Slashdot Mirror
Sony DRM Installs a Rootkit?
An anonymous read writes "SysInternals.com guru Mark Russinovich has a detailed investigation of a rootkit from Sony Music. It's installed with a DRM-encumbered music CD, Van Zant's "Get Right with the Man". (Mmmm, delicious irony!) The rootkit introduces several security holes into the system that could be exploited by others, such as hiding any executable file that starts with '$sys$'. Russinovich also identifies several programming bugs in the method it uses to hook system calls, and chronicles the painful steps he had to take to 'exorcise the daemon' from his system." This house is clear.
Now is that *sony's* rootkit, or a soon-to-be-former-sony-employer's rootkit?
corporations exploit YOU!
:/
hrm, so much for humor. I don't find it funny at all
DRM wasn't intrusive in the first place.
perpetually dwelling in the -1 pits
And let me guess, it offers you an EULA and exempts Sony from any liability for damages caused by this thing?
We *really* need to get a anti-spyware bill on the books. Something along the lines of, "It shall be a criminal offsense to install non-application software on any computer when the user has not been reasonably notified in advance and/or agreed to have the modifications made. This bill will be reevaluated for its effect in three years."
Anything running in the background, rootkits, and other forms of spyware (which generally rely on the user not knowing they're there) would immediately become illegal.
Javascript + Nintendo DSi = DSiCade
I'm downloading RootkitRevealer now. I wonder how long it is going to take for Norton and McAfee to upgrade their Rootkit detection abilities? Next years anti-virus release? The last rootkit that Norton found on a computer at work was well spread and had been out for 6 months. It still was unable to remove/fix the infection. :(
Microsfot needs to make it completely impossible for any software to do something like this unless the user runs in some special maintenance mode or logs in as some special account. They can make an exception for windows updates which are signed by them.
Not that this makes it better in any way, but I liked how he said
I hadn't noticed when I purchased the CD from Amazon.com that it's protected with DRM software, but if I had looked more closely at the text on the Amazon.com web page I would have known
followed by a picture of the amazon web page in question with [CONTENT/COPY-PROTECTED CD] clearly visible in massive letters.
Since spyware WITH a proper EULA has been held to be in violation by the FTC, and since this EULA doesn't really mention the rootkit's difficulty of removal, this might be litigatable.
Of course, Mark Russinovich did (inadvertantly) dissasemble content protected by the EULA.
Test your net with Netalyzr
It's one thing to copy protect your CDs to make it difficult to rip but it's another thing to install a rootkit that is by definition difficult to remove. Who'se going to clean up this mess when a Microsoft patch or SP comes around and breaks any computer with this installed?
I am very glad to hear about this. That CD WAS on my birthday list for next week.
Sony just lost a sale, end of story.
Professional Politicians are not the solution, they ARE the problem.
Sounds like an opportunity for a class action lawsuit. Everyone who played the CD on their windows system would be eligible. ...good opportunity for a group of lawyers to get rich. (The members of the action never do.)
Often times you're not presented with a choice. The first time you insert a CD, it will autoplay - this is when this crap makes it in. I know you can shut that feature off, but most people either don't knwo how, or won't.
BeauHD. Worst editor since kdawson.
What is next? Drm that will rewrite your bios and turn your pc into an expensive doorstop for copyright violation?
As if spyware itself is miraculiously legal and now we have this? Rootkits and spyware programs that append to windows in the mbr so even a reinstall wont delete thim IS TOO FAR!
I agree with a previous poster that is should be a criminal offense the same catagory as spypainting someones house or breaking an entry. Why do we allow this crap to be legal?
Its time we wrote our elected officials and inform them about what is happening and about Sony's drm and demand civil and criminal responsibility for malware makers. I dont care if its the CEO of some company spraypainting my house vs a teenage kid. Its still illegal and Sony should be held accountable.
I was reading on cnn about the drop of ecommerce even though there is still a rise in internet usage. This is due to all the spyware/scams/malware that is infecting pc's at record rates. This is killing out economy and many companies such as Google, Amazon, and Ebay are already getting hit with their wallets over these scams.
Lets organize and make a difference. This is a slippery slope and I fear what is coming next.
http://saveie6.com/
Man, Sony'll do anything to make sure your system has their Cell in it.
If brevity is the soul of wit, then how does one explain Twitter?
Turn off autorun.
Slashdot - where whining about luck is the new way to make the world you want.
To make matters worse, not only is everything hidden, but you can't just delete the files and reg keys or you'll cripple your system...the author of the article is a developer and he spend a lot of time just getting rid of the damned thing...I know I couldn't do it
There's a slight difference between a copy restricted CD and an "install a rootkit on your computer" CD, though...
Being a root kit just means that the program works at the OS level, USUALLY in such a way that the end user will not notice it, nor will virus detectors flag it. It changes something about "Windows" as opposed to adding something to it. (over simplified)
The arbitrary code in this case is installed when you hit 'OK'.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
You're confusing the terms "rootkit" and "trojan"/"backdoor".
