Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sony DRM Installs a Rootkit?

Posted by ScuttleMonkey on from the slice-of-privacy-pie dept.

An anonymous read writes "SysInternals.com guru Mark Russinovich has a detailed investigation of a rootkit from Sony Music. It's installed with a DRM-encumbered music CD, Van Zant's "Get Right with the Man". (Mmmm, delicious irony!) The rootkit introduces several security holes into the system that could be exploited by others, such as hiding any executable file that starts with '$sys$'. Russinovich also identifies several programming bugs in the method it uses to hook system calls, and chronicles the painful steps he had to take to 'exorcise the daemon' from his system." This house is clear.

3 of 801 comments (clear)

  1. Sony means to degrade society by Anonymous Coward · · Score: 0, Flamebait

    This is why I hate Hip Hop and Rap. Sony and Hiphop and Rap are rootkits on the good parts of humanity.

  2. Trespass by Sloppy · · Score: 0, Flamebait
    A person has a reasonable expectation of privacy and security on his or her home computer. Any attempt to circumvent this privacy or security should be construed as trespass. .. By removing the Sony-installed malware, Mark has broken the law. But so is trespass illegal, so tell me, which is a greater abomination?
    Most people don't like it, but I have to fall into "blame the victim mode" here. What Sony did, was not trespass. It is 100% impossible for a passive piece of media (a CD) to trespass on a computer. The computer, working as the user's agent, actively loaded and executed code from the CD.

    The user ran the malware; it didn't run itself.

    What people need to understand, is that if you use Microsoft's desktop shell, then clicking on an icon is pretty much the same thing as downloading and executing software from someone's website. Don't do it!

    A person does not have a reasonable expectation of privacy on their computer, if that person's habits are to routinely invite strangers to run software on their computer with no restrictions. Saying they have a reasonable expectation of privacy, is like saying a person who has unprotected anal sex with three strangers per day, has a reasonable expectation of not getting AIDS.

    What you do, matters! I think it is very inaccurate to call what Sony did "trespass," and it only encourages users to continue irresponsible behavior.

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  3. DRM *always* implies compromised security by Sloppy · · Score: 0, Flamebait
    There's a slight difference between a copy restricted CD and an "install a rootkit on your computer" CD, though...
    No, there isn't. You're so close to enlightenment.. can you taste it?

    There is no possible way to implement DRM, other than to compromise the computer and make it behave in a way that is contrary to the interests of its owner.

    If the computer has only one master (the owner), then DRM is impossible. What Sony has done, is persuade their media customers to give their computers to Sony, in exchange for music. IMHO, that's a bad trade, but what can I say, sometimes I don't understand other people's decisions.

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.