Slashdot Mirror
Sony DRM Installs a Rootkit?
An anonymous read writes "SysInternals.com guru Mark Russinovich has a detailed investigation of a rootkit from Sony Music. It's installed with a DRM-encumbered music CD, Van Zant's "Get Right with the Man". (Mmmm, delicious irony!) The rootkit introduces several security holes into the system that could be exploited by others, such as hiding any executable file that starts with '$sys$'. Russinovich also identifies several programming bugs in the method it uses to hook system calls, and chronicles the painful steps he had to take to 'exorcise the daemon' from his system." This house is clear.
Now is that *sony's* rootkit, or a soon-to-be-former-sony-employer's rootkit?
corporations exploit YOU!
:/
hrm, so much for humor. I don't find it funny at all
DRM wasn't intrusive in the first place.
perpetually dwelling in the -1 pits
Crap, and now we can get viruses from our CD's, too.
And let me guess, it offers you an EULA and exempts Sony from any liability for damages caused by this thing?
We *really* need to get a anti-spyware bill on the books. Something along the lines of, "It shall be a criminal offsense to install non-application software on any computer when the user has not been reasonably notified in advance and/or agreed to have the modifications made. This bill will be reevaluated for its effect in three years."
Anything running in the background, rootkits, and other forms of spyware (which generally rely on the user not knowing they're there) would immediately become illegal.
Javascript + Nintendo DSi = DSiCade
I RTFA (submitted it too, not fast enough) and honestly it goes way over my head. Is it actually a root kit, ie can Sony or Sony's adgents (in a legal sense, not a black helicopters sense) push arbitrary code onto the machine and have it executed?
I'm downloading RootkitRevealer now. I wonder how long it is going to take for Norton and McAfee to upgrade their Rootkit detection abilities? Next years anti-virus release? The last rootkit that Norton found on a computer at work was well spread and had been out for 6 months. It still was unable to remove/fix the infection. :(
Microsfot needs to make it completely impossible for any software to do something like this unless the user runs in some special maintenance mode or logs in as some special account. They can make an exception for windows updates which are signed by them.
Not that this makes it better in any way, but I liked how he said
I hadn't noticed when I purchased the CD from Amazon.com that it's protected with DRM software, but if I had looked more closely at the text on the Amazon.com web page I would have known
followed by a picture of the amazon web page in question with [CONTENT/COPY-PROTECTED CD] clearly visible in massive letters.
This is why I hate Hip Hop and Rap. Sony and Hiphop and Rap are rootkits on the good parts of humanity.
Since spyware WITH a proper EULA has been held to be in violation by the FTC, and since this EULA doesn't really mention the rootkit's difficulty of removal, this might be litigatable.
Of course, Mark Russinovich did (inadvertantly) dissasemble content protected by the EULA.
Test your net with Netalyzr
NT
It's one thing to copy protect your CDs to make it difficult to rip but it's another thing to install a rootkit that is by definition difficult to remove. Who'se going to clean up this mess when a Microsoft patch or SP comes around and breaks any computer with this installed?
I am very glad to hear about this. That CD WAS on my birthday list for next week.
Sony just lost a sale, end of story.
Professional Politicians are not the solution, they ARE the problem.
Do people actually install the crap that comes with audio CDs?
Let me guess, this root kit installs itself and is designed to be completely hidden, too?
Sounds like an opportunity for a class action lawsuit. Everyone who played the CD on their windows system would be eligible. ...good opportunity for a group of lawyers to get rich. (The members of the action never do.)
But I know a lot of people here do. Please, every one of you that have bought faux-CDs with this junk on them, get together, find some lawyers, sue the bloody bejesus out of Sony, ok?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
a DMCA violation to put that thingie in there.
What is next? Drm that will rewrite your bios and turn your pc into an expensive doorstop for copyright violation?
As if spyware itself is miraculiously legal and now we have this? Rootkits and spyware programs that append to windows in the mbr so even a reinstall wont delete thim IS TOO FAR!
I agree with a previous poster that is should be a criminal offense the same catagory as spypainting someones house or breaking an entry. Why do we allow this crap to be legal?
Its time we wrote our elected officials and inform them about what is happening and about Sony's drm and demand civil and criminal responsibility for malware makers. I dont care if its the CEO of some company spraypainting my house vs a teenage kid. Its still illegal and Sony should be held accountable.
I was reading on cnn about the drop of ecommerce even though there is still a rise in internet usage. This is due to all the spyware/scams/malware that is infecting pc's at record rates. This is killing out economy and many companies such as Google, Amazon, and Ebay are already getting hit with their wallets over these scams.
Lets organize and make a difference. This is a slippery slope and I fear what is coming next.
http://saveie6.com/
Man, Sony'll do anything to make sure your system has their Cell in it.
If brevity is the soul of wit, then how does one explain Twitter?
of Sony Music. I can't believe what he had to go through to remove that software. I don't have nearly his level of expertise, so I'd have had to wipe my system and start clean. Just another reason why I hate Sony (and AOL, and am starting to worry about Google. We KNOW MS is somewhat evil, so they don't scare me nearly as much as the others).
Turn off autorun.
Slashdot - where whining about luck is the new way to make the world you want.
Just why we do business with Sony?
There's a slight difference between a copy restricted CD and an "install a rootkit on your computer" CD, though...
Quote from AKAImBatman "We *really* need to get a anti-spyware bill on the books."
Remember two Law's don't make a Right.
I think I speak for all of us when I say someone should sue their fucking ass off. Talk about a double standard! Sony doesn't want the people to infringe on their content, but they themself are perfectly fine with destroying a users system. I don't live in the US, but weren't there laws passed against malware in several states? I do hope so.
Heck, Sony and RIAA treat their CD's as physical property (for example, they use the word theft and stealing instead of copyright infringement). Isn't this the equivilance, using their logic, of breaking into my house and installing cameras (or whatever the rootkit actually does).
Clearly, this man has been using Windows for too long!
More like... nerdular nerdence!
I swear, it's crud like this that makes me want to walk into Circuit City with a hammer and smash all the copies.
Look at the manager any say...."send them back to SONY...explain to them that installing of viral code is illegal" because it's pretty well known that "illegal" only applies to "us - the individuals" and NOT large corporations. Because they "purchased" the laws...therefore, they do not have to abide by them.
- The Saj
It's installed with a DRM-encumbered music CD, Van Zant's "Get Right with the Man". (Mmmm, delicious irony!)
I wouldn't call it irony... more like truth in advertising, really.
they could face lawsuits for jeopardizing a computer's security with this rootkit?
Will Sony now sue the author of the Article for violating the DMCA and reverse engineering their technology that was intended to protect their copyrights and trying to help people illegally copy their music? I'm not saying he did any of that, because he certainly didn't. But, I'm just wondering if Sony will try to take that position...
Randy.Flood@RHCE2B.COM
Read Slashot
Get Van Zant's "Get Right with the Man". Cd
Install Cd
Get pwned
Call lawyer
Sue Sony
Profit!!!! for you and Van Zant
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
And now we know why Sony hasn't been a party to the last two iTMS. They couldn't convince Apple to add the rootkit to fairplay.
I know you can disable auto-run and such to get around this type of crap. But what happens if you just 'disagree' or whatever on the EULA? I assume that Sony will then not install the rootkit and you can rip the CD with whatever tool you normally use? Or does Sony install the rootkit anyway, setting themselves up for criminal prosecution? Does anybody have a copy of this thing to try and answer that question?
It just seems kind of silly to have DRM which is totally dependant on the user to request it be installed. Or can refusing an EULA be considered a violation of the DMCA?
Getting a cockroach with my just purchased pizza.
This is exactly the same mentality that brought us the memory stick and the mp3 walkman who could not play mp3's, only ATRAC. Incidentally, Sony profits are down 46% this quarter. I can only add that this is another nail in the coffin of a company once known for its innovation, high standards and uncanny understanding of the consumer's mind. They better hope the Ps3 saves their collective asses
It is disappointing that the article does indeed call this a rootkit without providing proof. All I see is some DRM shovelware that is surreptitiously installed and hard to remove, which is bad enough without resorting to hyperbole. IMO, the article needs to prove that this software maliciously intercepts communication or opens holes to be able to use that word.
You can't enter into a contract which violates the law. Thus a "contract killing" is not a valid contract.
You just described Palladium .. more-or-less
Whoa! What you actually have there is a talking duck. Start negotiating the TV show and merchandising options immediately!
...after he tried to rip another Sony produced CD "Healthy in Paranoid Times" by the Our Lady Peace:
Disappointing, to say the least..., October 14, 2005
A Kid's Review (Amazon.com)
I tried copying this CD, not knowing that it was protected. So, I ripped it to my hard-drive and burned it. But, when I inserted the burned copy into my computer, the screen froze for a while, and an installer icon appeared on the taskbar in the bottom right. It installed somthing - and now I cannot burn anything, with any program. I've even tried using a different, external CD burner. A disk error comes up during burning, even if I am not not burning audio CDs. This was not a fluke. I've talked to other people this has happened to. Avoid anything with "copy protection." Sony might as well burn viruses onto the CDs they distribute.
Stick to the gaming business and let us play our fsking music.
Arigato -_-
I used to buy a lot of CDs but stopped around the time of the napster lawsuit. I would probably still be buying 2-3 discs/month if I didn't consider it immoral to buy CDs.
At http://www.sonymusic.com/about/feedback.cgi
On this CD's product page, there are several negative reviews on account of spyware. My favorite puts into plain English why this is bad: "I am very unhappy, since I now listen to all of my music using my IPod."
I think this is the way to fight DRM. When we complain about DRM rights, we're fighting a crusade on principle, and few people really get what's wrong. When you say, "This CD that I paid for can't be transferred to my iPod," people will see that it's outrageous. When people see that it's installing spyware on your computer, they'll flip. Cheers to whoever's left this feedback.
________________________________________________
suwain_2
we used to pop in a CD in the server room into the servers to listen to something other than that warm fuzzy hum, or cold blowing of the airco, or the shouting of the 5 vents on the cisco access servers .....
....
:) other than cleaning staff to take the 256^2 dirty coffe cups from the corner and to clean up the "accidentally damaged" remains of shattered keyboards ....
of course then there wasn't drm, nor we had software, just the play button on most of the cd drives....
not a good idea anymore?
it wasn't a good idea either since those over used cds messed sometimes with the drives (e.g. when linux refuses to eject or do anything other than presenting a LOOOOOONG atapi error running on the console
but well back then sysgodz (OK, that is a lame word) were allowed to do all kinda crap, besides no puny humans entered the restricted refrigerator area
Step 1. Use the Reply to This link to get a form to reply to someone else's post. ...There is no step 3. There's no step 3!
Step 2. Post your reply.
Step 3.
Kids, read the entire blog. It's a piece of DRM software that hides itself.
Mark doesn't say whether it open a backdoor or does anything nefarious other than hide.
I agree that it sucks and is a bad move by Sony, but I have seen other pieces of DRM. A recently purchased Dave Matthews CD, I think Stand-Up, used some piece of shit driver on the CD that installed a CDROM shim when auto-play activated. I didn't read the case before I bought it where there was mention of DRM software on the CD (otherwise I wouldn't have bought it), but the warning was there in little type.
Has "Van Zant" or their agent made any comment on how they feel about what Sony is doing to their audience in their names? (Would they even understand what Sony has done?)
I'm glad I get my music off of p2p networks and don't have to worry about trojans and rootkits and that evil hacker stuff!
At this rate, they're looking at a buyout within a decade. I hope it's MSFT that buys them out.
