Sony DRM Installs a Rootkit? 801
An anonymous read writes "SysInternals.com guru Mark Russinovich has a detailed investigation of a rootkit from Sony Music. It's installed with a DRM-encumbered music CD, Van Zant's "Get Right with the Man". (Mmmm, delicious irony!) The rootkit introduces several security holes into the system that could be exploited by others, such as hiding any executable file that starts with '$sys$'. Russinovich also identifies several programming bugs in the method it uses to hook system calls, and chronicles the painful steps he had to take to 'exorcise the daemon' from his system." This house is clear.
My question: (Score:5, Interesting)
Re:My question: (Score:5, Interesting)
Mark didn't get into a lot of detail about all of the functions, but he didn't mention any backdoors or phone home functionality.
Re:My question: (Score:5, Interesting)
-nB
Sony is protected by the DMCA (Score:5, Interesting)
If you do this, then you are deliberately disabling a copy protection system, which is illegal under the DMCA. So Sony can sue you.
[Note: this varies with your jurisdiction. No DMCA in Canada, yet.]
Doug Moen.
Re:Sony is protected by the DMCA (Score:5, Insightful)
I can disable a copy protection system on my own computer - specifically removing it. They didn't have permission to put it there, and I think it would be a tough case to prosecute me for repairing my own computer. My computer is not Sony's medium to do with as they please - it's MINE - I paid for it, and I licensed the software.
Now, removing the protection from their media - or extracing the content and freeing it from the DRM, yes, that's circumvention, and probably prosecutable under the DMCA.
But my computer is MINE and they don't have the right to secretly fuck with it.
Re:Sony is protected by the DMCA (Score:5, Interesting)
I'd vote for trespass, but I also don't have any content to sell. Mark, how's the adminpak selling? I hope you've got some good DRM on your CD's if you're any indication of the talent that's out there...
Re:Sony is protected by the DMCA (Score:5, Insightful)
He didn't remove the DRM for access to songs.
He removed the DRM from his computer (effectively
a manual uninstall). They did imply in the document that he was allowed to uninstall it.
Re:Sony is protected by the DMCA (Score:5, Interesting)
Re:Sony is protected by the DMCA (Score:5, Insightful)
They'd better hope it's them, because if it's us, then it's not circumventing their copy protection scheme to hold down shift while I load the CD, is it?
On the other hand, if it's them and they install software on my PC without my permission in the UK, my lawyer would like to talk to them about the Computer Misuse Act.
Oh dear. This sounds like a lose-lose proposition for Sony. That's really, y'know, too bad and all. :-)
Re:Sony is protected by the DMCA (Score:5, Insightful)
When I buy a CD, I shouldn't have to expect it to install a rootkit, and have to check the included materials to see if it does; it's Sony's responsibility to tell me they're messing with my software, and ask for consent...
Sony is flirting with trouble... (Score:5, Interesting)
IANAL, however, I believe that contracts that are made in bad faith, or with the intent to decieve a particpant are not binding. If this is the case, I think that I wouldn't be hard to argue in a court that you have no obligation to keep Sony's rootkit (by deffinition an illicit and deceptive tool) on your computer. Moreover, you might also be entitled to damages resulting from said 'bad faith' agreement.
Even if my assessment isn't quite correct, it seems to me that it is probably fuzzy enough of a point to invite litigation. If I were a multimillion(billion?) dollar company I wouldn't be the one to test the legal water on something like this.
Re:Sony is protected by the DMCA (Score:5, Informative)
This isn't the first time Sony's had this idea. Years ago they asked someone to write a virus to subliminally provide marketing to people. This motivated the person they asked to write a book called Coercion.
Re:Sony is protected by the DMCA (Score:5, Insightful)
Furthermore, your argument is simply insane, even if applied to software CDs. Do I give permission to any software vendor to install anything they want when I run the installer executable? Do I give them permission to wipe my hard drive? Install malicious, intentionally uninstallable programs? Monitor my activities when not using their software?
Even the most ardent proponent of EULAs couldn't make the claim that you give such permissions by default. Unless they specifically ask, they don't have permission to do anything that isn't specifically part of the product as a reasonable person would perceive it to be.
