Slashdot Mirror
Sony DRM Installs a Rootkit?
An anonymous read writes "SysInternals.com guru Mark Russinovich has a detailed investigation of a rootkit from Sony Music. It's installed with a DRM-encumbered music CD, Van Zant's "Get Right with the Man". (Mmmm, delicious irony!) The rootkit introduces several security holes into the system that could be exploited by others, such as hiding any executable file that starts with '$sys$'. Russinovich also identifies several programming bugs in the method it uses to hook system calls, and chronicles the painful steps he had to take to 'exorcise the daemon' from his system." This house is clear.
Now is that *sony's* rootkit, or a soon-to-be-former-sony-employer's rootkit?
And let me guess, it offers you an EULA and exempts Sony from any liability for damages caused by this thing?
I'm downloading RootkitRevealer now. I wonder how long it is going to take for Norton and McAfee to upgrade their Rootkit detection abilities? Next years anti-virus release? The last rootkit that Norton found on a computer at work was well spread and had been out for 6 months. It still was unable to remove/fix the infection. :(
Microsfot needs to make it completely impossible for any software to do something like this unless the user runs in some special maintenance mode or logs in as some special account. They can make an exception for windows updates which are signed by them.
I am very glad to hear about this. That CD WAS on my birthday list for next week.
Sony just lost a sale, end of story.
Professional Politicians are not the solution, they ARE the problem.
Sounds like an opportunity for a class action lawsuit. Everyone who played the CD on their windows system would be eligible. ...good opportunity for a group of lawyers to get rich. (The members of the action never do.)
That's where the "reasonably notified" comes in. The courts haven't been too happy about EULAs as they are. If you try to slide things past the consumer, the courts will find that the contract was misrepresented and hold the company accountable.
Javascript + Nintendo DSi = DSiCade
I know you can disable auto-run and such to get around this type of crap. But what happens if you just 'disagree' or whatever on the EULA? I assume that Sony will then not install the rootkit and you can rip the CD with whatever tool you normally use? Or does Sony install the rootkit anyway, setting themselves up for criminal prosecution? Does anybody have a copy of this thing to try and answer that question?
It just seems kind of silly to have DRM which is totally dependant on the user to request it be installed. Or can refusing an EULA be considered a violation of the DMCA?
Or as Osama says: "I'm free - what about you?"
Get your own free personal location tracker
...after he tried to rip another Sony produced CD "Healthy in Paranoid Times" by the Our Lady Peace:
Disappointing, to say the least..., October 14, 2005
A Kid's Review (Amazon.com)
I tried copying this CD, not knowing that it was protected. So, I ripped it to my hard-drive and burned it. But, when I inserted the burned copy into my computer, the screen froze for a while, and an installer icon appeared on the taskbar in the bottom right. It installed somthing - and now I cannot burn anything, with any program. I've even tried using a different, external CD burner. A disk error comes up during burning, even if I am not not burning audio CDs. This was not a fluke. I've talked to other people this has happened to. Avoid anything with "copy protection." Sony might as well burn viruses onto the CDs they distribute.
I used to buy a lot of CDs but stopped around the time of the napster lawsuit. I would probably still be buying 2-3 discs/month if I didn't consider it immoral to buy CDs.
Has "Van Zant" or their agent made any comment on how they feel about what Sony is doing to their audience in their names? (Would they even understand what Sony has done?)
It would be interesting to see if the CDs sold in Washington are different than those sold in other states. If they are and don't contain the rootkit in Wa that would seem to show a deliberate intent to distribute it to states that don't have such laws.
If you do this, then you are deliberately disabling a copy protection system, which is illegal under the DMCA. So Sony can sue you.
[Note: this varies with your jurisdiction. No DMCA in Canada, yet.]
Doug Moen.
I have written a truly remarkable program which this sig is too small to contain.
Boycott their stereo's, TV's, PS-Whatever, and their movies.
America - well, there's no privacy in the US of A. The trade in personal information is open and widespread. There is an excellent chance that if anyone tried to prosecute Sony over privacy infringements that it would be laughed out of court. You can't protect what you don't have. Posession is 9/10ths of the law, and Americans posess very little - much as they often like to believe otherwise.