A trojan in its strictest sense tricks a user into executing one set of code when they think they're executing another. A backdoor simply allows remote execution of arbitrary code.
A rootkit is usually the set of tools that an attacker deploys on a compromised system. "rootkits" in the terms of this article are programs that trick your kernel into doing things it shouldn't do. This could include a trojan or a backdoor, but not necessarily.
Sony's program is a rootkit because it runs without authorization from the CD and alters the Windows API in order to disguise itself. As far as the article indicates, it doesn't include the ability for Sony to execute code on your machine. It's still dirty and sinister, if you ask me. It also allows any other malicious attackers to conceal anything they plant on your machine - simply by prefixing any file name with $sys$ - that's not cool!
I know you can disable auto-run and such to get around this type of crap. But what happens if you just 'disagree' or whatever on the EULA? I assume that Sony will then not install the rootkit and you can rip the CD with whatever tool you normally use? Or does Sony install the rootkit anyway, setting themselves up for criminal prosecution? Does anybody have a copy of this thing to try and answer that question?
It just seems kind of silly to have DRM which is totally dependant on the user to request it be installed. Or can refusing an EULA be considered a violation of the DMCA?
"the author of the article is a developer and he spend a lot of time just getting rid of the damned thing...I know I couldn't do it"
But thanks to his hard work, now we can! I for one love this guy.
Now I have another reason to dump Windows, this rootkit won't run on Linux or Mac.
-nB
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
Getting a cockroach with my just purchased pizza.
This is exactly the same mentality that brought us the memory stick and the mp3 walkman who could not play mp3's, only ATRAC. Incidentally, Sony profits are down 46% this quarter. I can only add that this is another nail in the coffin of a company once known for its innovation, high standards and uncanny understanding of the consumer's mind. They better hope the Ps3 saves their collective asses
You can't enter into a contract which violates the law. Thus a "contract killing" is not a valid contract.
...after he tried to rip another Sony produced CD "Healthy in Paranoid Times" by the Our Lady Peace:
Disappointing, to say the least..., October 14, 2005
A Kid's Review (Amazon.com)
I tried copying this CD, not knowing that it was protected. So, I ripped it to my hard-drive and burned it. But, when I inserted the burned copy into my computer, the screen froze for a while, and an installer icon appeared on the taskbar in the bottom right. It installed somthing - and now I cannot burn anything, with any program. I've even tried using a different, external CD burner. A disk error comes up during burning, even if I am not not burning audio CDs. This was not a fluke. I've talked to other people this has happened to. Avoid anything with "copy protection." Sony might as well burn viruses onto the CDs they distribute.
After being presented with a sell-your-babies-to-the-almighty-record-label EULA, and before shoving awfully encoded WMA format files down their throats.
Hint #1: There's no "copy protection" on CDs. For most parts, it's misshapen multi-session CDs. cdrdao read-cd --session 1 ... Hint #2: If you're encoding the files to MP3, Vorbis or, good heavens, WMA, digital rips are wayyyy overrated and plain old CD player, analog RCA-to-RCA cable and an audio recorder app can do really wonders. =)
I used to buy a lot of CDs but stopped around the time of the napster lawsuit. I would probably still be buying 2-3 discs/month if I didn't consider it immoral to buy CDs.
On this CD's product page, there are several negative reviews on account of spyware. My favorite puts into plain English why this is bad: "I am very unhappy, since I now listen to all of my music using my IPod."
I think this is the way to fight DRM. When we complain about DRM rights, we're fighting a crusade on principle, and few people really get what's wrong. When you say, "This CD that I paid for can't be transferred to my iPod," people will see that it's outrageous. When people see that it's installing spyware on your computer, they'll flip. Cheers to whoever's left this feedback.
________________________________________________
suwain_2
Has "Van Zant" or their agent made any comment on how they feel about what Sony is doing to their audience in their names? (Would they even understand what Sony has done?)
I'm glad I get my music off of p2p networks and don't have to worry about trojans and rootkits and that evil hacker stuff!
Because I think the DMCA is a ridiculously bad piece of law, I would like to see Mark prosecuted for violating it, so that people can see just how bad it is.
-paul
Pistol caliber is like religion: everyone has their favourite, and theirs is the only right choice.
I think the article provided enough evidence as is. Yes, it is "DRM shovelware", which is an offense in itself. Yes, it's hard to uninstall, which is bad. But it's also trying to hide itself, which is really nasty, and it hides stuff indiscriminately, which is worse.
It is a rootkit, because it messes with the OS to hide specific files. It is a dangerous rootkit, because it hides all files that start with some prefix, not just the specific files used by the DRM mechanism - this could be potentially used to hide more mischief from the same source.