Re:Sony is protected by the DMCA (Score:4, Interesting)
And the EULA doesn't mention this rootkit or anything like it, from what I've read. In my opinion, I have the right to create a secure environment for my data, and the rootkit subverts that. Since the EULA doesn't mention it, I'm free to remove unauthorized the unauthorized code.
Bad Sony! No biscuit!
Re:Sony is protected by the DMCA (Score:5, Informative)
See, the problem with this is you did not give them permission. You didn't even run their executable. It happened without your expectation, knowledge, or consent.
You popped in what you thought was a nice little audio CD. Because Microsoft has been configured to run the software on these CDs by default, you end up running it -- that's not permission. When you put in an audio CD, you expect to hear, well, music. Not to have something installed on your computer which compromises its security.
You can't say that someone accepted terms of use when Microsoft, acting in conjunction with these companies, decided that what needs to happen is that any CD with executable code on it needs to be executed blindly and without user confirmation.
For the vast majority of users, playing a CD in their computer is shockingly like playing a CD in their CD player. It is neither a tacit nor an explicit agreement to run any and all software they may have installed on it.
It is a complete mis-representation to claim that you gave permission for them to do anything they wanted to do with it. If I open my door to a solicitor, that doesn't give them the right to enter my home and do anything they damned well please.
This absurbd notion that what is, in effect, trojan software has been accepted by the user simply because they decided to play an audio CD in their computer is complete and utter tripe. And saying that you "should have known better" is a complete cop-out -- we already know that the vast majority of computer users simply lack the knowledge to prevent this sort of thing. Especially when the OS manufacturer has decided a priori for you that is what will happen.
Now, if they put in big honking letters on the CD case that if you play this CD on a Windows machine, software will be installed on your machine, your argument might have merit. But the simple fact that it is NOT spelled out in big font, means that, for all intents and purposes, this is a trojan.
Imagine extending this totally absurd argument to credit cards -- 'by handing your credit card to the waiter to pay your bill, you tacitly agree to paying for the staff trip to Aruba'; Oh, didn't know? How dare you? It's a bullshit argument in either case, because you imply consent where, clearly, none was given.
In either case, you show me where the user has actually agreed to anything, and your point might be valid. Otherwise, it's after-the-fact rationalization based on the absurd notion that the user knew what would happen.
Now, I realize as I'm writing this that your ID lists you as Andrew Tanenbaum -- so I'm forced to conclude one of two things -- 1) It's a popular, but misleading name on Slashdot, or 2) the Great Andrew Tanenbaum has absolutely no clue about what is reasonable for a company to do to the end-users machines. In either case, I'm not impressed. If 2), then you're just a standard Slashdot schmoe, and I expect nothing more, but you're still misinformed. If it truly is 1), then I've lost a great deal of respect for you -- because a professor of this stuff should know better, because you bloody well get paid to be informed about this stuff. Asserting that you somehow gave permission somewhere in that process is utter crap! An agreement I was never shown is null-and-void.
Cheers
_WHAT_ EULA?!?! (Score:5, Insightful)
Re:Sony is protected by the DMCA (Score:4, Informative)
I'm not sure what jurisdiction -you're- in, but the last I checked anywhere, those general "not our fault" clauses don't mean a thing against something done intentionally. If you are with full awareness doing something malicious, that is a totally different animal then accidentally releasing bugged software, and "not our fault" won't even begin to protect them.
Re:Sony is protected by the DMCA (Score:4, Insightful)
Upon the expiration or termination of this EULA, you shall immediately remove all of the LICENSED MATERIALS from your personal computer system and delete or destroy them, along with any related documentation (and any copies thereof) that you may have received or otherwise may possess
So, pretty much what they want me to do is, if I decide to terminate the agreement I have to re-format my system.
Re:Sony is protected by the DMCA (Score:5, Informative)
US Law Title 17 section 1201: [cornell.edu]
Circumvention of copyright protection systems
(a) Violations Regarding Circumvention of Technological Measures.--
(1) (A) No person shall circumvent a technological measure that effectively controls access to a work protected under this title.