Sony actually has a much stronger case. Reverse-engineering their DRM scheme is in direct violation of both the letter AND the spirit of the DMCA, which is explicitly intended to prohibit exactly this kind of research (ie: the study of the spyware) and this kind of result (ie: the removal of it, afterwards). Depending on who Sony licensed the rootkit from, there is a possibility it might also violate aspects of the PATRIOT act. (If the rootkit is also used by any law enforcement groups, then this study could compromise wiretapping provisions in the act.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
do they do a mac or linux version?
http://www.first4internet.co.uk/
w ww.osronline.com/showThread.cfm/
Google Groups thread with Ceri from first4internet.co.uk looking for help to write his fucked-up CD drivers...
http://66.249.93.104/search?q=cache:hDmbqX5yahgJ:
What's depressing is that Sony undoubtedly paid them a good deal of money to write this shit.
I don't know the full details as I'm not beta testing Vista, but I do know that Vista has some protections like this in it. This is in large part why MS talks about Vista being much more "secure" than past windows releases. A good example of this is is device drivers. As started in this article(a Q&A with the head of ATI's driver team):
& file=article&sid=6
http://hardwarefanatics.com/modules.php?name=News
"Vista requires a brand new driver model. It is actually called WDDM (Windows Vista Device Driver Model). Whereas before, device drivers were something called kernel mode based, they are now user mode based. This means that drivers do not directly talk to the operating system and have the ability to crash it. The end result will be greatly improved stability for devices on Vista. The amount of work to support the new driver model is tremendous. It is basically a re-write of the entire driver. However, we are very much ahead of the game, and feel good that we will have the best Vista support when it is actually released (and even sooner with our beta drops)."
You are who you are, let no one tell you different. But, never close your mind to a new point of view.
Well ... there is "clear", and then there is "clear".
The page shown is extraordinarily "busy". At the top it has four tabs with nine subtabs, five account management maybe-tabs, a drop-down menu, two separate search boxes, two "Go" buttons and an "Advanced Search" button ... and that's just the top of the page.
Meanwhile, over at the right is a big yellow button in a big blue box, and in the middle of the page is the cover image.
Do you read all the text on every web page you visit? (Hint: you don't.) I certainly don't. When I buy a product, I consider: Is this the product I want, how much will I have to pay, and how long will it take to arrive.
The real lesson we learn here is not that the author of the article was unobservant. On the contrary, he was just as observant as anyone could be expected to be. No, the real lesson is that we all need to make a mental note: When paying for music, check its DRM status. I appreciate Amazon making such info available in nice big letters in an easy to see location. However, that alone does not mean I will read it.
Lets organize and make a difference.
OK, let's. I assume that this is a call to join a foundation, organization, or movement. What have you decided to call this organization? What's the mission statement? What are the goals of the organization? Meeting times? Rallies?
Yep, I just might be interested. Really.
If you're serious, that is - but I don't think you are. See, if you were, you'd have to stretch yourself outside of your current "comfort zone", which currently includes your computer, and quite possibly your mother's basement, but not much else.
But, if you WERE serious, and you REALLY DID put out enough effort to register a domain name, make a website, put together some business cards, talk to REAL LIVE PEOPLE (instead of your laptop) at real, live events, you'd find out very quickly what real, live people think. You'd grow immensely, as a result. Your skills at working with people, and your earning power would be forever improved, and your understanding of your true role in society would be much, much firmer.
You would forever be a bigger, better person.
I dare you to put together an organization of at least 100 members towards your cause. In order to be a "member", they have to have contributed at least $10 in CASH towards your cause's war chest. (And, I know you can do it, because I did)
I have no problem with your religion until you decide it's reason to deprive others of the truth.
The real "Libtards" are the Libertarians!
Indeed. I've actually been a little disappointed with the DRM on CDs. When I put them in my Linux boxes they just play. I can rip to MP3 until the cows come home. No problem.
I actually wanted one to fail so I could see how it was failing and maybe do something about it. Contribute something to the community, ya know.