1. Most extreme case: writing a letter saying someone is allowed to kill you, doesn't give the killer the right to kill you. They will still get tried, because they are still breaking the law. It is my understanding that the law is more important than any document you write, right? This is why euthanasia is such a hard issue in the USA ...
2. Now back to the EULA, where it seems that somehow I can waive my right to expect stuff not to break my computer.
Which is right here? 1. or 2.?
No no no no no - lets get this right - rootkits only permit you to root a *nix system. On Windoze systems, the System Administrator is already rooted.
The most insightful comment ever. I hope DRM enters every aspect of our lives just to piss off all you faggots. WE MUST PUT DRM ON TEH INTERNETS.
It's worth noting that the DRM in question, which prevents a CD from being ripped into an iPod-compatible format, can be circumvented by the following step:
1.) Insert CD into a Macintosh
(And yes, little Timmy, Linux/BSD/FreeDOS/whatever)
I did a quick search on Sonymusic.com for EULA, and got nothing in return. I looked in their help section, and saw nothing. Gee, I wonder why they won't post that..........
Now, if that makes sense to anyone, could you please explain it to me? I think I've confused myself.
Well if the reader base of Slashdot alone used a non-mainstream OS, Google statistics would shold an increase in the number of alternative OS's, and this would in a round-about way remove this root-kit problem all together, since at the end of the day, there would be no financial incentive by Sony (or others) to finance a DRM and copy protection scheme which would only be effective for
Want to stop this nonsense from happening in the future? Actually run a non-mainstream OS. That shouldn't be hard for most of the visitors of this website, shouldn't it?
Revolution = Evolution
If you do this, then you are deliberately disabling a copy protection system, which is illegal under the DMCA. So Sony can sue you.
[Note: this varies with your jurisdiction. No DMCA in Canada, yet.]
Doug Moen.
I have written a truly remarkable program which this sig is too small to contain.
The ability to run arbitrary code as a regular user is bad enough. It'll turn the computer into a zombie anyway. Microsoft does makes the problem worse, but they can't prevent it.
The Raven
Work hard to make sure that CDs using intrusive and possibly illegal DRM are the ones MOST ACTIVELY distributed via P2P.
This should be done not because "information wants to be free", but rather because businesses who engage in these sorts of practices should be made to fail financially.
When the labels have their annual shareholders luncheon and are forced to show the fancy Powerpoint presentation entitled "Effectiveness of DRM Solutions at Limiting Piracy", the graphs should be embarrassingly skewed in the wrong direction.
The only thing that works is money. So make sure they, and the band, see none.
"The band?! Surely you can't be serious?! They're probably just innocent victims." Bullshit. No one forced them to sign away their souls like whores. It doesn't take a rocket scientist to know that Sony and all others of their kind are customer hostile. Take your music elsewhere. Because that's what I'm doing with my money. And if you're only in it for the money, then you don't get to have any.
The problem with rootkits is that once you've been infected, there's no way to clean the infection without booting to another OS.
For a great movie showing the author of hacker defender defeating most all of the current rootkit-defeating programs see the following link:
http://www.hxdef.org/download/brilliant.php
I patented screwing your mom. But it got revoked for "prior art."
Seriously speaking, this shows two things. One is yet another demonstration of the fundamental evil of Microsoft's "security" model. Even if you weren't running as root/Administrator (and everyone does, don't they?), then the "reputable" installation from the "reputable" company would just ask you to elevate your privileges.
The other thing is that power is always abused. If not now and by Sony, then tomorrow by some other "reputable" company. (Or put on your tin hat and say "Yesterday by the NSA.")
I hope they track this story, and if it is not another misguided /. rumor, I certainly hope that Sony repudiates the technique and the software. Soon.
Then they should apologize.
Then sack the person responsible.
Then sack the person responsible for not sacking the responsible person earlier.
[Infinite loop warning.]
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Boycott their stereo's, TV's, PS-Whatever, and their movies.
I wonder if the next version of the rootkit will also have a blacklist of web sites (those describing what it is and how to remove it), and block any access to them. That's just about the only thing they forgot to add, apparently.
Now is that *sony's* rootkit, or a soon-to-be-former-sony-employer's rootkit?
I was going to buy a Sony PC this weekend, but just deferred the idea indefinitly. No more Sony for my home... unless this is false.
Someone at Sony should be fired, putting installable code on a CD that modifies the OS and hides itself is criminal. If this article can be substntiated, then Sony should be prosecuted under the criminal justice system.
This is a perfect opportunity for those of us that want to end abusive DRM practices to get the word out to media outlets. They are a lot more likely to run articles with possible headlines of "Sony Hides Spyware on Music CDs" than "EFF Fights Restrictive DRM". People are also more likely to read it. A majority of internet users have suffered at the hands of spyware and are likely to respond negatively to this sort of tactic. If we can associate DRM with Spyware in enough minds maybe we won't have to be treated like criminals by corporations that we make rich.
Or maybe I'm a crackpot.
Its UnBOOlievable that Sony would pull the trick of letting a vampire company suck the life-blood of out a normal villagers computer, instead of treating the users to a safe use of their music.. They should be helping to prevent zombies on the web. I might just use google's spider to carve out my solution to this proverbial black cat move of the industry. But, witch query should I do!?!
DYWYPI?
America - well, there's no privacy in the US of A. The trade in personal information is open and widespread. There is an excellent chance that if anyone tried to prosecute Sony over privacy infringements that it would be laughed out of court. You can't protect what you don't have. Posession is 9/10ths of the law, and Americans posess very little - much as they often like to believe otherwise.
Sony actually has a much stronger case. Reverse-engineering their DRM scheme is in direct violation of both the letter AND the spirit of the DMCA, which is explicitly intended to prohibit exactly this kind of research (ie: the study of the spyware) and this kind of result (ie: the removal of it, afterwards). Depending on who Sony licensed the rootkit from, there is a possibility it might also violate aspects of the PATRIOT act. (If the rootkit is also used by any law enforcement groups, then this study could compromise wiretapping provisions in the act.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
... CLEAN.
m0nstr42.blogspot.com
do they do a mac or linux version?
My refrain to the copyright holders: The people being hurt by this DRM software are people who have already communicated their intent to do the right thing by purchasing the CD. Sony has just guaranteed that a lot of people will never make that mistake again.
Welcome to a Brave New World: People who pay for their music get viruses, while people who download it at no cost from illegal sources get clean MP3s that they can freely copy and use on whatever devices they own.
Currently downloading:
Van Zant - At least I'm free.
The only result in a gnutella search.
http://www.first4internet.co.uk/
w ww.osronline.com/showThread.cfm/
Google Groups thread with Ceri from first4internet.co.uk looking for help to write his fucked-up CD drivers...
http://66.249.93.104/search?q=cache:hDmbqX5yahgJ:
What's depressing is that Sony undoubtedly paid them a good deal of money to write this shit.
I don't know the full details as I'm not beta testing Vista, but I do know that Vista has some protections like this in it. This is in large part why MS talks about Vista being much more "secure" than past windows releases. A good example of this is is device drivers. As started in this article(a Q&A with the head of ATI's driver team):
& file=article&sid=6
http://hardwarefanatics.com/modules.php?name=News
"Vista requires a brand new driver model. It is actually called WDDM (Windows Vista Device Driver Model). Whereas before, device drivers were something called kernel mode based, they are now user mode based. This means that drivers do not directly talk to the operating system and have the ability to crash it. The end result will be greatly improved stability for devices on Vista. The amount of work to support the new driver model is tremendous. It is basically a re-write of the entire driver. However, we are very much ahead of the game, and feel good that we will have the best Vista support when it is actually released (and even sooner with our beta drops)."
You are who you are, let no one tell you different. But, never close your mind to a new point of view.
if i wanted to play that disk in my car cd player ? or my Diskman ? or in my HiFi setup in the home theater room ?
As the 2% of the population that actually understands what this thing is, does, and means we can and should be angry and vocal. The vast majority of computer users run Windows, with autoplay on, and will get thoroughly owned by this. They'll just think their computer is broken and keep buying RIAA crap with that assumption.
(What's more, if I have to clean up another non-technical friend/relation's owned computer I think my head's gonna explode.)
PM me for a torrent of this CD.
What's supposed to be the logic behind this move? Curb piracy?
And its in that respect that record companies simply don't get it. First of all, they're completely punishing their fans for purchasing their product. After all, how do these CD protections benefit the consumer in any way? The only thing that results is more nuissance for that consumer - thanks to Sony's protection, they aren't able to put the music they bought on an MP3 player for instance. They aren't able to put the MP3s on their computer so that they can listen it from there.
Do they not realise that people use their computers for music these days? Nearly every student I know has some kind of MP3 jukebox set on their machines, where they shift songs between their entire music collection. The companies have been operating on a basis that their products should not be compatible with computers at all, going so far as deceivingly installing these virus-like programs. They think that that will reduce piracy. Fact is: it hasn't, nor will it ever.
As the old addage goes: where there's a will, there's a way. And I've yet to see a CD where its contents could not be ripped. So this does not curb piracy in any way - meanwhile, it makes the CDs less appealing to the fans. Why spend $20 on a product that only half-works? A product that behaves like a computer worm and installs a rootkit?
Piracy doesn't exist because people can do with their CDs as they see fit. It exists because people are getting fooked around by the record industries left, right, and center. Infecting PCs with worms, preventing people to listen to music they legitimately purchased, are hardly steps forward to make the CD format more appealing.
The record labels simply do not get it.
From the CD's EULA: "You may not decompile, reverse engineer or disassemble any of the LICENSED MATERIALS, in whole or in part."
This is fucking hilarious....
The real "Libtards" are the Libertarians!
Another fine example of why the music industry is loosing support and people would generally just download music off irc or p2p. Good work sony! If sueing 8 year old kids that the RIAA cannot verify to actually exist http://recordingindustryvspeople.blogspot.com/2005 /10/oregon-riaa-victim-fights-back-sues.html is in question why not install a backdoor like a common botnet cracker. Dont wait in line for my purchace...
At least as far as Phillips are concerned, anyway.
Sony still hasn't agreed to come on board with iTunes, which I find damn annoying. Everytime I search for an artist and don't find them (considering they're a big artist), I go and search for that artists publisher.. and what do ya know, always sony.
I'm really starting to hate that company. This BS "DRM" is just the icing on the cake. Sure, iTunes has DRM, but it's quite benign (5 computers, unlimited ipods, unlimited burns per song, 7 burns per album).
They're too big, and have their hands in too many pots. Time for Sony artists to take a stand and go with somebody else (quite difficult, considering the ass-raping contracts they probably had to sign). Essentially, Sony are denying their artists a source of income to satisfy the needs of their consumer electronics department. I'd be pissed.
Is that Russinovich actually chides the DRM developers for weaknesses in the implementation meaning that it could be made more stealthy and stable.
Maybe someone should hire Russinovich to write a DRM.
... the little guys are more likely to crumble. Why not target the source of this crap? I did. Though, admittedly I'm sure SONY keeps their wallets fat enough to ignore us. See below:
o tkits-and-digital-rights.html) for the disreputable practices they are, and for identifying "First 4 Internet" (sounds like a shoddy store-front operation for a bunch of Black Hat rejects) as the company directly responsible for the most vile intrusion my system has ever received. And the fact that your ill-conceived product leaves my system open to additional intrusions of this nature is unforgivable.
===
Mail-To: info@xcp-aurora.com, info@first4internet.co.uk
Subject: attn: Mathew, Tony, Peter, Nick; re: Extreme displeasure with your XCP product.