You obviously didn't read the article very closely. Sony patched the CD/DVD drivers, Sony's code runs every time you access the drive. He didn't disassemble the entire driver so there is no clear indication that it doesn't contain security problems (whether by incompetence like a buffer overflow, or a deliberate backdoor) that would allow arbitrary code to run. There is no way to audit the code for security, it is probably illegal under the DMCA to disassemble and fully analyze DRM code in sufficient detail for a full code audit
THAT is the biggest problem with these windoze DRM hacks. You can secure your system with all the technology at your disposal, but it means nothing when you are tricked into running a rootkit disguised as DRM. Then you have to trust the DRM vendor did not make any mistakes that expose you to further security risks.
People like to gripe about Apple's DRM, but at least they know better than to pull crap like this.
It's worth noting that the DRM in question, which prevents a CD from being ripped into an iPod-compatible format, can be circumvented by the following step:
1.) Insert CD into a Macintosh
(And yes, little Timmy, Linux/BSD/FreeDOS/whatever)
If you do this, then you are deliberately disabling a copy protection system, which is illegal under the DMCA. So Sony can sue you.
[Note: this varies with your jurisdiction. No DMCA in Canada, yet.]
Doug Moen.
I have written a truly remarkable program which this sig is too small to contain.
Work hard to make sure that CDs using intrusive and possibly illegal DRM are the ones MOST ACTIVELY distributed via P2P.
This should be done not because "information wants to be free", but rather because businesses who engage in these sorts of practices should be made to fail financially.
When the labels have their annual shareholders luncheon and are forced to show the fancy Powerpoint presentation entitled "Effectiveness of DRM Solutions at Limiting Piracy", the graphs should be embarrassingly skewed in the wrong direction.
The only thing that works is money. So make sure they, and the band, see none.
"The band?! Surely you can't be serious?! They're probably just innocent victims." Bullshit. No one forced them to sign away their souls like whores. It doesn't take a rocket scientist to know that Sony and all others of their kind are customer hostile. Take your music elsewhere. Because that's what I'm doing with my money. And if you're only in it for the money, then you don't get to have any.
The problem with rootkits is that once you've been infected, there's no way to clean the infection without booting to another OS.
For a great movie showing the author of hacker defender defeating most all of the current rootkit-defeating programs see the following link:
http://www.hxdef.org/download/brilliant.php
I patented screwing your mom. But it got revoked for "prior art."
Seriously speaking, this shows two things. One is yet another demonstration of the fundamental evil of Microsoft's "security" model. Even if you weren't running as root/Administrator (and everyone does, don't they?), then the "reputable" installation from the "reputable" company would just ask you to elevate your privileges.
The other thing is that power is always abused. If not now and by Sony, then tomorrow by some other "reputable" company. (Or put on your tin hat and say "Yesterday by the NSA.")
I hope they track this story, and if it is not another misguided /. rumor, I certainly hope that Sony repudiates the technique and the software. Soon.
Then they should apologize.
Then sack the person responsible.
Then sack the person responsible for not sacking the responsible person earlier.
[Infinite loop warning.]
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
This guy is without a doubt, one of the most knowledgable about the internals of ANY Microsoft OS. He (and his company) have written more top-notch, high grade software than any other company out there (for purposes of exploring just what is on your computer, remote administration, and "peeking under the hood").
On top of that, a majority of their tools are completly free, light, and do the job WELL.
They have tools made to defragment your registry hives, to actually execute a process as another user (don't mention "runas", their stuff takes it to another level), monitor the registry hives for changes, and this disturbingly well-done root kit revealer.
Sysinternals is god when it comes to actually looking at what is wrong with a MS OS, and there's no way around it.
This is an audio CD but It's not a CD-audio though, this is just a CD-ROM with DRM'ed audio data on it. This means if I've understood correctly that you cannot even play this CD in your hifi, only on your computer, and only if it's running Windows.
And i also don't understand, to quote you, "Why anyone would purchase a CD under those terms to begin with ?". A possible reason is "by mistake". People aren't careful enough and then buy those copy protected "audio-CDs", then later complain the CD doesn't play correctly on their car CD player, if it plays at all.
I have also been tricked into buying copy protected CDs, not much but still too much. Now when I consider buying a CD, I'm very careful not to buy that crap. If everybody does the same, majors will see immediately the impact of DRM on their sales and stop using it. It has worked for me. I was buying every releases of "Solid Sounds", a belgian techno compilation. I stopped buying thoses CD when they introduced a copy protection mechaninsm. I suppose I wasn't the only one to do that because later they stopped protecting their CDs.
I know, I'm going slightly off-topic here but this kind of attitude from big companies that earn way too much money really disgusts me.
America - well, there's no privacy in the US of A. The trade in personal information is open and widespread. There is an excellent chance that if anyone tried to prosecute Sony over privacy infringements that it would be laughed out of court. You can't protect what you don't have. Posession is 9/10ths of the law, and Americans posess very little - much as they often like to believe otherwise.
Sony actually has a much stronger case. Reverse-engineering their DRM scheme is in direct violation of both the letter AND the spirit of the DMCA, which is explicitly intended to prohibit exactly this kind of research (ie: the study of the spyware) and this kind of result (ie: the removal of it, afterwards). Depending on who Sony licensed the rootkit from, there is a possibility it might also violate aspects of the PATRIOT act. (If the rootkit is also used by any law enforcement groups, then this study could compromise wiretapping provisions in the act.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
... CLEAN.
m0nstr42.blogspot.com
do they do a mac or linux version?
