Sony DRM Installs a Rootkit? 801
An anonymous read writes "SysInternals.com guru Mark Russinovich has a detailed investigation of a rootkit from Sony Music. It's installed with a DRM-encumbered music CD, Van Zant's "Get Right with the Man". (Mmmm, delicious irony!) The rootkit introduces several security holes into the system that could be exploited by others, such as hiding any executable file that starts with '$sys$'. Russinovich also identifies several programming bugs in the method it uses to hook system calls, and chronicles the painful steps he had to take to 'exorcise the daemon' from his system." This house is clear.
Re:and now with no liability (Score:5, Informative)
Re:My question: (Score:5, Informative)
Still, one would hope that Sony would only choose reputable suppliers, ones who wouldn't allow a virus/trojan to be distributed intentially or even through neglect.
Re:But... (Score:3, Informative)
Re:OS's fault (Score:3, Informative)
They can't make it impossible to do this kind of thing on 32-bit versions of Windows (without breaking A LOT of drivers and programs), but on all 64-bit Windows versions this is already impossible.
TIme to... (Score:4, Informative)
Re:What is it exactly? (Score:5, Informative)
The arbitrary code in this case is installed when you hit 'OK'.
-Rick
Re:What is it exactly? (Score:5, Informative)
You're confusing the terms "rootkit" and "trojan"/"backdoor".
A trojan in its strictest sense tricks a user into executing one set of code when they think they're executing another. A backdoor simply allows remote execution of arbitrary code.
A rootkit is usually the set of tools that an attacker deploys on a compromised system. "rootkits" in the terms of this article are programs that trick your kernel into doing things it shouldn't do. This could include a trojan or a backdoor, but not necessarily.
Sony's program is a rootkit because it runs without authorization from the CD and alters the Windows API in order to disguise itself. As far as the article indicates, it doesn't include the ability for Sony to execute code on your machine. It's still dirty and sinister, if you ask me. It also allows any other malicious attackers to conceal anything they plant on your machine - simply by prefixing any file name with $sys$ - that's not cool!
Re:OS's fault (Score:5, Informative)
Trusted Computing...
I think this lil video on Trusted Computing [lafkon.net] is perfect at explaining trusted computing.
I leave it running on the computers on display in my store. Hopeing that I can educate enough people in my small section of the world about the follies they are about to embark on.
EULA's do not trump the law (Score:5, Informative)
Re:OS's fault (Score:4, Informative)
Re:But... (Score:4, Informative)
After being presented with a sell-your-babies-to-the-almighty-record-label EULA, and before shoving awfully encoded WMA format files down their throats.
Hint #1: There's no "copy protection" on CDs. For most parts, it's misshapen multi-session CDs. cdrdao read-cd --session 1 ... Hint #2: If you're encoding the files to MP3, Vorbis or, good heavens, WMA, digital rips are wayyyy overrated and plain old CD player, analog RCA-to-RCA cable and an audio recorder app can do really wonders. =)
Re:This has gone too far! (Score:5, Informative)
Yes, look for it in your next Blu-Ray Disc Player.
http://www.engadget.com/entry/1234000737057152/ [engadget.com]
"On top of that, consumers should expect punishment for tinkering with their Blu-ray players, as many have done with current DVD players, for instance to remove regional coding. The new, Internet-connected and secure players will report any "hack" and the device can be disabled remotely."
Re:and now with no liability (Score:3, Informative)
You shall defend and hold the SONY BMG PARTIES harmless from and against any and all liabilities, damages, costs, expenses or losses arising out of your use of the LICENSED MATERIALS, your negligent or wrongful acts, your violation of any applicable laws or regulations, and/or your breach of any provision of this EULA.
Re:Could be . . . (Score:3, Informative)
Because I think the DMCA is a ridiculously bad piece of law, I would like to see Mark prosecuted for violating it, so that people can see just how bad it is.
-paul
Re:Rootkit? No evidence of that. (Score:3, Informative)
I think the article provided enough evidence as is. Yes, it is "DRM shovelware", which is an offense in itself. Yes, it's hard to uninstall, which is bad. But it's also trying to hide itself, which is really nasty, and it hides stuff indiscriminately, which is worse.