The act of circumvention itself is indeed criminalized by the DMCA.
Note that the DMCA also says:
(c) Other Rights, Etc., Not Affected.--(1) Nothing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use, under this title.
That sounds pretty good, right? Except it's pure bullshit, law literally written by lawyers employed by the publishing industry. It means absolutely ZERO. It says it protects/preserves Fair Use defenses to Copyright Infringment. However CIRCUMVENTION CRIME is not copyright infringment. Circumvention crime has absolutely nothing to do with copyright infringment. There is no Fair Use defence to cricumvention crime. So what that section really says is that a NONEXISTANT defence is not affected. It sure sounded nice though, didn't it?
-
Legal Precedent in other forms (Score:5, Funny)
If I kill you to prevent you from killing me, killing you is self defense and not a crime. Seems reasonable that if I kill Sony's process to prevent it from stealing my ID that it's self defense and not a crime. The DMCA is one of those laws that is so out of whack, nevermind the US Constitution. It probably violates Brittish common law, the Magna Carta, and if you look hard enough it probably violates the code of Hammurabai and the social order of primitive hunter-gatherer cultures too.
Re:Sony is protected by the DMCA (Score:4, Interesting)
Re:Sony is protected by the DMCA (Score:4, Funny)
Re:My question: (Score:5, Insightful)
Re:My question: (Score:5, Interesting)
It'll go like this: Somebody out there with an axe to grind against Sony is going to lift this code intact, with no modifications, and marry it with a worm that goes around and infects peoples machines with some nasty or other that executes with a file that has a name beginning with $sys$ and cause some real trouble with it.
Net result, the infected folks are going to have a SERIOUS beef with Sony over the fact that the "invisible" file was able to install itself and run its merry course completely under the radar. All because of a piece of shit attempt by a fucked up Giant Corporation that was attempting to further line its pockets by installing some ... shall we say, hmm, unsavory code?
Ok script kiddies, you have your assignment. Now get to work!
Re:My question: (Score:5, Insightful)
Answer: This is truly evil (Score:5, Insightful)
Seriously speaking, this shows two things. One is yet another demonstration of the fundamental evil of Microsoft's "security" model. Even if you weren't running as root/Administrator (and everyone does, don't they?), then the "reputable" installation from the "reputable" company would just ask you to elevate your privileges.
The other thing is that power is always abused. If not now and by Sony, then tomorrow by some other "reputable" company. (Or put on your tin hat and say "Yesterday by the NSA.")
I hope they track this story, and if it is not another misguided /. rumor, I certainly hope that Sony repudiates the technique and the software. Soon.
Then they should apologize.
Then sack the person responsible.
Then sack the person responsible for not sacking the responsible person earlier.
[Infinite loop warning.]
Re:Answer: This is truly evil (Score:5, Informative)
Offtopic, but..
If you think a stock will move but don't know in which direction, buy get and put options at the current price. They'll be in the money after any significant stock movement. Called a Long Straddle [riskglossary.com].
Re:My question: (Score:3, Insightful)
AFAIK this is a rootkit in more ways than one.
-nB
Re:My question: (Score:3, Insightful)
It's obvious that a rootkit exists on the CD. It's quite likely that Sony purchased the DRM from First4Internet. It's not obvious that Sony asked First4Internet to include a rootkit in the product that was delivered to Sony.
Re:My question: (Score:5, Informative)
Still, one would hope that Sony would only choose reputable suppliers, ones who wouldn't allow a virus/trojan to be distributed intentially or even through neglect.
Re:My question: (Score:5, Insightful)
I think it's far more likely that Sony knew what this software did, and chose to distribute it anyway. This could have been a result of incompetent testers, poor communication between QA and management, overbearing management anxious to get a product out on a strict deadline, or any number of other things.
Re:My question: (Score:5, Funny)
You never played Star Wars Galaxies, did you?
Re:My question: (Score:5, Insightful)
In democratic america... (Score:5, Insightful)
hrm, so much for humor. I don't find it funny at all
Re:In democratic america... (Score:5, Insightful)
i don my tinfoil hat and robe...