My refrain to the copyright holders: The people being hurt by this DRM software are people who have already communicated their intent to do the right thing by purchasing the CD. Sony has just guaranteed that a lot of people will never make that mistake again.
Welcome to a Brave New World: People who pay for their music get viruses, while people who download it at no cost from illegal sources get clean MP3s that they can freely copy and use on whatever devices they own.
I don't know the full details as I'm not beta testing Vista, but I do know that Vista has some protections like this in it. This is in large part why MS talks about Vista being much more "secure" than past windows releases. A good example of this is is device drivers. As started in this article(a Q&A with the head of ATI's driver team):
& file=article&sid=6
http://hardwarefanatics.com/modules.php?name=News
"Vista requires a brand new driver model. It is actually called WDDM (Windows Vista Device Driver Model). Whereas before, device drivers were something called kernel mode based, they are now user mode based. This means that drivers do not directly talk to the operating system and have the ability to crash it. The end result will be greatly improved stability for devices on Vista. The amount of work to support the new driver model is tremendous. It is basically a re-write of the entire driver. However, we are very much ahead of the game, and feel good that we will have the best Vista support when it is actually released (and even sooner with our beta drops)."
You are who you are, let no one tell you different. But, never close your mind to a new point of view.
As I said above, any software that patches the kernel's system service table to redirect system calls to trojan software without permission while hiding (and making itself impossible for your average user to remove) is a rootkit. It only makes it worse that it *never stops running* and *starts up even in safe mode*. These are all hallmarks of a rootkit. Just because it doesn't send spam and all your passwords/credit card numbers to a server in Russia doesn't mean it isn't a rootkit.
What's supposed to be the logic behind this move? Curb piracy?
And its in that respect that record companies simply don't get it. First of all, they're completely punishing their fans for purchasing their product. After all, how do these CD protections benefit the consumer in any way? The only thing that results is more nuissance for that consumer - thanks to Sony's protection, they aren't able to put the music they bought on an MP3 player for instance. They aren't able to put the MP3s on their computer so that they can listen it from there.
Do they not realise that people use their computers for music these days? Nearly every student I know has some kind of MP3 jukebox set on their machines, where they shift songs between their entire music collection. The companies have been operating on a basis that their products should not be compatible with computers at all, going so far as deceivingly installing these virus-like programs. They think that that will reduce piracy. Fact is: it hasn't, nor will it ever.
As the old addage goes: where there's a will, there's a way. And I've yet to see a CD where its contents could not be ripped. So this does not curb piracy in any way - meanwhile, it makes the CDs less appealing to the fans. Why spend $20 on a product that only half-works? A product that behaves like a computer worm and installs a rootkit?
Piracy doesn't exist because people can do with their CDs as they see fit. It exists because people are getting fooked around by the record industries left, right, and center. Infecting PCs with worms, preventing people to listen to music they legitimately purchased, are hardly steps forward to make the CD format more appealing.
The record labels simply do not get it.
The real "Libtards" are the Libertarians!
Indeed. I've actually been a little disappointed with the DRM on CDs. When I put them in my Linux boxes they just play. I can rip to MP3 until the cows come home. No problem.
I actually wanted one to fail so I could see how it was failing and maybe do something about it. Contribute something to the community, ya know.
...laura, not a U.S. resident, not covered by the DMCA
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Yes, I've read the DMCA. The specific clause about security testing is rather vague. It allows security testing, but only up to a point of "infringement" (whatever that means). This hasn't been tested in court AFAIK but even prominent security researchers are afraid of it. The way I read it (IANAL) is that you can security test it up to the point where you disassemble it enough to discover how to break the DRM, and ANY code audit that could find security holes would cross that line.
Sony still hasn't agreed to come on board with iTunes, which I find damn annoying. Everytime I search for an artist and don't find them (considering they're a big artist), I go and search for that artists publisher.. and what do ya know, always sony.
I'm really starting to hate that company. This BS "DRM" is just the icing on the cake. Sure, iTunes has DRM, but it's quite benign (5 computers, unlimited ipods, unlimited burns per song, 7 burns per album).
They're too big, and have their hands in too many pots. Time for Sony artists to take a stand and go with somebody else (quite difficult, considering the ass-raping contracts they probably had to sign). Essentially, Sony are denying their artists a source of income to satisfy the needs of their consumer electronics department. I'd be pissed.
... the little guys are more likely to crumble. Why not target the source of this crap? I did. Though, admittedly I'm sure SONY keeps their wallets fat enough to ignore us. See below:
o tkits-and-digital-rights.html) for the disreputable practices they are, and for identifying "First 4 Internet" (sounds like a shoddy store-front operation for a bunch of Black Hat rejects) as the company directly responsible for the most vile intrusion my system has ever received. And the fact that your ill-conceived product leaves my system open to additional intrusions of this nature is unforgivable.
