Slashdot Mirror
Sony DRM Installs a Rootkit?
An anonymous read writes "SysInternals.com guru Mark Russinovich has a detailed investigation of a rootkit from Sony Music. It's installed with a DRM-encumbered music CD, Van Zant's "Get Right with the Man". (Mmmm, delicious irony!) The rootkit introduces several security holes into the system that could be exploited by others, such as hiding any executable file that starts with '$sys$'. Russinovich also identifies several programming bugs in the method it uses to hook system calls, and chronicles the painful steps he had to take to 'exorcise the daemon' from his system." This house is clear.
corporations exploit YOU!
:/
hrm, so much for humor. I don't find it funny at all
DRM wasn't intrusive in the first place.
perpetually dwelling in the -1 pits
We *really* need to get a anti-spyware bill on the books. Something along the lines of, "It shall be a criminal offsense to install non-application software on any computer when the user has not been reasonably notified in advance and/or agreed to have the modifications made. This bill will be reevaluated for its effect in three years."
Anything running in the background, rootkits, and other forms of spyware (which generally rely on the user not knowing they're there) would immediately become illegal.
Javascript + Nintendo DSi = DSiCade
Since spyware WITH a proper EULA has been held to be in violation by the FTC, and since this EULA doesn't really mention the rootkit's difficulty of removal, this might be litigatable.
Of course, Mark Russinovich did (inadvertantly) dissasemble content protected by the EULA.
Test your net with Netalyzr
It's one thing to copy protect your CDs to make it difficult to rip but it's another thing to install a rootkit that is by definition difficult to remove. Who'se going to clean up this mess when a Microsoft patch or SP comes around and breaks any computer with this installed?
Yeah, that's called "Trusted Computing"...where Microsloth decides what you can and can't run...
What is next? Drm that will rewrite your bios and turn your pc into an expensive doorstop for copyright violation?
As if spyware itself is miraculiously legal and now we have this? Rootkits and spyware programs that append to windows in the mbr so even a reinstall wont delete thim IS TOO FAR!
I agree with a previous poster that is should be a criminal offense the same catagory as spypainting someones house or breaking an entry. Why do we allow this crap to be legal?
Its time we wrote our elected officials and inform them about what is happening and about Sony's drm and demand civil and criminal responsibility for malware makers. I dont care if its the CEO of some company spraypainting my house vs a teenage kid. Its still illegal and Sony should be held accountable.
I was reading on cnn about the drop of ecommerce even though there is still a rise in internet usage. This is due to all the spyware/scams/malware that is infecting pc's at record rates. This is killing out economy and many companies such as Google, Amazon, and Ebay are already getting hit with their wallets over these scams.
Lets organize and make a difference. This is a slippery slope and I fear what is coming next.
http://saveie6.com/
To make matters worse, not only is everything hidden, but you can't just delete the files and reg keys or you'll cripple your system...the author of the article is a developer and he spend a lot of time just getting rid of the damned thing...I know I couldn't do it
Don't tell Sony. Tell the Brothers that they lost a sale. Let them know that the product they worked so hard on now has poorly written software on it that could damage your computer. And through you want their music you can't buy it and you're going to tell your friends not to risk buying this CD.
I don't want knowledge. I want certainty. - Law, David Bowie
On this CD's product page, there are several negative reviews on account of spyware. My favorite puts into plain English why this is bad: "I am very unhappy, since I now listen to all of my music using my IPod."
I think this is the way to fight DRM. When we complain about DRM rights, we're fighting a crusade on principle, and few people really get what's wrong. When you say, "This CD that I paid for can't be transferred to my iPod," people will see that it's outrageous. When people see that it's installing spyware on your computer, they'll flip. Cheers to whoever's left this feedback.
________________________________________________
suwain_2
And nobody at Sony bothered to vet a piece of software that was destined to be shipped with millions of CDs? It's beyond absurd that a company of Sony's size would allow a piece of software to appear on any of its products without Sony having tested the hell out of it first.
