Slashdot Mirror
More on Sony's "DRM Rootkit"
A couple of days ago we posted a story about Sony DRM installing a rootkit. Since then we have seen many more stories on the subject that I thought were worth sharing.
manno gave us a link to the inquirer and salemnic sent us a page from the washington post. smallfries gave us one from PC Pro.
It's nice to see this story not getting lost in the cracks since the implications are gigantic.
Even if this doesn't go to court, at least this is getting some attention... and ANY bad attention for DRM makes me happy.
Earn a % of cash back from Newegg, Tiger Direct, Walmart.com, and more: http://www.mrrebates.com?refid=458505
We Got Root
This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
"infected with DRM"
Love it. Great phrase. Maybe it'll catch on.
With Slashdot reporting this 10 times a day I doubt it will get lost :)
Ok sure, so boycotting Sony is not realistic. Or is it...? We can really do without them. Screw their stupid DRM'ed Memorysticks, we have our SD and CompactFlash. Screw their VAIO's, we have Dell and Taiwanese laptops.. Screw their TV's, we have better ones from other brands. Screw PS3, we have XBOX2 and Nintendo Revolution. Screw PSP, we have Nintendo DS. Once they get the collective shaft, well, other companies will think twice before pulling shit like this.
That this sets a precedent, and that Sony don't wriggle out of this, at the very best it could point out some of the absurdities of the DMCA.
Just never buy a cd again.
Me, I think I'll just pirate all my music from now on. That way I don't have to worry about any of this DRM nonsense!
Based on the grounds that it re-routes the windows instructions on how to play *all* audio CDs. If you remove the DRM by force, you lose the ability to play other music as well.
Nice that you've read up on the matter,
It is not stated in the EULA that this rootkit will be installed, plus there's no way to uninstall it through add.remove programs
"WebTV: bringing the Internet into the shallow end of the gene pool since 1995" - Martin Bishop
The malware installed is created by a company called First4Internet.
/. community with me? ;)
They're based in Banbury, Oxford and their CEO is Mathew Gilliant-Smith DBC.
6 South Bar Street
Banbury
Oxfordshire
OX16 9AA
United Kingdom
All info (and more) available on their website here http://www.first4internet.com/contact.aspx/
That's about 20 minutes in the car for me, should I go pay them a visit - taking the best wishes of the
It's software like Sony's that makes windows unstable. A clean install of Windows with only "certfied for windows XP" software is rock solid. It's once you start added badly written drivers and other code the mucks into the OS that it becomes unstable. As the systeminternals article indicated, the driver doesn't follow the rules for unloading itself and other violations that can lead to the blue screen of death. Perhaps MS should increase the level of warnings about non-certified code, but users would still click-thru and blame the OS when it crashes.
It's not a Windows-specific problem, it's just that Sony has only implemented it for windows.
Interesting.. Some reports Finnish reader of this news in Sektori.com (in Finnish) reports Contents\GO.EXE file seems to contain parts of the LAME player. Can anyone verify this? Is Sony distributing LGPL software on the CDs?
"Although it is not true that all conservatives are stupid, it is true that most stupid people are conservative."
Sony could be held liable in a class-action lawsuit. Anyone can design a virus and name it "$sys$" now, and AV software won't be able to detect it if this rootkit is installed. An IM worm could use this naming scheme, only infect a few thousand people, and the news would report, "SONY's DRM software used to hide latest virus". It'd be a horrible blow, and they'd totally deserve it. I still think we'll see a virus/worm that does this before the end of this month.
On a related note: World of Warcraft hackers are now using Sony's DRM rootkit to hide from "the Warden". I tried to submit this as a standalone story, but since I saw this DRM news update, I figured I'd post it here.
Is Sony aiding and abetting cheaters?
That's because you are an idiot. No, really.
Lesbian Nazi Hookers Abducted by UFOs and Forced Into Weight Loss Programs - -all next week on Town Talk.
I think the issue here is that Sony does not tell you that they are installing the software ANYWHERE. In addition to them adding the software without your permission, its software that can create a "safe haven for viruses" (the software makes everything that has "$SYS$" in the filename turn invisible), according to the PcPro writeup.