To Whom it may concern:
I would like to address the outstanding issue regarding the software your company licensed to SONY BMG here in the United States. This software proposes to be a harmless DRM solution for the corporate customer as a method of protection against malicious users. However, what your software critically FAILS at is conscientiously protecting the end user against exploits of your poorly, shit-house written utilities.
Personally, I'm glad that your nasty parlour tricks were recently exposed by SysInternals.com (http://www.sysinternals.com/blog/2005/10/sony-ro
May whatever sink-hole from whence you rose quickly swallow you back. You have no right to voilate my computer's integrity. You have no right to scan the contents of my computer. You may have the right to hide in the darkness of Windows' subsystem like cowards, but that does not mean you won't be seen. You have no right to abuse the trust garnered by SONY from the citizens it regularly calls customers (or, perhaps more appropriately, "guinea pigs"). I hope the light of truth sends you roaches scurrying.
With the wretched taste of bile at the back of my throat,
[my name]
[my email addy]
===
Personally, I purchased "The Dead 60s" latest album, and sure enough it had the exact same copy-protection crap as described on sysinternals.com. That article sure shed some light on the behavioral difference in my system since I got that CD (significantly slower start up and execution times on a 1.2 GHz, and constant 5 - 10% CPU usage with almost nothing running). Fuck them. Fuck them right in the ear.
It was stated before, and I'll reinforce it: This kind of DRM ADVOCATES piracy. You are safer without DRM. I intend to zap my Windows machine and go to Debian (as I've been considering, but now have good reason for security purposes), and return this CD by mail to SONY BMG in a thousand tiny pieces, but not before I copy it and distribute out of sheer spite.
Thank you for reading One Man's Opinion. No participation necessary. Offer void where deemed by law or PATRIOT Act.
They don't put it there. You do. They just packaged it for you. If you didn't want to give them permission to run arbitrary executables on your computer, then WHY DID YOU RUN THEIR EXECUTABLE??
IANAL, however, I believe that contracts that are made in bad faith, or with the intent to decieve a particpant are not binding. If this is the case, I think that I wouldn't be hard to argue in a court that you have no obligation to keep Sony's rootkit (by deffinition an illicit and deceptive tool) on your computer. Moreover, you might also be entitled to damages resulting from said 'bad faith' agreement.
Even if my assessment isn't quite correct, it seems to me that it is probably fuzzy enough of a point to invite litigation. If I were a multimillion(billion?) dollar company I wouldn't be the one to test the legal water on something like this.
HA! I just wasted some of your bandwidth with a frivolous sig!
* This story will not make it to high-profile offline (TV, etc) news sources.
* Most of the people you know will keep buying CDs in stores without checking for the "CD digital audio" logo.
* Most of the people you know will keep doing business with such companies.
Can we do anything about any of it?
Phil Wiser - CTO at Sony and in charge of DRM.
0 .html?tw=wn_tophead_7/
He said this in 2003:
"All copy-protections can be hacked," Wiser said. "But if give people what they are asking for in terms of value, they won't go out and steal it. It's called trusting the consumer."
I guess he is no longer trusting YOU - buy some other product then.
http://www.wired.com/news/digiwood/0,1412,61161,0
In case this link melts down what follows is the whole article on Wired. Reuters 08:55 AM Nov. 10, 2003 PT Sony Music, home to such artists as Beyonce Knowles and Bruce Springsteen, said Monday it plans to introduce new CD technology in Germany that prevents users from copying songs to file-sharing sites, but allows them to make copies for their personal use.
The record industry blames its recent sales slump on file-sharing services like Kazaa, which it says are havens for piracy. Last year, major labels issued "copy-protected" CDs that prevent them from being played on computers.
The copy-protected discs faced a backlash from customers and music fans, and several lawsuits emerged from some customers that complained these CDs caused their computers and other devices to malfunction.
But Sony thinks it has an appealing approach: Give customers added incentives to buy copy-protected CDs.
On Monday, Sony will release R&B group Naturally Seven's new CD in Germany with a so-called "second session." The disc can be played on almost any device conventionally, said Phil Wiser, Sony Music's chief technology officer.
It also contains a compressed digital copy of the music that can be quickly copied onto any computer. From the computer, users can copy that music onto Sony portable digital music players.
The CDs also allow users to connect to websites with exclusive features such as bonus songs and concert tickets. The features are only available if you have the original CD.
Such features are already available with Sony artists like Tori Amos and AC/DC. But the new discs combine the "second session" copy protection with the bonus features, which Sony is calling "ConnecteD."
Sony plans to evaluate customers' reaction to the new technology before introducing it in other countries. Wiser declined to specify a timetable for which the technology will be available in the United States.
A label on the disc will say it includes the new copy protection software features.
There are several limitations. The digital files will only play on Sony-licensed digital music players. Wiser said Sony is working on plug-ins that allow the files to be played on more popular players like Microsoft's Windows Media. He expects the plug-ins to be available early next year.
To copy the music to the Sony portable player, the technology requires an extra step to copy the files to a separate program to transfer the music to the portable player.
At this point, music can be transferred only to Sony portable players, although Sony executives note that Apple Computer's popular iTunes service works the same way with the Apple-branded iPod.
Earlier this year, BMG introduced similar technology with its hip-hop performer Anthony Hamilton.
BMG, which announced plans to merge with Sony Music last week, is using software from SunnComm Technologies to restrict the amount of copies that could be made of Hamilton's music. The software, however, did not work on some operating systems and was quickly hacked.
"All copy-protections can be hacked," Wiser said. "But if give people what they are asking for in terms of value, they won't go out and steal it. It's called trusting the consumer."
Can I copy it using Linux or a hardware CD duplicator and wind up with an exact image?
How about if I stick it in a Windows box and hold down the SHIFT key and use run-of-the-mill CD-copy software?
Assume the software or hardware duplicator is neither designed to overcome nor honor copy protection, that is, they to their best to faithfully copies any bits they can read, failing on "unreadable" bits but not aborting the copy when they see readable bits that indicate a copy-protection "signature."
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
RTFA, the EULA does not mention this at all...the writer of the article made a specific point with respect to this.
It's awful hard to conceal a rootkit if it is mentioned explicitly in the EULA....
You, the user, will not remove or tamper with the rootkit we have installed at c:\winnt\system32\secretsonyrootkit. You will not interfere with it communicating with servers at 64.27.129.244 on ports 62001-62004, or stop the windows service labeled 'svchost_mgr'. If you fail to comply with the terms of this binding legal agreement, you will be forced to by Brittiny's next five (5) albums.
HA! I just wasted some of your bandwidth with a frivolous sig!
Sony, you have gone too far...
No PSP for Christmas!
No PS3 next year!
So you protected a $15 CD by killing ~$700 of hardware purchases plus whatever games I would have purchased.
No wonder your stock sucks and your revenues are down!
Your DRM works, I'm exercising my right not to purchase your products any more!
"I say we take off, nuke the site from orbit. It's the only way to be sure."
This is a Windows rootkit. Mac just became the "trusted" platform for music storage/playback. Sony just became an "avoid at all costs" brand name.
It's interesting that DRM is coming to mean "untrustable" to the average consumer. Microsoft's Trusted Computing is taking on similar connotations with lay people. Not just geeks. The man on the street feels that it can't be trusted.
rootkits are an example of DRM gone horribly wrong. at least with online music stores, they let you make copies of a CD and it doesn't run buggy Sony code and screw with your already insecure windows environment.
DRM is acceptable if it's consumer friendly and is only made to stop mass illegal distribution. Ideally DRM should make copying and sharing digital music over the internet equally inconvenient as it is for analog mediums.
DRM shouldn't be a way to make up for lost music sales due to piracy. the industry needs to adapt. they have to realize, if they embrace online distribution with extremely light DRM, then piracy won't be an issue.
If the industry sold songs for around $0.39, or something low like that, people wouldn't find it worth the effort to even download illegal copies. lowering the outrageous prices for music is a DRM in itself. Everyone knows that it costs way less to put a song online than it does to package it and distribute it to 900,000,000 WalMarts. Heck, with BitTorrent I could distribute a whole album at absolutely no cost to me, no real bandwidth concerns, nothing.
Okay I'm straying from the topic...but what if online music stores used technology like that in BitTorrent plus light DRM so that the online music stores could make more money? They would eliminate bandwidth costs, and they could possibly set up some backup servers to do normal http/ftp downloads if a songs aren't popular enough to find enough peers.
even i can think up so many ways to squeeze out more money of music sales without taking advantage of the consumer.
I read this article not 30 minutes ago. Thought it was very insightful and good investigative work. What happened? Now the link is dead, no mention of the article on the sight, coral cache can't dig it up, nor can google cache?
Where did it go? Anyone got it in cache? How about a mirror?
Cat's out of the bag now. Congratulations, Sony. You fucked up big time.
I'd like to take this opportunity to dissect the article in question here, to point out just how positively obscene this is. There are a few key points I'd like to highlight that I feel we should all take into consideration.
It would appear that Sony has deliberately begun shipping rootkits with its DRM protected CDs. According to the article - and this is a pretty good definition, by the way - "Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden." In a nutshell, this means that the program shipped with the CD in question here - and possibly other Sony CDs - is designed to hide itself and other programs from view. In other words, once installed, it will allow Sony and any other interested party familiar with this particular rootkit to operate programs on a compromised system without the user knowing it.
Let's take a step back here to consider the implications of this. Sony is distributing a rootkit, but what does this have to do with DRM? Well, if you really think about it, it has everything to do with DRM. A DRM program that cannot be seen or easily accessed can operate secretly, monitoring and manipulating the system behind the user's back. Any future DRM software Sony distributes could infiltrate a computer secretly, and burrow deep into the system files of said computer.
According to the article, the rootkit was produced by First 4 Internet. Upon investigating the company itself and the products and services it offers, the author dredged up this lovely little nugget of joy: "... However, the fact that the company sells a technology called XCP made me think that maybe the files I'd found were part of some content protection scheme. I Googled the company name and came across this article, confirming the fact that they have deals with several record companies, including Sony, to implement Digital Rights Management (DRM) software for CDs." That right there should be proof enough that this is no accident, and anything but legitimate DRM. Not only does having a rootkit handy make the DRM difficult to thwart, but also allows it to operate secretly.
Now, you'd think that you could just remove this software, right? Wrong. Dead wrong, as a matter of fact. The author of the article had a hell of a time removing the rootkit, actually, and not only that, at any given time, it was consuming between one and two percent of the CPU's power - a small 'penalty' for even having it. (And any programs it's hiding would also have to leech off the CPU and RAM as well.) As he attempted to remove this shit, he discovered even more about the software: "As I was deleting the driver Registry keys under HKLM\System\CurrentControlSet\Services I noted that they were either configured as boot-start drivers or members of groups listed by name in the HKLM\System\CurrentControlSet\SafeBoot subkeys, which means that they load even in Safe Mode, making system recovery extremely difficult if any of them have a bug that prevents the system from booting." Suddenly, this is more than a performance issue. This software could theoretically disable a system should it break or be manipulated by the software it's hiding. It would appear, however, it is possible to remove, but only after eviscerating a handful of driver files, registry entries and keys, and other lovely goodies from your system. The rootkit and the DRM attached to it do not have an uninstaller, and unless you take the same steps the author took to remove this flaming pile of garbage from your system... Well, he puts it pretty well:
"The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files wit
How long for another, slightly different DRM rootkit starts fighting with this one with each trying to take control away from the other as both run on your system?