It is a rootkit, because it messes with the OS to hide specific files. It is a dangerous rootkit, because it hides all files that start with some prefix, not just the specific files used by the DRM mechanism - this could be potentially used to hide more mischief from the same source.
Re:What is it exactly? (Score:5, Informative)
THAT is the biggest problem with these windoze DRM hacks. You can secure your system with all the technology at your disposal, but it means nothing when you are tricked into running a rootkit disguised as DRM. Then you have to trust the DRM vendor did not make any mistakes that expose you to further security risks.
People like to gripe about Apple's DRM, but at least they know better than to pull crap like this.
Not very good DRM (Score:2, Informative)
1.) Insert CD into a Macintosh
(And yes, little Timmy, Linux/BSD/FreeDOS/whatever)
Re:Didn't Notice? (Score:3, Informative)
Mark Russinovich should check his order history for the presence of that text there to determine if it was present at the time he ordered.
See this movie to see why AV is now outdated (Score:3, Informative)
For a great movie showing the author of hacker defender defeating most all of the current rootkit-defeating programs see the following link:
http://www.hxdef.org/download/brilliant.php [hxdef.org]
Re:In democratic america... (Score:5, Informative)
Insightful indeed.
The thing is that there is more than a corporation here. The artist that chose to sign with Sony is now going to feel the repercussions of this dirty little trick Sony tried to play. Do you think that Sony really cares if they loose a few sales of this one CD because they got caught red-handed? Of course not.
These record labels are not only exploiting the consumer, but they are screwing over the artists that depend on them for advertising and distribution. Here is contact information [thevanzants.com] for Van Zant [thevanzants.com]. Let them know that you're pissed. Let them know you won't be buying their CD. Let them know that they were screwed by Sony. While you're at it, why not let First4Internet [first4internet.com] know that you hate them and hope they burn in Hell for writing malware like this. A few thousand emails will do wonders for these jerks.
If enough artists move away from these corporate labels it can only mean good things for the consumers. It's not impossible for this to happen, just extremely difficult.
Re:FTA (Score:3, Informative)
On top of that, a majority of their tools are completly free, light, and do the job WELL.
They have tools made to defragment your registry hives, to actually execute a process as another user (don't mention "runas", their stuff takes it to another level), monitor the registry hives for changes, and this disturbingly well-done root kit revealer.
Sysinternals is god when it comes to actually looking at what is wrong with a MS OS, and there's no way around it.
This house is... (Score:2, Informative)
Re:and now with no liability (Score:3, Informative)
A contract can not exempt any party from an act which contravenes any current laws.
To quote the UK Sale of goods act 2002 Sony did not mention this at the point of sale and therefor would be liable for repair of the problem
Re:Sony is protected by the DMCA (Score:2, Informative)
Re:My question: (Score:2, Informative)
Re:This has gone too far! (Score:3, Informative)
Re:It is NOT a rootkit (Score:3, Informative)
Re:Answer: This is truly evil (Score:1, Informative)
Re:Answer: This is truly evil (Score:5, Informative)
Offtopic, but..
If you think a stock will move but don't know in which direction, buy get and put options at the current price. They'll be in the money after any significant stock movement. Called a Long Straddle [riskglossary.com].
Re:What is it exactly? (Score:3, Informative)
This is NOT a music CD (Score:1, Informative)
Re:Sony is protected by the DMCA (Score:5, Informative)
This isn't the first time Sony's had this idea. Years ago they asked someone to write a virus to subliminally provide marketing to people. This motivated the person they asked to write a book called Coercion.
Re:It is NOT a rootkit (Score:3, Informative)
Re:Sony is protected by the DMCA (Score:2, Informative)
Re:OS's fault (Score:4, Informative)
Re:OS's fault (Score:3, Informative)
Run as a regular user. Users group.
Then, if (when) you need to install something, or run a program that needs administrative privileges, right click it and "Run as" Administrator (or user with administrative privileges).
This is the same kind of thing as 'sudo' in linux.