...laura, not a U.S. resident, not covered by the DMCA
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Sony still hasn't agreed to come on board with iTunes, which I find damn annoying. Everytime I search for an artist and don't find them (considering they're a big artist), I go and search for that artists publisher.. and what do ya know, always sony.
I'm really starting to hate that company. This BS "DRM" is just the icing on the cake. Sure, iTunes has DRM, but it's quite benign (5 computers, unlimited ipods, unlimited burns per song, 7 burns per album).
They're too big, and have their hands in too many pots. Time for Sony artists to take a stand and go with somebody else (quite difficult, considering the ass-raping contracts they probably had to sign). Essentially, Sony are denying their artists a source of income to satisfy the needs of their consumer electronics department. I'd be pissed.
In my country (Italy) there's a bill which, since its initial writing, estabilishes a very foundamental notion.
For your reference, it's bill 547-93 (n 547 dated 23 december 1993).
With its articles n 615ter/quater/quinquies, it estabilishes the concept that your computer is your "informatic domicile", in toto equal to the civic domicile (your home).
In that way, you can easily understand that a domicile violation is just a crime.
Summarizing, it also defines the violations to "a system protected with adeguate security measures", and their prosecution.
Under many other aspects, this bill is still old and modifiable, but clearly it has some very good points (like the above).
I also think it would be silly to emanate bills which say "do not install this if user doesn't want" and such.
Always remembers there's lots of lusers around here who just doesn't have any tech knowledge of what runs in their own computer.
Just define which is property and what can be done with it, and you're done.
... the little guys are more likely to crumble. Why not target the source of this crap? I did. Though, admittedly I'm sure SONY keeps their wallets fat enough to ignore us. See below:
o tkits-and-digital-rights.html) for the disreputable practices they are, and for identifying "First 4 Internet" (sounds like a shoddy store-front operation for a bunch of Black Hat rejects) as the company directly responsible for the most vile intrusion my system has ever received. And the fact that your ill-conceived product leaves my system open to additional intrusions of this nature is unforgivable.
===
Mail-To: info@xcp-aurora.com, info@first4internet.co.uk
Subject: attn: Mathew, Tony, Peter, Nick; re: Extreme displeasure with your XCP product.
To Whom it may concern:
I would like to address the outstanding issue regarding the software your company licensed to SONY BMG here in the United States. This software proposes to be a harmless DRM solution for the corporate customer as a method of protection against malicious users. However, what your software critically FAILS at is conscientiously protecting the end user against exploits of your poorly, shit-house written utilities.
Personally, I'm glad that your nasty parlour tricks were recently exposed by SysInternals.com (http://www.sysinternals.com/blog/2005/10/sony-ro
May whatever sink-hole from whence you rose quickly swallow you back. You have no right to voilate my computer's integrity. You have no right to scan the contents of my computer. You may have the right to hide in the darkness of Windows' subsystem like cowards, but that does not mean you won't be seen. You have no right to abuse the trust garnered by SONY from the citizens it regularly calls customers (or, perhaps more appropriately, "guinea pigs"). I hope the light of truth sends you roaches scurrying.
With the wretched taste of bile at the back of my throat,
[my name]
[my email addy]
===
Personally, I purchased "The Dead 60s" latest album, and sure enough it had the exact same copy-protection crap as described on sysinternals.com. That article sure shed some light on the behavioral difference in my system since I got that CD (significantly slower start up and execution times on a 1.2 GHz, and constant 5 - 10% CPU usage with almost nothing running). Fuck them. Fuck them right in the ear.
It was stated before, and I'll reinforce it: This kind of DRM ADVOCATES piracy. You are safer without DRM. I intend to zap my Windows machine and go to Debian (as I've been considering, but now have good reason for security purposes), and return this CD by mail to SONY BMG in a thousand tiny pieces, but not before I copy it and distribute out of sheer spite.
Thank you for reading One Man's Opinion. No participation necessary. Offer void where deemed by law or PATRIOT Act.
They don't put it there. You do. They just packaged it for you. If you didn't want to give them permission to run arbitrary executables on your computer, then WHY DID YOU RUN THEIR EXECUTABLE??