Of course, it needed some level of privilege to run. Does this CD simply refuse to play if you're not Administrator or Power User?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
I'm glad I get my music off of p2p networks and don't have to worry about trojans and rootkits and that evil hacker stuff!
Modded funny? If I have to put up with rootkits when I buy a CD, this might as well have been modded "Insightful".
What we *can* do is write a detector (only takes one of use) and hopefully a remover. Distribute it widely. Make it plain where this malware came from too... the non-technical will soon understand that playing a Sony CD will break their computer - that's all the knowledge they need.
First they come out with copy protection that's easily defeated by a magic marker. Then they they come out with a rootkit as part of DRM.
No wonder they're losing piles of money. They're wasting it all on stupid stuff like this!
This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
...are belong to sony?
it's a 5/$5000 penalty, class C felony, to knowingly distribute harmful software to a PC in Minnesota. 1992 law, I believe it was. demonstrating this is a rootkit is prima facie evidence that this would be harmful software.
somebody with means should get a case opened....
if this is supposed to be a new economy, how come they still want my old fashioned money?
Since I got a 404 not found at the actual article link, I found the story at mirrordot.
Mark's Sysinternals Blog
Monday, October 31, 2005
Sony, Rootkits and Digital Rights Management Gone Too Far
Last week when I was testing the latest version of RootkitRevealer (RKR) I ran a scan on one of my systems and was shocked to see evidence of a rootkit. Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden (see my âoeUnearthing Rootkitsâ article from the June issue of Windows IT Pro Magazine for more information on rootkits). The RKR results window reported a hidden directory, several hidden device drivers, and a hidden application:
Given the fact that Iâ(TM)m careful in my surfing habits and only install software from reputable sources I had no idea how Iâ(TM)d picked up a real rootkit, and if it were not for the suspicious names of the listed files I would have suspected RKR to have a bug. I immediately ran Process Explorer and Autoruns to look for evidence of code that would activate the rootkit each boot, but I came up empty with both tools. I next turned to LiveKd, a tool I wrote for Inside Windows 2000 and that lets you explorer the internals of a live system using the Microsoft kernel debugger, to determine what component was responsible for the cloaking.
Rootkits that hide files, directories and Registry keys can either execute in user mode by patching Windows APIs in each process that applications use to access those objects, or in kernel mode by intercepting the associated kernel-mode APIs. A common way to intercept kernel-mode application APIs is to patch the kernelâ(TM)s system service table, a technique that I pioneered with Bryce for Windows back in 1996 when we wrote the first version of Regmon. Every kernel service thatâ(TM)s exported for use by Windows applications has a pointer in a table thatâ(TM)s indexed with the internal service number Windows assigns to the API. If a driver replaces an entry in the table with a pointer to its own function then the kernel invokes the driver function any time an application executes the API and the driver can control the behavior of the API.
Itâ(TM)s relatively easy to spot system call hooking simply by dumping the contents of the service table: all entries should point at addresses that lie within the Windows kernel; any that donâ(TM)t are patched functions. Dumping the table in Livekd revealed several patched functions:
I listed one of the intercepting functions and saw that it was part of the Aries.sys device driver, which was one of the images I had seen cloaked in the $sys$filesystem directory:
Armed with the knowledge of what driver implemented the cloaking I set off to see if I could disable the cloak and expose the hidden processes, files, directories, and Reegistry data. Although RKR indicated that the \Windows\System32\$sys$filesystem directory was hidden from the Windows API, itâ(TM)s common for rootkits to hide directories from a directory listing, but not to prevent a hidden directory from being opened directly. I therefore checked to see if I could examine the files within the hidden directory by opening a command prompt and changing into the hidden directory. Sure enough, I was able to enter and access most of the hidden files:
Perhaps renaming the driver and rebooting would remove the cloak, but I also wanted to see if Aries.sys was doing more than cloaking so I copied it to an uncloaked directory and loaded it into IDA Pro, a powerful disassembler I use in my exploration of Windows internals. Hereâ(TM)s a screenshot of IDA Proâ(TM)s disassembly of the code that calculates the entries in the system service table that correspond to the functions it wants to manipulate:
I studied the dr
If I kill you to prevent you from killing me, killing you is self defense and not a crime. Seems reasonable that if I kill Sony's process to prevent it from stealing my ID that it's self defense and not a crime. The DMCA is one of those laws that is so out of whack, nevermind the US Constitution. It probably violates Brittish common law, the Magna Carta, and if you look hard enough it probably violates the code of Hammurabai and the social order of primitive hunter-gatherer cultures too.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
How in hell did a CD get root ... oh right windose will fuck anything.
... Standards and Practices !
PenGun
Do What Now ???
I thought I was ahead of time, when I implemented a rootkit DRM just a few days ago. My rootkit is a part of my project, trying to show how malware and DRM systems can get really close to each others, and both get protected by law. Under EU Copyright Directive, it's going to be illegal to remove this rootkit.
You can read about my copyright projects here:
http://muzzy.net/files/copyright_projects_en.txt
-- Matti Nikki
as you pointed out, it says "CD." "CD" is a trademark, and can only be used (per Philips) to describe optical media meeting certain standards. In the case of audio CDs, that would be the "Red Book." As this piece of plastic clearly does not meet that standard, it should not be have been called a CD. It is (legally) safe to assume that anything called a copy protected CD has only benign protection, such as the copy protection offered by copyright law. Anything which uses technical means of copy protection is not a CD.
"National Security is the chief cause of national insecurity." - Celine's First Law
Why should Sony be able to get away with blaming it on an errant employee?
Digital Citizen
So, um, what's going to happen when this gets out (if it does) and DRM is equated with virii/malware/trojans/hackers etc?
Somehow, I don't think Sony wants to be known as the guys who put illegal software on your computer to protect "digital rights".
This kind of stunt will only boost Apple's iTunes profits. People could just buy it from their store when available.
As for the legal discussion for disabling the rootkit. No one should assume if Sony would win or not unless they are a lawyer.
Copy Protection is copy protection. If Amazon.com says it has copy protection, then it includes whatever method the manufacturer used including the rootkit.
To avoid this rootkit, then don't buy the cd. Show your disgust for Sony's actions.
\
Shouldn't MS be upset at this? After all, here is Sony, willfully damaging MS's intellectual property in order to protect their own. The battle has been joined - the giants are at war and the battleground is your windoze pc...
So, with things like this going on, what's the relative prevalence of rootkits on music purchased on CD from a store and music downloaded (legally or illegally) from file trading networks?
It's starting to look as though it's more secure to go with the file trading networks than the stores.
IANAL, but I did watch many of the classes for a semester of contract law on the campus classroom TV channel without being enrolled in that class and learned a few things.
:) Thus, if you go to court, the Court will refuse to enforce the contract because the performance required by it is unlawful (and you'll probably get in trouble once you tell the Court about it). Valid means something else; I don't have a legal dictionary handy, but I believe that it's concerned with whether or not there was a valid exchange of promises or something like that (e.g. a contract might be invalid if it were not agreed to by one of the parties, etc.).
:) Like I said, I wasn't exactly enrolled in the class I watched on TV, so I probably missed a few things other than the general notion that you really do need a licensed attourney if you want legal advice :)
I think you mean that it's not an "enforcable" contract. All these words have very weird technical meanings, but that's a fairly stock example
There are also void and voidable contracts (voidable ones *can* be voided, but haven't been yet--the actors can still perform if they wish to). The stock example here is a contract with a minor that is not for a necessity (so, e.g. emancipated minors can still rent housing, etc.) or who is not acting as someone else's agent (e.g. if you have your 2-year-old agree to a EULA on your behalf in an effort to escape it--you consent to the EULA by your actions in using the software if you're merely aware of it... a legal result I understand but hate in the case of EULAs).
I can't remember any other classes of contracts just now, but I wouldn't be surprised if I missed a few
Here's what happened to me last month: american brother of a friend comes to visit. He brings a handful of DVDs, we try to watch them but lo, I haven't dezoned my DVD writer. After 30 minutes of trying to find the patch I give up, and spend about 30 secs to look the movies up in a bittorrent site and initiate download.
We watch them the next day with excellent quality and no FBI warning crap.
Norton actually REMOVES viruses?!
The sounds like something the National Enquirer would do a story on. "Norton Actually Removes Viruses instead of just showing you you're infected!"
And just how is such a device going to reach the Internet?
iptables -A INPUT --mac-source XX:XX:XX:XX:XX: -j DROP
And they can hardly send in the storm troopers based on this sort of evidence, "Midunno, the house got hit by lightning, maybe that screwed it up? I can't show you the device, it was broken so I threw it out".
That would also make for a nasty payload for a Windows virus. Not only does your DVD player get turned into a paperweight, the victim might also get raided by the DRM police.
Xix.
"Everything is adjustable, provided you have the right tools"
"Sack" as in fire him, or "sack" as in punch him square in the scrotum?
Frankly, I think he needs the punch before being fired.
Cyric Zndovzny at your service.
Dear Sony Regarding the rootkit you are attempting to install on the computers of customers who purchase Van Zant's "Get Right with the Man": my relationship with you is over. I will never again purchase -any- CD from Sony Music. Period. Your intentional introduction of security holes and your undisclosed modification of the operating system is simply unacceptable and uncalled for. Your application of excessive, intrusive and unreasonable DRM has ensured that I will -never- purchase any work with the Sony logo. The number of pirated copies this prevents me from downloading or sharing? Zero - I don't pirate. I don't give people copies of my music. The number of future dollars your DRM (which is sure to be broken within weeks anyway) has cost your company? Beyond calculation: my life expectancy has me sticking around - NOT buying Sony music, by the way - for decades to come. Was this worth the trade? If you want my business then I demand nothing short of full public disclosure, an appology, and the very public firing of the executive who gave the green light to this horrible, horrible concept. Please note that I intend to share this letter with others. With luck they too will refuse to purchase Sony music in the future.
If the g'vt kept the data on you that google does you'd better believe you'd be calling it "doing evil"
How hard would it be to keep a checksum of every important file in C:\WINDOWS on a CDROM, along with a program to verify each file against the externally stored hash?
The only problem I can see is that the rooted kernel may interfere with the program which does the check, but I suppose you could get around this with a bootable CD.
http://michaelsmith.id.au
But now the legitimate users are getting rootkits installed while the pirates can download a DRM-free version of the album? I'd rather take the chance on an illegal download than put something in my computer that I know will install a rootkit on my system.
If Sony's DRM ever gets popular enough (and I hope to god it won't) then what's to stop virus makers using the cloaking abilities of a rootkit ALREADY INSTALLED for nefarious puposes? Sony is bound by their EULA not to collect information, although that EULA mentions nothing of removing the software. Hell, they could even claim under the "reverse engineering" clause of the DMCA that removing it requires disassembly and then sue you.
I really hope this goes to court and Sony gets handed their ass on a platter. Otherwise this will be a real blow to privacy and (even though corporations/government don't care about it any more), fair use.
Stay away from this Sony crap.
Sony is distributing this as part of some larger, possibly effective DRM system for music CDs.
What I see here is an endless amount of whining about how awful this is. You are overlooking the potential of this. The key here is that this is now out in the wild and can be exploited. The contest should be to come up with creative (and possibly destructive) things to do with these drivers when packaged with other software.
The result of this should be interesting. I think the responsiblity for all of this rests with Sony and First 4 Internet, but I would really like to see something creative done with this, such as an ActiveX control that disables the CD drive of anyone who visits a web site. The point is to make as much use of this as possible. Sony has provided the tool, it is now up to everyone to make as much use of this as possible.
Whoever has the gold, makes the rules.