You'll get a lot less shit on your system this way, still not perfect but better.
Copiable? (Score:3, Informative)
Is this CD playable without the drm software after using cdparanoia or some other tool? SonyBMG is now added to my list of labels not to buy due to copy protection, which previously included ToshibaEMI and Avex Trax for their (cdparanoia breakable) copy protection. In fact I don't buy CDs any more, I just keep a copy of cdparanoia around because sometimes people give me CDs as presents and often they seem to have some kind of copy garbling, erm protection.
Re:Sony is protected by the DMCA (Score:4, Informative)
I'm not sure what jurisdiction -you're- in, but the last I checked anywhere, those general "not our fault" clauses don't mean a thing against something done intentionally. If you are with full awareness doing something malicious, that is a totally different animal then accidentally releasing bugged software, and "not our fault" won't even begin to protect them.
Re:Sony is protected by the DMCA (Score:3, Informative)
What it prohibits is the disemination of knowlege and tools on how to circumvent copy protection.
Anyone is free to do anything they want to rid themselves of any copy protection on media they own...as long as they keep the knowlege of it entirely to themselves. (There are some exceptions for encryption research and, to a lesser extent security research, as well)
Re:Sony is protected by the DMCA (Score:5, Informative)
See, the problem with this is you did not give them permission. You didn't even run their executable. It happened without your expectation, knowledge, or consent.
You popped in what you thought was a nice little audio CD. Because Microsoft has been configured to run the software on these CDs by default, you end up running it -- that's not permission. When you put in an audio CD, you expect to hear, well, music. Not to have something installed on your computer which compromises its security.
You can't say that someone accepted terms of use when Microsoft, acting in conjunction with these companies, decided that what needs to happen is that any CD with executable code on it needs to be executed blindly and without user confirmation.
For the vast majority of users, playing a CD in their computer is shockingly like playing a CD in their CD player. It is neither a tacit nor an explicit agreement to run any and all software they may have installed on it.
It is a complete mis-representation to claim that you gave permission for them to do anything they wanted to do with it. If I open my door to a solicitor, that doesn't give them the right to enter my home and do anything they damned well please.
This absurbd notion that what is, in effect, trojan software has been accepted by the user simply because they decided to play an audio CD in their computer is complete and utter tripe. And saying that you "should have known better" is a complete cop-out -- we already know that the vast majority of computer users simply lack the knowledge to prevent this sort of thing. Especially when the OS manufacturer has decided a priori for you that is what will happen.
Now, if they put in big honking letters on the CD case that if you play this CD on a Windows machine, software will be installed on your machine, your argument might have merit. But the simple fact that it is NOT spelled out in big font, means that, for all intents and purposes, this is a trojan.
Imagine extending this totally absurd argument to credit cards -- 'by handing your credit card to the waiter to pay your bill, you tacitly agree to paying for the staff trip to Aruba'; Oh, didn't know? How dare you? It's a bullshit argument in either case, because you imply consent where, clearly, none was given.
In either case, you show me where the user has actually agreed to anything, and your point might be valid. Otherwise, it's after-the-fact rationalization based on the absurd notion that the user knew what would happen.
Now, I realize as I'm writing this that your ID lists you as Andrew Tanenbaum -- so I'm forced to conclude one of two things -- 1) It's a popular, but misleading name on Slashdot, or 2) the Great Andrew Tanenbaum has absolutely no clue about what is reasonable for a company to do to the end-users machines. In either case, I'm not impressed. If 2), then you're just a standard Slashdot schmoe, and I expect nothing more, but you're still misinformed. If it truly is 1), then I've lost a great deal of respect for you -- because a professor of this stuff should know better, because you bloody well get paid to be informed about this stuff. Asserting that you somehow gave permission somewhere in that process is utter crap! An agreement I was never shown is null-and-void.
Cheers
Re:It's immoral to buy RIAA music (Score:3, Informative)
Re:the big guys take punches like candy... (Score:3, Informative)
Never admit that publicly. DMCA, RIAA, Evidence, I hope you weren't serious. These are not nice guys to deal with.
