Slashdot Mirror

← Back to Stories (view on slashdot.org)

More on Sony's "DRM Rootkit"

Posted by CmdrTaco on from the to-much-to-believe dept.

A couple of days ago we posted a story about Sony DRM installing a rootkit. Since then we have seen many more stories on the subject that I thought were worth sharing. manno gave us a link to the inquirer and salemnic sent us a page from the washington post. smallfries gave us one from PC Pro. It's nice to see this story not getting lost in the cracks since the implications are gigantic.

17 of 608 comments (clear)

  1. Regardless of where this goes... by Donniedarkness · · Score: 5, Insightful

    Even if this doesn't go to court, at least this is getting some attention... and ANY bad attention for DRM makes me happy.

    --
    Earn a % of cash back from Newegg, Tiger Direct, Walmart.com, and more: http://www.mrrebates.com?refid=458505
  2. The Solution is Simple Folks! by Anonymous Coward · · Score: 4, Insightful

    Just never buy a cd again.

    Me, I think I'll just pirate all my music from now on. That way I don't have to worry about any of this DRM nonsense!

  3. Re:Sue by Donniedarkness · · Score: 4, Insightful
    "A lawsuit on what grounds? That you agreed to something and then they installed their software based on your agreement? "

    I think the issue here is that Sony does not tell you that they are installing the software ANYWHERE. In addition to them adding the software without your permission, its software that can create a "safe haven for viruses" (the software makes everything that has "$SYS$" in the filename turn invisible), according to the PcPro writeup.

    --
    Earn a % of cash back from Newegg, Tiger Direct, Walmart.com, and more: http://www.mrrebates.com?refid=458505
  4. Re:Dupe(s): with a purpose. by idontgno · · Score: 4, Insightful
    Me too!

    No seriously, I agree. Sony's inconceivably bad behavior has to be dragged, squealing and flailing, into the sunlight where it can be properly stomped to gory death with hobnailed boots. No mercy, no PR coverup, no plausible deniability. Corps have to understand, with visceral fear-of-agonizing-death understanding, that this kind of crap will not ever be tolerated. This is a trend which must be stopped cold dead. These shenanigans have to be punished with such finality that any observer centuries from now will intuitively know the immediate and unalterable consequences of this kind of crap.

    --
    Welcome to the Panopticon. Used to be a prison, now it's your home.
  5. Grounds for suit by Engineer-Poet · · Score: 3, Insightful
    I believe the doctrine of trespass to chattels would apply here.

    Of course, IANAL, IAAEE.

    --

    Sustainability and energy independence essay
  6. Deal with the devil... by Kjella · · Score: 4, Insightful

    ...I did the responsible thing *cough*. I e-mailed Microsoft and expressed my concern about how this mucking about with the kernel stood in the relation to the EULA, support (who the hell wants to support a kernel patched with unknown code supplied by a third party) and future patches and upgrades. This could cause it to fail to validate like a warez'd install, cause breakage because a patch half-overwrites the hack and any other number of wierd things. I also expressed my concern of how this would reflect on the security and userfriendlyness of Windows (read: Windows has enough issues without Sony messing around). I really hope Microsoft comes out and tell Sony what they think.

    --
    Live today, because you never know what tomorrow brings
    1. Re:Deal with the devil... by Anonymous Coward · · Score: 3, Insightful

      The Microsoft solution would be to install such a thing as part of Vista, and then sell Sony a license to use it.

  7. Re:Contains LAME code? by idontgno · · Score: 4, Insightful
    Oh, I hope it's so. The delicious, tasty, non-fattening irony. Using an embedded copyright violation to enforce copyrights. I shudder in ecstacy at the thought.

    Who'll follow up on this thread? I'm sure we can find enough free-as-in-freedom warriors to do a tech analysis on the software and confirm the report in parent comment? C'mon, hoisting retards on their own petards is just too much fun!

    --
    Welcome to the Panopticon. Used to be a prison, now it's your home.
  8. Re:Sue by ZachPruckowski · · Score: 3, Insightful

    Yes, it says "software", but it doesn't say "I agree to allow Sony to install software commonly associated with hackers that may infringe upon my computer's security". And I think that'll make a bit of a difference.

  9. The security industry by Anita+Coney · · Score: 3, Insightful

    Any news on how Symantec, Mcafee, and the other so called security firms are treating this? I'd certainly expect an up-to-date anti-virus software to stop this from installing.

    --
    If someone says he and his monkey have nothing to hide, they almost certainly do.
  10. Re:A wild conspiracy theory: by Lonewolf666 · · Score: 3, Insightful

    Looks more like a fuckup by careless management to me. Because the price in lost reputation will outweigh any benefits from reduced copying.
    I'd bet they simply did not understand the implications of their "copy protection".
    Or maybe they knew and did not expect it to make much waves.

    But I don't think Sony management wanted the kind of publicity they have now.

    --
    C - the footgun of programming languages
  11. ... until removed or deleted. by ArsenneLupin · · Score: 5, Insightful
    See that part about "the SOFTWARE will reside on YOUR COMPUTER until removed or deleted"?

    ... but they conveniently forget to point out that their software can't be removed or deleted by the common user...