Re:In democratic america... (Score:5, Funny)
Wow, a tinfoil hat and robe! When do the pants and underwear come in?
However when you said "hat and robe", my first thought was of Bloodninja's cyber adventures [albinoblacksheep.com].
Re:In democratic america... (Score:5, Interesting)
Re:In democratic america... (Score:5, Informative)
Insightful indeed.
The thing is that there is more than a corporation here. The artist that chose to sign with Sony is now going to feel the repercussions of this dirty little trick Sony tried to play. Do you think that Sony really cares if they loose a few sales of this one CD because they got caught red-handed? Of course not.
These record labels are not only exploiting the consumer, but they are screwing over the artists that depend on them for advertising and distribution. Here is contact information [thevanzants.com] for Van Zant [thevanzants.com]. Let them know that you're pissed. Let them know you won't be buying their CD. Let them know that they were screwed by Sony. While you're at it, why not let First4Internet [first4internet.com] know that you hate them and hope they burn in Hell for writing malware like this. A few thousand emails will do wonders for these jerks.
If enough artists move away from these corporate labels it can only mean good things for the consumers. It's not impossible for this to happen, just extremely difficult.
Re:In democratic america... (Score:4, Insightful)
iTunes Australia and Japan (Score:5, Interesting)
I'm really starting to hate that company. This BS "DRM" is just the icing on the cake. Sure, iTunes has DRM, but it's quite benign (5 computers, unlimited ipods, unlimited burns per song, 7 burns per album).
They're too big, and have their hands in too many pots. Time for Sony artists to take a stand and go with somebody else (quite difficult, considering the ass-raping contracts they probably had to sign). Essentially, Sony are denying their artists a source of income to satisfy the needs of their consumer electronics department. I'd be pissed.
Re:In democratic america... (Score:5, Insightful)
I've read two relevant quotes.
"Democracy is the theory that the people know what they want and deserve to get it good and hard."
"In communism, man exploits man. In capitalism, it's the other way around."
as if (Score:5, Insightful)
and now with no liability (Score:3, Interesting)
Re:and now with no liability (Score:5, Informative)
Anti-spyware Bill (Score:5, Insightful)
Anything running in the background, rootkits, and other forms of spyware (which generally rely on the user not knowing they're there) would immediately become illegal.
Re:Anti-spyware Bill (Score:5, Insightful)
Problem #2 - Mr. Identity Theif in wierd 3rd world country where such things are illegal but are tactitly condoned by local authority as long as its not someone from their country
Problem #3 - Mr Corporate Lobbyist - RIAA & MPAA ring any bells????
Problem #4 - Your privacy has been dead for decades. The sad part is that people are just now starting to smell the rotting corpse.
Passing a bill here in the USA will only do what CAN-SPAM did - drive them off shore to less regulated places. What's really needed is the ability to establish peering points that co-incide with national borders. Then we can pass a law that says that if we don't like your data integrity laws, we don't pass traffic to/from you.
See if that doesn't actually accomplish what you're looking for.
2 cents,
Queen B
Britain's Computer Misuse Act... (Score:5, Interesting)
America - well, there's no privacy in the US of A. The trade in personal information is open and widespread. There is an excellent chance that if anyone tried to prosecute Sony over privacy infringements that it would be laughed out of court. You can't protect what you don't have. Posession is 9/10ths of the law, and Americans posess very little - much as they often like to believe otherwise.
Sony actually has a much stronger case. Reverse-engineering their DRM scheme is in direct violation of both the letter AND the spirit of the DMCA, which is explicitly intended to prohibit exactly this kind of research (ie: the study of the spyware) and this kind of result (ie: the removal of it, afterwards). Depending on who Sony licensed the rootkit from, there is a possibility it might also violate aspects of the PATRIOT act. (If the rootkit is also used by any law enforcement groups, then this study could compromise wiretapping provisions in the act.)
Re:Britain's Computer Misuse Act... (Score:4, Insightful)
Since I did *not* authorize Sony to install a rootkit (authorisation to play a CD won't stretch that far) they have broken the law, and should be prosecuted.