Earn a % of cash back from Newegg, Tiger Direct, Walmart.com, and more: http://www.mrrebates.com?refid=458505
No seriously, I agree. Sony's inconceivably bad behavior has to be dragged, squealing and flailing, into the sunlight where it can be properly stomped to gory death with hobnailed boots. No mercy, no PR coverup, no plausible deniability. Corps have to understand, with visceral fear-of-agonizing-death understanding, that this kind of crap will not ever be tolerated. This is a trend which must be stopped cold dead. These shenanigans have to be punished with such finality that any observer centuries from now will intuitively know the immediate and unalterable consequences of this kind of crap.
Welcome to the Panopticon. Used to be a prison, now it's your home.
Umm, nice to see that you didn't read the EULA either.
Your hair look like poop, Bob! - Wanker.
...I did the responsible thing *cough*. I e-mailed Microsoft and expressed my concern about how this mucking about with the kernel stood in the relation to the EULA, support (who the hell wants to support a kernel patched with unknown code supplied by a third party) and future patches and upgrades. This could cause it to fail to validate like a warez'd install, cause breakage because a patch half-overwrites the hack and any other number of wierd things. I also expressed my concern of how this would reflect on the security and userfriendlyness of Windows (read: Windows has enough issues without Sony messing around). I really hope Microsoft comes out and tell Sony what they think.
Live today, because you never know what tomorrow brings
It is not stated in the EULA that this rootkit will be installed, plus there's no way to uninstall it through add.remove programs
I assume that you were trying to somehow infer that I didn't read the EULA? Well, I did, but I'll post the important part of it here because it's fairly apparent that you did not, or at least didn't fully comprehend what it said:
As soon as you have agreed to be bound by the terms and conditions of the EULA, this CD will automatically install a small proprietary software program (the "SOFTWARE") onto YOUR COMPUTER. The SOFTWARE is intended to protect the audio files embodied on the CD, and it may also facilitate your use of the DIGITAL CONTENT. Once installed, the SOFTWARE will reside on YOUR COMPUTER until removed or deleted. However, the SOFTWARE will not be used at any time to collect any personal information from you, whether stored on YOUR COMPUTER or otherwise.
See that part about "the SOFTWARE will reside on YOUR COMPUTER until removed or deleted"? That's what people agree to when they click "I agree" on the EULA screen.
As far as being able to uninstall it via "add/remove programs", I wasn't aware that this made software dismissable via legal grounds. I thought it just meant that you could proudly wear the "Made for Microsoft Windows" on your retail box.
I guess I'll send them a sharply worded letter first, but I really don't see any way that I can do any business with a company like this. Not even as a shareholder.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Apparently this rootkit does not run on Mac OSX. Yet another example of the vast library of software available only to Windows users. :-(
i ng
Look at Sony's FAQ,
http://cp.sonybmg.com/xcp/english/faq.html#listen
The protected CD looses all features and appears as a normal CD on a Macintosh. This really sucks!
Im switching to Windows!
Even if you do agree to give Sony the rights to your first-born child in the EULA, wouldn't this violate laws in some states, such as the Consumer Protection Against Computer Spyware Act in California?
English is easier said than done.
If you can manage to find the hidden software files and do delete tehm as suggested in the EULA, you will no longer be able to access your CD drive.
Funny how no mention of those points are made in the agreement.
It is not stated in the EULA that this rootkit will be installed, plus there's no way to uninstall it through add.remove programs.
You can contact Sony directly and they will send you tools to remove the DRM software.
The F-Secure blog talks a little about this. It appears their removal software installs ActiveX controls.. just really messed up.
- complain to editors about posting dupes
- editors start to link to their previous stories
- posters visit those previous stories, and copy links FROM THE previous FREAKING ARTICLE itself
- ???
- profit!!
How does this stuff get modded up?Has this passed? Is it applicable?
0 2929:
(4) inducing the user to install a computer software component onto the computer or preventing efforts to block installation of a software component;
http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.
If they used racketeering laws to go after the RIAA, why not antispyware legislation against this?
Sadly, most people don't care anymore.
The other day, I was driving with my fiance when we got on the topic of cd's. She proceeded to tell me that there's this great cd that I need to get because the band is really good. I proceeded to tell her that I haven't purchased a cd for almost 4 years now because of my dislike for the RIAA. After explaining everything to her, she just got all flustered and said that she didn't care about all that crap. She didn't care that even though she paid for the cd, she didn't fully own. She didn't care about all the bully tactics the RIAA uses. She didn't care about any of that, she just wanted the music.
I agree with you that the majority of the people just dont care. As much as I try and inform people of all the crap the RIAA pulls, it just goes in one ear and out the other.
For now, I suppose I'll just continue on with my silent protest.