In the US, we have a powerful group of people who buy and sell legislation on a daily basis. We call them Lobbyists.
---
Just because I'm paranoid doesn't mean they aren't out to get me.
And this doesn't even get into business partnerships with Michael Jackson!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Can we sue Mark for violation of the DCMA?
It seems like the dems took away our rights for fair use and the republicans are taking our rights to sue. So your guess is as good as anybodies. Maybe even better.
I prefer the "u" in honour as it seems to be missing these days.
Evidently Russinovich ran the executable and clicked "Agree" on the EULA. He didn't look into what happens if the user opts out.
If you click "Don't Agree" and it installs the rootkit anyway, I'd say there's a crime and a tort, maybe more than one of each.
/ not a lawyer, but am a LS grad.
The technology used in this rootkit appeared on Slashdot about six months ago.
At least now we know how it works.
It is most likely that this is actually an elaborate ploy to ruin the lives of Van Zant fans by die hard Lynrd Skynrd fans.
And I'll use my favorite game as the example. Enemy Territory. It's perfectly legal. It tells you that you will need to enable punkbuster (a separate piece of software) in order to play on many servers, in order to prevent cheating. You're given the option of disabling the software, and even playing on servers that do not have punkbuster enabled.
Punkbuster counts as application software, IMHO. Now, what Sony is doing, I do not believe is application software. First off, this is an Audio CD. It's application is to play music. Installing software on your computer, let alone a rootkit, is not part of the application function of playing audio, to me. IANAL. I think Sony's rather fucked on this, as long as someone actually bothers to think of this sort of point.
Though, I hate to see it when playing an audio cd requires even a hardware-enabled DRM chip in your cd player to tell the laser how to read the data, or integrate the rootkit as an essential function of the game (I.E. the game system crashes because a 'critical' file has not been found.) At that point, I think I'll be playing classics for a LONG time. Well, that's not too bad, I think. Old games kicked ass and were innovative. Now everything follows the same pattern (for the most part, not EVERY game is a damned rip-off or clone,) in almost every genre. Asides from neat games like Katamari Damacy, and a few others that I'm too drunk to recall, there hasn't been much innovation. Shoot, kill, rinse, repeat. Fly, bomb, land, repeat. Look for items, talk to people, fight monsters, save game, repeat. *sigh*
I'll stop my rambling, now. My head hurts. Damned cheap Aldi beer.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
I bought a CD from Amazon that was protected 2 or 3 years ago (it was imported from Germany, US didn't have protected discs yet). Amazon didn't say it was protected. When I got it, I saw it was protected, so I didn't open it, I returned it. Then I went to Amazon and posted a review that said don't buy this, it is protected, you can't use it with your iPod (not that that meant that much back them). Amazon deleted my review!
I'm glad to see Amazon now not only allows these reviews, but marks the CDs as protected at the top. I will not buy protected CDs.
Really, it's important we not buy protected CDs from retailers. And return each one we buy by accident, even if you think you can beat the protection. Our only hope to stop the sale of protected CDs is if retailers stop stocking them because they don't make them any money.
SO DON'T BUY PROTECTED CDs!
http://lkml.org/lkml/2005/8/20/95
Is this CD playable without the drm software after using cdparanoia or some other tool? SonyBMG is now added to my list of labels not to buy due to copy protection, which previously included ToshibaEMI and Avex Trax for their (cdparanoia breakable) copy protection. In fact I don't buy CDs any more, I just keep a copy of cdparanoia around because sometimes people give me CDs as presents and often they seem to have some kind of copy garbling, erm protection.
...well, they act like it anyway. A blatantly malicious and illegal act like this is sure to get some 16 year old in Finland locked up, but a megacorp like Sony will face little, if any, repercussions. To me, this is just another wakeup call that big corporations can and do break the law and ethical boundaries all the time, and that they have no respect for Anything if it is not financially convenient for them.
Although I'm sure they'd be noncommital in their official response, I'd love to hear what they think internally about this kind of thing. If "security" really is their #1 corporate focus as they've been so eager to tell us, this should have them screaming at the top of their lungs.
The chances of us slackers motivating our corporate-owned legislators to smack Sony is comically low, but if we could get a second big player in there on our behalf, there's a real chance to get this awful idea blackholed like it should be.
Anyone have any high-up connections within the Empire?
When you insert a CD under Windows Vista, it asks you what you want to do. It does not automatically run the autorun program unless the user asks for it. So you can get around this under Windows Vista by simply saying no, you don't want to run the autorun program. Then the disk can be played and ripped any way you please.
I was forced to post this as Anonymous Coward because I am currently under investigation by the FBI for alleged DMCA violations.
I forget who the artist or publisher of the CD in question was, but the software that auto-ran on the user's workstation installed software (after the user clicked 'yes' of course) immediately started to attack (attempt to modify) SAV10. (Symantec Antivirus) I was then called by the user who claimed he was getting rapid-fire popups from the antivirus software. When I arrived, several hundred messages had come from SAV and I just kinda laughed when I saw it. I asked to borrow the CD for study. I found that the CD was fairly easy to duplicate under Linux... but I was also able to duplicate it under Windows using Nero wile preventing the autorun from starting. (The autorun program disliked Nero a great deal and wouldn't run with Nero installed on the machine!)
...rant ad infinitum...
It is getting rather ridiculous these days and there needs to be some clear-cut definitions on what the device-owner has the right to do with his own equipment without any consideration for media or content providers. Essentially, we need the consumer's bill of rights to declare unlawful any attempt to prevent a user from being able to do whatever he wants with stuff he owns. It should be illegal for a content or media provider to attempt to prevent me from doing what they might presume is illegal or otherwise undesireable to the provider. It is overstepping their bounds to attempt to control the consumer. It is an act against the free-market philosophy and should be ruled against. Such a bill of rights, if created and made law, should first be applied against DVD region-coding and Macrovision.
Large companies have no idea what they are buying most of the time. If you could see the worthless junk shitpile of software I have to use at work, you would understand.
I *write* software, that's my job. But for source code management I have to use someone else's off-the-shelf shitpile. Why?
Someone in management went window-shopping on a software list, and found a package that claimed to do a bunch of wonderful things, someone else demonstrated it, and it seemed friendly enough. Management bought it because of *feature* list, not usability. They don't care how it works, or how well it works. Only that it meets their needs.
I thought I was jaded until I saw the company's CRM software - that shitpile makes my shitpile look like a bucket of fucking roses. Again, feature list won, probably without ever having been used. Certainly the people making decisions don't use the software every day or they would go absofuckinglutely mad.
Sony paid someone money for a package because it had a bunch of features. Not because they wanted a rootkit.
Someone in Sony is shitting out a cervix right now.
(note: I'm not defending Sony, you can bet the next 100 things I buy don't come from Sony electronics or Sony entertainment or Sony auto maker or whatever else they make)
The Slackware installer using Xorg does a better job configuring X than any other distro I have tried, including the Debian varients. There are some things that you should learn like setting user permissions in fstab for your cdrom, floppy and other devices like other file systems. It is also good to learn how to edit the most important config files. But given some Linux experience these things are actually easy and one hell of a lot easier and more reliable than changing system preferences, user and file permissions in windows! Afterall Linux was built to set up file and user permission in the first place not as a security afterthought.
You will also find that OGG is an excellent codec for audio, (but you can still install any codec you chose). Debian varients like Mepis are a good way to start but you can do alot more in Slackware and it is alot closer to what a Linux OS should be, easily user configureable, as secure (as you make it), well documented and lightning fast.
Not worring about Microsoft security and DRM crap is worth the effort it takes to learn Linux. It pisses me off to no end, (as I am a musician myself) to have these assholes assume that I will steal their stuff. I paid for the friggin' disk go after the companies that pirate music and software and then sell it illegally. Sony and Microsoft can go for a flying phuck! They will get no more business from me and my family.
I wonder what would happen if somebody brought a small claims court case based on this...
[waves fingers in front of face Wayne's World style]
Judge Judy: So I understand that this man's company facak'ded up your computer? And it cost you 600 meshugena dollars to get it fixed?
Random Dude: Yes, your honor. I bought some lame ass CD that Sony price gouged me for (they have DJs to pay off you know) and when I put it into the CD drive on my Sony laptop, the drive stopped working and the computer didn't function properly. I went to my local Sony authorized dealer to have my computer serviced, but they weren't able to fix it. Since they said it was a software issue and not covered under the warranty, they charged me $200 (they have call centers to outsource you know). So then I was going to reload Windows XP, but my Sony laptop didn't come with the original CD (they have Politicians to bribe you know). So that set me back $400 for a new copy.
JJ: That is unconscionable. What is your side of the story?
Howard Stringer (CEO of Sony): He forgot to mention that we sued his kid brother for having music on the computer.
JJ: You, sir, are below slime. I find for the Plaintiff.
Or if it was on Texas Justice:
Larry Joe Doherty: Hey boy! I hear this guy cost you some mucho dinero 'cause of your computer or something?
[same as above, but with a different end]
LJD: Give that boy his $600! Now come sit in this chair and put this hat on!
The same scenario on Judge Joe Brown:
Joe Brown: I'm from the streets, but I've never heard of this scam. Tell me how it went down.
[yadda yadda from above]
[the judge sticks a shiv in the CEO and then hands the wallet to Random Dude]
JB: Case dismissed.
And on Night Court:
Harold T. Stone: $50 and time served...and Dan will fuck your wife and sister while Bull pulls out your arms and beats you with them.
[the judge disappears in a puff of smoke]
Here is the developer, on a kernel mailing list, asking for help with getting his rootkit off the ground.
w ww.osronline.com/showThread.cfm
http://66.249.93.104/search?q=cache:hDmbqX5yahgJ:
Is there a way that I can get the CDAUDIO filter driver example in the DDK to load and unload dynamically?
So you're telling me that if I prepend a file name with "$sys$" it will be nearly undetectable? Finally! An easy and effective way to hide my pr0n. I can't wait to buy this CD
https://rn.ftc.gov/dod/wsolcq$.startup?Z_ORG_CODE= PU01
Bring this whole debacle to the FTC's attention. Innundate them with requests so they'll be forced to take action.
...and you've eaten your pen. simply stunning.
you have to run as Administrator.
Googling for Mathew Gilliat-Smith, First 4 Internet's CEO, reveals many articles:
e ars+market/2100-1027_3-5492395.html0 0.aspr ights_management/
http://news.com.com/New+CD+copy-lock+technology+n
http://www.pcworld.com/news/article/0,aid,121949,
http://www.it-enquirer.com/main/ite/more/digital_
They claim to the press that their software will not damage or criple computers. Oops. The PCWorld article pretty clearly explains the extent to which First 4 Internet's product controls the number of copies you make.
This is, of course, a very, horribly bad, wrong thing. But it is, like jack thompson, so obviusly bad that it makes similer, less bad efforts, look bad, and could therefore be a good thing in the long run. opinions?
Anyways, in the mean time, just don't buy drm'd cds.
This crap is going to cripple their CD sales. The maliciousness of this is probably enough to get them out of their contract with Sony with *massive* damages. Nobody who hears about this will buy a Van Zant CD - this could very well kill off the band entirely because they'll be the band best known for a connection with this insanity, simply because Mark Russinovich happened to be a fan!
I'd say that this little rootkit might just f*ck it for anyone who listens to music at work. I remember laughing at a friend because his mom made him virus-scan all his CD's before putting them in the computer, because I big corp wouldn't bundle a virus, right?
So what happens when it gets out that music CD's will install a backdoor into you system. You will *not* be allowed to listen to you CD's at work.