Luckily we have corporate legal liability in this country too...
Re:Anti-spyware Bill (Score:5, Insightful)
The bill would actually need a definition of "application software" so that anything that doesn't meet that definition would be automatically covered. e.g. "Application Software refers to a self-contained program that is installed on the consumer's computer. To be considered self-contained, it must not modify the operating system to execute any software at any time other than when the user runs the software in question."
what constituteds "agreed to"?
The courts do. Considering the difficulties they've been giving to the click-through licensers, I'm perfectly okay with that.
Re:Anti-spyware Bill (Score:5, Interesting)
RootKits coming out in bundles? (Score:5, Interesting)
OS's fault (Score:3, Interesting)
Re:OS's fault (Score:4, Insightful)
Re:OS's fault (Score:5, Informative)
Trusted Computing...
I think this lil video on Trusted Computing [lafkon.net] is perfect at explaining trusted computing.
I leave it running on the computers on display in my store. Hopeing that I can educate enough people in my small section of the world about the follies they are about to embark on.
Re:OS's fault (Score:4, Informative)
Re:OS's fault (Score:3, Informative)
They can't make it impossible to do this kind of thing on 32-bit versions of Windows (without breaking A LOT of drivers and programs), but on all 64-bit Windows versions this is already impossible.
Re:OS's fault (Score:4, Informative)
Re:OS's fault (Score:4, Insightful)
Come on, man. It's 2006 already
Re:OS's fault (Score:4, Funny)
Didn't Notice? (Score:5, Funny)
I hadn't noticed when I purchased the CD from Amazon.com that it's protected with DRM software, but if I had looked more closely at the text on the Amazon.com web page I would have known
followed by a picture of the amazon web page in question with [CONTENT/COPY-PROTECTED CD] clearly visible in massive letters.
Is the EULA valid? (Score:5, Insightful)
Of course, Mark Russinovich did (inadvertantly) dissasemble content protected by the EULA.
Re:Is the EULA valid? (Score:3, Insightful)
If we had an eula where the user agreed to be held as a slave would that be legal too? I think not.
Sony has gone too far... (Score:5, Insightful)
Thanks (Score:5, Interesting)
Sony just lost a sale, end of story.
Re:Thanks (Score:5, Insightful)
This has gone too far! (Score:5, Insightful)
As if spyware itself is miraculiously legal and now we have this? Rootkits and spyware programs that append to windows in the mbr so even a reinstall wont delete thim IS TOO FAR!
I agree with a previous poster that is should be a criminal offense the same catagory as spypainting someones house or breaking an entry. Why do we allow this crap to be legal?
Its time we wrote our elected officials and inform them about what is happening and about Sony's drm and demand civil and criminal responsibility for malware makers. I dont care if its the CEO of some company spraypainting my house vs a teenage kid. Its still illegal and Sony should be held accountable.
I was reading on cnn about the drop of ecommerce even though there is still a rise in internet usage. This is due to all the spyware/scams/malware that is infecting pc's at record rates. This is killing out economy and many companies such as Google, Amazon, and Ebay are already getting hit with their wallets over these scams.
Lets organize and make a difference. This is a slippery slope and I fear what is coming next.
Re:This has gone too far! (Score:5, Informative)
Yes, look for it in your next Blu-Ray Disc Player.
http://www.engadget.com/entry/1234000737057152/ [engadget.com]
"On top of that, consumers should expect punishment for tinkering with their Blu-ray players, as many have done with current DVD players, for instance to remove regional coding. The new, Internet-connected and secure players will report any "hack" and the device can be disabled remotely."
Re:Not on my portion of the Internet (Score:4, Insightful)
Good question. Because without Internet access to renew its keys it will simply stop working. Welcome to the DRM future.
Re:This has gone too far! (Score:5, Interesting)
Lets organize and make a difference.
OK, let's. I assume that this is a call to join a foundation, organization, or movement. What have you decided to call this organization? What's the mission statement? What are the goals of the organization? Meeting times? Rallies?
Yep, I just might be interested. Really.