I think it's far more likely that Sony knew what this software did, and chose to distribute it anyway. This could have been a result of incompetent testers, poor communication between QA and management, overbearing management anxious to get a product out on a strict deadline, or any number of other things.
Easy, Don't run as ADMINISTRATOR. Run as a regular user!!!!!!!
Come on, man. It's 2006 already
However, it might not protect them from a product liability suit. Simply put, if that had happened to me, I would have bought a new hard drive, reinstalled everything and then copied the data that I needed over, and then filed a product liability suit. I would claimed everything from illegal computer trespass, product liability, vandalism, and anything else that might have sounded half-way reasonable. The fact that a root-kit was installed on the computer to protect music shows that privacy now takes a second place seat to some one-else's property rights, when that person isn't even present. In this case one the music industry, if allowed to get away with it is violating privacy and property rights of another person in order to protect their property rights.
The views expressed are mine own and do not express the views of my employer.
You can always sue. The real question is: will you win? And even though IANAL, I'd say you have a pretty good case here; if the EULA does not even *mention* any of this, then it probably constitutes an illegal act.
quidquid latine dictum sit altum videtur.
Doug, I think you're wrong.
I can disable a copy protection system on my own computer - specifically removing it. They didn't have permission to put it there, and I think it would be a tough case to prosecute me for repairing my own computer. My computer is not Sony's medium to do with as they please - it's MINE - I paid for it, and I licensed the software.
Now, removing the protection from their media - or extracing the content and freeing it from the DRM, yes, that's circumvention, and probably prosecutable under the DMCA.
But my computer is MINE and they don't have the right to secretly fuck with it.
Seriously speaking, this shows two things. One is yet another demonstration of the fundamental evil of Microsoft's "security" model. Even if you weren't running as root/Administrator (and everyone does, don't they?), then the "reputable" installation from the "reputable" company would just ask you to elevate your privileges.
The other thing is that power is always abused. If not now and by Sony, then tomorrow by some other "reputable" company. (Or put on your tin hat and say "Yesterday by the NSA.")
I hope they track this story, and if it is not another misguided /. rumor, I certainly hope that Sony repudiates the technique and the software. Soon.
Then they should apologize.
Then sack the person responsible.
Then sack the person responsible for not sacking the responsible person earlier.
[Infinite loop warning.]
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
My refrain to the copyright holders: The people being hurt by this DRM software are people who have already communicated their intent to do the right thing by purchasing the CD. Sony has just guaranteed that a lot of people will never make that mistake again.
Welcome to a Brave New World: People who pay for their music get viruses, while people who download it at no cost from illegal sources get clean MP3s that they can freely copy and use on whatever devices they own.
I call BS on this. When you put what you think is an audio CD in your CD ROM drive and click on the drive icon, you don't expect to be giving permission to anybody to install a rootkit.
Furthermore, your argument is simply insane, even if applied to software CDs. Do I give permission to any software vendor to install anything they want when I run the installer executable? Do I give them permission to wipe my hard drive? Install malicious, intentionally uninstallable programs? Monitor my activities when not using their software?
Even the most ardent proponent of EULAs couldn't make the claim that you give such permissions by default. Unless they specifically ask, they don't have permission to do anything that isn't specifically part of the product as a reasonable person would perceive it to be.
Cat's out of the bag now. Congratulations, Sony. You fucked up big time.
I'd like to take this opportunity to dissect the article in question here, to point out just how positively obscene this is. There are a few key points I'd like to highlight that I feel we should all take into consideration.
It would appear that Sony has deliberately begun shipping rootkits with its DRM protected CDs. According to the article - and this is a pretty good definition, by the way - "Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden." In a nutshell, this means that the program shipped with the CD in question here - and possibly other Sony CDs - is designed to hide itself and other programs from view. In other words, once installed, it will allow Sony and any other interested party familiar with this particular rootkit to operate programs on a compromised system without the user knowing it.