The greatest experience we can have is the mysterious.
- Albert Einstein
Posted by: Dickrichard | Nov 1, 2005 11:03:07 PM
;)t ml but nothing really beats searching.
I'm posting this via a proxy just in case Sony doesn't like what I post...
After reading this news story I decided to go after this software and defeat it, and I did.
The following is how you kill this hidden install. I did this in Windows XP Pro, so attempt on another OS at your discretion. This will require Administrator rights. Please read through the entire instruction set, and if you don't feel comfortable attempting this, then don't. The rest of you, follow me
1. hit windowsKey+R to open the RUN command. Type services.msc to run the services dialog. Find 'Plug and Play Device Manager' in the list, right click and choose Properties. Under the General tab of the box that comes up, in the middle there should be the "startup type" of the service. Set this value to "disabled" and click OK. Next find the service named 'XCP CD Proxy' and set its startup type to disabled as well. You won't be able to stop these services, only disable them from starting next time Windows starts.
2. Download and run the latest Blacklight beta from http://www.f-secure.com/blacklight/ This program will find the 'super hidden' CD proxy files we're trying to get rid of. When it finishes searching click next until you reach the screen that shows you all the hidden files it found. Select all these files and click the "rename" button to the right. Windows will restart once you click OK, and the files will be renamed.
3. Once Windows restarts you will have lost any and all CD/DVD drives. DON'T PANIC! Hit windowsKey+Pause/Break to open up your System dialog. Click on the Hardware tab, then on the "Device Manager" button. Your system will not list any CD/DVD drives, but you should see IDE slot(s) that have little yellow circles with exclamation points over them indicating a device with a problem. In order to restore the drivers to their un-sony-altered state you must right click on the affected device and choose "uninstall driver". Do this for each device with a problem.
4. Now that you have uninstalled the affected drivers, simply navigate to your Control Panel via the Start Menu and choose "Add Hardware". The add hardware wizard will run and find your previously disabled devices. Your drives are now restored and functional, and this potentially dangerous menace vanquished.
5. Advanced users may now go and clean up the mess, but this step is not necessary. Delete renamed files, and dare I say it, registry keys that pertain to Sony's program. Use this list for reference: http://www.europe.f-secure.com/v-descs/xcp_drm.sh
As an added note, once I got my drives back up and running, I popped in the CD that put this program on my computer. I was able to use a multi-session aware program (Roxio) to access the audio portion of the disk and rip MP3s to my hard drive where they will now be listened to in my preferred player the way God intended it to be. Oh, and the only illegal thing that went on here was what Sony did!
CONSUMER 1 - SONY 0
P.S. Once you rip MP3s from your Sony disc, burn it the old fashioned way, with gasoline and a match!
So, technically they are in the clear (in the same way that they would be in the clear if they said "the SOFTWARE will reside on YOUR COMPUTER until pigs grow wings"), but what they are doing is still morally very wrong...
As far as being able to uninstall it via "add/remove programs", I wasn't aware that this made software dismissable via legal grounds.
It's just not a matter of failing to supply some user-friendly functionality to make it extra easy to uninstall.
Such functionality might take time to develop, and so a case could be made that the developper just didn't feal it worthwhile to spend the effort...
But in this case, the developers went out of their way to make it extra difficult to detect, let alone remove, their software. Even without Add/remove functionality, you could still remove the files and registry keys manually, if the software was just sloppy, rather than malicious. But in the present case, the software's files and reg keys are hidden, so you can't just remove them. And if you do find the trick how to de-activate the rootkit, removing the resources will break the OS if not done properly (disabled CD driver), meaning that for a normal user the only alternative is to reinstall the OS. Not nice!
Anyways, nothing is the EULA says that I can't just go and delete it.
Except that, if you read through Mark Russinovich's blog, you'll see that it cripples your system when you do this.
He goes on to detail the steps that were necessary to bring his computer back to fully-functional condition. It's not for Joe Q. Public.
Boycott all of Sony Music - this includes labels like:
Arista Records
BMG
Columbia Records
Epic Records
J Records
Jive Records
LaFace Records
Legacy Recordings
Provident Music Group
RCA Records
RCA Victor Group
RLG - Nashville
Sony
So So Def Records
Verity Records
As a recording engineer / producer I'm against piracy - but I also hate DRM screwing with my machine and making it hard to enjoy the music I purchased in the way I want.
Support indy labels, and write letters to artists you like that are on majors - tell them to move on to an indy label or start their own.