If you're serious, that is - but I don't think you are. See, if you were, you'd have to stretch yourself outside of your current "comfort zone", which currently includes your computer, and quite possibly your mother's basement, but not much else.
But, if you WERE serious, and you REALLY DID put out enough effort to register a domain name, make a website, put together some business cards, talk to REAL LIVE PEOPLE (instead of your laptop) at real, live events, you'd find out very quickly what real, live people think. You'd grow immensely, as a result. Your skills at working with people, and your earning power would be forever improved, and your understanding of your true role in society would be much, much firmer.
You would forever be a bigger, better person.
I dare you to put together an organization of at least 100 members towards your cause. In order to be a "member", they have to have contributed at least $10 in CASH towards your cause's war chest. (And, I know you can do it, because I did)
Like unto a virus (Score:3, Funny)
TIme to... (Score:4, Informative)
What if you refuse the EULA? (Score:5, Interesting)
It just seems kind of silly to have DRM which is totally dependant on the user to request it be installed. Or can refusing an EULA be considered a violation of the DMCA?
This is as good as... (Score:3, Funny)
Great corporate thinking (Score:3, Insightful)
EULA's do not trump the law (Score:5, Informative)
Here is what a kid had to say... (Score:5, Interesting)
Disappointing, to say the least..., October 14, 2005
A Kid's Review (Amazon.com)
I tried copying this CD, not knowing that it was protected. So, I ripped it to my hard-drive and burned it. But, when I inserted the burned copy into my computer, the screen froze for a while, and an installer icon appeared on the taskbar in the bottom right. It installed somthing - and now I cannot burn anything, with any program. I've even tried using a different, external CD burner. A disk error comes up during burning, even if I am not not burning audio CDs. This was not a fluke. I've talked to other people this has happened to. Avoid anything with "copy protection." Sony might as well burn viruses onto the CDs they distribute.
It's immoral to buy RIAA music (Score:5, Interesting)
Awesome (Score:5, Insightful)
I think this is the way to fight DRM. When we complain about DRM rights, we're fighting a crusade on principle, and few people really get what's wrong. When you say, "This CD that I paid for can't be transferred to my iPod," people will see that it's outrageous. When people see that it's installing spyware on your computer, they'll flip. Cheers to whoever's left this feedback.
*phew* (Score:5, Funny)
Incentivising Piracy (Score:5, Insightful)
Welcome to a Brave New World: People who pay for their music get viruses, while people who download it at no cost from illegal sources get clean MP3s that they can freely copy and use on whatever devices they own.
the big guys take punches like candy... (Score:5, Interesting)
===
Mail-To: info@xcp-aurora.com, info@first4internet.co.uk
Subject: attn: Mathew, Tony, Peter, Nick; re: Extreme displeasure with your XCP product.
To Whom it may concern:
I would like to address the outstanding issue regarding the software your company licensed to SONY BMG here in the United States. This software proposes to be a harmless DRM solution for the corporate customer as a method of protection against malicious users. However, what your software critically FAILS at is conscientiously protecting the end user against exploits of your poorly, shit-house written utilities.
Personally, I'm glad that your nasty parlour tricks were recently exposed by SysInternals.com (http://www.sysinternals.com/blog/2005/10/sony-ro
May whatever sink-hole from whence you rose quickly swallow you back. You have no right to voilate my computer's integrity. You have no right to scan the contents of my computer. You may have the right to hide in the darkness of Windows' subsystem like cowards, but that does not mean you won't be seen. You have no right to abuse the trust garnered by SONY from the citizens it regularly calls customers (or, perhaps more appropriately, "guinea pigs"). I hope the light of truth sends you roaches scurrying.
With the wretched taste of bile at the back of my throat,
[my name]
[my email addy]
===
Personally, I purchased "The Dead 60s" latest album, and sure enough it had the exact same copy-protection crap as described on sysinternals.com. That article sure shed some light on the behavioral difference in my system since I got that CD (significantly slower start up and execution times on a 1.2 GHz, and constant 5 - 10% CPU usage with almost nothing running). Fuck them. Fuck them right in the ear.
