Slashdot Mirror
Sony DRM Installs a Rootkit?
An anonymous read writes "SysInternals.com guru Mark Russinovich has a detailed investigation of a rootkit from Sony Music. It's installed with a DRM-encumbered music CD, Van Zant's "Get Right with the Man". (Mmmm, delicious irony!) The rootkit introduces several security holes into the system that could be exploited by others, such as hiding any executable file that starts with '$sys$'. Russinovich also identifies several programming bugs in the method it uses to hook system calls, and chronicles the painful steps he had to take to 'exorcise the daemon' from his system." This house is clear.
RTFA, the EULA does not mention this at all...the writer of the article made a specific point with respect to this.
Still, one would hope that Sony would only choose reputable suppliers, ones who wouldn't allow a virus/trojan to be distributed intentially or even through neglect.
Turn off autorun.
Slashdot - where whining about luck is the new way to make the world you want.
Being a root kit just means that the program works at the OS level, USUALLY in such a way that the end user will not notice it, nor will virus detectors flag it. It changes something about "Windows" as opposed to adding something to it. (over simplified)
The arbitrary code in this case is installed when you hit 'OK'.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
You're confusing the terms "rootkit" and "trojan"/"backdoor".
A trojan in its strictest sense tricks a user into executing one set of code when they think they're executing another. A backdoor simply allows remote execution of arbitrary code.
A rootkit is usually the set of tools that an attacker deploys on a compromised system. "rootkits" in the terms of this article are programs that trick your kernel into doing things it shouldn't do. This could include a trojan or a backdoor, but not necessarily.
Sony's program is a rootkit because it runs without authorization from the CD and alters the Windows API in order to disguise itself. As far as the article indicates, it doesn't include the ability for Sony to execute code on your machine. It's still dirty and sinister, if you ask me. It also allows any other malicious attackers to conceal anything they plant on your machine - simply by prefixing any file name with $sys$ - that's not cool!
Trusted Computing...
I think this lil video on Trusted Computing is perfect at explaining trusted computing.
I leave it running on the computers on display in my store. Hopeing that I can educate enough people in my small section of the world about the follies they are about to embark on.
DSLIP Web Design and Content Management Australia.
You can't enter into a contract which violates the law. Thus a "contract killing" is not a valid contract.
They at least ought to turn off the seriously insecure by design autorun feature by default.
After being presented with a sell-your-babies-to-the-almighty-record-label EULA, and before shoving awfully encoded WMA format files down their throats.
Hint #1: There's no "copy protection" on CDs. For most parts, it's misshapen multi-session CDs. cdrdao read-cd --session 1 ... Hint #2: If you're encoding the files to MP3, Vorbis or, good heavens, WMA, digital rips are wayyyy overrated and plain old CD player, analog RCA-to-RCA cable and an audio recorder app can do really wonders. =)
"What is next? Drm that will rewrite your bios and turn your pc into an expensive doorstop for copyright violation?"
Yes, look for it in your next Blu-Ray Disc Player.
http://www.engadget.com/entry/1234000737057152/
"On top of that, consumers should expect punishment for tinkering with their Blu-ray players, as many have done with current DVD players, for instance to remove regional coding. The new, Internet-connected and secure players will report any "hack" and the device can be disabled remotely."
Article 7. DAMAGES ARISING OUT OF YOUR ACTIONS
You shall defend and hold the SONY BMG PARTIES harmless from and against any and all liabilities, damages, costs, expenses or losses arising out of your use of the LICENSED MATERIALS, your negligent or wrongful acts, your violation of any applicable laws or regulations, and/or your breach of any provision of this EULA.
I think the article provided enough evidence as is. Yes, it is "DRM shovelware", which is an offense in itself. Yes, it's hard to uninstall, which is bad. But it's also trying to hide itself, which is really nasty, and it hides stuff indiscriminately, which is worse.