===
Mail-To: info@xcp-aurora.com, info@first4internet.co.uk
Subject: attn: Mathew, Tony, Peter, Nick; re: Extreme displeasure with your XCP product.
To Whom it may concern:
I would like to address the outstanding issue regarding the software your company licensed to SONY BMG here in the United States. This software proposes to be a harmless DRM solution for the corporate customer as a method of protection against malicious users. However, what your software critically FAILS at is conscientiously protecting the end user against exploits of your poorly, shit-house written utilities.
Personally, I'm glad that your nasty parlour tricks were recently exposed by SysInternals.com (http://www.sysinternals.com/blog/2005/10/sony-ro
May whatever sink-hole from whence you rose quickly swallow you back. You have no right to voilate my computer's integrity. You have no right to scan the contents of my computer. You may have the right to hide in the darkness of Windows' subsystem like cowards, but that does not mean you won't be seen. You have no right to abuse the trust garnered by SONY from the citizens it regularly calls customers (or, perhaps more appropriately, "guinea pigs"). I hope the light of truth sends you roaches scurrying.
With the wretched taste of bile at the back of my throat,
[my name]
[my email addy]
===
Personally, I purchased "The Dead 60s" latest album, and sure enough it had the exact same copy-protection crap as described on sysinternals.com. That article sure shed some light on the behavioral difference in my system since I got that CD (significantly slower start up and execution times on a 1.2 GHz, and constant 5 - 10% CPU usage with almost nothing running). Fuck them. Fuck them right in the ear.
It was stated before, and I'll reinforce it: This kind of DRM ADVOCATES piracy. You are safer without DRM. I intend to zap my Windows machine and go to Debian (as I've been considering, but now have good reason for security purposes), and return this CD by mail to SONY BMG in a thousand tiny pieces, but not before I copy it and distribute out of sheer spite.
Thank you for reading One Man's Opinion. No participation necessary. Offer void where deemed by law or PATRIOT Act.
They don't put it there. You do. They just packaged it for you. If you didn't want to give them permission to run arbitrary executables on your computer, then WHY DID YOU RUN THEIR EXECUTABLE??
IANAL, however, I believe that contracts that are made in bad faith, or with the intent to decieve a particpant are not binding. If this is the case, I think that I wouldn't be hard to argue in a court that you have no obligation to keep Sony's rootkit (by deffinition an illicit and deceptive tool) on your computer. Moreover, you might also be entitled to damages resulting from said 'bad faith' agreement.
Even if my assessment isn't quite correct, it seems to me that it is probably fuzzy enough of a point to invite litigation. If I were a multimillion(billion?) dollar company I wouldn't be the one to test the legal water on something like this.
HA! I just wasted some of your bandwidth with a frivolous sig!
It indescriminately hides any file beginning with "$sys$". Not just its own files. Any file. Now tell me this isn't a rootkit.
Don't just stand there, get that other dog!
Sony, you have gone too far...
No PSP for Christmas!
No PS3 next year!
So you protected a $15 CD by killing ~$700 of hardware purchases plus whatever games I would have purchased.
No wonder your stock sucks and your revenues are down!
Your DRM works, I'm exercising my right not to purchase your products any more!
"I say we take off, nuke the site from orbit. It's the only way to be sure."
Cat's out of the bag now. Congratulations, Sony. You fucked up big time.
I'd like to take this opportunity to dissect the article in question here, to point out just how positively obscene this is. There are a few key points I'd like to highlight that I feel we should all take into consideration.
It would appear that Sony has deliberately begun shipping rootkits with its DRM protected CDs. According to the article - and this is a pretty good definition, by the way - "Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden." In a nutshell, this means that the program shipped with the CD in question here - and possibly other Sony CDs - is designed to hide itself and other programs from view. In other words, once installed, it will allow Sony and any other interested party familiar with this particular rootkit to operate programs on a compromised system without the user knowing it.
Let's take a step back here to consider the implications of this. Sony is distributing a rootkit, but what does this have to do with DRM? Well, if you really think about it, it has everything to do with DRM. A DRM program that cannot be seen or easily accessed can operate secretly, monitoring and manipulating the system behind the user's back. Any future DRM software Sony distributes could infiltrate a computer secretly, and burrow deep into the system files of said computer.
According to the article, the rootkit was produced by First 4 Internet. Upon investigating the company itself and the products and services it offers, the author dredged up this lovely little nugget of joy: "... However, the fact that the company sells a technology called XCP made me think that maybe the files I'd found were part of some content protection scheme. I Googled the company name and came across this article, confirming the fact that they have deals with several record companies, including Sony, to implement Digital Rights Management (DRM) software for CDs." That right there should be proof enough that this is no accident, and anything but legitimate DRM. Not only does having a rootkit handy make the DRM difficult to thwart, but also allows it to operate secretly.