On the bright side though, I'm hoping that a big corporation gets infected with Sony's little backdoor and then has them for lunch in court. There is no consent given to install the software, and installing a rootkit on a music CD is for all intents and purposes no more legal than sticking a spycam in with a light-fixture or something similar...
1) pretend you never read this story on Slashdot. 2) Ask someone you know from some 3rd world country to create a simple keylogger and prefix all executable with $sys$omgCo0LHackingPref1xS0nYIsL33t 3) Go to that someone's webpage and by chance your Internet Explorer 5 just happens to automatically install keylogger. 4) next day you find your computer ravaged by digital vandals from some far away country 5) you contact a good friend who just "knows a bit about computers" to help you and OMG!!! he finds that Sony Corp. (and throw in Microsoft there too for the full effect) aided those cyber fiends by opening the doors to your machine and so they contributed to the stealing and removal of priceless family photos, banking details etc etc. You tell the media how the cyber terrorists have been aided by SONY and how SONY is a threat to middle class suburbanville America. 6) sue Sony 6.5) ? [warning - obligatory South Park reference] 7) $sys$profit
I followed that link to Amazon's product page and "modded up" all the user comments that complained about the rootkit and DRM, so they will appear higher on the product page. I imagine both Sony and the artist will get the message if their high-profile page at Amazon.com is a big diatribe against them.
I encourage others to mod up such comments on the Amazon pages for this and any other playback-prevention CD they come across.
He who lights his taper at mine, receives light without darkening me.
As I've said many times in the past.... RIAA and MPAA members are evil. Quit buying their products. For those that can't quite wrap their mind around it, that means: 1. don't by music from RIAA artists. 2. Quit going to the movies. Simple.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
SONY is WRONG to do this! Not law - shove the law! - they are MORALLY WRONG. Anybody who does anything on my hard drive for any reason and hides it from me is morally wrong. And thus am I ever justified in wiping it, cracking it, disabling it, or reverse-engineering it. It happened on my computer: therefore, it is entirely between me and whatever Deity I care to name what happens with it. And yes, Sony owes money to everybody they've done this to.
My God, don't people have any sense of basic human rights, anymore? Do you all want to be kept in dog kennels and fed dirt? Do you want ANY of the money you earn to go towards your personal enjoyment, or do you just work for the corporations for the priveledge of giving the tiny pittiance back to them? It's about time we brought back that term "MORALLY". Morals were here before laws, and they will be here long after the tinpot dictators who declared themselves God to make their stupid "laws" have crumbled to ashes and dust. And rightly so!
If you do this, then you are deliberately disabling a copy protection system, which is illegal under the DMCA. So Sony can sue you.
Wrong. You are not disabling it, you are removing it.
The DMCA prohibits breaking digital encryption or protections that are in place to protect data from being freely accessed and distributed.
Software on your computer is neither encryption nor protection; it is a program. As long as you don't break or alter that program, you can add or remove it from your computer all you want. Adding or removing a program is not breaking it, as the capabilities the program provides are added or removed at the same time.
It's only when you alter the program, or design a new program that circumvents its protections to gain free access to the content that you tread on the DMCA.
My computer has a DVD player program that it shipped with. Do you really think it is a violation of the DMCA for me to remove this program from my computer?? Hint: it's not.
Build a man a fire, he's warm for one night. Set him on fire, and he's warm for the rest of his life.
Anything which uses technical means of copy protection is not a CD.
Not entirely true. While you're correct that this is "not a CD", it's not because it installs malware onto your computer. Previous copy protection schemes did that. Anything bypassed by disabling autorun or holding down the Shift key falls into that category.
But those *are* CD's. Why? Because Red Book isn't the only standard out there. Specifically, those can fall into the Blue Book standard, also known as "CD Extra" or "Enhanced CD". Basically it's normal Red Book audio on the first session, and a second data session that only computers see. What's on that data session is irrelevant to whether it's a CD or not.
Now, in the case of Sony's new licensed malware product, yes, the CD contains malware using rootkit like methodologies, however it is also know to contain a bad/malformed Table of Contents (TOC) in order to break ripping software even if you have prevented the software from installing. This can be bypassed with some software (like CDEx), and appearantly Mac's have no problem ignoring the bad TOC anyway, but this malformed TOC is what makes it "not a CD" in Philips eyes.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
enough said not?
This happened to me when inserting a friends original Beastie Boys CD in my PC to be ripped for my friend mp3 player; since he rips all his cd's here and uses his mp3 collection at home and at his work.
This was the biggest mistake of my life; I needed to reinstall fully; patches did not work anymore, my cd-rom didn't work anymore and I couldn't start my invoicing on my PC.
My complaint to BMG was never answered back; my post on the official beastie boy website was never answered back; so much for "customer satisfaction"...
I felt rather screwed by the ones that sell/sends corrupted audio cd's into this world...
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
It's a kinda ironic how nobody ever uses irony in the right context...
There is no way that optional software, which only MS Windows users are even capable of installing, can possibly be a "technological measure that effectively limits access" to the CD, assuming that the CD can also be played in audio CD players, read with cdparanoia, etc. The "technological measure" is one that wouldn't even be encountered in many people's daily use of the product, whether they are attempting to "bypass" it or not.
OTOH, if it's really just a CD-ROM that only contains files which are only playable with Microsoft's player (i.e. it will not work in any redbook audio CD player), then maybe Sony has a DMCA case. But I haven't heard of anything like that existing on the market (yet).
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I don't like seeing these summaries and being left to think that my OS X and Linux systems could be compromised, then having to scour the linked article just to be sure.
This is becoming a common occurance on Slashdot: Articles about viruses and other Windows exploits are posted with no hint as to their platform-specific nature. "Systems" are attacked. Is it so difficult to write "Windows systems"?? And then of course, when vulnerabilities of non-MS stuff like Linux are reported, the platform in question is Big News. So on top of vagueness WRT Windows, I get bias. Its like reading the front page of ZDnet.
Please just mention the friggin platform, thank you.
The user ran the malware; it didn't run itself.
What people need to understand, is that if you use Microsoft's desktop shell, then clicking on an icon is pretty much the same thing as downloading and executing software from someone's website. Don't do it!
A person does not have a reasonable expectation of privacy on their computer, if that person's habits are to routinely invite strangers to run software on their computer with no restrictions. Saying they have a reasonable expectation of privacy, is like saying a person who has unprotected anal sex with three strangers per day, has a reasonable expectation of not getting AIDS.
What you do, matters! I think it is very inaccurate to call what Sony did "trespass," and it only encourages users to continue irresponsible behavior.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
There is no possible way to implement DRM, other than to compromise the computer and make it behave in a way that is contrary to the interests of its owner.
If the computer has only one master (the owner), then DRM is impossible. What Sony has done, is persuade their media customers to give their computers to Sony, in exchange for music. IMHO, that's a bad trade, but what can I say, sometimes I don't understand other people's decisions.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I was considering buying a console, and had been somewhat torn between an XBox360 or a PS3. Thanks for making my choice for me, Sony!
It's official. Most of you are morons.
Yeah, yeah. Ok, everybody, go ahead and don't not have a little laugh at my expense.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
It's SUPPOSED to be a fucking AUDIO CD!!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
After reading the article, the controls / restrictions on recording and playback sound very similar to the restrictions on my recently purchased ColdPlay X&Y CD and my Paul McCartney (Chaos and Creation in the Backyard) CD. I've not tried to play these CDs on my PC, nor have I tried to rip them to MP3 yet... I wonder if anyone would know if these EMI discs use the same *cough* wonderful DRM *cough* scheme as the Sony Disc from the article?
My CD collection exceeds 1000 titles - I've no need to steal ANY music...but I'd be happy to pay a $1.00 'tax' per future CD purchases to cover the loss of revenue from people who steal music - IF that will eliminate all this DRM crap. (hopeless dreamer, I know)
It will go through their managment of course which means the artists themselves may never know.
Management:
Vector Management
Ken Levitan and Ross Schilling
P.O. Box 120479
Nashville, TN 37212
Phone: 615-269-6600
Fax: 615-269-6002
Lots of people are already blogging about this - some referring to slashdot, some to the actual article. Looks like this may be the next 5 day wonder - but will something make people change things??????
a s-malware/
u ght.html
e n/culture/2005/10/31/Make-no-mistake-the-new-battl e-lines-have-been-drawn-rootkits-and-all.html
http://www.chatvenue.com/thoughts/2005/11/01/drm-
http://blog.wfmu.org/freeform/2005/11/sony_cds_ca
http://www.cubicgarden.com/blojsom/blog/cubicgard
And many more!
Sems like it's time to completely STOP purchasing Sony provided / inspired products ok so it will mean missing out on some nice bits ect but if people dont act and act soon companies like Sony and the USA will get to thinking they own the world when they are only tiny bit players at most .
Not anon coward just cant be having all this logging in crap all the time
Pete Nikolic
I'm a HUGE Idlewild fan - I paid upwards of 26 American dollars for an Idlewild t-shirt to have it shipped here from the UK. Your bit of news is extremely saddening to me.
Naturally, it's their label and not their fault, but still...
+++ATH0
...you can report Sony's illegal acts here!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
RIAA execs should be sterilzed and sent to a desert island to rot to preserve the integrity of the gene pool.
I think it's possible that Our Lady Peace just suck so hard that the kid's computer had some kind of stroke.
Voodoo Girl is the bomb!
thank your for the insightfull article. ... i downloaded that pstools ...
i as just wondering if it is possible for
this "rootkit" to be installed even if you
don't open the official CD as administrator.
i hope not and i hope vista won't allow it
either, but i think ms will be going the
other way. it prolly makes sense to have a
OS not allowing administrator delete registry
keys, though i can't see why. maybe vista will
have some more "local system extras" for DRM
companies
instantly, 'cause there's nothin on my paid
XP pro that allows me to get rid of those
"cd filter" reg. entries
I am under *NO DOUBT* whatsoever that Sony will simply point the finger at first4internet, and simply say "We simply contracted them to provide a content protection scheme - we are unaware of the implementation" (or words to that effect). Given that the tech has been sold to several other record companies, I'm pretty sure that's close to the mark as to what actually happened, too.
So, it's first4internet who will take the heat in a criminal case, not Sony, no doubt.
Sony is evil and all, but I don't think it was Sony who was responsible for the way it works...
smash.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
It would be sweet if that file "$sys$bittorrent_client.exe" was under the radar and sharing the same music that it was suppost to be protecting. Sony would have a SERIOUS beef with... themself. Infected people might not care less.
...When an audio CD roots your box. Never fear though, Vista comes pre-rooted with DRM goodness!
Working in a DevOps shop is like playing in a band made up entirely of keytarists.
There's no 'on' position on the Slacker switch!
This is NGTCB. The submitted obviously hasn't been keeping up with Newspeak. Don't worry, I've already reported them to Minitrue.
Sony ditches DRM CDs
That's funny...
Dont ever under any conditions buy a CD from an artist that has signed with Sony!
Now if you happen to use Microsoft Windows and happen to have a one of these CD's by Sony and want to use then I think maybe it would work to disable the autoload-feature in Windows that autoload and runs autorun.info on the CD's when they inserted to the drive.
You can prevent autorun.inf from being run if you hold down your CTRL button while you put your CD into the computer.
There is no warning on the Amazon UK site for this CD.
Any rootkit would be clear violation of sections 2 and 3 of the Computer Missuse Act. This Act comes from EU treaty obligations so substantially similar legislation exists throughout Europe. The territorial scope of this Act only requires one of the parties to the offense to be in the UK. So buying this from Amazon UK should cover you even if you dont live in the UK.