It is a rootkit, because it messes with the OS to hide specific files. It is a dangerous rootkit, because it hides all files that start with some prefix, not just the specific files used by the DRM mechanism - this could be potentially used to hide more mischief from the same source.
You obviously didn't read the article very closely. Sony patched the CD/DVD drivers, Sony's code runs every time you access the drive. He didn't disassemble the entire driver so there is no clear indication that it doesn't contain security problems (whether by incompetence like a buffer overflow, or a deliberate backdoor) that would allow arbitrary code to run. There is no way to audit the code for security, it is probably illegal under the DMCA to disassemble and fully analyze DRM code in sufficient detail for a full code audit
THAT is the biggest problem with these windoze DRM hacks. You can secure your system with all the technology at your disposal, but it means nothing when you are tricked into running a rootkit disguised as DRM. Then you have to trust the DRM vendor did not make any mistakes that expose you to further security risks.
People like to gripe about Apple's DRM, but at least they know better than to pull crap like this.
corporations exploit YOU!
Insightful indeed.
The thing is that there is more than a corporation here. The artist that chose to sign with Sony is now going to feel the repercussions of this dirty little trick Sony tried to play. Do you think that Sony really cares if they loose a few sales of this one CD because they got caught red-handed? Of course not.
These record labels are not only exploiting the consumer, but they are screwing over the artists that depend on them for advertising and distribution. Here is contact information for Van Zant. Let them know that you're pissed. Let them know you won't be buying their CD. Let them know that they were screwed by Sony. While you're at it, why not let First4Internet know that you hate them and hope they burn in Hell for writing malware like this. A few thousand emails will do wonders for these jerks.
If enough artists move away from these corporate labels it can only mean good things for the consumers. It's not impossible for this to happen, just extremely difficult.
"What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
/)
Remember recently one of our esteemed elected officials (in the USA that is) who wanted the ability to physically remotely destroy the pc of someone infringing on copywrighted material? I don't want to name the name because I'm not sure which one it was. The whackjob in question is Orrin Hatch.
Offtopic, but..
If you think a stock will move but don't know in which direction, buy get and put options at the current price. They'll be in the money after any significant stock movement. Called a Long Straddle.
Consumer puts a cd into their computer with the intention of playing the cd. The cd takes advantage of a feature in Windows and installs software in the background without your knowledge. No court would find Sony not liable for damagaes caused because the user didn't disable autorun. It's the same as an email viruses, just because the user never turned off macros doesn't let the person who runs the virus off the hook.
This isn't the first time Sony's had this idea. Years ago they asked someone to write a virus to subliminally provide marketing to people. This motivated the person they asked to write a book called Coercion.
---------- Open Source is capitalism applied to IP.
It indescriminately hides any file beginning with "$sys$". Not just its own files. Any file. Now tell me this isn't a rootkit.
Don't just stand there, get that other dog!
No, "Trusted Computing" is not designed to prevent this. It is designed to *enforce* it. By having an appropriately signed application, required to access appropriately signed and controlled hardware such as your CD or DVD drive or appropriately encrypted files found on your CD, DVD, or downloaded files, it's designed to prevent you from accessing content in your files or on your systems without the signed license keys from the vendor.
Run as a regular user. Users group.
Then, if (when) you need to install something, or run a program that needs administrative privileges, right click it and "Run as" Administrator (or user with administrative privileges).
This is the same kind of thing as 'sudo' in linux.
You'll get a lot less shit on your system this way, still not perfect but better.
I'm not sure what jurisdiction -you're- in, but the last I checked anywhere, those general "not our fault" clauses don't mean a thing against something done intentionally. If you are with full awareness doing something malicious, that is a totally different animal then accidentally releasing bugged software, and "not our fault" won't even begin to protect them.
To fight the war on terror, stop being afraid.
Actually, many folks misread this section of the DMCA. The DMCA allows an individual to circumvent copy protection for thier own use through the "fair use" provision.
What it prohibits is the disemination of knowlege and tools on how to circumvent copy protection.
Anyone is free to do anything they want to rid themselves of any copy protection on media they own...as long as they keep the knowlege of it entirely to themselves. (There are some exceptions for encryption research and, to a lesser extent security research, as well)
See, the problem with this is you did not give them permission. You didn't even run their executable. It happened without your expectation, knowledge, or consent.
You popped in what you thought was a nice little audio CD. Because Microsoft has been configured to run the software on these CDs by default, you end up running it -- that's not permission. When you put in an audio CD, you expect to hear, well, music. Not to have something installed on your computer which compromises its security.
You can't say that someone accepted terms of use when Microsoft, acting in conjunction with these companies, decided that what needs to happen is that any CD with executable code on it needs to be executed blindly and without user confirmation.
For the vast majority of users, playing a CD in their computer is shockingly like playing a CD in their CD player. It is neither a tacit nor an explicit agreement to run any and all software they may have installed on it.
It is a complete mis-representation to claim that you gave permission for them to do anything they wanted to do with it. If I open my door to a solicitor, that doesn't give them the right to enter my home and do anything they damned well please.
This absurbd notion that what is, in effect, trojan software has been accepted by the user simply because they decided to play an audio CD in their computer is complete and utter tripe. And saying that you "should have known better" is a complete cop-out -- we already know that the vast majority of computer users simply lack the knowledge to prevent this sort of thing. Especially when the OS manufacturer has decided a priori for you that is what will happen.
Now, if they put in big honking letters on the CD case that if you play this CD on a Windows machine, software will be installed on your machine, your argument might have merit. But the simple fact that it is NOT spelled out in big font, means that, for all intents and purposes, this is a trojan.
Imagine extending this totally absurd argument to credit cards -- 'by handing your credit card to the waiter to pay your bill, you tacitly agree to paying for the staff trip to Aruba'; Oh, didn't know? How dare you? It's a bullshit argument in either case, because you imply consent where, clearly, none was given.
In either case, you show me where the user has actually agreed to anything, and your point might be valid. Otherwise, it's after-the-fact rationalization based on the absurd notion that the user knew what would happen.
Now, I realize as I'm writing this that your ID lists you as Andrew Tanenbaum -- so I'm forced to conclude one of two things -- 1) It's a popular, but misleading name on Slashdot, or 2) the Great Andrew Tanenbaum has absolutely no clue about what is reasonable for a company to do to the end-users machines. In either case, I'm not impressed. If 2), then you're just a standard Slashdot schmoe, and I expect nothing more, but you're still misinformed. If it truly is 1), then I've lost a great deal of respect for you -- because a professor of this stuff should know better, because you bloody well get paid to be informed about this stuff. Asserting that you somehow gave permission somewhere in that process is utter crap! An agreement I was never shown is null-and-void.
Cheers
Lost at C:>. Found at C.
I don't know why this idea keeps cropping up, and particularly why it got modded to 5. The DMCA most certainly does NOT permit circumvention for Fair Use purposes.
US Law Title 17 section 1201:
Circumvention of copyright protection systems
(a) Violations Regarding Circumvention of Technological Measures.--
(1) (A) No person shall circumvent a technological measure that effectively controls access to a work protected under this title.
The act of circumvention itself is indeed criminalized by the DMCA.
Note that the DMCA also says:
(c) Other Rights, Etc., Not Affected.--(1) Nothing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use, under this title.
That sounds pretty good, right? Except it's pure bullshit, law literally written by lawyers employed by the publishing industry. It means absolutely ZERO. It says it protects/preserves Fair Use defenses to Copyright Infringment. However CIRCUMVENTION CRIME is not copyright infringment. Circumvention crime has absolutely nothing to do with copyright infringment. There is no Fair Use defence to cricumvention crime. So what that section really says is that a NONEXISTANT defence is not affected. It sure sounded nice though, didn't it?
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.