IANAL, however, I believe that contracts that are made in bad faith, or with the intent to decieve a particpant are not binding. If this is the case, I think that I wouldn't be hard to argue in a court that you have no obligation to keep Sony's rootkit (by deffinition an illicit and deceptive tool) on your computer. Moreover, you might also be entitled to damages resulting from said 'bad faith' agreement.
Even if my assessment isn't quite correct, it seems to me that it is probably fuzzy enough of a point to invite litigation. If I were a multimillion(billion?) dollar company I wouldn't be the one to test the legal water on something like this.
HA! I just wasted some of your bandwidth with a frivolous sig!
Sony, you have gone too far...
No PSP for Christmas!
No PS3 next year!
So you protected a $15 CD by killing ~$700 of hardware purchases plus whatever games I would have purchased.
No wonder your stock sucks and your revenues are down!
Your DRM works, I'm exercising my right not to purchase your products any more!
"I say we take off, nuke the site from orbit. It's the only way to be sure."
it's a 5/$5000 penalty, class C felony, to knowingly distribute harmful software to a PC in Minnesota. 1992 law, I believe it was. demonstrating this is a rootkit is prima facie evidence that this would be harmful software.
somebody with means should get a case opened....
if this is supposed to be a new economy, how come they still want my old fashioned money?
I thought I was ahead of time, when I implemented a rootkit DRM just a few days ago. My rootkit is a part of my project, trying to show how malware and DRM systems can get really close to each others, and both get protected by law. Under EU Copyright Directive, it's going to be illegal to remove this rootkit.
You can read about my copyright projects here:
http://muzzy.net/files/copyright_projects_en.txt
-- Matti Nikki
This is funny? I've got 4 official DVD's that won't run on my player, and 3 or 4 CD's that don't play in my computer. If *they* are not going to play fair with me, I sure as hell will return the favour. I bought an offical DVD, and all I got was a cheap skate menu and 10 minutes worth of adverts and warnings. Bleh.
And just how is such a device going to reach the Internet?
iptables -A INPUT --mac-source XX:XX:XX:XX:XX: -j DROP
And they can hardly send in the storm troopers based on this sort of evidence, "Midunno, the house got hit by lightning, maybe that screwed it up? I can't show you the device, it was broken so I threw it out".
That would also make for a nasty payload for a Windows virus. Not only does your DVD player get turned into a paperweight, the victim might also get raided by the DRM police.
Xix.
"Everything is adjustable, provided you have the right tools"
Dear Sony Regarding the rootkit you are attempting to install on the computers of customers who purchase Van Zant's "Get Right with the Man": my relationship with you is over. I will never again purchase -any- CD from Sony Music. Period. Your intentional introduction of security holes and your undisclosed modification of the operating system is simply unacceptable and uncalled for. Your application of excessive, intrusive and unreasonable DRM has ensured that I will -never- purchase any work with the Sony logo. The number of pirated copies this prevents me from downloading or sharing? Zero - I don't pirate. I don't give people copies of my music. The number of future dollars your DRM (which is sure to be broken within weeks anyway) has cost your company? Beyond calculation: my life expectancy has me sticking around - NOT buying Sony music, by the way - for decades to come. Was this worth the trade? If you want my business then I demand nothing short of full public disclosure, an appology, and the very public firing of the executive who gave the green light to this horrible, horrible concept. Please note that I intend to share this letter with others. With luck they too will refuse to purchase Sony music in the future.
If the g'vt kept the data on you that google does you'd better believe you'd be calling it "doing evil"
Anything which uses technical means of copy protection is not a CD.
Not true. There is exactly one type of copy protection allowed by the Red Book standard (in fact all implementations have to adhere to its technical specification, whether they enforce it or not), and it is a variant of SCMS.
Basically, SCMS defines whether a source is copy-restricted or not, as well as whether it is an original or a copy. The idea is that anyone can make at most one copy of a copy-restricted original, but not a copy of a copy-restricted copy. See also here.
A distinction was made between consumer-grade (stand-alone) CD copiers (which should always obey SCMS) and professional CD-writers (which were not required to obey SCMS). Strangely, CD-writers attached to computers were treated the same way as professional units (presumably to allow users to copy-restrict their own work).