Here in the UK they (sony's execs) should be able to get jailed for this under the Computer Misuse Act, hell didn't we just jail/convict some poor guy for accessing a website with ../../.. (cos he wanted to check that the site/cause he just donated to hadn't been compromised)
Oh wait, induhviduals get jailed, corporations get fined a miniscule fraction of their revenue.
Silly me.
You seem confused - which is it? A CD or not?
If the TOC isn't valid, it doesn't meet the spec, and isn't a CD. If it meets the CD specs, then a PC won't have any problem reading it without the software.
"National Security is the chief cause of national insecurity." - Celine's First Law
I think the answer to this outrageous abuse is simple: stop buying all DRM CDs, beginning with Van Zant's "Get Right with the Man". If the artist feels he is being harmed by Sony's use of DRM, they will force the use of standard CDs. [ ]s, Pedro RJ/Brazil
I think it is very inaccurate to call what Sony did "trespass,"
No, the person clicking on the icon has a reasonable expectation that all they're doing is playing music, not triggering the deliberate compromise of the basic integrity of their system with a root kit.
Of course the marketing parasites will try to wriggle out of admitting this with the usual marketing spin and lies.
---
Marketing talk is not just cheap, it has negative value. Free speech can be compromised just as much by too much noise as too little signal.
...I have nothing of value to add to the conversation, but I want to share how mad this makes me! Grrr! I'm steaming!
It adds about 2% CPU as it idles. Multiply by 200 million - phew, thats a lot of energy/oil imports in hard currency. Now that 2% is more is said computer does not go into sleep mode. Sony promotes greenhouse gasses.
Then we have laptop battery life down 2%, and the battery pack is also depreciated faster, and the hard disk power will add up too.
Scandalous inefficiency, and recklessness. The soultion, consumer recall and damages. It is costing its victims money.
F-secure's page about the XCP DRM Software: http://europe.f-secure.com/v-descs/xcp_drm.shtml
The truth or interpretation..
Once again, we see a total lack of understanding on the side of content creators. Instead of providing us with added value, the provide us with hard to remove malware that will cost us, honest customers who bought an actual cd, cpu and memory resources, not to mention possible back doors into our home computers.
In a world where a computer more and more becomes a tool for content creation and is used more and more as a media hub, unfortunately most of the time based on an operating system known for its insecure architecture, this is a very worrying trend.
We see the same thing happening with content creation software. Dongles, challenge-response systems, it is made harder and harder for legitimate users to use the software, while the odd cracker is very capable of evading whatever copy protection or DRM scheme might exist in the software.
Now I am a firm believer that it is quite okay to pay for quality. I am also a firm believer that I should (and I do) pay for the software I use for my content creation (photoshop for my digital darkroom needs, pro tools for my music making needs). But why the hell should I, as a legitimate customer, pay for insane copy protection mechanisms? They do not add value for me, instead they take value away, in terms of storage, CPU cycles and memory.
This is crazy, and some interprising IP lawyer who's tired of doing billable hour work is going to be all over this.
Make love, not reality television.
At least, not by sony!
:)
Now really, who wants to buy a cd that will render your system unusable, and your privacy invisible?
Not me.
Thank god I do not use windows or drm-based hardware
Buanzo Consulting - 15 Years of GNU/Linux experience, for you.
exhibit one for the GPL - this is why linux has not penetrated the desktop. because of vendors, companies pulling crap like this.
man - I am so glad I do not have windows in my life. Just because of this crap.
the riaa and mpaa are going to go broke if they continue to do this crap - the sheeple will follow only so long and then revolt.
so knock it off you knuckle heads. you are telling people are guilty that are legititmately buying your product of stealing.
how insulting is that?
My First RootKit!
So run the setup as Administrator. Either right-click on the icon and select "Run as..." or use the command line and use the command "runas."
F-secure's BlackLight detects it, although they advise against using the removal tools to get rid of it - it might disable the access to that drive letter. http://www.f-secure.com/weblog/
Just for the permanant public record, Tony Miles, Ceri Coburn, Peter Worrall,
Nick Drew and Mathew Gilliat-Smith are the criminals behind this outrage.
Under no circumstances should you employ these blackhat computer criminals.
OK. So I, and many other Slashdotters, are usually roped into tech support for family and friends. Just why I thought I was getting some way on top of things with SP2, firefox and AV, this comes along.
.....
So after all my hard work, my little cousins just go out, buy one Sony CD and WHAM! All my efforts gone to pot as the worlds biggest backdoor is slapped straight onto the system. It's not like you can tell teenagers NOT to buy CDs. And really I shouldn't have to.
Gods what if they put this stuff on the CDs the Adults buy!?
It's going to be a llllooonnng christmas season.....
May the Maths Be with you!
It's not Linux compatable; sigh....
I am the unwilling control for my Origin.
Would this result in multiple instances of the DRM rootkit beng installed if multiple CDs with the same software were run by the user? Or after the first one would it just see it is already there? Just wondering if eventually, if it is cumulative, if the machine would just bog down into 100% CPU usage and become non functional.
See:k it_drm/
Removing Sony's CD 'rootkit' kills Windows
http://www.theregister.co.uk/2005/11/01/sony_root
The lean toward calling it exceptionaly bad DRM, rather than a rootkit. Fair enough. It doesn't contain anything that maintains a cracker's ability to reenter a system, which is part of most people's definition of a rootkit.
But its good to see that they've picked up. Other media outlets often seem to follow what's seen on el Reg.
What you do with a computer does not constitute the whole of computing.
It's a bit more serious than how your computer might get screwed up if you try to undo this. If a staff member innocently tries to play music in their bank, and this introduces security holes that could be used to hack into the bank's systems, then the legal implications are probably quite staggering.
Now, after I run Adaware, Spybot, CWS Shredder, Panda Activescan, AVG, and other spyware/AV/ect products on someone's computer, I'm going to have to ask them one more question.
Have you bought any music CDs lately?
And when I tell them that buying legal music and playing it on their computer can slow it down... People are going to be completely upset and thinking "WTF."
Here's an article mentioning the XCP technology written from a shamelessly pro-DRM point of view. Very little technical detail given (unsurprising given it's a puff piece), but still interesting to see what's currently being done (the XCP-1 watermarking technology) and what business would like to see done (RFID-tagged CDs and players which only play CDs that are correctly tagged).
No. If you really want to fight clearly illegal activities like this, then sue Sony in small claims court and name the store you bought the CD from as a co-defendant.
Sony probably won't care if they lose a customer or two. They will definitely care if they lose a few retailers because of the fear of exposure to litigation.
We're always complaining about how broken our legal system is, right? Well, maybe their tactics work in both directions. Remember, the GPL is a clever hack on copyright law. Perhaps we need to start hacking other legal constructs as well.
Dewey, what part of this looks like authorities should be involved?
1.) It's a rootkit
2.) It deliberately hides itself from the customer
3.) They deliberately deceive the customer by hiding certain processes with names such as "Plug And Play Device Manager".
Why aren't people going to jail/being heavily fined for this? Wtf?
Can't say I agree that windows _users_ are ignorant...
But what kind of system allows this shit to take place in the first place? Seriously!
OK, so it has this service that sits around eating up all your CPU monitoring all your running programs, checking their names and file sizes and looking for something... What is it looking for? Illegally copied software perhaps? What is it going to do when it finds it? If that is not what it is looking for, then what is the point of collecting all that information? Where is that information logged? In the oct.sys file perhaps (since it seems to be growing in size in the two pictures in the article and have an updated time stamp)And if it is not going to use it for the purpose of reporting "pirated" software, then is it just logging it locally somewhere so that if you had a lot of copyright infringement going on then they would have some kind of log of your activities? Or, is there also a way for them to trigger a report somehow?
Randy.Flood@RHCE2B.COM
Using the right software on Windows, you can prevent unwanted registry modification. In this case my own software called RegDefend ( Free version available ) would have alerted you to Sony trying to install the driver in the registry, and also if the user has set it up, to be alerted if the cdrom filters changed at all.
This doesn't change the fact that the Sony software might not "work" without the "rootkit" it wanted to apply to the system, but at least you would have known about it with something like RegDefend installed. In this particular case, Mark would have known that the CD software was installing a driver and wouldn't have needed to check with a rootkit detector several days/weeks after it was installed. Installing linux and hoping it isn't targetted in the future by companies/malware is basically security through obscurity which nearly always involves the most cleanup if something bad happens.
And i mean everything and anything from Sony, not only CDs.
It all boils down to:
- Do you trust this company?
I haven't trusted them for the past 4 years so i haven't bought NOTHING AT ALL from Sony. I actively boycot all their products.
Vote with your wallets people, all you have to do is resist the temptation to go all "uuuuh shinny!" whenever Sony puts out some new gadget.
I hear that http://www.allofmp3.com/ is licensed to sell music via the internet - so no DRM CD's
That would give you a digital license if I understand it correctly so it would be good for the iPod
Someone that understands cross border laws in the different countries would be better qualified to comment I am sure
That's so twentieth century. I've long ago said "goodbye" to the small round silvery discs, and said "hello" to iTMS.
Despite what EULAs say, most software is sold, not licensed.
How is this a flaw w/ Microsoft's security model?
Wouldn't they just ask you to su if the rootkit was trying to install in a Linux or OSX environment? Exact same "flaw" as Windows XP.
Just more evidence that it is STRONGLY inadvisable to ever buy CDs from corporate criminals.
They only use the money they take from you to attack their own customers, and develop software that will trash your machine.
If I find such a virus on my machine, I will definitely be charging the full cost of cleanup to the record company, plus I will be charging them for the downtime and time wasted.
Virus writing of this type is a serious Criminal Offence in my country. Hopefully, Sony executives will be charged under computer crime legislation, and get a nice prison term like any other offender would for such an offence.
No DRM. Whatever format you want. http://www.allofmp3.com/
We've tried nothin' and we're all out of ideas. - Ned's Mom
The following was jusst sent to the EFF.
t kits-and-digital-rights.html
There's a lot of out there tin-foil hat stuff that get's thrown around due to things like the DMCA that is just not that important to Joe Consumer. This has real potential to fusk people up NOW for doing nothing more than being the docile consumer that society wants them to be.
I'm not an activist, but this is getting out of hand, and I want to do something about this.
I'm sure you've seen all the stories on this popping up everywhere. Here's a good example:
http://www.sysinternals.com/blog/2005/10/sony-roo
I find it hard to believe that with all the laws being passed that punish individuals for doing this exact same thing, that they can't also be applied to corporations like Sony.
This needs to be stopped, and punished severely, sooner than later so it gets stopped ASAP.
What can I do?
Writing Sony ain't gonna do anything. Ditto congress.
Mainstream media is ignoring this issue, yet it does, or will very soon if it keeps going, affect everyone that's a good little consumer.
I want this stamped out before I have to restore my Mom's PC after she tried to play her latest Keith Urban CD or whatever.
What can I do? Do you have a list of Law Firms I can contact to sue Sony for this? There are very real and potential damages that can be easily demonstrated. Very soon someone is going to write a virus/trojan that takes advantage of systems compromised by this "DRM". Why do we need to wait until someone's life is ruined by identity theft caused by these actions before we act?
So, what can I do?!
Thank God I do not buy music anymore.
This space intentionally left blank
While waiting for a lawsuit to be organized, leave your feedback at
http://www.sonymusic.com/about/feedback.cgi
or email
SonyMusicOnline@sonymusic.com
C'mon folks, fire up your editors and compilers and have some fun!
"What in the name of Fats Waller is that?"
"A four-foot prune."
I just created a CMT acct and posted the following. We will see what happens.
k it_drm/ and http://www.sysinternals.com/blog/2005/10/sony-root kits-and-digital-rights.html The man that wrote the second article is a Windows genius and he was not able to fix his computer after this evil Sony software installed itself WITHOUT HIS PERMISSION. Please let the artists who are creating the music we want to buy that this is an unacceptable practice. I buy music. I don't want any software that breaks my computer on the same cd as music. Do you?
Tapeworm
Van Zant CD installs spyware on your computer
If you put the Van Zant CD "Get Right with the Man" into your computer it will install harmful software that you cannot remove. It does not ask if you want to install this software, called a Rootkit, which allows Sony to do things to your computer. This is called spyware and it should be illegal... Here is more information http://www.theregister.co.uk/2005/11/01/sony_root
There's a song in that somewhere...
Aye, that's the rub!
In the U.S., the Constitution (Article 1, Section 8) says that authors and inventors are granted the exclusive right to their works *by Congress* to promote further creative and scientific activity! The Constitiution does not acknowledge that an idea or story can be owned; it can only be used. It is beneficial for the society and culture to encourage that creativity by protecting it, but the products of that creativity belong to no one.
Here is my 2 Cents on what is so Dangerous that Sony should be sued for it!
When Sony Installed this Root kit according to mark's Sysinternals Blog - http://www.sysinternals.com/blog/
I quote:
I studied the driver's initialization function, confirmed that it patches several functions via the system call table and saw that its cloaking code hides any file, directory, Registry key or process whose name begins with "$sys$".
To verify that I made a copy of Notepad.exe named $sys$notepad.exe and it disappeared from view.
This means that ANYONE who has this ("Sony Root Kit") installed ("And not looking for Root Kits 24/7, The person that found it, Mark, did not even know it was there, and would have not found it had he not been testing the latest version of RootkitRevealer") CANNOT view ANY file, directory, Registry key or process whose name begins with "$sys$" in Windows Explorer or the registry, or process viewer and actually files and directories may not be seen from the command prompt as well, in some cases, I quote from Mark's Blog:
I therefore checked to see if I could examine the files within the hidden directory by opening a command prompt and changing into the hidden directory. Sure enough, I was able to enter and access MOST of the hidden files
From the Sony EULA, the ONLY reference to any software being installed http://www.sysinternals.com/blog/sony-eula.htm I quote:
As soon as you have agreed to be bound by the terms and conditions of the EULA, this CD will automatically install a small proprietary software program (the "SOFTWARE") onto YOUR COMPUTER. The SOFTWARE is intended to protect the audio files embodied on the CD, and it may also facilitate your use of the DIGITAL CONTENT. Once installed, the SOFTWARE will reside on YOUR COMPUTER until removed or deleted. However, the SOFTWARE will not be used at any time to collect any personal information from you, whether stored on YOUR COMPUTER or otherwise
Hmmm, well they just created a BACK-DOOR for anyone who has this root kit of theirs to get ("Personal Information").
Sony even made sure the Root Kit would Load in Safe Mode as well, I quote from Mark's Blog:
As I was deleting the driver Registry keys under HKLM\System\CurrentControlSet\Services I noted that they were either configured as boot-start drivers or members of groups listed by name in the HKLM\System\CurrentControlSet\Control\SafeBoot subkeys, which means that they load even in Safe Mode, making system recovery extremely difficult if any of them have a bug that prevents the system from booting.
For all Practical purposes Sony has disabled ALL protection from Viri, Spyware, Trojans and Root Kits on the computers that installed their Root Kit IF that Malware uses a $sys$ cloak! for the vast majority of Microsoft Windows computer users.
So IF/WHEN someone creates OTHER Root kits, Viri, Trojans, Spyware that uses this $sys$ cloaking ("Installed Courtesy of Sony") and ANY damage is done to a system because of it, who is responsible for said damage?
Any comments?
Black Gray White Hats Unite to protect http://testing.OnlyTheRightAnswers.com
From xcp-aurora.com ("The Alleged creator of this ROCK-SOLID protection methodology")
http://www.xcp-aurora.com/xcp1.aspx
Quote:
"XCP1 - Burn Protect
XCP1 pre release technology is designed to provide copy protection onto compact disc recordable media (CDR). Its methodology is an encapsulation process that wraps around the audio content controlling device access. This technique enables the information contained on the disc to be protected without being altered or affecting sound quality. The control program provided as part of the disc management system does not install any programs that alter your access to the content. XCP is deployed through Aurora Software and provides two options for CDR protection."
End Of Quote.
I think it WRAPS around any prior functional protection method the vast majority HAD to protect their Windows Based computer ("Lets Not Forget NETWORK, if you happened to have installed this stuff on a system that's logged on with FULL Network Privileges")
True, the control program does not ALTER your access to the content, it just allows potential World-Wide access to any content on your Network it is installed on and makes WEP look like Quad-WPA encryption when compared to the holes this opens.
Quote From xcp-aurora.com
"XCP1
XCP1 is designed for CD Audio and PC & MAC playability. Levels of protection are very high and recipients of XCP1 copy protected CDs will find it difficult to digitally rip or burn the Red Book content of the CD."
End Of Quote.
Yes however it appears that it was just made much easier to FTP the entire contents of any and all system and possibly Network Media device(s) this stuff has been installed on.
All comments in this post made by ZOverLord are strictly the opinion of ZOverLord and do not reflect the opinions of any other person or entity including the site it was posted on.
Black Gray White Hats Unite to protect http://testing.OnlyTheRightAnswers.com
No, under DCMA it's illegal to make programs which circumvents copy protection. It's even illegal to write a article how to do it.
OK, now Sony's illegaly infecting my computer? As far as I'm concerned, all "contracts", "agreements" between them and their customers are now null and void. They've given up their right to be treated with any respect whatsoever, and are merely criminals. Until the corporation atones for this with an extreme display of regret and humility, not to mention reparations, there's only one sensible course of action: Steal every God-damned thing you can from Sony.
If you do this, then you are deliberately disabling a copy protection system, which is illegal under the DMCA. So Sony can sue you
You can disable copy-protection to your hearts content, Doug. What you can't do is circumvent it.
If I don't have a copy-protected CD in the drive, their copy protection rootkit/driver isn't doing anything. I can remove it with no legal reprecussions. It will just install itself the next time I put the CD in the drive.
Now, if I try to rip the songs by cirucmventing the DRM rootkit/driver, then yes, that's a violation of the DMCA.
Nevermind the fact that if you complain to sony that you can't play your DRM'd CDs on your iPod that they'll TELL you how to circumvent the copy protection.. but I suppose then you're doing it with their conscent.
The state of the world is sad when the purpose of running as a regular user isn't to prevent the out of control user from running amuck, but to prevent the corporate software slime from taking control of our computers without asking
Judges and senates have been bought for gold; Esteem and love were never to be sold.
Well this just gives us a ligitimate reason NOT to buy music in this format. If you wish to support the artist, go to the concert, buy a t-shirt. If you want to listen to the music, just download it. Obviously companies like SONY don't want our business that baddly.
Well, it it pretty much the same thing. The software (Corporate or otherwise) just automates the running-amuck.
We would be interested in speaking to any California residents that have experienced this problem before the EULA was changed. We have looked at many DRM cases and Sony went too far with this particular scheme. You can contact us at gw@classcounsel.com or at http://www.classcounsel.com/
no windows-rootkits there.
oh and no drm protected songs as well
The point remains, however, that the setting of user-privileges shouldn't have anything to do in particular with your machine's security. Everyone's saying Sony is the big bad wolf in this, which they are, but the fact remains that the OS should alert you before allowing certain actions to take place without your consent or knowledge. Everyone should be able to run as an administrator on their own computer. They are the administrator, it's their computer. I just think the sting is that much worse knowing first of all, which we pretty much already knew that our OS is that easily compromised without our knowledge, and secondly that this type of backdoor operation is coming from a more reputable source than in the past. I'd expect this from some third rate software development company that's developing some weird version of gnutella, but to get it from a Sony music CD is just all that more frightening. Overall, however, the OS should prevent stuff like this from happening (and yes, from default). You shouldn't have to tinker around in settings for hours in order to figure out how to make your OS not behave like a retarded schoolchild being lured into a van for candy. Just another reason not to buy stuff, IMO.
Judges and senates have been bought for gold; Esteem and love were never to be sold.
BTW, if Andy Tanenbaum The Great had wanted to comment on this SONY disaster, he would have published his opinion directly under his own name on his own hp.
Greetz,
Waran
Sig? What sig?! Ah, sig! Sigh.
Not really
-------- In Soviet Russia, "Soviet Russia" sigs hate Slashdot.
I have been talking about running untrusted code in general, but especially if we look at this particular example, there's even more to say about "expectation." This particular CD is known to be copy-protected. I don't know if it says so on the packaging, but it's pretty blatant on the Amazon page.
How else, other than compromising the integrity of the reader, can copy protection possibly be implemented? The user knows that normally, he can read a CD and do anything with the data. What does he think is going to happen if he runs code from a CD that is labelled as protected? Please, give any possible example of what the executable code even might do, other than act in a hostile manner. Copy protection either does something bad, or it fails to work.
In general, a person has a reasonable expectation that clicking a CD is a safe thing to do. Windows users, however, are special. Windows users have a reasonable expectation that clicking on a CD, will not just play a CD, but also may execute foreign code, which is a behavior that always comes with risk.
CD buyers, in general may have a reasonable expectation that commercial CDs do not contain dangerous code (I think that's naive, but I'll give the benefit of the doubt here), so it is irrelevant whether or not they execute whatever code may be there. Buyers of copy-protected CDs, have a reasonable expectation that whatever code is on that CD, is intended to compromise the capabilities of whatever device executes it and work against the user's interest. (Working against the user's interest is what copy protection is about. That's the whole point of copy protection.)
Ergo, Windows users that buy copy-protected CDs, have a reasonable expectation that clicking on a copy-protected CD will execute hostile code that was written with the intent to work against the user's interest.
I guess we can argue about to what degree that hostile intent should be manifest, but the user knew that something bad was going to happen.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
So, I'm a corporate grunt. I deal with scripting installs for a large corporation that has, like all the others, a strict policy on what is installed on their workstations. We typically make our installs silent so that the end user is not interrupted. If software resides on the workstation that doesn't come from one of our scripted installs then it was never certified to be on the companies computer and it must be removed. Users have been known to bring in audio cd's to listen to while working. This seems to be a problem. A big one. Now we have software that employees can bring in, unknowingly install, or possibly knowingly install, and dramtically increase the potential breach of confidential information and the acts of insider trading. It is my duty to keep software off our systems such as this and the best way I can think of doing this is opening a ticket with Microsoft and demanding a security patch that does not allow this software to install on our company computers. Lets not forget, there is more than just the home users that are effected. Your bank, your insurance company, your doctors office, etc. And come on, writing code that automates processes is getting easier and easier every day on the effected OS. Its my job, and 10 years from now I'll probably loose it to inmates. Lets not leave doors open like this for people to abuse.
Probably the best way to show that not all the consumers are as stupid as Sony hopes that we are is to vote with our pockets. Boycott them until they offer a suitable solution to this mess, apologize to the consumers whos computers may have been damaged and change their strategy all together. I have started a petition which I hope will make its rounds. You are all welcome to sign it and send it on to everyone you know. http://www.petitiononline.com/sonydrm/