Now, you'd think that you could just remove this software, right? Wrong. Dead wrong, as a matter of fact. The author of the article had a hell of a time removing the rootkit, actually, and not only that, at any given time, it was consuming between one and two percent of the CPU's power - a small 'penalty' for even having it. (And any programs it's hiding would also have to leech off the CPU and RAM as well.) As he attempted to remove this shit, he discovered even more about the software: "As I was deleting the driver Registry keys under HKLM\System\CurrentControlSet\Services I noted that they were either configured as boot-start drivers or members of groups listed by name in the HKLM\System\CurrentControlSet\SafeBoot subkeys, which means that they load even in Safe Mode, making system recovery extremely difficult if any of them have a bug that prevents the system from booting." Suddenly, this is more than a performance issue. This software could theoretically disable a system should it break or be manipulated by the software it's hiding. It would appear, however, it is possible to remove, but only after eviscerating a handful of driver files, registry entries and keys, and other lovely goodies from your system. The rootkit and the DRM attached to it do not have an uninstaller, and unless you take the same steps the author took to remove this flaming pile of garbage from your system... Well, he puts it pretty well:
"The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files wit
What we *can* do is write a detector (only takes one of use) and hopefully a remover. Distribute it widely. Make it plain where this malware came from too... the non-technical will soon understand that playing a Sony CD will break their computer - that's all the knowledge they need.
it's a 5/$5000 penalty, class C felony, to knowingly distribute harmful software to a PC in Minnesota. 1992 law, I believe it was. demonstrating this is a rootkit is prima facie evidence that this would be harmful software.
somebody with means should get a case opened....
if this is supposed to be a new economy, how come they still want my old fashioned money?
If I kill you to prevent you from killing me, killing you is self defense and not a crime. Seems reasonable that if I kill Sony's process to prevent it from stealing my ID that it's self defense and not a crime. The DMCA is one of those laws that is so out of whack, nevermind the US Constitution. It probably violates Brittish common law, the Magna Carta, and if you look hard enough it probably violates the code of Hammurabai and the social order of primitive hunter-gatherer cultures too.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
I thought I was ahead of time, when I implemented a rootkit DRM just a few days ago. My rootkit is a part of my project, trying to show how malware and DRM systems can get really close to each others, and both get protected by law. Under EU Copyright Directive, it's going to be illegal to remove this rootkit.
You can read about my copyright projects here:
http://muzzy.net/files/copyright_projects_en.txt
-- Matti Nikki
Norton actually REMOVES viruses?!
The sounds like something the National Enquirer would do a story on. "Norton Actually Removes Viruses instead of just showing you you're infected!"
And just how is such a device going to reach the Internet?
iptables -A INPUT --mac-source XX:XX:XX:XX:XX: -j DROP
And they can hardly send in the storm troopers based on this sort of evidence, "Midunno, the house got hit by lightning, maybe that screwed it up? I can't show you the device, it was broken so I threw it out".
That would also make for a nasty payload for a Windows virus. Not only does your DVD player get turned into a paperweight, the victim might also get raided by the DRM police.
Xix.
"Everything is adjustable, provided you have the right tools"
Dear Sony Regarding the rootkit you are attempting to install on the computers of customers who purchase Van Zant's "Get Right with the Man": my relationship with you is over. I will never again purchase -any- CD from Sony Music. Period. Your intentional introduction of security holes and your undisclosed modification of the operating system is simply unacceptable and uncalled for. Your application of excessive, intrusive and unreasonable DRM has ensured that I will -never- purchase any work with the Sony logo. The number of pirated copies this prevents me from downloading or sharing? Zero - I don't pirate. I don't give people copies of my music. The number of future dollars your DRM (which is sure to be broken within weeks anyway) has cost your company? Beyond calculation: my life expectancy has me sticking around - NOT buying Sony music, by the way - for decades to come. Was this worth the trade? If you want my business then I demand nothing short of full public disclosure, an appology, and the very public firing of the executive who gave the green light to this horrible, horrible concept. Please note that I intend to share this letter with others. With luck they too will refuse to purchase Sony music in the future.
If the g'vt kept the data on you that google does you'd better believe you'd be calling it "doing evil"
But now the legitimate users are getting rootkits installed while the pirates can download a DRM-free version of the album? I'd rather take the chance on an illegal download than put something in my computer that I know will install a rootkit on my system.
If Sony's DRM ever gets popular enough (and I hope to god it won't) then what's to stop virus makers using the cloaking abilities of a rootkit ALREADY INSTALLED for nefarious puposes? Sony is bound by their EULA not to collect information, although that EULA mentions nothing of removing the software. Hell, they could even claim under the "reverse engineering" clause of the DMCA that removing it requires disassembly and then sue you.
I really hope this goes to court and Sony gets handed their ass on a platter. Otherwise this will be a real blow to privacy and (even though corporations/government don't care about it any more), fair use.
Stay away from this Sony crap.
Sony is distributing this as part of some larger, possibly effective DRM system for music CDs.
What I see here is an endless amount of whining about how awful this is. You are overlooking the potential of this. The key here is that this is now out in the wild and can be exploited. The contest should be to come up with creative (and possibly destructive) things to do with these drivers when packaged with other software.
The result of this should be interesting. I think the responsiblity for all of this rests with Sony and First 4 Internet, but I would really like to see something creative done with this, such as an ActiveX control that disables the CD drive of anyone who visits a web site. The point is to make as much use of this as possible. Sony has provided the tool, it is now up to everyone to make as much use of this as possible.
It is most likely that this is actually an elaborate ploy to ruin the lives of Van Zant fans by die hard Lynrd Skynrd fans.
Is this CD playable without the drm software after using cdparanoia or some other tool? SonyBMG is now added to my list of labels not to buy due to copy protection, which previously included ToshibaEMI and Avex Trax for their (cdparanoia breakable) copy protection. In fact I don't buy CDs any more, I just keep a copy of cdparanoia around because sometimes people give me CDs as presents and often they seem to have some kind of copy garbling, erm protection.
Anything which uses technical means of copy protection is not a CD.
Not true. There is exactly one type of copy protection allowed by the Red Book standard (in fact all implementations have to adhere to its technical specification, whether they enforce it or not), and it is a variant of SCMS.
Basically, SCMS defines whether a source is copy-restricted or not, as well as whether it is an original or a copy. The idea is that anyone can make at most one copy of a copy-restricted original, but not a copy of a copy-restricted copy. See also here.
A distinction was made between consumer-grade (stand-alone) CD copiers (which should always obey SCMS) and professional CD-writers (which were not required to obey SCMS). Strangely, CD-writers attached to computers were treated the same way as professional units (presumably to allow users to copy-restrict their own work).
This strange treatment of computer-attached CD-recorders, combined with most recording software ignoring SCMS altogether in case of direct CD-to-CD copying seems to me the root cause of the current problems with non-conforming copy-protected CD's.
It is an interesting question whether either or both parties are violating the DMCA. I think that either CD-reader/CD-recorder manufacturers should have disallowed ripping of audio-CD's altogether, or they should have output a DRM-ed data format which can only be written to audio-CD's again by software compliant with SCMS.
The Hacker's Guide To The Kernel: Don't panic()!
Although I'm sure they'd be noncommital in their official response, I'd love to hear what they think internally about this kind of thing. If "security" really is their #1 corporate focus as they've been so eager to tell us, this should have them screaming at the top of their lungs.
The chances of us slackers motivating our corporate-owned legislators to smack Sony is comically low, but if we could get a second big player in there on our behalf, there's a real chance to get this awful idea blackholed like it should be.
Anyone have any high-up connections within the Empire?
I wonder what would happen if somebody brought a small claims court case based on this...
[waves fingers in front of face Wayne's World style]
Judge Judy: So I understand that this man's company facak'ded up your computer? And it cost you 600 meshugena dollars to get it fixed?
Random Dude: Yes, your honor. I bought some lame ass CD that Sony price gouged me for (they have DJs to pay off you know) and when I put it into the CD drive on my Sony laptop, the drive stopped working and the computer didn't function properly. I went to my local Sony authorized dealer to have my computer serviced, but they weren't able to fix it. Since they said it was a software issue and not covered under the warranty, they charged me $200 (they have call centers to outsource you know). So then I was going to reload Windows XP, but my Sony laptop didn't come with the original CD (they have Politicians to bribe you know). So that set me back $400 for a new copy.
JJ: That is unconscionable. What is your side of the story?
Howard Stringer (CEO of Sony): He forgot to mention that we sued his kid brother for having music on the computer.
JJ: You, sir, are below slime. I find for the Plaintiff.
Or if it was on Texas Justice:
Larry Joe Doherty: Hey boy! I hear this guy cost you some mucho dinero 'cause of your computer or something?
[same as above, but with a different end]
LJD: Give that boy his $600! Now come sit in this chair and put this hat on!
The same scenario on Judge Joe Brown:
Joe Brown: I'm from the streets, but I've never heard of this scam. Tell me how it went down.
[yadda yadda from above]
[the judge sticks a shiv in the CEO and then hands the wallet to Random Dude]
JB: Case dismissed.
And on Night Court:
Harold T. Stone: $50 and time served...and Dan will fuck your wife and sister while Bull pulls out your arms and beats you with them.
[the judge disappears in a puff of smoke]
So you're telling me that if I prepend a file name with "$sys$" it will be nearly undetectable? Finally! An easy and effective way to hide my pr0n. I can't wait to buy this CD
I don't like seeing these summaries and being left to think that my OS X and Linux systems could be compromised, then having to scour the linked article just to be sure.
This is becoming a common occurance on Slashdot: Articles about viruses and other Windows exploits are posted with no hint as to their platform-specific nature. "Systems" are attacked. Is it so difficult to write "Windows systems"?? And then of course, when vulnerabilities of non-MS stuff like Linux are reported, the platform in question is Big News. So on top of vagueness WRT Windows, I get bias. Its like reading the front page of ZDnet.