And if you're really mad (as I am) boycott all of Sony. While Sony music walks to its own drummer, the parent company can't be loving the bad publicity.
I stopped buying all Sony products (including the pro gear I use as an audio engineer) when they initially started their annoying DRM. It is easy to break, but makes normal use of the CD harder.
I showed the last to one of my coworkers, who immediately started worried about a recent Switchfoot CD he played on his machine. Sure enough, not only did the CD have DRM on it, but it seems to have installed the same rootkit as the example given in the Sysinternals website. Which of course makes me wonder, how many CDs did Sony put this into?
I'm starting to think it'd be worthwhile to create a domain policy to prevent this malware from running on any of our network machines....
Shameless plug for my photos on Flickr
Easy. Slashdot punishes you for moderating stuff down, and moderators know this, so pretty much everything that's even remotely interesting gets modded up.
quidquid latine dictum sit altum videtur.
Hello.
I have just learned about the malware that Sony has started to add to "compact disks" (in quotes, because Sony breaks the CD standard) via poorly-written DRM software from First4Internet. It is simply unconscionable that Sony would resort to such unethical lengths to prevent the pirating of a software. In fact, criminal trespass comes to mind, given that the software differs from what is described in the EULA and non-removable.
I'm outraged at this behavior demonstrated by Sony, and I can assure you that I am no longer a Sony customer. In short, although I am a computer enthusiast/technologist who builds his own systems and enjoys gaming, and although I am a scientist who uses high-end computing resources on a daily basis, I won't be purchasing any of the following from Sony in the next few years:
1) Stereos and portable audio equipment
2) Flat screen televisions, plasma TV's, etc
3) High-end computer LCD monitors
4) Laptop computers
5) Computer CD and DVD drives
6) Sony-branded CD, DVD, and floppy disk media
7) PlayStation 2 or 3
8) PlayStation Games
9) PlayStation Portable
and needless to say,
10) Sony and BMG music.
If you break standards on DVD equipment, add Sony and Columbia TriStar movies to that list.
Thank you for making my future purchase decisions so much easier.
Sincerely,
****
OpenSource.MathCancer.org: open source comp bio
Is there a list of CDs that are affected, except the one Mark Russinovich used.
Timo's Audio Software http://www.esseraudio.com
Additional items from the EULA:
Because you can't spell "slaughter" without "laughter"
... for stuff like this. If you care enough to REALLY do something about it, there are really only two things to do:
Intentionally or otherwise, what the program is exploiting a flaw in a popular operating system in a way that not only enables them to control access to the data on the CD -- which itself is illegal, but fat chance the government will help you with that -- but it in so doing opens up the machine to facile infection with illicit software which it will then actively cover up and make detectable only to very knowledgable users. If DHS is serious about cyber terrorism, they shouldn't be letting companies subvert the already weak security of the predominant operating system and prime them for becoming unwitting pawns in terrorist activity.
Make a simple flyer explaining what's happened and the implications and see if local record stores would be amenable to helping out. This could be as little as having them stuff an info packet in their bags, to leaving a stack of Live Linux CDs that do nothing but permit a user to duplicate a CD to CD-R without the offending software, or even have a "SafeDupe" day where a few people setup a table where purchasers can show proof of purchase and bring a blank CD to have it "SafeDuped" for them. Obviously, most record stores won't want to rock the boat, but a well-spoken and sincere person (armed with copies of coverage from the mainstream media talking about the problem) ought to be able to find at least one or two store managers with an ethical streak.
It's perfectly legal to make such copies, and if you don't believe me, ask a lawyer or download the Bern Convention on Copyright and read it yourself.
And remember kids, calm, cool, and collected. No name calling, no vitriole. Attribute not malice where stupidty is explanation enough, etc. And do make sure that whatever you do is entirely on the up-and-up, transparent to everyone involved, and that the press and SonyMusic are well informed on the subject.
Does anybody know if there is a Linux port of this RK? Or will it run on WINE? I would really love to have this RK on my Linux box. I think it's the only thing stopping me from using Linux on the desktop at the moment.
Not to sound trollish, but perhaps you should reconsider this marriage?
If SONY circumvents the security I have installed on MY machine with their rootkit are THEY in violation of the DMCA?
Buy and return.
Buy something from Sony, like PS2 or a camera, and then return it the day after. AFAIK, return items go pretty high up in the supply chain. Tell why you are returning it.
Any problems with this?