in question with [CONTENT/COPY-PROTECTED CD] clearly visible in massive letters.

  • Is the EULA valid? (Score:5, Insightful)

    by nweaver (113078) on Monday October 31 2005, @07:09PM (#13919115) Homepage
    Since spyware WITH a proper EULA has been held to be in violation by the FTC, and since this EULA [sysinternals.com] doesn't really mention the rootkit's difficulty of removal, this might be litigatable.

    Of course, Mark Russinovich did (inadvertantly) dissasemble content protected by the EULA.

  • Sony has gone too far... (Score:5, Insightful)

    by chrispyman (710460) on Monday October 31 2005, @07:12PM (#13919140)
    It's one thing to copy protect your CDs to make it difficult to rip but it's another thing to install a rootkit that is by definition difficult to remove. Who'se going to clean up this mess when a Microsoft patch or SP comes around and breaks any computer with this installed?

  • Thanks (Score:5, Interesting)

    by BCW2 (168187) on Monday October 31 2005, @07:13PM (#13919144) Journal
    I am very glad to hear about this. That CD WAS on my birthday list for next week.

    Sony just lost a sale, end of story.

    • Re:Thanks (Score:5, Insightful)

      by Flower (31351) on Monday October 31 2005, @07:30PM (#13919279) Homepage
      Don't tell Sony. Tell the Brothers that they lost a sale. Let them know that the product they worked so hard on now has poorly written software on it that could damage your computer. And through you want their music you can't buy it and you're going to tell your friends not to risk buying this CD.

  • This has gone too far! (Score:5, Insightful)

    by Billly Gates (198444) on Monday October 31 2005, @07:18PM (#13919182) Homepage Journal
    What is next? Drm that will rewrite your bios and turn your pc into an expensive doorstop for copyright violation?

    As if spyware itself is miraculiously legal and now we have this? Rootkits and spyware programs that append to windows in the mbr so even a reinstall wont delete thim IS TOO FAR!

    I agree with a previous poster that is should be a criminal offense the same catagory as spypainting someones house or breaking an entry. Why do we allow this crap to be legal?

    Its time we wrote our elected officials and inform them about what is happening and about Sony's drm and demand civil and criminal responsibility for malware makers. I dont care if its the CEO of some company spraypainting my house vs a teenage kid. Its still illegal and Sony should be held accountable.

    I was reading on cnn about the drop of ecommerce even though there is still a rise in internet usage. This is due to all the spyware/scams/malware that is infecting pc's at record rates. This is killing out economy and many companies such as Google, Amazon, and Ebay are already getting hit with their wallets over these scams.

    Lets organize and make a difference. This is a slippery slope and I fear what is coming next.

  • What if you refuse the EULA? (Score:5, Interesting)

    by BeBoxer (14448) on Monday October 31 2005, @07:28PM (#13919264)
    I know you can disable auto-run and such to get around this type of crap. But what happens if you just 'disagree' or whatever on the EULA? I assume that Sony will then not install the rootkit and you can rip the CD with whatever tool you normally use? Or does Sony install the rootkit anyway, setting themselves up for criminal prosecution? Does anybody have a copy of this thing to try and answer that question?

    It just seems kind of silly to have DRM which is totally dependant on the user to request it be installed. Or can refusing an EULA be considered a violation of the DMCA?

  • EULA's do not trump the law (Score:5, Informative)

    by LM741N (258038) on Monday October 31 2005, @07:30PM (#13919278)
    You can't enter into a contract which violates the law. Thus a "contract killing" is not a valid contract.

    • Re:What is it exactly? (Score:5, Informative)

      by RingDev (879105) on Monday October 31 2005, @07:21PM (#13919206) Homepage Journal
      Being a root kit just means that the program works at the OS level, USUALLY in such a way that the end user will not notice it, nor will virus detectors flag it. It changes something about "Windows" as opposed to adding something to it. (over simplified)

      The arbitrary code in this case is installed when you hit 'OK'.

      -Rick

    • Re:What is it exactly? (Score:5, Informative)

      by abscondment (672321) on Monday October 31 2005, @07:23PM (#13919218) Homepage

      You're confusing the terms "rootkit" and "trojan"/"backdoor".

      A trojan in its strictest sense tricks a user into executing one set of code when they think they're executing another. A backdoor simply allows remote execution of arbitrary code.

      A rootkit is usually the set of tools that an attacker deploys on a compromised system. "rootkits" in the terms of this article are programs that trick your kernel into doing things it shouldn't do. This could include a trojan or a backdoor, but not necessarily.

      Sony's program is a rootkit because it runs without authorization from the CD and alters the Windows API in order to disguise itself. As far as the article indicates, it doesn't include the ability for Sony to execute code on your machine. It's still dirty and sinister, if you ask me. It also allows any other malicious attackers to conceal anything they plant on your machine - simply by prefixing any file name with $sys$ - that's not cool!

      • Re:OS's fault (Score:5, Informative)

        by speeDDemon (nw) (643987) on Monday October 31 2005, @07:28PM (#13919262) Homepage

        Trusted Computing...

        I think this lil video on Trusted Computing [lafkon.net] is perfect at explaining trusted computing.

        I leave it running on the computers on display in my store. Hopeing that I can educate enough people in my small section of the world about the follies they are about to embark on.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.