This strange treatment of computer-attached CD-recorders, combined with most recording software ignoring SCMS altogether in case of direct CD-to-CD copying seems to me the root cause of the current problems with non-conforming copy-protected CD's.
It is an interesting question whether either or both parties are violating the DMCA. I think that either CD-reader/CD-recorder manufacturers should have disallowed ripping of audio-CD's altogether, or they should have output a DRM-ed data format which can only be written to audio-CD's again by software compliant with SCMS.
The Hacker's Guide To The Kernel: Don't panic()!
Although I'm sure they'd be noncommital in their official response, I'd love to hear what they think internally about this kind of thing. If "security" really is their #1 corporate focus as they've been so eager to tell us, this should have them screaming at the top of their lungs.
The chances of us slackers motivating our corporate-owned legislators to smack Sony is comically low, but if we could get a second big player in there on our behalf, there's a real chance to get this awful idea blackholed like it should be.
Anyone have any high-up connections within the Empire?
I don't like seeing these summaries and being left to think that my OS X and Linux systems could be compromised, then having to scour the linked article just to be sure.
This is becoming a common occurance on Slashdot: Articles about viruses and other Windows exploits are posted with no hint as to their platform-specific nature. "Systems" are attacked. Is it so difficult to write "Windows systems"?? And then of course, when vulnerabilities of non-MS stuff like Linux are reported, the platform in question is Big News. So on top of vagueness WRT Windows, I get bias. Its like reading the front page of ZDnet.
Please just mention the friggin platform, thank you.
I agree that it's easy enough to find out whether a CD is copy-protected or not most of the time. By paying attention to it I've already been able to avoid buying several copy-protected CD's.
In my experience most artists don't even know their CD is copy-protected. Like Charlotte Martin's CD On Your Shore. BMG put copy-protection on there without informing her. When she found out, she made them remove it from the second print. Had she known beforehand, it would have never gotten on there. She was pissed about it. Just informing the artist of your displeasure about the DRM can go a long way.
I am under *NO DOUBT* whatsoever that Sony will simply point the finger at first4internet, and simply say "We simply contracted them to provide a content protection scheme - we are unaware of the implementation" (or words to that effect). Given that the tech has been sold to several other record companies, I'm pretty sure that's close to the mark as to what actually happened, too.
So, it's first4internet who will take the heat in a criminal case, not Sony, no doubt.
Sony is evil and all, but I don't think it was Sony who was responsible for the way it works...
smash.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
This might be a slightly odd response, but I think part of the reason is that in a situation such as a computer crime, there really isn't any possibility of the victim going apeshit (or doing something in retaliation) on the perpetrator if caught. ;), I think viewpoints would change and the punishments would get harsher and maybe someone in the justice system would actually take the issue seriously.
During sentencing (and really, during the entire judicial process - the police probably won't respond in the first place if you call 911 and say "those darn kids are crossing my lawn", even if they do, the prosecutor probably won't try them for tresspassing) maybe the actual crime itself is irrelevant, but what is taken into consideration is how the crime is perceived by the majority of people and what the majority believes is appropriate punishment.
Right now, most people feel that rootkits, malware, etc aren't really an issue - be it lack of education or whatever. If that changed (perhaps this could be spun as a "corporate espionage which aids terrorists" type of thing
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
Once again, we see a total lack of understanding on the side of content creators. Instead of providing us with added value, the provide us with hard to remove malware that will cost us, honest customers who bought an actual cd, cpu and memory resources, not to mention possible back doors into our home computers.
In a world where a computer more and more becomes a tool for content creation and is used more and more as a media hub, unfortunately most of the time based on an operating system known for its insecure architecture, this is a very worrying trend.
We see the same thing happening with content creation software. Dongles, challenge-response systems, it is made harder and harder for legitimate users to use the software, while the odd cracker is very capable of evading whatever copy protection or DRM scheme might exist in the software.
Now I am a firm believer that it is quite okay to pay for quality. I am also a firm believer that I should (and I do) pay for the software I use for my content creation (photoshop for my digital darkroom needs, pro tools for my music making needs). But why the hell should I, as a legitimate customer, pay for insane copy protection mechanisms? They do not add value for me, instead they take value away, in terms of storage, CPU cycles and memory.