Slashdot Mirror
More on Sony's "DRM Rootkit"
A couple of days ago we posted a story about Sony DRM installing a rootkit. Since then we have seen many more stories on the subject that I thought were worth sharing.
manno gave us a link to the inquirer and salemnic sent us a page from the washington post. smallfries gave us one from PC Pro.
It's nice to see this story not getting lost in the cracks since the implications are gigantic.
Nice that you've read up on the matter,
It is not stated in the EULA that this rootkit will be installed, plus there's no way to uninstall it through add.remove programs
"WebTV: bringing the Internet into the shallow end of the gene pool since 1995" - Martin Bishop
The malware installed is created by a company called First4Internet.
/. community with me? ;)
They're based in Banbury, Oxford and their CEO is Mathew Gilliant-Smith DBC.
6 South Bar Street
Banbury
Oxfordshire
OX16 9AA
United Kingdom
All info (and more) available on their website here http://www.first4internet.com/contact.aspx/
That's about 20 minutes in the car for me, should I go pay them a visit - taking the best wishes of the
It's software like Sony's that makes windows unstable. A clean install of Windows with only "certfied for windows XP" software is rock solid. It's once you start added badly written drivers and other code the mucks into the OS that it becomes unstable. As the systeminternals article indicated, the driver doesn't follow the rules for unloading itself and other violations that can lead to the blue screen of death. Perhaps MS should increase the level of warnings about non-certified code, but users would still click-thru and blame the OS when it crashes.
It's not a Windows-specific problem, it's just that Sony has only implemented it for windows.
Sony could be held liable in a class-action lawsuit. Anyone can design a virus and name it "$sys$" now, and AV software won't be able to detect it if this rootkit is installed. An IM worm could use this naming scheme, only infect a few thousand people, and the news would report, "SONY's DRM software used to hide latest virus". It'd be a horrible blow, and they'd totally deserve it. I still think we'll see a virus/worm that does this before the end of this month.
On a related note: World of Warcraft hackers are now using Sony's DRM rootkit to hide from "the Warden". I tried to submit this as a standalone story, but since I saw this DRM news update, I figured I'd post it here.
Is Sony aiding and abetting cheaters?
Unfortunately Sony may be able to claim that they offer an uninstaller.
From TFA:
Hypponen said the only way to uninstall the program in the conventional sense (without running the risk of hosing your system or CD-ROM drive) is to contact Sony BMG directly via a Web form and request removal.
At that point, a real, live person will call you back and ask for all kinds of information about your system, and your reason for wanting to remove the software. You're then directed to a Web page that downloads an ActiveX program (yes, you must be using Microsoft's Internet Explorer to do this), which determines what version is installed and reports that back to First4Internet. Then you get an e-mail containing a link to another site that downloads something that finally uninstalls the Sony program.
So, although they make you sell your firstborn to get it, they apparently do offer an uninstaller. IANAL, but maybe someone can still argue that the uninstaller needs to be bundled with the CD. Sony might also be liable if the installation damages your computer.
Umm, nice to see that you didn't read the EULA either.
Your hair look like poop, Bob! - Wanker.
It is not stated in the EULA that this rootkit will be installed, plus there's no way to uninstall it through add.remove programs
I assume that you were trying to somehow infer that I didn't read the EULA? Well, I did, but I'll post the important part of it here because it's fairly apparent that you did not, or at least didn't fully comprehend what it said:
As soon as you have agreed to be bound by the terms and conditions of the EULA, this CD will automatically install a small proprietary software program (the "SOFTWARE") onto YOUR COMPUTER. The SOFTWARE is intended to protect the audio files embodied on the CD, and it may also facilitate your use of the DIGITAL CONTENT. Once installed, the SOFTWARE will reside on YOUR COMPUTER until removed or deleted. However, the SOFTWARE will not be used at any time to collect any personal information from you, whether stored on YOUR COMPUTER or otherwise.
See that part about "the SOFTWARE will reside on YOUR COMPUTER until removed or deleted"? That's what people agree to when they click "I agree" on the EULA screen.
As far as being able to uninstall it via "add/remove programs", I wasn't aware that this made software dismissable via legal grounds. I thought it just meant that you could proudly wear the "Made for Microsoft Windows" on your retail box.
You may be interested in my signature... and my XCP affected Album list.
