Slashdot Mirror
Sony DRM Installs a Rootkit?
An anonymous read writes "SysInternals.com guru Mark Russinovich has a detailed investigation of a rootkit from Sony Music. It's installed with a DRM-encumbered music CD, Van Zant's "Get Right with the Man". (Mmmm, delicious irony!) The rootkit introduces several security holes into the system that could be exploited by others, such as hiding any executable file that starts with '$sys$'. Russinovich also identifies several programming bugs in the method it uses to hook system calls, and chronicles the painful steps he had to take to 'exorcise the daemon' from his system." This house is clear.
I'm downloading RootkitRevealer now. I wonder how long it is going to take for Norton and McAfee to upgrade their Rootkit detection abilities? Next years anti-virus release? The last rootkit that Norton found on a computer at work was well spread and had been out for 6 months. It still was unable to remove/fix the infection. :(
...after he tried to rip another Sony produced CD "Healthy in Paranoid Times" by the Our Lady Peace:
Disappointing, to say the least..., October 14, 2005
A Kid's Review (Amazon.com)
I tried copying this CD, not knowing that it was protected. So, I ripped it to my hard-drive and burned it. But, when I inserted the burned copy into my computer, the screen froze for a while, and an installer icon appeared on the taskbar in the bottom right. It installed somthing - and now I cannot burn anything, with any program. I've even tried using a different, external CD burner. A disk error comes up during burning, even if I am not not burning audio CDs. This was not a fluke. I've talked to other people this has happened to. Avoid anything with "copy protection." Sony might as well burn viruses onto the CDs they distribute.
If you do this, then you are deliberately disabling a copy protection system, which is illegal under the DMCA. So Sony can sue you.
[Note: this varies with your jurisdiction. No DMCA in Canada, yet.]
Doug Moen.
I have written a truly remarkable program which this sig is too small to contain.
Sony still hasn't agreed to come on board with iTunes, which I find damn annoying. Everytime I search for an artist and don't find them (considering they're a big artist), I go and search for that artists publisher.. and what do ya know, always sony.
I'm really starting to hate that company. This BS "DRM" is just the icing on the cake. Sure, iTunes has DRM, but it's quite benign (5 computers, unlimited ipods, unlimited burns per song, 7 burns per album).
They're too big, and have their hands in too many pots. Time for Sony artists to take a stand and go with somebody else (quite difficult, considering the ass-raping contracts they probably had to sign). Essentially, Sony are denying their artists a source of income to satisfy the needs of their consumer electronics department. I'd be pissed.
... the little guys are more likely to crumble. Why not target the source of this crap? I did. Though, admittedly I'm sure SONY keeps their wallets fat enough to ignore us. See below:
o tkits-and-digital-rights.html) for the disreputable practices they are, and for identifying "First 4 Internet" (sounds like a shoddy store-front operation for a bunch of Black Hat rejects) as the company directly responsible for the most vile intrusion my system has ever received. And the fact that your ill-conceived product leaves my system open to additional intrusions of this nature is unforgivable.
===
Mail-To: info@xcp-aurora.com, info@first4internet.co.uk
Subject: attn: Mathew, Tony, Peter, Nick; re: Extreme displeasure with your XCP product.
To Whom it may concern:
I would like to address the outstanding issue regarding the software your company licensed to SONY BMG here in the United States. This software proposes to be a harmless DRM solution for the corporate customer as a method of protection against malicious users. However, what your software critically FAILS at is conscientiously protecting the end user against exploits of your poorly, shit-house written utilities.
Personally, I'm glad that your nasty parlour tricks were recently exposed by SysInternals.com (http://www.sysinternals.com/blog/2005/10/sony-ro
May whatever sink-hole from whence you rose quickly swallow you back. You have no right to voilate my computer's integrity. You have no right to scan the contents of my computer. You may have the right to hide in the darkness of Windows' subsystem like cowards, but that does not mean you won't be seen. You have no right to abuse the trust garnered by SONY from the citizens it regularly calls customers (or, perhaps more appropriately, "guinea pigs"). I hope the light of truth sends you roaches scurrying.
With the wretched taste of bile at the back of my throat,
[my name]
[my email addy]
===
Personally, I purchased "The Dead 60s" latest album, and sure enough it had the exact same copy-protection crap as described on sysinternals.com. That article sure shed some light on the behavioral difference in my system since I got that CD (significantly slower start up and execution times on a 1.2 GHz, and constant 5 - 10% CPU usage with almost nothing running). Fuck them. Fuck them right in the ear.
It was stated before, and I'll reinforce it: This kind of DRM ADVOCATES piracy. You are safer without DRM. I intend to zap my Windows machine and go to Debian (as I've been considering, but now have good reason for security purposes), and return this CD by mail to SONY BMG in a thousand tiny pieces, but not before I copy it and distribute out of sheer spite.
Thank you for reading One Man's Opinion. No participation necessary. Offer void where deemed by law or PATRIOT Act.
They don't put it there. You do. They just packaged it for you. If you didn't want to give them permission to run arbitrary executables on your computer, then WHY DID YOU RUN THEIR EXECUTABLE??
IANAL, however, I believe that contracts that are made in bad faith, or with the intent to decieve a particpant are not binding. If this is the case, I think that I wouldn't be hard to argue in a court that you have no obligation to keep Sony's rootkit (by deffinition an illicit and deceptive tool) on your computer. Moreover, you might also be entitled to damages resulting from said 'bad faith' agreement.
Even if my assessment isn't quite correct, it seems to me that it is probably fuzzy enough of a point to invite litigation. If I were a multimillion(billion?) dollar company I wouldn't be the one to test the legal water on something like this.
HA! I just wasted some of your bandwidth with a frivolous sig!
It'll go like this: Somebody out there with an axe to grind against Sony is going to lift this code intact, with no modifications, and marry it with a worm that goes around and infects peoples machines with some nasty or other that executes with a file that has a name beginning with $sys$ and cause some real trouble with it.
Net result, the infected folks are going to have a SERIOUS beef with Sony over the fact that the "invisible" file was able to install itself and run its merry course completely under the radar. All because of a piece of shit attempt by a fucked up Giant Corporation that was attempting to further line its pockets by installing some ... shall we say, hmm, unsavory code?
Ok script kiddies, you have your assignment. Now get to work!
Is it fascism yet?
I thought I was ahead of time, when I implemented a rootkit DRM just a few days ago. My rootkit is a part of my project, trying to show how malware and DRM systems can get really close to each others, and both get protected by law. Under EU Copyright Directive, it's going to be illegal to remove this rootkit.
You can read about my copyright projects here:
http://muzzy.net/files/copyright_projects_en.txt
-- Matti Nikki