It was stated before, and I'll reinforce it: This kind of DRM ADVOCATES piracy. You are safer without DRM. I intend to zap my Windows machine and go to Debian (as I've been considering, but now have good reason for security purposes), and return this CD by mail to SONY BMG in a thousand tiny pieces, but not before I copy it and distribute out of sheer spite.
You just helped with my PSP/PS3 decision (Score:5, Interesting)
No PSP for Christmas!
No PS3 next year!
So you protected a $15 CD by killing ~$700 of hardware purchases plus whatever games I would have purchased.
No wonder your stock sucks and your revenues are down!
Your DRM works, I'm exercising my right not to purchase your products any more!
Well, well, well... (Score:5, Insightful)
I'd like to take this opportunity to dissect the article in question here, to point out just how positively obscene this is. There are a few key points I'd like to highlight that I feel we should all take into consideration.
It would appear that Sony has deliberately begun shipping rootkits with its DRM protected CDs. According to the article - and this is a pretty good definition, by the way - "Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden." In a nutshell, this means that the program shipped with the CD in question here - and possibly other Sony CDs - is designed to hide itself and other programs from view. In other words, once installed, it will allow Sony and any other interested party familiar with this particular rootkit to operate programs on a compromised system without the user knowing it.
Let's take a step back here to consider the implications of this. Sony is distributing a rootkit, but what does this have to do with DRM? Well, if you really think about it, it has everything to do with DRM. A DRM program that cannot be seen or easily accessed can operate secretly, monitoring and manipulating the system behind the user's back. Any future DRM software Sony distributes could infiltrate a computer secretly, and burrow deep into the system files of said computer.
According to the article, the rootkit was produced by First 4 Internet. Upon investigating the company itself and the products and services it offers, the author dredged up this lovely little nugget of joy: "... However, the fact that the company sells a technology called XCP made me think that maybe the files I'd found were part of some content protection scheme. I Googled the company name and came across this article, confirming the fact that they have deals with several record companies, including Sony, to implement Digital Rights Management (DRM) software for CDs." That right there should be proof enough that this is no accident, and anything but legitimate DRM. Not only does having a rootkit handy make the DRM difficult to thwart, but also allows it to operate secretly.
Now, you'd think that you could just remove this software, right? Wrong. Dead wrong, as a matter of fact. The author of the article had a hell of a time removing the rootkit, actually, and not only that, at any given time, it was consuming between one and two percent of the CPU's power - a small 'penalty' for even having it. (And any programs it's hiding would also have to leech off the CPU and RAM as well.) As he attempted to remove this shit, he discovered even more about the software: "As I was deleting the driver Registry keys under HKLM\System\CurrentControlSet\Services I noted that they were either configured as boot-start drivers or members of groups listed by name in the HKLM\System\CurrentControlSet\SafeBoot subkeys, which means that they load even in Safe Mode, making system recovery extremely difficult if any of them have a bug that prevents the system from booting." Suddenly, this is more than a performance issue. This software could theoretically disable a system should it break or be manipulated by the software it's hiding. It would appear, however, it is possible to remove, but only after eviscerating a handful of driver files, registry entries and keys, and other lovely goodies from your system. The rootkit and the DRM attached to it do not have an uninstaller, and unless you take the same steps the author took to remove this flaming pile of garbage from your system... Well, he puts it pretty well:
"The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files wit
this is illegal under Minnesota law (Score:5, Interesting)
somebody with means should get a case opened....
Re:this is illegal under Minnesota law (Score:4, Interesting)
Interesting thought: what if, propelled by enough such prosecutions, DRM alone became grounds for "reasonable suspicion of criminal activity"??
Damn, I thought I was first (Score:5, Interesting)
You can read about my copyright projects here:
http://muzzy.net/files/copyright_projects_en.txt [muzzy.net]
The feedback I sent to Sony (Score:4, Interesting)
What a bunch of losers (Score:5, Insightful)
Sony is distributing this as part of some larger, possibly effective DRM system for music CDs.
What I see here is an endless amount of whining about how awful this is. You are overlooking the potential of this. The key here is that this is now out in the wild and can be exploited. The contest should be to come up with creative (and possibly destructive) things to do with these drivers when packaged with other software.