If you admit it, do it from a public terminal as an AC.
Re:Britain's Computer Misuse Act... (Score:3, Informative)
therefore, if the rootkit opens back doors, or makes it possible to hide programs, charge #2 applies.
Re:Sony is protected by the DMCA (Score:5, Informative)
US Law Title 17 section 1201: [cornell.edu]
Circumvention of copyright protection systems
(a) Violations Regarding Circumvention of Technological Measures.--
(1) (A) No person shall circumvent a technological measure that effectively controls access to a work protected under this title.
The act of circumvention itself is indeed criminalized by the DMCA.
Note that the DMCA also says:
(c) Other Rights, Etc., Not Affected.--(1) Nothing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use, under this title.
That sounds pretty good, right? Except it's pure bullshit, law literally written by lawyers employed by the publishing industry. It means absolutely ZERO. It says it protects/preserves Fair Use defenses to Copyright Infringment. However CIRCUMVENTION CRIME is not copyright infringment. Circumvention crime has absolutely nothing to do with copyright infringment. There is no Fair Use defence to cricumvention crime. So what that section really says is that a NONEXISTANT defence is not affected. It sure sounded nice though, didn't it?
-
Not on Amazon UK (Score:3, Informative)
Any rootkit would be clear violation of sections 2 and 3 of the Computer Missuse Act [opsi.gov.uk]. This Act comes from EU treaty obligations so substantially similar legislation exists throughout Europe. The territorial scope of this Act only requires one of the parties to the offense to be in the UK. So buying this from Amazon UK should cover you even if you dont live in the UK.
Re:Sony is protected by the DMCA (Score:3, Informative)
Re:Thanks (Score:3, Informative)
The list of CD's so far are:
Note: I would had preffered to make a nice looking list, but Slashdot was spitting me " Your comment has too few characters per line (currently 36.7)." so I had to remove all the CRLF from my post. Sorry
Nothing Is Sound. Switchfoot [amazon.com] Unwritten [ENHANCED] Natasha Bedingfield [amazon.com] Ride Shelly Fairchild [amazon.com] 12 Songs Neil Diamond [amazon.com] Touch Amerie [amazon.com] Bloom Remix Album [ENHANCED] Sarah McLachlan [amazon.com] Kasabian Kasabian [amazon.com] The Essential Pete Seeger [ORIGINAL RECORDING REMASTERED] Pete Seeger [amazon.com] Jeru [ENHANCED] [ORIGINAL RECORDING REMASTERED] Gerry Mulligan [amazon.com] imes Like These Buddy Jewell, [amazon.com] Bob Brookmeyer & Friends [ORIGINAL RECORDING REMASTERED] Bob Brookmeyer [amazon.com] Healthy In Paranoid Times [ENHANCED] Our Lady Peace [amazon.com] Cautivo [DUALDISC] Chayanne [amazon.com] The Invisible Invasion Coral, The Coral [amazon.com] Defined Amici Forever [amazon.com] Suspicious Activity [ENHANCED] The Bad Plus [amazon.com] Manhattan Symphonie [ORIGINAL RECORDING REMASTERED] Dexter Gordon [amazon.com] Phantoms Acceptance [amazon.com] On Ne Change Pas Celine Dion [amazon.com] Get Right with the Man Van Zant [amazon.com] To Love Again [ENHANCED] Chris Botti [amazon.com] Life [DUALDISC] Ricky Martin [amazon.com] The Essential Dion [ENHANCED] [ORIGINAL RECORDING REMASTERED] Dion [amazon.com] Faso Latido A Static Lullaby [amazon.com] Change It All Goapele [amazon.com] Susie Suh Susie Suh [amazon.com] My Very Special Guests [ORIGINAL RECORDING REMASTERED] George Jones [amazon.com] Broken Valley Life of Agony [amazon.com] Silver's Blue [ENHANCED] [ORIGINAL RECORDING REMASTERED] Horace Silver [amazon.com] Z [ENHANCED] My Morning Jacket [amazon.com]
Re:Sony is protected by the DMCA (Score:3, Informative)