    So, technically they are in the clear (in the same way that they would be in the clear if they said "the SOFTWARE will reside on YOUR COMPUTER until pigs grow wings"), but what they are doing is still morally very wrong...

    As far as being able to uninstall it via "add/remove programs", I wasn't aware that this made software dismissable via legal grounds.

    It's just not a matter of failing to supply some user-friendly functionality to make it extra easy to uninstall.

    Such functionality might take time to develop, and so a case could be made that the developper just didn't feal it worthwhile to spend the effort...

    But in this case, the developers went out of their way to make it extra difficult to detect, let alone remove, their software. Even without Add/remove functionality, you could still remove the files and registry keys manually, if the software was just sloppy, rather than malicious. But in the present case, the software's files and reg keys are hidden, so you can't just remove them. And if you do find the trick how to de-activate the rootkit, removing the resources will break the OS if not done properly (disabled CD driver), meaning that for a normal user the only alternative is to reinstall the OS. Not nice!

    1. Re:... until removed or deleted. by Ender+Ryan · · Score: 5, Insightful
      I challenge your hypothesis.

      The SOFTWARE is designed to hide itself, alters the functionality of the machine to the detriment of its performance and can cause it to malfunction(prevent CD/DVD readers/writers from working properly), opens up the machine to further attack, and finally reduces the stability of the machine. The EULA, which you cited, is intentionally vague and misleading, and certainly does not absolve Sony of responsibility for the above problems caused by their SOFTWARE. Also, just because it's in the EULA, sorta(!), does not make it legal. Sony is clearly being deceptive with these products and their EULA, and there are laws on the books to protect consumers from such action.

      Furthermore, it is not a safe bet to assume an EULA is a binding contract, there is precedent both ways on this, it depends on the EULA and the judge's opinion, and there are all kinds of laws regarding contract validity.

      --
      Sticking feathers up your butt does not make you a chicken - Tyler Durden
  12. Re:Hope it catches on by mc900ftjesus · · Score: 5, Insightful

    For god's sake, yes. ./ we are all now responsible for spreading a new term "infected with DRM." A bad publicity spin is a better way to combat DRM than actaully explaing it to Joe Sixpack. The word infected implies that it's bad, christ I've met people who think viruses are like human viruses (no one makes them they just happen). Leave the tech speak at home, just dumb it down to three words: infected with DRM.

  13. Boycotts are worthless... by FellowConspirator · · Score: 5, Insightful

    ... for stuff like this. If you care enough to REALLY do something about it, there are really only two things to do:

    1. File a tip with the US Department of Homeland Security

      Intentionally or otherwise, what the program is exploiting a flaw in a popular operating system in a way that not only enables them to control access to the data on the CD -- which itself is illegal, but fat chance the government will help you with that -- but it in so doing opens up the machine to facile infection with illicit software which it will then actively cover up and make detectable only to very knowledgable users. If DHS is serious about cyber terrorism, they shouldn't be letting companies subvert the already weak security of the predominant operating system and prime them for becoming unwitting pawns in terrorist activity.
    2. Develop a SafeDupe campaign.

      Make a simple flyer explaining what's happened and the implications and see if local record stores would be amenable to helping out. This could be as little as having them stuff an info packet in their bags, to leaving a stack of Live Linux CDs that do nothing but permit a user to duplicate a CD to CD-R without the offending software, or even have a "SafeDupe" day where a few people setup a table where purchasers can show proof of purchase and bring a blank CD to have it "SafeDuped" for them. Obviously, most record stores won't want to rock the boat, but a well-spoken and sincere person (armed with copies of coverage from the mainstream media talking about the problem) ought to be able to find at least one or two store managers with an ethical streak.

      It's perfectly legal to make such copies, and if you don't believe me, ask a lawyer or download the Bern Convention on Copyright and read it yourself.

    And remember kids, calm, cool, and collected. No name calling, no vitriole. Attribute not malice where stupidty is explanation enough, etc. And do make sure that whatever you do is entirely on the up-and-up, transparent to everyone involved, and that the press and SonyMusic are well informed on the subject.

  14. One nasty idea by jonr · · Score: 4, Insightful

    Buy and return.
    Buy something from Sony, like PS2 or a camera, and then return it the day after. AFAIK, return items go pretty high up in the supply chain. Tell why you are returning it.
    Any problems with this?

  15. but Sony says it's not malware by cab15625 · · Score: 3, Insightful
    To quote the faq from Sony

    6. I have heard that the protection software is really malware/spyware. Could this be true?

    Of course not. The protection software simply acts to prevent unlimited copying and ripping from discs featuring this protection solution. It is otherwise inactive. The software does not collect any personal information nor is it designed to be intrusive to your computer system.

    Also, the protection components are never installed without the consumer first accepting the End User License Agreement.

    If at some point you wish to remove the software from your machine simply contact customer service through this link. You will, though, be unable to use the disc on your computer once you uninstall the components.

    I call shenanigans. They say it's not designed to be intrusive, yet it hides itself by creating a security hole and it messes with your drivers. They say it's not installed without the consent of the user to the EULA yet the EULA doesn't appear to give sufficient details to make an informed choice as to whether or not you want this on your system. They offer a removal tool; however, once applied, you will not be able to use the CD in your system at all. This last implies that the tool either does an incomplete removal or adds further software to your system (does the removal tool come with an EULA?)