The result of this should be interesting. I think the responsiblity for all of this rests with Sony and First 4 Internet, but I would really like to see something creative done with this, such as an ActiveX control that disables the CD drive of anyone who visits a web site. The point is to make as much use of this as possible. Sony has provided the tool, it is now up to everyone to make as much use of this as possible.
Microsoft's reaction to this? (Score:4, Interesting)
Although I'm sure they'd be noncommital in their official response, I'd love to hear what they think internally about this kind of thing. If "security" really is their #1 corporate focus as they've been so eager to tell us, this should have them screaming at the top of their lungs.
The chances of us slackers motivating our corporate-owned legislators to smack Sony is comically low, but if we could get a second big player in there on our behalf, there's a real chance to get this awful idea blackholed like it should be.
Anyone have any high-up connections within the Empire?
This is GREAT! (Score:4, Funny)
just to play devil's advocate here for a sec... (Score:4, Interesting)
I am under *NO DOUBT* whatsoever that Sony will simply point the finger at first4internet, and simply say "We simply contracted them to provide a content protection scheme - we are unaware of the implementation" (or words to that effect). Given that the tech has been sold to several other record companies, I'm pretty sure that's close to the mark as to what actually happened, too.
So, it's first4internet who will take the heat in a criminal case, not Sony, no doubt.
Sony is evil and all, but I don't think it was Sony who was responsible for the way it works...
smash.
Re:But... (Score:3, Informative)
Re:But... (Score:4, Informative)
After being presented with a sell-your-babies-to-the-almighty-record-label EULA, and before shoving awfully encoded WMA format files down their throats.
Hint #1: There's no "copy protection" on CDs. For most parts, it's misshapen multi-session CDs. cdrdao read-cd --session 1 ... Hint #2: If you're encoding the files to MP3, Vorbis or, good heavens, WMA, digital rips are wayyyy overrated and plain old CD player, analog RCA-to-RCA cable and an audio recorder app can do really wonders. =)
Re:Hmm (Score:4, Insightful)
Re:Hmm (Score:3)
But thanks to his hard work, now we can! I for one love this guy.
Now I have another reason to dump Windows, this rootkit won't run on Linux or Mac.
-nB
Re:What is it exactly? (Score:5, Informative)
The arbitrary code in this case is installed when you hit 'OK'.
-Rick
Re:What is it exactly? (Score:5, Informative)
You're confusing the terms "rootkit" and "trojan"/"backdoor".
A trojan in its strictest sense tricks a user into executing one set of code when they think they're executing another. A backdoor simply allows remote execution of arbitrary code.
A rootkit is usually the set of tools that an attacker deploys on a compromised system. "rootkits" in the terms of this article are programs that trick your kernel into doing things it shouldn't do. This could include a trojan or a backdoor, but not necessarily.
Sony's program is a rootkit because it runs without authorization from the CD and alters the Windows API in order to disguise itself. As far as the article indicates, it doesn't include the ability for Sony to execute code on your machine. It's still dirty and sinister, if you ask me. It also allows any other malicious attackers to conceal anything they plant on your machine - simply by prefixing any file name with $sys$ - that's not cool!
Re:What is it exactly? (Score:5, Informative)
THAT is the biggest problem with these windoze DRM hacks. You can secure your system with all the technology at your disposal, but it means nothing when you are tricked into running a rootkit disguised as DRM. Then you have to trust the DRM vendor did not make any mistakes that expose you to further security risks.
People like to gripe about Apple's DRM, but at least they know better than to pull crap like this.
Re:Wouldn't happen if you dont run MainstreamOS. (Score:5, Interesting)
Indeed. I've actually been a little disappointed with the DRM on CDs. When I put them in my Linux boxes they just play. I can rip to MP3 until the cows come home. No problem.
I actually wanted one to fail so I could see how it was failing and maybe do something about it. Contribute something to the community, ya know.
...laura, not a U.S. resident, not covered by the DMCA
Re:Alternative OS users (Score:5, Insightful)