Hope this helps!
Ubuntu is an African word meaning 'I can't configure Debian'
It is not stated in the EULA that this rootkit will be installed, plus there's no way to uninstall it through add.remove programs.
You can contact Sony directly and they will send you tools to remove the DRM software.
The F-Secure blog talks a little about this. It appears their removal software installs ActiveX controls.. just really messed up.
Posted by: Dickrichard | Nov 1, 2005 11:03:07 PM
;)t ml but nothing really beats searching.
I'm posting this via a proxy just in case Sony doesn't like what I post...
After reading this news story I decided to go after this software and defeat it, and I did.
The following is how you kill this hidden install. I did this in Windows XP Pro, so attempt on another OS at your discretion. This will require Administrator rights. Please read through the entire instruction set, and if you don't feel comfortable attempting this, then don't. The rest of you, follow me
1. hit windowsKey+R to open the RUN command. Type services.msc to run the services dialog. Find 'Plug and Play Device Manager' in the list, right click and choose Properties. Under the General tab of the box that comes up, in the middle there should be the "startup type" of the service. Set this value to "disabled" and click OK. Next find the service named 'XCP CD Proxy' and set its startup type to disabled as well. You won't be able to stop these services, only disable them from starting next time Windows starts.
2. Download and run the latest Blacklight beta from http://www.f-secure.com/blacklight/ This program will find the 'super hidden' CD proxy files we're trying to get rid of. When it finishes searching click next until you reach the screen that shows you all the hidden files it found. Select all these files and click the "rename" button to the right. Windows will restart once you click OK, and the files will be renamed.
3. Once Windows restarts you will have lost any and all CD/DVD drives. DON'T PANIC! Hit windowsKey+Pause/Break to open up your System dialog. Click on the Hardware tab, then on the "Device Manager" button. Your system will not list any CD/DVD drives, but you should see IDE slot(s) that have little yellow circles with exclamation points over them indicating a device with a problem. In order to restore the drivers to their un-sony-altered state you must right click on the affected device and choose "uninstall driver". Do this for each device with a problem.
4. Now that you have uninstalled the affected drivers, simply navigate to your Control Panel via the Start Menu and choose "Add Hardware". The add hardware wizard will run and find your previously disabled devices. Your drives are now restored and functional, and this potentially dangerous menace vanquished.
5. Advanced users may now go and clean up the mess, but this step is not necessary. Delete renamed files, and dare I say it, registry keys that pertain to Sony's program. Use this list for reference: http://www.europe.f-secure.com/v-descs/xcp_drm.sh
As an added note, once I got my drives back up and running, I popped in the CD that put this program on my computer. I was able to use a multi-session aware program (Roxio) to access the audio portion of the disk and rip MP3s to my hard drive where they will now be listened to in my preferred player the way God intended it to be. Oh, and the only illegal thing that went on here was what Sony did!
CONSUMER 1 - SONY 0
P.S. Once you rip MP3s from your Sony disc, burn it the old fashioned way, with gasoline and a match!
Anyways, nothing is the EULA says that I can't just go and delete it.
Except that, if you read through Mark Russinovich's blog, you'll see that it cripples your system when you do this.
He goes on to detail the steps that were necessary to bring his computer back to fully-functional condition. It's not for Joe Q. Public.
Boycott all of Sony Music - this includes labels like:
Arista Records
BMG
Columbia Records
Epic Records
J Records
Jive Records
LaFace Records
Legacy Recordings
Provident Music Group
RCA Records
RCA Victor Group
RLG - Nashville
Sony
So So Def Records
Verity Records
As a recording engineer / producer I'm against piracy - but I also hate DRM screwing with my machine and making it hard to enjoy the music I purchased in the way I want.
Support indy labels, and write letters to artists you like that are on majors - tell them to move on to an indy label or start their own.
And if you're really mad (as I am) boycott all of Sony. While Sony music walks to its own drummer, the parent company can't be loving the bad publicity.
I stopped buying all Sony products (including the pro gear I use as an audio engineer) when they initially started their annoying DRM. It is easy to break, but makes normal use of the CD harder.
Easy. Slashdot punishes you for moderating stuff down, and moderators know this, so pretty much everything that's even remotely interesting gets modded up.
quidquid latine dictum sit altum videtur.