Please just mention the friggin platform, thank you.
It's SUPPOSED to be a fucking AUDIO CD!!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
I am under *NO DOUBT* whatsoever that Sony will simply point the finger at first4internet, and simply say "We simply contracted them to provide a content protection scheme - we are unaware of the implementation" (or words to that effect). Given that the tech has been sold to several other record companies, I'm pretty sure that's close to the mark as to what actually happened, too.
So, it's first4internet who will take the heat in a criminal case, not Sony, no doubt.
Sony is evil and all, but I don't think it was Sony who was responsible for the way it works...
smash.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
This is NGTCB. The submitted obviously hasn't been keeping up with Newspeak. Don't worry, I've already reported them to Minitrue.
There is no warning on the Amazon UK site for this CD.
Any rootkit would be clear violation of sections 2 and 3 of the Computer Missuse Act. This Act comes from EU treaty obligations so substantially similar legislation exists throughout Europe. The territorial scope of this Act only requires one of the parties to the offense to be in the UK. So buying this from Amazon UK should cover you even if you dont live in the UK.
So you choose the Master who made all this evil possible? Excellent choice!
-adnans
"In short: just say NO TO DRUGS, and maybe you won't end up like the Hurd people." --Linus Torvalds
Once again, we see a total lack of understanding on the side of content creators. Instead of providing us with added value, the provide us with hard to remove malware that will cost us, honest customers who bought an actual cd, cpu and memory resources, not to mention possible back doors into our home computers.
In a world where a computer more and more becomes a tool for content creation and is used more and more as a media hub, unfortunately most of the time based on an operating system known for its insecure architecture, this is a very worrying trend.
We see the same thing happening with content creation software. Dongles, challenge-response systems, it is made harder and harder for legitimate users to use the software, while the odd cracker is very capable of evading whatever copy protection or DRM scheme might exist in the software.
Now I am a firm believer that it is quite okay to pay for quality. I am also a firm believer that I should (and I do) pay for the software I use for my content creation (photoshop for my digital darkroom needs, pro tools for my music making needs). But why the hell should I, as a legitimate customer, pay for insane copy protection mechanisms? They do not add value for me, instead they take value away, in terms of storage, CPU cycles and memory.
Here is my 2 Cents on what is so Dangerous that Sony should be sued for it!
When Sony Installed this Root kit according to mark's Sysinternals Blog - http://www.sysinternals.com/blog/
I quote:
I studied the driver's initialization function, confirmed that it patches several functions via the system call table and saw that its cloaking code hides any file, directory, Registry key or process whose name begins with "$sys$".
To verify that I made a copy of Notepad.exe named $sys$notepad.exe and it disappeared from view.
This means that ANYONE who has this ("Sony Root Kit") installed ("And not looking for Root Kits 24/7, The person that found it, Mark, did not even know it was there, and would have not found it had he not been testing the latest version of RootkitRevealer") CANNOT view ANY file, directory, Registry key or process whose name begins with "$sys$" in Windows Explorer or the registry, or process viewer and actually files and directories may not be seen from the command prompt as well, in some cases, I quote from Mark's Blog:
I therefore checked to see if I could examine the files within the hidden directory by opening a command prompt and changing into the hidden directory. Sure enough, I was able to enter and access MOST of the hidden files
From the Sony EULA, the ONLY reference to any software being installed http://www.sysinternals.com/blog/sony-eula.htm I quote:
As soon as you have agreed to be bound by the terms and conditions of the EULA, this CD will automatically install a small proprietary software program (the "SOFTWARE") onto YOUR COMPUTER. The SOFTWARE is intended to protect the audio files embodied on the CD, and it may also facilitate your use of the DIGITAL CONTENT. Once installed, the SOFTWARE will reside on YOUR COMPUTER until removed or deleted. However, the SOFTWARE will not be used at any time to collect any personal information from you, whether stored on YOUR COMPUTER or otherwise
Hmmm, well they just created a BACK-DOOR for anyone who has this root kit of theirs to get ("Personal Information").
Sony even made sure the Root Kit would Load in Safe Mode as well, I quote from Mark's Blog:
As I was deleting the driver Registry keys under HKLM\System\CurrentControlSet\Services I noted that they were either configured as boot-start drivers or members of groups listed by name in the HKLM\System\CurrentControlSet\Control\SafeBoot subkeys, which means that they load even in Safe Mode, making system recovery extremely difficult if any of them have a bug that prevents the system from booting.
For all Practical purposes Sony has disabled ALL protection from Viri, Spyware, Trojans and Root Kits on the computers that installed their Root Kit IF that Malware uses a $sys$ cloak! for the vast majority of Microsoft Windows computer users.
So IF/WHEN someone creates OTHER Root kits, Viri, Trojans, Spyware that uses this $sys$ cloaking ("Installed Courtesy of Sony") and ANY damage is done to a system because of it, who is responsible for said damage?
Any comments?
Black Gray White Hats Unite to protect http://testing.OnlyTheRightAnswers.com