Let's take a step back here to consider the implications of this. Sony is distributing a rootkit, but what does this have to do with DRM? Well, if you really think about it, it has everything to do with DRM. A DRM program that cannot be seen or easily accessed can operate secretly, monitoring and manipulating the system behind the user's back. Any future DRM software Sony distributes could infiltrate a computer secretly, and burrow deep into the system files of said computer.
According to the article, the rootkit was produced by First 4 Internet. Upon investigating the company itself and the products and services it offers, the author dredged up this lovely little nugget of joy: "... However, the fact that the company sells a technology called XCP made me think that maybe the files I'd found were part of some content protection scheme. I Googled the company name and came across this article, confirming the fact that they have deals with several record companies, including Sony, to implement Digital Rights Management (DRM) software for CDs." That right there should be proof enough that this is no accident, and anything but legitimate DRM. Not only does having a rootkit handy make the DRM difficult to thwart, but also allows it to operate secretly.
Now, you'd think that you could just remove this software, right? Wrong. Dead wrong, as a matter of fact. The author of the article had a hell of a time removing the rootkit, actually, and not only that, at any given time, it was consuming between one and two percent of the CPU's power - a small 'penalty' for even having it. (And any programs it's hiding would also have to leech off the CPU and RAM as well.) As he attempted to remove this shit, he discovered even more about the software: "As I was deleting the driver Registry keys under HKLM\System\CurrentControlSet\Services I noted that they were either configured as boot-start drivers or members of groups listed by name in the HKLM\System\CurrentControlSet\SafeBoot subkeys, which means that they load even in Safe Mode, making system recovery extremely difficult if any of them have a bug that prevents the system from booting." Suddenly, this is more than a performance issue. This software could theoretically disable a system should it break or be manipulated by the software it's hiding. It would appear, however, it is possible to remove, but only after eviscerating a handful of driver files, registry entries and keys, and other lovely goodies from your system. The rootkit and the DRM attached to it do not have an uninstaller, and unless you take the same steps the author took to remove this flaming pile of garbage from your system... Well, he puts it pretty well:
"The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files wit
What we *can* do is write a detector (only takes one of use) and hopefully a remover. Distribute it widely. Make it plain where this malware came from too... the non-technical will soon understand that playing a Sony CD will break their computer - that's all the knowledge they need.
I hereby offer $200 toward this goal.
I feel fantastic, and I'm still alive.
An EULA in the booklet? Do you have to read and click agree on the booklet before you can use the CD? A contract like that isn't going to hold up if one party doesn't agree to it in the first place, or may not even have knowledge of its existance.
When I buy a CD, I shouldn't have to expect it to install a rootkit, and have to check the included materials to see if it does; it's Sony's responsibility to tell me they're messing with my software, and ask for consent...
Sony is distributing this as part of some larger, possibly effective DRM system for music CDs.
What I see here is an endless amount of whining about how awful this is. You are overlooking the potential of this. The key here is that this is now out in the wild and can be exploited. The contest should be to come up with creative (and possibly destructive) things to do with these drivers when packaged with other software.
The result of this should be interesting. I think the responsiblity for all of this rests with Sony and First 4 Internet, but I would really like to see something creative done with this, such as an ActiveX control that disables the CD drive of anyone who visits a web site. The point is to make as much use of this as possible. Sony has provided the tool, it is now up to everyone to make as much use of this as possible.
They'd better hope it's them, because if it's us, then it's not circumventing their copy protection scheme to hold down shift while I load the CD, is it?
On the other hand, if it's them and they install software on my PC without my permission in the UK, my lawyer would like to talk to them about the Computer Misuse Act.
Oh dear. This sounds like a lose-lose proposition for Sony. That's really, y'know, too bad and all. :-)
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
I dont think this is right.
He didn't remove the DRM for access to songs.
He removed the DRM from his computer (effectively
a manual uninstall). They did imply in the document that he was allowed to uninstall it.
It's SUPPOSED to be a fucking AUDIO CD!!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz