Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sony DRM Installs a Rootkit?

Posted by ScuttleMonkey on from the slice-of-privacy-pie dept.

An anonymous read writes "SysInternals.com guru Mark Russinovich has a detailed investigation of a rootkit from Sony Music. It's installed with a DRM-encumbered music CD, Van Zant's "Get Right with the Man". (Mmmm, delicious irony!) The rootkit introduces several security holes into the system that could be exploited by others, such as hiding any executable file that starts with '$sys$'. Russinovich also identifies several programming bugs in the method it uses to hook system calls, and chronicles the painful steps he had to take to 'exorcise the daemon' from his system." This house is clear.

8 of 801 comments (clear)

  1. Re:and now with no liability by redshadow01 · · Score: 5, Informative

    RTFA, the EULA does not mention this at all...the writer of the article made a specific point with respect to this.

  2. Re:My question: by interiot · · Score: 5, Informative
    The rootkit is by First 4 Internet. It's possible that Sony simply purchased this DRM from this outside company, not realizing that the DRM contained a rootkit.

    Still, one would hope that Sony would only choose reputable suppliers, ones who wouldn't allow a virus/trojan to be distributed intentially or even through neglect.

  3. Re:What is it exactly? by abscondment · · Score: 5, Informative

    You're confusing the terms "rootkit" and "trojan"/"backdoor".

    A trojan in its strictest sense tricks a user into executing one set of code when they think they're executing another. A backdoor simply allows remote execution of arbitrary code.

    A rootkit is usually the set of tools that an attacker deploys on a compromised system. "rootkits" in the terms of this article are programs that trick your kernel into doing things it shouldn't do. This could include a trojan or a backdoor, but not necessarily.

    Sony's program is a rootkit because it runs without authorization from the CD and alters the Windows API in order to disguise itself. As far as the article indicates, it doesn't include the ability for Sony to execute code on your machine. It's still dirty and sinister, if you ask me. It also allows any other malicious attackers to conceal anything they plant on your machine - simply by prefixing any file name with $sys$ - that's not cool!

  4. Re:OS's fault by speeDDemon+(nw) · · Score: 5, Informative

    Trusted Computing...

    I think this lil video on Trusted Computing is perfect at explaining trusted computing.

    I leave it running on the computers on display in my store. Hopeing that I can educate enough people in my small section of the world about the follies they are about to embark on.

    --
    DSLIP Web Design and Content Management Australia.
  5. Re:What is it exactly? by sakusha · · Score: 5, Informative

    You obviously didn't read the article very closely. Sony patched the CD/DVD drivers, Sony's code runs every time you access the drive. He didn't disassemble the entire driver so there is no clear indication that it doesn't contain security problems (whether by incompetence like a buffer overflow, or a deliberate backdoor) that would allow arbitrary code to run. There is no way to audit the code for security, it is probably illegal under the DMCA to disassemble and fully analyze DRM code in sufficient detail for a full code audit
    THAT is the biggest problem with these windoze DRM hacks. You can secure your system with all the technology at your disposal, but it means nothing when you are tricked into running a rootkit disguised as DRM. Then you have to trust the DRM vendor did not make any mistakes that expose you to further security risks.

    People like to gripe about Apple's DRM, but at least they know better than to pull crap like this.

  6. Re:In democratic america... by nmb3000 · · Score: 5, Informative

    corporations exploit YOU!

    Insightful indeed.

    The thing is that there is more than a corporation here. The artist that chose to sign with Sony is now going to feel the repercussions of this dirty little trick Sony tried to play. Do you think that Sony really cares if they loose a few sales of this one CD because they got caught red-handed? Of course not.

    These record labels are not only exploiting the consumer, but they are screwing over the artists that depend on them for advertising and distribution. Here is contact information for Van Zant. Let them know that you're pissed. Let them know you won't be buying their CD. Let them know that they were screwed by Sony. While you're at it, why not let First4Internet know that you hate them and hope they burn in Hell for writing malware like this. A few thousand emails will do wonders for these jerks.

    If enough artists move away from these corporate labels it can only mean good things for the consumers. It's not impossible for this to happen, just extremely difficult.

    --
    "What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
    /)
  7. Re:Sony is protected by the DMCA by shibashaba · · Score: 5, Informative

    Consumer puts a cd into their computer with the intention of playing the cd. The cd takes advantage of a feature in Windows and installs software in the background without your knowledge. No court would find Sony not liable for damagaes caused because the user didn't disable autorun. It's the same as an email viruses, just because the user never turned off macros doesn't let the person who runs the virus off the hook.

    This isn't the first time Sony's had this idea. Years ago they asked someone to write a virus to subliminally provide marketing to people. This motivated the person they asked to write a book called Coercion.

    --
    ---------- Open Source is capitalism applied to IP.
  8. Re:Sony is protected by the DMCA by Alsee · · Score: 5, Informative

    I don't know why this idea keeps cropping up, and particularly why it got modded to 5. The DMCA most certainly does NOT permit circumvention for Fair Use purposes.

    US Law Title 17 section 1201:
    Circumvention of copyright protection systems
    (a) Violations Regarding Circumvention of Technological Measures.--
    (1) (A) No person shall circumvent a technological measure that effectively controls access to a work protected under this title.

    The act of circumvention itself is indeed criminalized by the DMCA.

    Note that the DMCA also says:
    (c) Other Rights, Etc., Not Affected.--(1) Nothing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use, under this title.

    That sounds pretty good, right? Except it's pure bullshit, law literally written by lawyers employed by the publishing industry. It means absolutely ZERO. It says it protects/preserves Fair Use defenses to Copyright Infringment. However CIRCUMVENTION CRIME is not copyright infringment. Circumvention crime has absolutely nothing to do with copyright infringment. There is no Fair Use defence to cricumvention crime. So what that section really says is that a NONEXISTANT defence is not affected. It sure sounded nice though, didn't it?

    -

    --
    - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.