Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sony DRM Installs a Rootkit?

Posted by ScuttleMonkey on from the slice-of-privacy-pie dept.

An anonymous read writes "SysInternals.com guru Mark Russinovich has a detailed investigation of a rootkit from Sony Music. It's installed with a DRM-encumbered music CD, Van Zant's "Get Right with the Man". (Mmmm, delicious irony!) The rootkit introduces several security holes into the system that could be exploited by others, such as hiding any executable file that starts with '$sys$'. Russinovich also identifies several programming bugs in the method it uses to hook system calls, and chronicles the painful steps he had to take to 'exorcise the daemon' from his system." This house is clear.

10 of 801 comments (clear)

  1. Didn't Notice? by KidHash · · Score: 4, Funny

    Not that this makes it better in any way, but I liked how he said

    I hadn't noticed when I purchased the CD from Amazon.com that it's protected with DRM software, but if I had looked more closely at the text on the Amazon.com web page I would have known

    followed by a picture of the amazon web page in question with [CONTENT/COPY-PROTECTED CD] clearly visible in massive letters.

  2. Re:In democratic america... by nmb3000 · · Score: 4, Funny

    i don my tinfoil hat and robe...

    Wow, a tinfoil hat and robe! When do the pants and underwear come in? :)

    However when you said "hat and robe", my first thought was of Bloodninja's cyber adventures.

    --
    "What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
    /)
  3. This is as good as... by elgee · · Score: 3, Funny

    Getting a cockroach with my just purchased pizza.

  4. *phew* by Alan · · Score: 5, Funny

    I'm glad I get my music off of p2p networks and don't have to worry about trojans and rootkits and that evil hacker stuff!

  5. Re:My question: by Anonymous Coward · · Score: 5, Funny
    > It's beyond absurd that a company of Sony's size would allow a piece of software to appear on any of its products without Sony having tested the hell out of it first.

    You never played Star Wars Galaxies, did you?

  6. Re:OS's fault by sulli · · Score: 3, Funny

    Exactly. Also, never autorun CDs.

    --

    sulli
    RTFJ.
  7. Re:Sony is protected by the DMCA by br0ck · · Score: 4, Funny

    Suing them IS trying to remove it, so suing them invokes the DMCA.

  8. Legal Precedent in other forms by istartedi · · Score: 4, Funny

    If I kill you to prevent you from killing me, killing you is self defense and not a crime. Seems reasonable that if I kill Sony's process to prevent it from stealing my ID that it's self defense and not a crime. The DMCA is one of those laws that is so out of whack, nevermind the US Constitution. It probably violates Brittish common law, the Magna Carta, and if you look hard enough it probably violates the code of Hammurabai and the social order of primitive hunter-gatherer cultures too.

    --
    For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
  9. this would be some great TV... by foQ · · Score: 3, Funny

    I wonder what would happen if somebody brought a small claims court case based on this...

    [waves fingers in front of face Wayne's World style]

    Judge Judy: So I understand that this man's company facak'ded up your computer? And it cost you 600 meshugena dollars to get it fixed?
    Random Dude: Yes, your honor. I bought some lame ass CD that Sony price gouged me for (they have DJs to pay off you know) and when I put it into the CD drive on my Sony laptop, the drive stopped working and the computer didn't function properly. I went to my local Sony authorized dealer to have my computer serviced, but they weren't able to fix it. Since they said it was a software issue and not covered under the warranty, they charged me $200 (they have call centers to outsource you know). So then I was going to reload Windows XP, but my Sony laptop didn't come with the original CD (they have Politicians to bribe you know). So that set me back $400 for a new copy.
    JJ: That is unconscionable. What is your side of the story?
    Howard Stringer (CEO of Sony): He forgot to mention that we sued his kid brother for having music on the computer.
    JJ: You, sir, are below slime. I find for the Plaintiff.

    Or if it was on Texas Justice:
    Larry Joe Doherty: Hey boy! I hear this guy cost you some mucho dinero 'cause of your computer or something?
    [same as above, but with a different end]
    LJD: Give that boy his $600! Now come sit in this chair and put this hat on!

    The same scenario on Judge Joe Brown:
    Joe Brown: I'm from the streets, but I've never heard of this scam. Tell me how it went down.
    [yadda yadda from above]
    [the judge sticks a shiv in the CEO and then hands the wallet to Random Dude]
    JB: Case dismissed.

    And on Night Court:
    Harold T. Stone: $50 and time served...and Dan will fuck your wife and sister while Bull pulls out your arms and beats you with them.
    [the judge disappears in a puff of smoke]

  10. This is GREAT! by thetaco82 · · Score: 4, Funny

    So you're telling me that if I prepend a file name with "$sys$" it will be nearly undetectable? Finally! An easy and effective way to hide my pr0n. I can't wait to buy this CD